This document summarizes a student project to create a wireless drone network. The goals were to use drones and base stations to efficiently search large areas and provide backup cell service. Key elements included a secondary drone for video streaming, a primary drone for routing video over multiple hops, and base stations for control and modulation. The project encountered difficulties with incompatible software, configuration issues, and hardware assembly. Overall it provided valuable experience with wireless networking concepts and protocols despite challenges in implementation. Lessons learned included the importance of thorough planning, documentation, and learning from past projects.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
DPDK Summit 2015 in San Francisco.
Intel's presentation by Keith Wiles.
For additional details and the video recording please visit www.dpdksummit.com.
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
Recent trends have led to the erosion of the security perimeter and increasingly attackers are gaining operational footprints on the network interior. For more information, please visit our website: http://www.cisco.com/web/CA/index.html
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
DPDK Summit 2015 in San Francisco.
NTT presentation by Yoshihiro Nakajima.
For additional details and the video recording please visit www.dpdksummit.com.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
DPDK Summit 2015 in San Francisco.
Intel's presentation by Keith Wiles.
For additional details and the video recording please visit www.dpdksummit.com.
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
Recent trends have led to the erosion of the security perimeter and increasingly attackers are gaining operational footprints on the network interior. For more information, please visit our website: http://www.cisco.com/web/CA/index.html
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
DPDK Summit 2015 in San Francisco.
NTT presentation by Yoshihiro Nakajima.
For additional details and the video recording please visit www.dpdksummit.com.
DPDK Summit 2015 - Intro - Tim O'DriscollJim St. Leger
DPDK Summit 2015 in San Francisco.
Introductory comments and kick-off by Tim O'Driscoll, Intel.
For additional details and the video recording please visit www.dpdksummit.com.
Packet processing in the fast path involves looking up bit patterns and deciding on an actions at line rate. The complexity of these functions at Line Rate, have been traditionally handled by ASICs and NPUs. However with the availability of faster and cheaper CPUs and hardware/software accelerations, it is possible to move these functions onto commodity hardware. This tutorial will talk about the various building blocks available to speed up packet processing both hardware based e.g. SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK, Fd.io/VPP, OVS etc and give hands on lab experience on DPDK and fd.io fast path look up with following sessions. 1: Introduction to Building blocks: Sujata Tibrewala
Linux Native, HTTP Aware Network SecurityThomas Graf
Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel itself, Cilium security policies can be applied and updated without any changes to the application code or container configuration.
Rumba is a Python framework that allows users to write Python scripts to define RINA networks and run scripted experiments. First, Rumba, creates a physical network on one of the selected testbed. If needed, Rumba can do an installation of the RINA prototype on the testbed machines. The RINA network is then bootstrapped on the available nodes. Finally, the experiment can be swapped out of the testbed.
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
Venky Venkatesan presents information on the Data Plane Development Kit (DPDK) including an overview, background, methodology, and future direction and developments.
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.
The presentation introduces to local ethernet networks. Explains physical and data link OSI layers of ethernet networks. Few fundamental terms are also explained:
- duplex and half duplex communication
- collision domain
- ethernet switch logic
- VLAN tags
Kernel Recipes 2013 - Nftables, what motivations and what solutionsAnne Nicolas
Iptables and Netfilter were introduced in 2001 along with Linux 2.4 as the full layer for firewall. The functionalities and the codes changed quite a lot during this decade, but nothing like what has been done with nftables.
The motivation for this change is to overcome the limitations of iptables that was beginning to date both foncionnal level and in the code design: problem with the system update rules (very expensive when the number of rules increases which has become a problem to manage not static rules), code duplication, problematic for code maintenance and users.
Nftables is a replacement for iptables that has been developed since 2008 by Patri ck McHardy who is the head of the Netfilter project. After a period of sleep, the developments around the project resumed in 2012 and a team of developers was formed and is working on the project.
Nftables solves the problem of updates performance using a communication message between the kernel and user space. Infrastructure Netlink was used because it is the basis of the latest major Netfilter developments.
The most notable changes:
incremental update and atomic rules guaranteeing the performance and consistency of the set of rules
expression of the rules using a pseudo machine for avoiding complex operations of writing core modules and additional extensions
Nftables exceeds the limitations of iptables and brings news that should resolve elegant and efficient way many problems. The work is already significant and only the high-level library has not yet been developed. Given the remaining work, the first official release is planned for late 2013.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
This talk will provide an introduction to injection options of Envoy and then deep dive into ongoing Linux kernel work that enables injecting Envoy while introducing as little latency as possible.
