WISEC

Smart devices without an interactive UI (e.g., a smart bulb) typically rely on specific provisioning schemes to connect to wireless networks. Among all the provisioning schemes, SmartCfg is a popular technology to configure the connection between smart ...

Millimeter-wave (mm-wave) communication systems provide high data-rates and enable emerging application scenarios, such as 'information showers' for location-based services. Devices are equipped with antenna arrays using dozens of elements to achieve ...

Low-power wide area networks (LPWANs), such as LoRa, are fast emerging as the preferred networking technology for large-scale Internet of Things deployments (e.g., smart cities). Due to long communication range and ultra low power consumption, LPWAN-...

We present a backwards compatible extension to the 802.11 standard to prevent multi-channel man-in-the-middle attacks. This extension authenticates parameters that define the currently in-use channel.

Recent attacks against WPA2, such as most key ...

Ridesharing, in which drivers offer to share their rides, allows reduction of travel costs for both drivers and riders; such practice is increasingly popular. Modern ridesharing systems, enhanced with location-based features, have improved user ...

In this work, we address the problem of detecting application-layer attacks on nearby wireless devices. In particular, we assume that the detection scheme is limited to link-layer traffic (either because schemes such as WPA2 are used, and the key is ...

In this paper we examine the use of covert channels based on CPU load in order to achieve persistent user identification through browser sessions. In particular, we demonstrate that an HTML5 video, a GIF image, or CSS animations on a webpage can be used ...

Mobile network operators choose Self Organizing Network (SON) concept as a cost-effective method to deploy LTE/4G networks and meet user expectations for high quality of service and bandwidth. The main objective of SON is to introduce automation into ...

In this paper, we consider the fair coexistence between LTE and Wi-Fi systems in unlicensed bands. We focus on the misbehavior opportunities that stem from the heterogeneity of the coexisting systems and the lack of explicit coordination mechanisms. We ...

Reducing the level of user effort involved in traditional two-factor authentication (TFA) constitutes an important research topic. A recent effort in this direction leverages ambient sounds to detect the proximity between the second factor device (phone)...

Wrist-wearables such as smartwatches and fitness bands are equipped with a variety of high-precision sensors that support novel contextual and activity-based applications. The presence of a diverse set of on-board sensors, however, also expose an ...

Voice interfaces are increasingly becoming integrated into a variety of Internet of Things (IoT) devices. Such systems can dramatically simplify interactions between users and devices with limited displays. Unfortunately voice interfaces also create new ...

Bandwidth hopping spread spectrum (BHSS) has recently been proposed as a spectrum-efficient technique to combat jamming. In BHSS, the transmitter is randomly hopping the signal bandwidth in order to make it unpredictable to an attacker. When the signal ...

The essence of information assurance resides in the ability to establish secret keys between the legitimate communicating parties. Common approaches to key establishment include public-key infrastructure, key-distribution centers, physical-layer ...

Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Bluetooth harmless inherent request-response mechanism can taint ...

We study the impact of signal jamming attacks against the communication based train control (CBTC) systems and develop the countermeasures to limit the attacks' impact. CBTC supports the train operation automation and moving-block signaling, which ...

In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for ...

We study collaborative adaptive cruise control as a representative application for safety services provided by autonomous cars. We provide a detailed analysis of attacks that can be conducted by a motivated attacker targeting the collaborative adaptive ...

Wake-up radios are mechanisms that control the sleep and active modes of energy-constrained Internet of Things (IoT) nodes. These radios detect pre-determined wake-up tokens and switch the devices to an active state. Such systems are vulnerable to a ...

Message Authentication Codes (MACs) used in today's wireless communication standards may not be able to satisfy resource limitations of simpler 5G radio types and use cases such as machine type communications. As a possible solution, we present a ...

ESIoT is a secure access control and authentication protocol introduced for Internet of Things (IoT) applications. The core primitive of ESIoT is an identity-based broadcast encryption scheme called Secure Identity-Based Broadcast Encryption (SIBBE). ...

The installed base of Internet of Things (IoT) consumer products is steadily increasing, in conjunction with the number of disclosed security vulnerabilities in these devices. In this paper, we share the opinion that strong security measures are ...

Dynamic analysis is an important technique to reveal sensitive behavior of Android apps. Current works require access to the code-level and system-level events (e.g., API calls and system calls) triggered by the running apps and consequently they can ...

Although the Android system has been continuously hardened against side-channel attacks, there are still plenty of APIs available that can be exploited. However, most side-channel analyses in the literature consider specifically chosen APIs (or ...

A wide range of mobile applications for Apple's iOS platform process sensitive data and, therefore, rely on protective mechanisms natively provided by the operating system. A wrong application of cryptography or security-critical APIs, however, exposes ...

Messenger apps on smart phones are widely used for easy communication in a collaborative workplace. However, the use of messengers increases risks to both the organization and the collaborators. For example, an employee may receive proprietary ...

Although privacy compromises remain an issue among users and advocacy groups, identification of user location has emerged as another point of concern. Techniques using GPS, Wi-Fi, NFC, Bluetooth tracking and cell tower triangulation are well known. ...

Sharing location data is becoming more popular as mobile devices become ubiquitous. Location-based service providers use this type of data to provide geographically contextualized services to their users. However, sharing exact locations with possibly ...

As of IEEE 802.11n, a wireless Network Interface Card (NIC) uses Channel State Information (CSI) to optimize the transmission over multiple antennas. CSI contain radio-metrics such as amplitude and phase. Due to scattering during hardware production ...

Inter-vehicle communications disclose rich information about vehicle whereabouts. Pseudonymous authentication secures communication while enhancing user privacy thanks to a set of anonymized certificates, termed pseudonyms. Vehicles switch the ...