SlideShare a Scribd company logo

(SACON) Harshit Agrawal - On The Wings of Time: Past, Present and Future of Radio Communication

Priyanka Aash
Priyanka Aash

Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Today, cyber threats have grown not just in its depth (more sophisticated) but also in its breadth (expanded scope). It has grown from threats in Enterprise IT systems to Operation Technologies (OT) and Industrial Control Systems (ICS).

Technology
1 of 56
SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur On the Wings of Time: Past, Present and Future of Radio Communication Hacking Harshit Agrawal @harshitnic
SACON 2020 ● IoT: Transformational Impact across Verticals ● RF Fundamentals ● Joys of the Past ● Current status of Industry & Sutra for Mitigation ● A glimpse of the Future ● Case Study and Demos ● Reference and Learning Agenda
SACON 2020 ● This is for people who are: ○ Just starting out ○ Thought WIFI hacking was cool ○ Saw a few HAK5 videos and wants to get started ○ Saw a DEFCON Video on Wireless Stuff ● You need to know, how a thing works to defeat a thing. ○ It’s not just about the hack ○ If you don't know what its is doing and why it's doing it you won’t know why your attack did not work ○ Fundamentals but for the purpose of pulling it apart ● Pay attention to dates and specifics ○ There is so much white noise and outdated info on the internet ○ Then there is stuff that is older and still good information Intro
SACON 2020 IoT: Transformational Impact across Vertical Sectors
SACON 2020 Internet of Things Model 1 Controlling Device Smartphone, tablets and other smart devices can control all types of “things” 3 Global Network Most “things” connected to the Internet, except for power grids or classified government systems 5 Things “Things” can be remotely controlled or viewed, and they can send telemetry for analysis. 2 Cloud Service Cloud services provide the repository and access control between the “things” and its controller. 4 Local Network This may be a controller area network (CAN) in connected cars, a local network in homes, etc
SACON 2020 IoT Security Challenges - A perspective Security Challenges?! ● Long IoT Device Lifetime ○ High effort to update devices in the field ○ Outdated security mechanisms needed or legacy devices. ● Badly maintained IoT devices ○ How many users really care as long as it works? ● Signaling Storms ○ Normal IoT device signaling footprint will often be low.
SACON 2020 Why Focus on RF Security?
SACON 2020 History 1984: “Software Radio” Coined by E-Systems 1995: “The Software Radio Architecture” Article published in IEEE Communications Magazine Earned Mitola the nickname “The Godfather of Software Radio” 2001: GNU Radio Project is Founded 2006: First USRP Released First programmable & general purpose SDR available publicly. 2011: RTL-SDR Explosion
SACON 2020 Processing is defined by programmed algorithms, not HW. (‘Software-Defined Radio’ [SDR] is the same thing) History
SACON 2020 ● Using SDR to replace most of Hardware for implementation of Radio Networking ● SDR can act as VSAs when connected to a computer ● Implementation as SoC (System on a Chip) ● Higher end SDRs have FPGAs for on-board DSP ● Most signal processing and all display functions take place in external computer, e.g., using GNU Radio ● Shuttles RF I/Q Samples to DSP or host SDR as Spectrum Analyser
SACON 2020
SACON 2020 What are the Trade-off? Your budget may allow you to buy one of these (Vector Signal Analyzer) Using a single well-equipped device measuring one location at a time 20 of these (SDR + single board computer) A network of configurable low-cost sensors spread over a wide geographical area. Versus
SACON 2020 Inside the Radio Wave Spectrum 3 KHz 1 GHz 3 GHz 4 GHz 5 GHz 2 GHz AM Radio 2.4 GHz band Used by more than 300 consumer devices, including microwave ovens, cordless phones and wireless networks (WiFi and Bluetooth) Broadcast TV Garage Door Openers Door Openers Auctioned Spectrum Cell Phones Global Positioning System Wireless Medical Telemetry GSM Network Satellite Radio Weather Radar Cable TV Satellite Transmissions Highway Toll Tags 5 GHz WiFi Network Security Alarms Most of the white area of this band is reserved for military, federal government and industry use
SACON 2020 Importance of Frequency selection
SACON 2020 ● Depending on their size, the radio wave loses energy every time it passes through a medium ● Subject to Electromagnetic Interference (EMI) ● The higher the frequency, they more likely there will be interference and distortion ● Ground Waves vs Skywaves vs Line of Sight (LOS) ○ Atmospheric Conditions, Reflection (Scatter), Refraction, Absorption ● Line of Sight & Path Loss ○ (signal strength)20log(4[pi][r]/lambda) == Ptx/Prx (Ptx > Prx) Ptx is sometimes called budget RF Propagation & Interference
SACON 2020 PHY Layer ● Lowest layer in communication stack ● In wired protocols: voltage, timing, and wiring defining 1s and 0s ● In wireless: patterns of energy being sent over RF medium
SACON 2020 ● Humans analyze complex signals (audio, images) in terms of their sinusoidal components ● we can build instruments that “resonate” at one or multiple frequencies (tuning fork vs piano) ● the “frequency domain” seems to be as important as the time domain Python code The intuition
SACON 2020 can we decompose any signal into sinusoidal elements? yes, and Fourier showed us how to do it exactly! Fundamental question Analysis ● from time domain to frequency domain ● find the contribution of different frequencies ● discover “hidden” signal properties Synthesis ● from frequency domain to time domain ● create signal with known frequency content ● fit signals to specific frequency regions