The servicemesh and the sidecar proxy model are on a steep trajectory to redefine many networking and security use cases. This talk explains and demos a new socket redirect Linux kernel technology that allows running Envoy with similar performance as if the sidecar was linked to the application using a UNIX domain socket. The talk will also give an outlook on how Envoy can use the recently merged kernel TLS functionality to gain access to the clear text payload transparently for end to end encrypted applications without requiring to decrypt and re-encrypt any data to further reduce the overhead and latency.
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
The use of embedded and removable card universal flash storage (UFS) in the fast-moving mobile market is growing, and designers are looking for ways to accelerate their design development and verification process. In this presentation, Rui Terra of Synopsys describes how using FPGA-based prototyping systems with pre-verified UFS and UniPro IP reference designs enable designers to easily develop their required software, test their device’s interoperability and ensure compliance.
DPDK Summit 2015 - Intro - Tim O'DriscollJim St. Leger
DPDK Summit 2015 in San Francisco.
Introductory comments and kick-off by Tim O'Driscoll, Intel.
For additional details and the video recording please visit www.dpdksummit.com.
Packet processing in the fast path involves looking up bit patterns and deciding on an actions at line rate. The complexity of these functions at Line Rate, have been traditionally handled by ASICs and NPUs. However with the availability of faster and cheaper CPUs and hardware/software accelerations, it is possible to move these functions onto commodity hardware. This tutorial will talk about the various building blocks available to speed up packet processing both hardware based e.g. SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK, Fd.io/VPP, OVS etc and give hands on lab experience on DPDK and fd.io fast path look up with following sessions. 1: Introduction to Building blocks: Sujata Tibrewala
Linux Native, HTTP Aware Network SecurityThomas Graf
Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel itself, Cilium security policies can be applied and updated without any changes to the application code or container configuration.
Rumba is a Python framework that allows users to write Python scripts to define RINA networks and run scripted experiments. First, Rumba, creates a physical network on one of the selected testbed. If needed, Rumba can do an installation of the RINA prototype on the testbed machines. The RINA network is then bootstrapped on the available nodes. Finally, the experiment can be swapped out of the testbed.
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
Venky Venkatesan presents information on the Data Plane Development Kit (DPDK) including an overview, background, methodology, and future direction and developments.
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.
The presentation introduces to local ethernet networks. Explains physical and data link OSI layers of ethernet networks. Few fundamental terms are also explained:
- duplex and half duplex communication
- collision domain
- ethernet switch logic
- VLAN tags
Kernel Recipes 2013 - Nftables, what motivations and what solutionsAnne Nicolas
Iptables and Netfilter were introduced in 2001 along with Linux 2.4 as the full layer for firewall. The functionalities and the codes changed quite a lot during this decade, but nothing like what has been done with nftables.
The motivation for this change is to overcome the limitations of iptables that was beginning to date both foncionnal level and in the code design: problem with the system update rules (very expensive when the number of rules increases which has become a problem to manage not static rules), code duplication, problematic for code maintenance and users.
Nftables is a replacement for iptables that has been developed since 2008 by Patri ck McHardy who is the head of the Netfilter project. After a period of sleep, the developments around the project resumed in 2012 and a team of developers was formed and is working on the project.
Nftables solves the problem of updates performance using a communication message between the kernel and user space. Infrastructure Netlink was used because it is the basis of the latest major Netfilter developments.
The most notable changes:
incremental update and atomic rules guaranteeing the performance and consistency of the set of rules
expression of the rules using a pseudo machine for avoiding complex operations of writing core modules and additional extensions
Nftables exceeds the limitations of iptables and brings news that should resolve elegant and efficient way many problems. The work is already significant and only the high-level library has not yet been developed. Given the remaining work, the first official release is planned for late 2013.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
This talk will provide an introduction to injection options of Envoy and then deep dive into ongoing Linux kernel work that enables injecting Envoy while introducing as little latency as possible.
The servicemesh and the sidecar proxy model are on a steep trajectory to redefine many networking and security use cases. This talk explains and demos a new socket redirect Linux kernel technology that allows running Envoy with similar performance as if the sidecar was linked to the application using a UNIX domain socket. The talk will also give an outlook on how Envoy can use the recently merged kernel TLS functionality to gain access to the clear text payload transparently for end to end encrypted applications without requiring to decrypt and re-encrypt any data to further reduce the overhead and latency.
