Software defined radio: a double-edged sword for security and privacy in wireless systems

Abstract

Wireless communication are progressing rapidly making our access to information easier than ever. This results in an increasing number of services, to meet users' needs, that will soon overload the radio-frequency spectrum, a scarce resource shared by multiple technologies. To tackle this limitation, approaches such as cognitive radios and dynamic spectrum sharing techniques have been proposed to improve the overall channel capacity. In this context, Software Defined Radio (SDR) emerged as a promising approach to enable the development of flexible wireless systems towards achieving efficient spectrum usage. By bringing most of the signal processing to the software domain, SDRs simplify the design and implementation, and enable the adoption of advanced communications algorithms. However, SDRs not only benefit the technologies' development but also provide opportunities for adversaries to devise new attacks. Within the scope of wireless softwarization, this dissertation focuses on analyzing and strengthening the security of wireless networks, and developing new mechanisms for improving the wireless system's flexibility and robustness. First, we expose and analyze privacy threats in Wi-Fi networks by devising RF fingerprinting techniques demonstrating high accuracy using only physical characteristics extracted from signal transmissions over the air, effectively overcoming recent higher-layer protection mechanisms such as MAC address randomization or end-to-end encryption. We also analyze Bluetooth Low Energy (BLE) systems, devise and demonstrate the effectiveness of new side-channel attacks and algorithms that can track BLE devices with over 90 % reliability. These attacks can enable the linking of users to their devices' globally unique identifiers (BDADDR), even when privacy-preserving BLE based protocols are in use. BLE has been extensively used in privacy-preserving contact tracing, and we show that it is possible to infer the globally unique BDADDR of infected users in all such existing systems. With the emerging development and deployment of IoT devices, unmanned aerial systems, and self-driving cars, secure ranging has become critical in these applications. In this dissertation, we analyze existing designs and develop SBRA, a new secure broadcast ranging protocol that offers protection against various jamming and distance manipulation attacks, and can operate over flexible spectrum bands. Our proposed ranging system can achieve a high accuracy with error under 20 cm and can scale to over 100 participating reflectors. A key feature of our proposed secure broadcast ranging is its spectrum flexibility that can fit in any spectrum pocket with limited impact on performance. Finally, the last part of this dissertation is dedicated to the study of the Filter Bank Multi-Carrier technique within the context of spectrum sharing. The traditional Orthogonal Frequency Division Multiplexing (OFDM) technique, while very popular due to its simplicity, performs poorly in dynamic spectrum scenarios because of high side-lobes interference and lack of spectral flexibility. We introduce a Frequency Spreading Filter Bank Multicarrier (FS-FBMC) design with nPIE, a novel pilotless approach for channel estimation and equalization, providing seamless flexibility and low out-of-band interference. Several aspects of the technique, such as the algorithm's complexity and the channel effect in practical deployment, require a thorough investigation for optimization and performance improvement.--Author's abstract