SACON 2020 ● we can use complex numbers in digital systems, so why not? ● it makes sense: every sinusoid can always be written as a sum of sine and cosine ● math is simpler: trigonometry becomes algebra Example: change the phase of a pure cosine with complex exponentials ● sine and cosine “live” together ● phase shift is simple multiplication ● notation is simpler The advantages of complex exponentials
SACON 2020 Initial Profiling of our Device ● What does our device do in normal operation? ● How do they connect? ● Determining the frequency?
SACON 2020 Phases of RF Attacks Frequency Transmission Information Gathering Modulation
SACON 2020 Information Gathering ● A good starting point – if you have some luck –search for the FCC ID: ● https://www.fcc.gov/general/fcc-id- search-page ● Demo: https://fccid.io/Y8PFJ17-1
SACON 2020 Information extracted from FCC ● FCC also publishes internal images, external images, user manuals, and test results for wireless devices.
SACON 2020 Frequency Use a Spectrum Analyzer (GQRX) ● FFT plot and waterfall ● Record and Playback ● Special FM mode for NOAA APT ● Basic Remote Control through TCP
SACON 2020 Modulation ● Modulation is like hiding a code inside a carrier wave ● Representing digital data as variations in the carrier wave. Source:Attify Inc
SACON 2020 Modulation ● Carrier Wave ○ Amplitude Modulation (AM) ■ On/Off Keying (OOK) ● Angle Modulation ○ Frequency Modulation (FM) ■ Frequency Shift Keying (FSK) ■ Multiple FSK (MFSK) ■ Code Division Multiple Access (CDMA) ] ■ Time Division Multiple Access (TDMA) ○ Phase Shift Modulation (PSM) ■ Phase Shift Keying (PSK) ■ Bi-Phase Shift Keying (BPSK) ■ Quadrature Phase Shift Keying (QPSK) ■ Quadrature Amplitude Modulation (QAM) ● Pulse Modulation ○ Analog ■ Pulse Analog Modulation (PAM) ■ Pulse Time Modulation (PTM) ● Pulse Duration Modulation (PDM) ○ Pulse Width Modulation (PWM) ● Pulse Position Modulation (PPM) ● Digital - Pulse Code Modulation (PCM)
SACON 2020 Modulation: pick your parameters Make data appear random (increase entropy of structured data) Support multiple data streams, drop-and-insert Encode changes in data (receiver can be non-coherent) Create signal suitable for uplink Protect integrity of data (corruption from noise on channel) Turn binary into symbols for baseband RF (0/1 → combinations of waves)
SACON 2020 Demodulation: easy when you know Possible to determine if it is scrambled (calculate stats), but what is scrambler? Is it additive or multiplicative? How is it synchronised? Are there multiple streams? How are they multiplexed? Is it differential, or what defines a 0/1? What is the modulation? Symbol rate? Require coherence? What is the phase difference? Need to conjugate complex plane? Which FEC(s) is used? Is it a concentrated code? What is the code rate? What is the block size? How is it synchronised?
SACON 2020 Transmission ● Generate the message from above extracted details (Frequency, Modulation, Bitrate, Sync word, Preamble...) Option 1:- Use a flow graph Option 2: Command Line RF tool
SACON 2020 How Transmitting Works HW Address Sequence Number (other stuff) Layer 3 Frame MAC Frame PHY Frame Preamble Start of Frame Delim. PHY Header CRCMAC Frame API Call Modulation (Maps 1s and 0s to electrical phenomena) (to antenna/RF frontend) Layer 2 (MAC) Layer 1 (PHY) - Matt knight, Marc Newlin
SACON 2020 How Receiving Works HW Address Sequence Number (other stuff) Layer 3 Frame MAC Frame PHY State Machine API Call (from antenna) Layer 2 (MAC) Layer 1 (PHY) - Matt knight, Marc Newlin Present to Layer 2 Check CRC Extract N bits (optional) Inspect PHY Header Wait for Preamble Look for SFD
SACON 2020 GNUradio ● GNU Radio is a framework that enables users to design, simulate, and deploy highly capable real-world radio systems.
SACON 2020 SDR#
SACON 2020 Types of RF Attacks Wardriving Wardriving is type of sniffing that refers to discovering of non-802.11 RF networks. Example: killerbee 802.15.4 framework Replay Attacks Involve retransmitting a previously captured raw PHY-layer payload or the synthesis of a new frame based on decoded data Sniffing The passive observation of wireless network traffic, noteworthy as wireless domain enables truly promiscuous sniffing with no direct physical access. Jamming Can be conducted by transmitting noise within the target network’s RF channel with sufficient bandwidth and power. Evil-twins Attack Standing up a decoy device or rogue access point that mimics trusted infrastructure, such that it tricks victims into connecting into it.
SACON 2020 Replay Attack Replay Attack against PKE system of Cars ● RECORD hackrf_transfer -r 43378000.raw -f 43378000 ● TRANSMIT hackrf_transmit -t 43378000.raw -f 43378000
SACON 2020 Smart Light Demo
SACON 2020 Car Demo
