My PhD Defense at SUTD

Soon I’m going to defend my PhD thesis at SUTD. Feel free to join!

Date and time:

Friday, 5 July 2019, 10:00 - 11:00 (AM)

Venue:

Think Tank 20 (2.305)

Title of the talk:

Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless System

Abstract:

In the first part of the presentation we will talk about our recent contributions in the area of wireless systems security. Wireless systems are used to transmit (sensitive) information and to manage and monitor systems remotely. In our recent works we focus on three problems to advance the security of wireless systems: effectiveness of deployed physical layer features as defense mechanisms, complexity and accessibility of wireless technologies, and security evaluations of wireless protocols. Firstly, we present a theoretical and empirical comparisons between b/n/ac amendments of IEEE 802.11 (WLAN). Our goal is to estimate and measure whether or not modern physical layer features, such as MIMO and beamforming, could be used to as defense mechanism. Afterwards, we will talk about our security analysis of Nearby Connections, a proprietary API for proximity-based services developed by Google. This API uses a combination of Bluetooth and Wi-Fi, and it is included in all Android devices since version 4.0 and all Android Things devices. Our analysis uncovers the proprietary (security) mechanisms of Nearby Connections and it is based on our reverse-engineering of its implementation. We demonstrate that Nearby Connections is vulnerable to critical threats by implementing attacks where we maliciously manipulate Nearby Connections and we extend the connection range to devices that are not nearby. Prior to publication we disclosed our findings to Google and we suggested them effective countermeasures. In the last part of the presentation we will summarize our contributions in the area of cyber-physical systems (CPS). In particular we will introduce MiniCPS, a toolkit for real-time CPS simulation and emulation and its related projects and use cases.

comments powered by Disqus

Related