Data ta ove ver Sou ound Risks ks and and Chan Chance ces of - - PowerPoint PPT Presentation

data ta ove ver sou ound
SMART_READER_LITE
LIVE PREVIEW

Data ta ove ver Sou ound Risks ks and and Chan Chance ces of - - PowerPoint PPT Presentation

Oct 15, 2023 225 likes •611 views

Data ta ove ver Sou ound Risks ks and and Chan Chance ces of of an an emerging C Com ommunication on C Channel el Dr. Matthias Zeppelzauer St. Plten University of Applied Sciences matthias.zeppelzauer@fhstp.ac.at Reversing and

slide-1
SLIDE 1

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

Data ta ove ver Sou

  • und

Risks ks and and Chan Chance ces of

  • f an

an emerging C Com

  • mmunication
  • n C

Channel el

  • Dr. Matthias Zeppelzauer
  • St. Pölten University of Applied Sciences

matthias.zeppelzauer@fhstp.ac.at

Reversing and Offensive-oriented Trends Symposium (ROOTS) DeepSec Conference 2018, Vienna , 30.11.2018

slide-2
SLIDE 2

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

Who ho k kno nows abo about ul ultrasoun und c communication? n?

slide-3
SLIDE 3

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

What is meant by Ultrasonic Communication?

slide-4
SLIDE 4

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

What is Ultrasound?

Frequen ency r range: 18-22kHz Why in this c cha hannel? Inaudible (almost) Low noise level Higher data rates

Time

Time Frequency inaudible

slide-5
SLIDE 5

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Can We Receive Ultrasound?

  • Lab experiment
  • Piezo Tweeter

@ room volume

  • Frequency response
  • f smartphone mics
slide-6
SLIDE 6

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Range of Ultrasound

  • Lab experiment
  • Tweeter + Samsung Galaxy S2
  • Omnidirectional data

transmission

  • Distance up to 8 Meter
  • Stops

ps at at wa walls!

slide-7
SLIDE 7

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

How does data transmission work?

  • Most often: Frequency Shift Keying (FSK)  compare fax machine / old school modem

Credits: yahoo.com; Arp et. Al [1]

  • Rec

ecei eiving:

  • Microphone
  • On

One-time per ermissi ssion nec ecess ssary Example: Lisnr

  • Send

Sending:

  • Loudspeaker
  • No

No per ermissi ssion nec ecess ssary

slide-8
SLIDE 8

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

Do Does s someone ne u use it?

slide-9
SLIDE 9

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

slide-10
SLIDE 10

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

slide-11
SLIDE 11

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Why Audio (and not BT / WLAN / NFC...)

Low hardware requirements High downwards compatibility Controllable range Instant communication (no pairing)

slide-12
SLIDE 12

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Who develops this technology?

slide-13
SLIDE 13

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Google Nearby

  • “Pairing” devices, e,g, Chromecast
  • Location-based services
  • SDK available – any app can use it

Credits: google.com, giga.de

slide-14
SLIDE 14

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Lisnr

  • FSK-based protocol

(18.7 – 19.5 kHz)

  • Offline data exchange
  • Location-based services

Authentification

  • Payments
  • Unlock doors
  • SDK available (for all recent

platforms)

Credit: lisnr.com

slide-15
SLIDE 15

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Shopkick

  • Reward system for commerce
  • “Ultrasonic Beacons” at shop entry
  • Bonus points on entry in exchange for ads
  • via „Shopkick App“

Credits: www.rfidjournal.com

  • www. http://teleautomaton.com
slide-16
SLIDE 16

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

SilverPush

Credits: Pierluigi Paganini, securityaffairs.co https://www.silverpush.co

  • Cross-device tracking between TV and

smartphone

  • Goal: placing ads
  • SDK available
  • Classified as malware in the meanwhile

Silverpush.c .com: “Customer ers are m e matched ed across first st a and t third p party data u using o

  • ur

proprietary technology.”

slide-17
SLIDE 17

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Source: D., Quiring, E., Wressnegger, C., & Rieck, K. Privacy Threats through Ultrasonic Side Channels on Mobile Devices, Technical Report, TU Braunschweig, Germany, http://vamos-project.org/docs/2017a-eurosp.pdf

slide-18
SLIDE 18

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

RISKS AND CHANCES OF ULTRASOUND COMMUNICATION

Focus

slide-19
SLIDE 19

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Credit: Arp et. al

Media a Tr Tracking Cross-de device ce Tr Tracking Loc Location Tr Tracking De De- An Anonym ymisation