SACON 2020 Safety Features Description Issues prevented LimitationSafety Feature Knowledge of the pairing code allows complete impersonation of a legitimate transmitter. Transmitter and receiver are paired with a (fixed) pairing code, which is used to recognize and accept commands only from known transmitters. Interferences: Multiple transmitters (e.g. of the same model and brand) can work together in the same RF band. 1 Pairing Mechanism Knowledge of the passcode allows anyone to use a transmitter. The operator needs to enter a sequence (passcode) to operate the transmitter. The sequence enables the transmitter and starts the receiver. Unwanted commands and unauthorized operations: Machinery can be controlled only upon entering the correct passcode. 2 Passcode protection RFID and equivalent factors can be stolen or cloned. The transmitter implements an access control model that selectively enables or disables advanced features according to the level of the operator, who is identified using radio frequency identification (RFID) or an equivalent factor. Inexperienced operators who might issue complex commands that could cause injuries. 3 Authorization Knowledge of the out-of-band virtual fencing protocol allows mimicry of it. Transmitter and receiver communicate via an out-of-band channel (e.g., infrared) in addition to RF. When the transmitter is out of range, the receiver does not accept any commands. Machines cannot be operated outside the “virtual fence” created by the out-of-band channel (e.g., the infrared range). 4 Virtual fencing Overview of the safety features implemented in radio remote controllers for industrial applications.
SACON 2020 ADS-B data is not encrypted (broadcast location and altitude information) Recommended Windows Setup: DUMP1090 + Virtual Radar Server ● A vertically polarized antenna tuned to 1090 MHz. ● Software for receiving and decoding ADS-B. ● Software for displaying ADS-B location data. ● (optionally) An LNA and filter for optimizing reception. ADS-B Receiving Guide (Tracking Aircraft)
SACON 2020
SACON 2020 IMSI Catcher In 1996, German company Rohde & Schwarz launched the first IMSI catcher GA090 in Munich. Initial design of IMSI Catcher is to identify the cellphone’s geographic location by instructing the cellphone to transmit IMSI ● IMSI: International Mobile Subscriber Identity ● MCC: Mobile Country Code ● MNC: Mobile Network Code ● MSIN: Mobile Subscriber Identity ● LAC: Location Area Code ● CellId: Unique number to Identity (BTS) within LAC
SACON 2020 Prepare the Test Environment: Install the compilation dependencies: Compile “gr-gsm”: Compile “kalibrate” (choose the version based on your hardware) Scan for Base Station with kal git clone https://github.com/ptrkrysik/gr-gsm.git cd gr-gsm mkdir build cd build cmake .. make sudo make install sudo ldconfig git clone https://github.com/scateu/kalibrate-hackrf.git (for HackRF version) git clone https://github.com/steve-m/kalibrate-rtl.git (for RTL version) cd kalibrate-hackrf ./bootstrap ./configure make sudo make install sudo apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy kal -s GSM900 -g 40 //Scan GSM900 band grgsm_livemon -f 945.4e6 GSM Sniffing with “gr-gsm”
SACON 2020 IMSI Catcher
SACON 2020 Live FM Broadcast rec -c 2 -t wav -r 44000 no.wav
SACON 2020 ● Two types of signal leakage ○ Associate signal quality - short ○ Sniff signal quality - long ● Design to limit leakage is often futile ○ Constantly changing office environment ● Modern APs boast increased power ○ Typical 32mW - 200mW Wireless Signal Leakage
SACON 2020 ● Wireless LAN = Shared Segments ○ Think ‘hub’ architecture ● Passive listening on the network ○ Does not require network access ○ Only physical proximity Assume an attacker can capture your network traffic Information Disclosure Threats
SACON 2020 ● WiFi and Bluetooth networks broadcast preferred networks ● Anyone can capture these network names or MAC addresses ● Used to compromise privacy Anonymity Attacks
SACON 2020 Case study: EM-Sense
SACON 2020 Case study: EM-Sense EM-SENSE: FREQUENTLY ASKED QUESTIONS ● Does every object have an electromagnetic signature... even if it's not electric? Is this because it picks up on our own human electricity or what? ● Do similar objects (e.g., similar cameras, but different model) have similar EM signatures?
SACON 2020 ● Don’t just follow hackers ○ Vendors ■ Security Teams ■ Software Engineers ■ Products ■ Security Tools ■ Hardware Engineers ● Pentester Academy, CWNPs and Offensive Security (OSWP) Certifications ● Lots of noise when you search WIFI Hacking or Wireless Hacking ○ be specific (MITM, Packet Parsing, handshakes, hacking) WiFi Knowledge
SACON 2020 ● Just get a freaking HAM License ○ please ○ it will help trying to “work around” transmissions ● RTL-SDR Blog ○ lots of great articles ● HackRF Michael Ossmann Class ● FCC and AARL site SDR Knowledge
SACON 2020 ● The reasons that BT hack is not working for you ○ It was made for that exact chipset ○ It was for that exact keyboard/speaker/mouse ○ It was written for that exact OS with those driver and software versions ○ It was made for a different version of BT. ● The BT 1.0 that that tool or hack was written for is not the same ● BT that's in the BT4.3 LE padlock you are trying to hack today ● I don’t claim to know all the BlueTooth it is still hard for me to do ● You gotta do some reading ○ https://www.bluetooth.com/specifications/bluetooth-core-specification Bluetooth Knowledge
SACON 2020 ● Design and implement proper security mechanisms and provide secure firmware upgrades to existing devices. ● Continue to build on open, well-known, standard protocols such as Bluetooth Low Energy which offers security by design as part of the protocol. ● Consider future evolutions or iterations when designing next-generation systems. Vendor Should:
SACON 2020 ● Be aware of the basics of the technology. ● Keep computers properly secured and up to date. ● Consider next-generation products System Integrators and client should:
SACON 2020 ● Wasabi (Bsides DC) ● Trend Micro ● Michael Ossmann ● SANS Institute ● Matt Ettus ● Ben Hilburn ● EM-Sense (Disney Research) ● Carnegie Mellon University References
SACON 2020 Thanks Slide Harshit Agrawal (@harshitnic) harshit.nic@gmail.com