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
The use of embedded and removable card universal flash storage (UFS) in the fast-moving mobile market is growing, and designers are looking for ways to accelerate their design development and verification process. In this presentation, Rui Terra of Synopsys describes how using FPGA-based prototyping systems with pre-verified UFS and UniPro IP reference designs enable designers to easily develop their required software, test their device’s interoperability and ensure compliance.
El aborto es un “crimen abominable” que viola el derecho fundamental a la vida del ya engendrado y no nacido, y configura un grave desorden moral que involucra a quienes a ciencia y conciencia intervienen en este hecho
The TMS320C6472 DSP is a six-core, fixed-point DSP from Texas instrument and two of these are integrated onto the Sundance EVP6472. Each DSP Core is a 700MHz DSP and can used for a many applications, requiring Embedded DSP Processing
In this slide deck we cover:
- Understanding the relationship between OFDM theory and practice
- Starting from a Matlab script through to automatic HDL code/bitstream generation
- Introduction to Nutaq’s PicoSDR hardware and software
- Creating host applications to exchange data with the PicoSDR in real-time
OSINT RF Reverse Engineering by Marc NewlinEC-Council
IoT devices frequently include obscure RF transceivers with little or no documentation, which can hinder the reverse engineering research process. Fortunately, regulatory bodies like the United States’ FCC contain a wealth of useful information.
In order to certify wireless devices for sale in different markets, manufacturers must submit their products to test labs which evaluate the behavior of their RF emissions. The test reports often contain detailed physical layer operating characteristics, including RF channels, modulation, and frequency hopping behavior.
By translating regulatory test reports into GNU Radio flow graphs, a researcher is able to focus their efforts on understanding packet formats and protocol behavior instead of grinding away at the physical layer. In this talk, I will discuss the techniques I used while researching the MouseJack vulnerabilities, which allowed me to expedite the process of evaluating a large number of vulnerable devices.
Talk Outline
Overview of various regulatory bodies (FCC, KCC/MSIP, IC, etc), and the data they make publicly available
Discussion of the official and third party tools to query regulatory bodies for specific device information
Using internal device photos from regulatory bodies to identify transceiver part numbers
Using test reports to identify physical layer operating characteristics
Building a GNU Radio flow graph based on information gathered from regulatory test reports or transceiver spec sheets
Sniffing device traffic, inferring operating behavior, and building out a model of the device communication protocol
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
4. Real Life Scenario
Problem Statements:
• Be able to search larger areas more efficiently
(Conducting SAR’s )
• Locate lost hiker in Yosemite park
• A need for quick cell tower coverage back up
for an entire disaster area
5. Objective
• Create an environment for students to explore
and learn about wireless networking
▫ Routing methodologies
▫ Software Defined Radio
▫ Cognitive Algorithms
▫ Wireless communication protocols
7. Secondary Drone- Expectation
• Live video stream transmitted to base station
• Remotely controlled by PS3 controller
• Detect person 20ft. below
• H.264 video codec
7
8. Secondary Drone- Results
• Remotely controlled by PS3 controller
• Recorded video used at base station
• Person detected 20ft. below
• H.264 video codec
8
9. Technical Difficulties
• Drone software required intermediate level
experience in Linux
• PS3 controller required additional
configuration coding
9
11. Primary Drone- Expectation
• Computer
▫ Routing w/minimum of 2 hops
• FPGA
▫ Digital Down Conversion
▫ Digital Up Conversion
▫ Ethernet Connection
▫ Connection to RF Front End
• RF Front End
▫ RX & TX
11
12. Routing- Expectations
• Utilize existing MAC management software:
OpenWrt/Click Modular Router
• Tether MAC software with GNU Radio
Companion to create multilayer network
• Utilize Open OSLR as Protocol
12
13. Technical Difficulties
• Software not compatible with radio drivers