RISKS

Credit: D., Quiring, E., Wressnegger, C., & Rieck, K. Privacy Threats through Ultrasonic Side Channels on Mobile Devices, Technical Report, TU Braunschweig, Germany, http://vamos-project.org/docs/2017a-eurosp.pdf

slide-20
SLIDE 20

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

slide-21
SLIDE 21

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

slide-22
SLIDE 22

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

SoniControl

Son SoniCon

  • ntrol
  • l

Active blocking (spoofing) Notification of user Continuous monitoring of ultrasound band Detection of different transmission technologies http://sonicontrol

  • l.fhstp.ac

ac.at

slide-23
SLIDE 23

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

slide-24
SLIDE 24

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

  • How does it work?
  • Continuous capturing ultrasonic channel in the

background

  • Spectral decomposition (FFT)
  • Spectral normalization ( remove noise)
  • Statistical modeling of background ( model

environment)

  • Anomaly detection by statistical analysis
  • Compare spectral distributions of background model and

current signal

slide-25
SLIDE 25

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

  • How does it work?

Zeppelzauer, M., Ringot, A. and Taurer, F. (2018) SoniControl - A Mobile Ultrasonic Firewall. In 2018 ACM Multimedia Conference (MM’18), October 22–26, 2018, Seoul, Republic of Korea. ACM, New York, NY, USA, https://arxiv.org/abs/1807.07617.

slide-26
SLIDE 26

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

http tps:// //play.goog

  • gle.c

e.com

  • m/st
  • r
  • re/

e/apps/d /details?id=at.a t.ac. fhstp.son

  • nicontrol
  • l
slide-27
SLIDE 27

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

RISKS AND CH CHAN ANCE CES OF ULTRASOUND COMMUNICATION

Focus

slide-28
SLIDE 28

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Potential of Ultrasound Communication

Networking Device synchronization, Device pairing, Adhoc networking, Mesh networks Security Additional side channel for: Authentication, Verification, Payments, Key exchange (RSA / Blockchains) Data Exchange Local and offline exchange of sensitive data

Secure Communication Layer

Location-based Services Object tracking, Navigation, NFC IoT Multi-device communication and networking Multimedia Second screen, Smart home automation

slide-29
SLIDE 29

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

...a secure and privacy-oriented protocol for ultrasonic communication

slide-30
SLIDE 30

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

  • To date:
  • No free protocol / sdk
  • No standardized protocol
  • No compatibility between technologies
  • No privacy protection integrated

Son SoniTalk

Concurrent communication Free of charge / Extensible Open source protocol Permission system on App- Level

slide-31
SLIDE 31

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

App A App B App C SoniTalk Manager

ASK USER ACK? SEND

slide-32
SLIDE 32

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

App A App B App C SoniTalk Manager

ASK USER ACK? SCAN & DECODE

slide-33
SLIDE 33

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

  • State of the research
  • Protocol Specification
  • Error Checking
  • Encoding & Sending (Android)
  • Receive & Decoding (Matlab)
  • Next steps
  • Decoder in Android
  • Permission system
  • SDK development & release

Mor

  • re

e info formation: : https://sonitalk.fhstp.ac. c.at

slide-34
SLIDE 34

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Lates est ne news:

slide-35
SLIDE 35

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018 Tracking Interaction Creating

Applications of Ultrasound Communication

Networking Device synchronization, Device pairing, Adhoc networking, Mesh networks Security Additional side channel for: Authentication, Verification, Payments, Key exchange (RSA / Blockchains) Data Exchange Local and offline exchange of sensitive data

Common and Secure Communication Layer

Location-based Services Indoor Navigation, NFC IoT / Industry 4.0 Device tracking Device sync. Multimedia Second screen, Smart home automation

slide-36
SLIDE 36

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

Th Than ank yo you fo for yo your att ttention!

Co Contact: matthias.zeppelzauer@fhstp.ac.at

sonicontrol

  • l.fh

fhstp.ac ac.at son

  • nital

alk.fhstp.ac.at

slide-37
SLIDE 37

Matthias Zeppelzauer | ROOTS DeepSec 2018 | 30.11.2018

All co code & & res esults public licly ly availa ilable

Co Contact: matthias.zeppelzauer@fhstp.ac.at

https://git.nwt.fhstp.ac ac.at/m.zep eppel elzau auer er/SoniCon

  • ntrol
  • l