Recommended

(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe NetworksPriyanka Aash
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshopPriyanka Aash
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcrosssteve shaw-cross
 
FIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An Overview
FIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An OverviewFIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An Overview
FIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An OverviewFIWARE
 

Recommended

(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe NetworksPriyanka Aash
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshopPriyanka Aash
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcrosssteve shaw-cross
 
FIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An Overview
FIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An OverviewFIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An Overview
FIWARE Global Summit - Connecting Sensors to FIWARE with IDAS: An OverviewFIWARE
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and BeyondPriyanka Aash
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksPriyanka Aash
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...Priyanka Aash
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
Cisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideCisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideAlberto Rivai
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusRassul Ismailov
 
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessmentToo soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Canada
 
Moby SIG Orchestration Security Summit Presentation
Moby SIG Orchestration Security Summit PresentationMoby SIG Orchestration Security Summit Presentation
Moby SIG Orchestration Security Summit PresentationDiogo Mónica
 
VPN
VPNVPN
VPNSwarup Kumar Mall
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Enhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortEnhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortYaashan Raj
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth SmartOWASP
 
Telecommunications Concentration
Telecommunications ConcentrationTelecommunications Concentration
Telecommunications ConcentrationWomen in Electrical and Computer Engineering at Georgia Tech
 
IRJET- Power Line Carrier Communication
IRJET- Power Line Carrier CommunicationIRJET- Power Line Carrier Communication
IRJET- Power Line Carrier CommunicationIRJET Journal
 

More Related Content

What's hot

(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and BeyondPriyanka Aash
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksPriyanka Aash
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...Priyanka Aash
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
Cisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideCisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideAlberto Rivai
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusRassul Ismailov
 
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessmentToo soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Canada
 
Moby SIG Orchestration Security Summit Presentation
Moby SIG Orchestration Security Summit PresentationMoby SIG Orchestration Security Summit Presentation
Moby SIG Orchestration Security Summit PresentationDiogo Mónica
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Enhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortEnhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortYaashan Raj
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth SmartOWASP
 

What's hot (20)

(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bell
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne Cyberattacks
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019
 
Cisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideCisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config Guide
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk Phantom
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
 
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessmentToo soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessment
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of Attack
 
Moby SIG Orchestration Security Summit Presentation
Moby SIG Orchestration Security Summit PresentationMoby SIG Orchestration Security Summit Presentation
Moby SIG Orchestration Security Summit Presentation
 
VPN
VPNVPN
VPN
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Enhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snortEnhancing traffic analysis with elk and snort
Enhancing traffic analysis with elk and snort
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth Smart
 

Similar to (SACON) Harshit Agrawal - On The Wings of Time: Past, Present and Future of Radio Communication

IRJET- Power Line Carrier Communication
IRJET- Power Line Carrier CommunicationIRJET- Power Line Carrier Communication
IRJET- Power Line Carrier CommunicationIRJET Journal
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015CODE BLUE
 
IRJET - Software-Defined Radio using ‘Redpitaya’
IRJET - Software-Defined Radio using ‘Redpitaya’IRJET - Software-Defined Radio using ‘Redpitaya’
IRJET - Software-Defined Radio using ‘Redpitaya’IRJET Journal
 
ATEI PII SBIR Proj Description 5 Feb 2013
ATEI PII SBIR Proj Description 5 Feb 2013ATEI PII SBIR Proj Description 5 Feb 2013
ATEI PII SBIR Proj Description 5 Feb 2013Frank Lucchesi
 
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Gilles Callebaut
 
LORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEMLORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEMIRJET Journal
 
CDMA 2000 Principle Issue4.0
CDMA 2000 Principle Issue4.0CDMA 2000 Principle Issue4.0
CDMA 2000 Principle Issue4.0Tempus Telcosys
 
digitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdf
digitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdfdigitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdf
digitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdfSaraSwas
 
LTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUES
LTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUESLTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUES
LTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Computer Interface for Electroluminescence (EL)
Computer Interface for Electroluminescence (EL)Computer Interface for Electroluminescence (EL)
Computer Interface for Electroluminescence (EL)Editor IJCATR
 
Multiband Transceivers - [Chapter 5] Software-Defined Radios
Multiband Transceivers - [Chapter 5] Software-Defined RadiosMultiband Transceivers - [Chapter 5] Software-Defined Radios
Multiband Transceivers - [Chapter 5] Software-Defined RadiosSimen Li
 
Implementation of Algorithms For Multi-Channel Digital Monitoring Receiver
Implementation of Algorithms For Multi-Channel Digital Monitoring ReceiverImplementation of Algorithms For Multi-Channel Digital Monitoring Receiver
Implementation of Algorithms For Multi-Channel Digital Monitoring ReceiverIOSR Journals
 