• GNU radio not compiling on Raspberry Pi
• No platform to run Open OSLR
• Majority of example codes done for simulations
13
14. Routing- Results
• Simulated P2P network with user constraints
• Programmed in C code compiles on gcc compiler
• Generates path of shortest distance
• Simulated nodes behave independently
14
15. Routing- Future Alterations
• Allow for arguments from device
• Integrate with physical layer software
• Make the path dynamic and recoverable
• Add encryption
15
18. FPGA- FIR Filter
• MATLAB
• 7th Order FIR Filter
• Hamming Window Filter
18
19. FPGA- Technical Difficulties
• Ethernet Connection
• VHDL syntax and flow
• Bringing theory to practice
• Analog to Digital Converter not
fucntioning
19
20. RF Front End Expectations
• Facilitate Rx & Tx functions
▫ PA/LNA, IF mixing
▫ WB operation
▫ simplex operation
▫ 10-bit ADC/DAC
▫ Integration with FPGA
▫ PCB board/antenna
20
21. RF Front End- Results
• Programmable IF mixing
▫ WB mixing, narrow band RF chip
▫ Mixer development board vs. custom PCB
• Tx & Rx files on basestations
▫ Using Ettus radio as signal source
• Laptop serial interface in place
FPGA logic control
▫ LO programing
21
22. Technical Difficulties
• Surface mount chip
▫ Almost impossible by hand
▫ QFN PCB/low temp solder paste
• High frequency board layout
▫ Lack of PCB + breadboard
▫ Troubleshooting due to these issues
22
24. Base Station- Expectations
• Ubuntu OS partitioned with Windows OS
• Drone linked to FFMPEG to link with GNU Radio
• Drone software functioning to control drone
• BPSK and QPSK modulation used to send H264
video between base stations
• Channel Coding
24
25. Base Station- Results
• Ubuntu partitioned with
Windows
• Drone software
• BPSK used to send
H264 video
• FFMPEG connection
with drone
25
27. Technical Difficulties
• Lack of software
documentation
• Data cutoff of
TX/RX files
• Modulation techniques
unstable
27
28. Error Correction Codes
• Decrease in the SNR necessary to obtain desired
BER
• Redundancy from parity bits
▫ use n symbols to send k symbols of data
• Expectations:
▫ Block and/or trellis coding through GRC blocks
▫ Reed-Muller-Golay channel coding toolbox
29. Error Correction Coding- Results
• GRC’s error correction coding blocks have no
documentation
• Chancoding toolbox showed promise, but we
couldn’t get it installed on the base stations
• Simulation written in C:
▫ Hamming(7,4) is used to encode a message
▫ Message is corrupted with noise, then decoded
31. Direct Sequence
Code Division Multiple Access
• Allows multiple users to occupy one channel
▫ Unique user code distinguishes each user
• Signature is a pseudorandom sequence
▫ Spreads the data over wider bandwidth
▫ Resembles noise
32. Multiple Access Channel Coding
• Expectation:
▫ CDMA- possibly with pseudorandom codes
• Results:
▫ Simple CDMA with Walsh-Hadamard matrix
▫ Rows of the Walsh-Hadamard matrix form an
orthogonal basis
▫ Four messages are encoded, “transmitted,” and
separated
33. Character 8 Bits 32 Bits
+ 32 Bits
Encode
Decode
Character
Multiple encoded
messages are
transmitted at the
same time
8 Bits
Each signature will
decode a different
message from the total
Each message takes four times as long to send, but all four are transmitting at
the same time. The messages can’t be read unless the signatures are known.
36. Costs
Item Projected Cost Actual Cost
RF Board:
Low Noise Amplifier, ADC, DAC,
Mixer Development Board, 2.4 GHz
Antenna
$100 $285
Base Station Peripherals:
PS3 Controller and Bluetooth Dongle
$45 $45
AR Drone $300 $300
FPGA
Spartan 6 and Expansion Board
$240 $240
Miscellaneous Materials
and Shipping Costs
$150 $90
Total $835 $960
“Freebies”
Base station computers, Ettus radios
and antennas
Valued at $7000
38. Lessons Learned
• Software is not predictable
• Free software often has little documentation
making troubleshooting difficult
• The best way to learn is to learn from others’
mistakes (previous research projects)
38
39. Lessons Learned
• Think outside the box when troubleshooting
• Know what you don’t know
• Always have a plan B and C…and D
39
40. Team Assessment
• Team organization
▫ Coordination
▫ Project goals
• Team communication
▫ Task division
• Team dynamic
▫ Idea conflicts
▫ Overall our team supported each other
40
41. Thank You!
• And a special thanks to…
▫ Families & Friends
▫ Dr. Busch
▫ Mr. Youmans
▫ Mr. Wright
▫ Dr. Urban
▫ Dr. Smolenski
41