IRJET - Robovac(Cleaning Robot)
IRJET - Robovac(Cleaning Robot)IRJET - Robovac(Cleaning Robot)
IRJET - Robovac(Cleaning Robot)IRJET Journal
 
Mobile CDS - mmW / LTE Simulator - Mobile CAD
Mobile CDS - mmW / LTE Simulator - Mobile CADMobile CDS - mmW / LTE Simulator - Mobile CAD
Mobile CDS - mmW / LTE Simulator - Mobile CADDr. Edwin Hernandez
 
transforming-wireless-system-design-with-matlab-and-ni.pdf
transforming-wireless-system-design-with-matlab-and-ni.pdftransforming-wireless-system-design-with-matlab-and-ni.pdf
transforming-wireless-system-design-with-matlab-and-ni.pdfJunaidKhan188662
 

Similar to (SACON) Harshit Agrawal - On The Wings of Time: Past, Present and Future of Radio Communication (20)

Telecommunications Concentration
Telecommunications ConcentrationTelecommunications Concentration
Telecommunications Concentration
 
IRJET- Power Line Carrier Communication
IRJET- Power Line Carrier CommunicationIRJET- Power Line Carrier Communication
IRJET- Power Line Carrier Communication
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
 
PON testing.pdf
PON testing.pdfPON testing.pdf
PON testing.pdf
 
IRJET - Software-Defined Radio using ‘Redpitaya’
IRJET - Software-Defined Radio using ‘Redpitaya’IRJET - Software-Defined Radio using ‘Redpitaya’
IRJET - Software-Defined Radio using ‘Redpitaya’
 
ATEI PII SBIR Proj Description 5 Feb 2013
ATEI PII SBIR Proj Description 5 Feb 2013ATEI PII SBIR Proj Description 5 Feb 2013
ATEI PII SBIR Proj Description 5 Feb 2013
 
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...
 
LORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEMLORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEM
 
Nb iot presentation
Nb iot presentationNb iot presentation
Nb iot presentation
 
CDMA 2000 Principle Issue4.0
CDMA 2000 Principle Issue4.0CDMA 2000 Principle Issue4.0
CDMA 2000 Principle Issue4.0
 
digitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdf
digitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdfdigitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdf
digitalmicrowavecommunicationprinciples-131014163928-phpapp02 (1).pdf
 
LoRa vs NB-IoT
LoRa vs NB-IoT LoRa vs NB-IoT
LoRa vs NB-IoT
 
Mobile CDS LTE Simulation Demo
Mobile CDS LTE Simulation Demo Mobile CDS LTE Simulation Demo
Mobile CDS LTE Simulation Demo
 
LTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUES
LTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUESLTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUES
LTE-Network-Planning-Huawei-Technologies EMERSON EDUARDO RODRIGUES
 
Computer Interface for Electroluminescence (EL)
Computer Interface for Electroluminescence (EL)Computer Interface for Electroluminescence (EL)
Computer Interface for Electroluminescence (EL)
 
Multiband Transceivers - [Chapter 5] Software-Defined Radios
Multiband Transceivers - [Chapter 5] Software-Defined RadiosMultiband Transceivers - [Chapter 5] Software-Defined Radios
Multiband Transceivers - [Chapter 5] Software-Defined Radios
 
Implementation of Algorithms For Multi-Channel Digital Monitoring Receiver
Implementation of Algorithms For Multi-Channel Digital Monitoring ReceiverImplementation of Algorithms For Multi-Channel Digital Monitoring Receiver
Implementation of Algorithms For Multi-Channel Digital Monitoring Receiver
 
IRJET - Robovac(Cleaning Robot)
IRJET - Robovac(Cleaning Robot)IRJET - Robovac(Cleaning Robot)
IRJET - Robovac(Cleaning Robot)
 
Mobile CDS - mmW / LTE Simulator - Mobile CAD
Mobile CDS - mmW / LTE Simulator - Mobile CADMobile CDS - mmW / LTE Simulator - Mobile CAD
Mobile CDS - mmW / LTE Simulator - Mobile CAD
 
transforming-wireless-system-design-with-matlab-and-ni.pdf
transforming-wireless-system-design-with-matlab-and-ni.pdftransforming-wireless-system-design-with-matlab-and-ni.pdf
transforming-wireless-system-design-with-matlab-and-ni.pdf
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

(SACON) Harshit Agrawal - On The Wings of Time: Past, Present and Future of Radio Communication

  • 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur On the Wings of Time: Past, Present and Future of Radio Communication Hacking Harshit Agrawal @harshitnic
  • 2. SACON 2020 ● IoT: Transformational Impact across Verticals ● RF Fundamentals ● Joys of the Past ● Current status of Industry & Sutra for Mitigation ● A glimpse of the Future ● Case Study and Demos ● Reference and Learning Agenda
  • 3. SACON 2020 ● This is for people who are: ○ Just starting out ○ Thought WIFI hacking was cool ○ Saw a few HAK5 videos and wants to get started ○ Saw a DEFCON Video on Wireless Stuff ● You need to know, how a thing works to defeat a thing. ○ It’s not just about the hack ○ If you don't know what its is doing and why it's doing it you won’t know why your attack did not work ○ Fundamentals but for the purpose of pulling it apart ● Pay attention to dates and specifics ○ There is so much white noise and outdated info on the internet ○ Then there is stuff that is older and still good information Intro
  • 4. SACON 2020 IoT: Transformational Impact across Vertical Sectors
  • 5. SACON 2020 Internet of Things Model 1 Controlling Device Smartphone, tablets and other smart devices can control all types of “things” 3 Global Network Most “things” connected to the Internet, except for power grids or classified government systems 5 Things “Things” can be remotely controlled or viewed, and they can send telemetry for analysis. 2 Cloud Service Cloud services provide the repository and access control between the “things” and its controller. 4 Local Network This may be a controller area network (CAN) in connected cars, a local network in homes, etc
  • 6. SACON 2020 IoT Security Challenges - A perspective Security Challenges?! ● Long IoT Device Lifetime ○ High effort to update devices in the field ○ Outdated security mechanisms needed or legacy devices. ● Badly maintained IoT devices ○ How many users really care as long as it works? ● Signaling Storms ○ Normal IoT device signaling footprint will often be low.
  • 7. SACON 2020 Why Focus on RF Security?
  • 8. SACON 2020 History 1984: “Software Radio” Coined by E-Systems 1995: “The Software Radio Architecture” Article published in IEEE Communications Magazine Earned Mitola the nickname “The Godfather of Software Radio” 2001: GNU Radio Project is Founded 2006: First USRP Released First programmable & general purpose SDR available publicly. 2011: RTL-SDR Explosion
  • 9. SACON 2020 Processing is defined by programmed algorithms, not HW. (‘Software-Defined Radio’ [SDR] is the same thing) History
  • 10. SACON 2020 ● Using SDR to replace most of Hardware for implementation of Radio Networking ● SDR can act as VSAs when connected to a computer ● Implementation as SoC (System on a Chip) ● Higher end SDRs have FPGAs for on-board DSP ● Most signal processing and all display functions take place in external computer, e.g., using GNU Radio ● Shuttles RF I/Q Samples to DSP or host SDR as Spectrum Analyser
  • 12. SACON 2020 What are the Trade-off? Your budget may allow you to buy one of these (Vector Signal Analyzer) Using a single well-equipped device measuring one location at a time 20 of these (SDR + single board computer) A network of configurable low-cost sensors spread over a wide geographical area. Versus
  • 13. SACON 2020 Inside the Radio Wave Spectrum 3 KHz 1 GHz 3 GHz 4 GHz 5 GHz 2 GHz AM Radio 2.4 GHz band Used by more than 300 consumer devices, including microwave ovens, cordless phones and wireless networks (WiFi and Bluetooth) Broadcast TV Garage Door Openers Door Openers Auctioned Spectrum Cell Phones Global Positioning System Wireless Medical Telemetry GSM Network Satellite Radio Weather Radar Cable TV Satellite Transmissions Highway Toll Tags 5 GHz WiFi Network Security Alarms Most of the white area of this band is reserved for military, federal government and industry use
  • 14. SACON 2020 Importance of Frequency selection
  • 15. SACON 2020 ● Depending on their size, the radio wave loses energy every time it passes through a medium ● Subject to Electromagnetic Interference (EMI) ● The higher the frequency, they more likely there will be interference and distortion ● Ground Waves vs Skywaves vs Line of Sight (LOS) ○ Atmospheric Conditions, Reflection (Scatter), Refraction, Absorption ● Line of Sight & Path Loss ○ (signal strength)20log(4[pi][r]/lambda) == Ptx/Prx (Ptx > Prx) Ptx is sometimes called budget RF Propagation & Interference
  • 16. SACON 2020 PHY Layer ● Lowest layer in communication stack ● In wired protocols: voltage, timing, and wiring defining 1s and 0s ● In wireless: patterns of energy being sent over RF medium
  • 17. SACON 2020 ● Humans analyze complex signals (audio, images) in terms of their sinusoidal components ● we can build instruments that “resonate” at one or multiple frequencies (tuning fork vs piano) ● the “frequency domain” seems to be as important as the time domain Python code The intuition
  • 18. SACON 2020 can we decompose any signal into sinusoidal elements? yes, and Fourier showed us how to do it exactly! Fundamental question Analysis ● from time domain to frequency domain ● find the contribution of different frequencies ● discover “hidden” signal properties Synthesis ● from frequency domain to time domain ● create signal with known frequency content ● fit signals to specific frequency regions
  • 19. SACON 2020 ● we can use complex numbers in digital systems, so why not? ● it makes sense: every sinusoid can always be written as a sum of sine and cosine ● math is simpler: trigonometry becomes algebra Example: change the phase of a pure cosine with complex exponentials ● sine and cosine “live” together ● phase shift is simple multiplication ● notation is simpler The advantages of complex exponentials
  • 20. SACON 2020 Initial Profiling of our Device ● What does our device do in normal operation? ● How do they connect? ● Determining the frequency?
  • 21. SACON 2020 Phases of RF Attacks Frequency Transmission Information Gathering Modulation
  • 22. SACON 2020 Information Gathering ● A good starting point – if you have some luck –search for the FCC ID: ● https://www.fcc.gov/general/fcc-id- search-page ● Demo: https://fccid.io/Y8PFJ17-1
  • 23. SACON 2020 Information extracted from FCC ● FCC also publishes internal images, external images, user manuals, and test results for wireless devices.
  • 24. SACON 2020 Frequency Use a Spectrum Analyzer (GQRX) ● FFT plot and waterfall ● Record and Playback ● Special FM mode for NOAA APT ● Basic Remote Control through TCP
  • 25. SACON 2020 Modulation ● Modulation is like hiding a code inside a carrier wave ● Representing digital data as variations in the carrier wave. Source:Attify Inc
  • 26. SACON 2020 Modulation ● Carrier Wave ○ Amplitude Modulation (AM) ■ On/Off Keying (OOK) ● Angle Modulation ○ Frequency Modulation (FM) ■ Frequency Shift Keying (FSK) ■ Multiple FSK (MFSK) ■ Code Division Multiple Access (CDMA) ] ■ Time Division Multiple Access (TDMA) ○ Phase Shift Modulation (PSM) ■ Phase Shift Keying (PSK) ■ Bi-Phase Shift Keying (BPSK) ■ Quadrature Phase Shift Keying (QPSK) ■ Quadrature Amplitude Modulation (QAM) ● Pulse Modulation ○ Analog ■ Pulse Analog Modulation (PAM) ■ Pulse Time Modulation (PTM) ● Pulse Duration Modulation (PDM) ○ Pulse Width Modulation (PWM) ● Pulse Position Modulation (PPM) ● Digital - Pulse Code Modulation (PCM)
  • 27. SACON 2020 Modulation: pick your parameters Make data appear random (increase entropy of structured data) Support multiple data streams, drop-and-insert Encode changes in data (receiver can be non-coherent) Create signal suitable for uplink Protect integrity of data (corruption from noise on channel) Turn binary into symbols for baseband RF (0/1 → combinations of waves)
  • 28. SACON 2020 Demodulation: easy when you know Possible to determine if it is scrambled (calculate stats), but what is scrambler? Is it additive or multiplicative? How is it synchronised? Are there multiple streams? How are they multiplexed? Is it differential, or what defines a 0/1? What is the modulation? Symbol rate? Require coherence? What is the phase difference? Need to conjugate complex plane? Which FEC(s) is used? Is it a concentrated code? What is the code rate? What is the block size? How is it synchronised?
  • 29. SACON 2020 Transmission ● Generate the message from above extracted details (Frequency, Modulation, Bitrate, Sync word, Preamble...) Option 1:- Use a flow graph Option 2: Command Line RF tool
  • 30. SACON 2020 How Transmitting Works HW Address Sequence Number (other stuff) Layer 3 Frame MAC Frame PHY Frame Preamble Start of Frame Delim. PHY Header CRCMAC Frame API Call Modulation (Maps 1s and 0s to electrical phenomena) (to antenna/RF frontend) Layer 2 (MAC) Layer 1 (PHY) - Matt knight, Marc Newlin
  • 31. SACON 2020 How Receiving Works HW Address Sequence Number (other stuff) Layer 3 Frame MAC Frame PHY State Machine API Call (from antenna) Layer 2 (MAC) Layer 1 (PHY) - Matt knight, Marc Newlin Present to Layer 2 Check CRC Extract N bits (optional) Inspect PHY Header Wait for Preamble Look for SFD
  • 32. SACON 2020 GNUradio ● GNU Radio is a framework that enables users to design, simulate, and deploy highly capable real-world radio systems.
  • 34. SACON 2020 Types of RF Attacks Wardriving Wardriving is type of sniffing that refers to discovering of non-802.11 RF networks. Example: killerbee 802.15.4 framework Replay Attacks Involve retransmitting a previously captured raw PHY-layer payload or the synthesis of a new frame based on decoded data Sniffing The passive observation of wireless network traffic, noteworthy as wireless domain enables truly promiscuous sniffing with no direct physical access. Jamming Can be conducted by transmitting noise within the target network’s RF channel with sufficient bandwidth and power. Evil-twins Attack Standing up a decoy device or rogue access point that mimics trusted infrastructure, such that it tricks victims into connecting into it.
  • 35. SACON 2020 Replay Attack Replay Attack against PKE system of Cars ● RECORD hackrf_transfer -r 43378000.raw -f 43378000 ● TRANSMIT hackrf_transmit -t 43378000.raw -f 43378000
  • 38. SACON 2020 Safety Features Description Issues prevented LimitationSafety Feature Knowledge of the pairing code allows complete impersonation of a legitimate transmitter. Transmitter and receiver are paired with a (fixed) pairing code, which is used to recognize and accept commands only from known transmitters. Interferences: Multiple transmitters (e.g. of the same model and brand) can work together in the same RF band. 1 Pairing Mechanism Knowledge of the passcode allows anyone to use a transmitter. The operator needs to enter a sequence (passcode) to operate the transmitter. The sequence enables the transmitter and starts the receiver. Unwanted commands and unauthorized operations: Machinery can be controlled only upon entering the correct passcode. 2 Passcode protection RFID and equivalent factors can be stolen or cloned. The transmitter implements an access control model that selectively enables or disables advanced features according to the level of the operator, who is identified using radio frequency identification (RFID) or an equivalent factor. Inexperienced operators who might issue complex commands that could cause injuries. 3 Authorization Knowledge of the out-of-band virtual fencing protocol allows mimicry of it. Transmitter and receiver communicate via an out-of-band channel (e.g., infrared) in addition to RF. When the transmitter is out of range, the receiver does not accept any commands. Machines cannot be operated outside the “virtual fence” created by the out-of-band channel (e.g., the infrared range). 4 Virtual fencing Overview of the safety features implemented in radio remote controllers for industrial applications.
  • 39. SACON 2020 ADS-B data is not encrypted (broadcast location and altitude information) Recommended Windows Setup: DUMP1090 + Virtual Radar Server ● A vertically polarized antenna tuned to 1090 MHz. ● Software for receiving and decoding ADS-B. ● Software for displaying ADS-B location data. ● (optionally) An LNA and filter for optimizing reception. ADS-B Receiving Guide (Tracking Aircraft)
  • 41. SACON 2020 IMSI Catcher In 1996, German company Rohde & Schwarz launched the first IMSI catcher GA090 in Munich. Initial design of IMSI Catcher is to identify the cellphone’s geographic location by instructing the cellphone to transmit IMSI ● IMSI: International Mobile Subscriber Identity ● MCC: Mobile Country Code ● MNC: Mobile Network Code ● MSIN: Mobile Subscriber Identity ● LAC: Location Area Code ● CellId: Unique number to Identity (BTS) within LAC
  • 42. SACON 2020 Prepare the Test Environment: Install the compilation dependencies: Compile “gr-gsm”: Compile “kalibrate” (choose the version based on your hardware) Scan for Base Station with kal git clone https://github.com/ptrkrysik/gr-gsm.git cd gr-gsm mkdir build cd build cmake .. make sudo make install sudo ldconfig git clone https://github.com/scateu/kalibrate-hackrf.git (for HackRF version) git clone https://github.com/steve-m/kalibrate-rtl.git (for RTL version) cd kalibrate-hackrf ./bootstrap ./configure make sudo make install sudo apt-get install git cmake libboost-all-dev libcppunit-dev swig doxygen liblog4cpp5-dev python-scipy kal -s GSM900 -g 40 //Scan GSM900 band grgsm_livemon -f 945.4e6 GSM Sniffing with “gr-gsm”
  • 44. SACON 2020 Live FM Broadcast rec -c 2 -t wav -r 44000 no.wav
  • 45. SACON 2020 ● Two types of signal leakage ○ Associate signal quality - short ○ Sniff signal quality - long ● Design to limit leakage is often futile ○ Constantly changing office environment ● Modern APs boast increased power ○ Typical 32mW - 200mW Wireless Signal Leakage
  • 46. SACON 2020 ● Wireless LAN = Shared Segments ○ Think ‘hub’ architecture ● Passive listening on the network ○ Does not require network access ○ Only physical proximity Assume an attacker can capture your network traffic Information Disclosure Threats
  • 47. SACON 2020 ● WiFi and Bluetooth networks broadcast preferred networks ● Anyone can capture these network names or MAC addresses ● Used to compromise privacy Anonymity Attacks
  • 49. SACON 2020 Case study: EM-Sense EM-SENSE: FREQUENTLY ASKED QUESTIONS ● Does every object have an electromagnetic signature... even if it's not electric? Is this because it picks up on our own human electricity or what? ● Do similar objects (e.g., similar cameras, but different model) have similar EM signatures?
  • 50. SACON 2020 ● Don’t just follow hackers ○ Vendors ■ Security Teams ■ Software Engineers ■ Products ■ Security Tools ■ Hardware Engineers ● Pentester Academy, CWNPs and Offensive Security (OSWP) Certifications ● Lots of noise when you search WIFI Hacking or Wireless Hacking ○ be specific (MITM, Packet Parsing, handshakes, hacking) WiFi Knowledge
  • 51. SACON 2020 ● Just get a freaking HAM License ○ please ○ it will help trying to “work around” transmissions ● RTL-SDR Blog ○ lots of great articles ● HackRF Michael Ossmann Class ● FCC and AARL site SDR Knowledge
  • 52. SACON 2020 ● The reasons that BT hack is not working for you ○ It was made for that exact chipset ○ It was for that exact keyboard/speaker/mouse ○ It was written for that exact OS with those driver and software versions ○ It was made for a different version of BT. ● The BT 1.0 that that tool or hack was written for is not the same ● BT that's in the BT4.3 LE padlock you are trying to hack today ● I don’t claim to know all the BlueTooth it is still hard for me to do ● You gotta do some reading ○ https://www.bluetooth.com/specifications/bluetooth-core-specification Bluetooth Knowledge
  • 53. SACON 2020 ● Design and implement proper security mechanisms and provide secure firmware upgrades to existing devices. ● Continue to build on open, well-known, standard protocols such as Bluetooth Low Energy which offers security by design as part of the protocol. ● Consider future evolutions or iterations when designing next-generation systems. Vendor Should:
  • 54. SACON 2020 ● Be aware of the basics of the technology. ● Keep computers properly secured and up to date. ● Consider next-generation products System Integrators and client should:
  • 55. SACON 2020 ● Wasabi (Bsides DC) ● Trend Micro ● Michael Ossmann ● SANS Institute ● Matt Ettus ● Ben Hilburn ● EM-Sense (Disney Research) ● Carnegie Mellon University References
  • 56. SACON 2020 Thanks Slide Harshit Agrawal (@harshitnic) harshit.nic@gmail.com