Dartmouth Computer Science Technical Reports

TR2012-714: Access Control Realities As Observed in a Clinical Medical Setting

Sat, 28 Apr 2012 06:41:39 -0400

Effective computer security requires looking not just at technology, but also at how it meshes with users in the real-world enterprises depending on it. As part of a longer-term series of projects, we have been looking at these issues-— particularly access control-— in a variety of real-world enterprises. In previous work, we looked at companies in the finance and software industries; this paper reports on a study of a hospital's access control systems. Both studies employ ethnographic methods to elicit observations on the failures of current access control technologies in large, dynamic organizations; participants in the corporate study were largely drawn from IT staff members, whereas this clinical study involved a larger number of end users.

Published April 2012 by Dartmouth College, Computer Science

TR2012-713: Access Control Hygiene and the Empathy Gap in Medical IT

Thu, 26 Apr 2012 06:06:48 -0400

In theory, access control is a solved problem. In practice, large real-world enterprises still report trouble: de facto policy becomes unmanageable; users circumvent controls. These issues can be particularly critical in medical IT, such as emerging EMR and EHR, where access control errors can have serious repercussions. In this paper, we investigate how real-world EMR users think about access control when they are making policy decisions in the abstract---and when they are actually using the system in treatment scenarios. Mismatches suggest places (“empathy gaps”) where new policy tools may be needed

Published April 2012 by Dartmouth College, Computer Science

TR2012-712: Wallpaper Maps

Thu, 29 Mar 2012 09:59:23 -0400

A wallpaper map is a conformal projection of a spherical earth onto regular polygons with which the plane can be tiled continuously. A complete set of distinct wallpaper maps that satisfy certain natural symmetry conditions is derived and illustrated. Though all of the projections have been published before, the family had not been characterized as a whole. Some wallpaper maps generalize to one-parameter subfamilies in which the sphere is pre-transformed by a conformal automorphism.

Published March 2012 by Dartmouth College, Computer Science

TR2012-711: EXPOSING PRIVACY CONCERNS IN MHEALTH DATA SHARING

Sun, 19 Feb 2012 18:08:01 -0500

Mobile health (mHealth) has become important in the field of healthcare information technology, as patients begin to use mobile devices to record their daily activities and vital signs. These devices can record personal health information even outside the hospital setting, while the patients are at home or at their workplace. However, the devices might record sensitive information that might not be relevant for medical purposes and in some cases may be misused. Patients need expressive privacy controls so that they can trade potential health benefits of the technology with the privacy risks. To provide such privacy controls, it is important to understand what patients feel are the benefits and risks associated with the technology and what controls they want over the information.

We conducted focus groups to understand the privacy concerns that patients have when they use mHealth devices. We conducted a user study to understand how willing patients are to share their personal health information that was collected using an mHealth device. To the best of our knowledge, ours is the first study that explores users' privacy concerns by giving them the opportunity to actually share the information collected about them using mHealth devices. We found that patients tend to share more information with third parties than the public and prefer to keep certain information from their family and friends. Finally, based on these discoveries, we propose some guidelines to developing defaults for sharing settings in mHealth systems.

NOTE:: M.S. Thesis. Advisor: David Kotz.

Published February 2012 by Dartmouth College, Computer Science

TR2011-710: The Good, the Bad, and the Actively Verified

Fri, 30 Dec 2011 13:14:23 -0500

We believe that we can use active probing for compromise recovery. Our intent is to exploit the differences in behavior between compromised and uncompromised systems and use that information to identify those which are not behaving as expected. Those differences may indicate a deviation in either con figuration or implementation from what we expect on the network, either of which suggests that the misbehaving entity might not be trustworthy. In this work, we propose and build a case for a method for using altered behavior directly resulting from or introduced as a side-effect of the compromise of a network service to detect the presence of such a compromise. We use several case studies to illustrate our technique, and demonstrate its feasibility with a software tool developed using our method.

Published December 2011 by Dartmouth College, Computer Science

TR2011-709: Security Applications of Formal Language Theory

Fri, 10 Feb 2012 06:30:40 -0500

We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic binary analysis, fuzzing, and general reverse-engineering and exploit development.

Our work provides a foundation for verifying critical implementation components with considerably less burden to developers than is offered by the current state of the art. It additionally offers a rich basis for further exploration in the areas of offensive analysis and, conversely, automated defense tools and techniques.

This report is divided into two parts. In Part I we address the formalisms and their applications; in Part II we discuss the general implications and recommendations for protocol and software design that follow from our formal analysis.

Published November 2011 by Dartmouth College, Computer Science

TR2011-707: Anomaly Detection in Network Streams Through a Distributional Lens

Mon, 10 Oct 2011 17:53:07 -0400

Anomaly detection in computer networks yields valuable information on events relating to the components of a network, their states, the users in a network and their activities. This thesis provides a unified distribution-based methodology for online detection of anomalies in network traffic streams. The methodology is distribution-based in that it regards the traffic stream as a time series of distributions (histograms), and monitors metrics of distributions in the time series. The effectiveness of the methodology is demonstrated in three application scenarios. First, in 802.11 wireless traffic, we show the ability to detect certain classes of attacks using the methodology. Second, in information network update streams (specifically in Wikipedia) we show the ability to detect the activity of bots, flash events, and outages, as they occur. Third, in Voice over IP traffic streams, we show the ability to detect covert channels that exfiltrate confidential information out of the network. Our experiments show the high detection rate of the methodology when compared to other existing methods, while maintaining a low rate of false positives. Furthermore, we provide algorithmic results that enable efficient and scalable implementation of the above methodology, to accomodate the massive data rates observed in modern infomation streams on the Internet.

Through these applications, we present an extensive study of several aspects of the methodology. We analyze the behavior of metrics we consider, providing justification of our choice of those metrics, and how they can be used to diagnose anomalies. We provide insight into the choice of parameters, like window length and threshold, used in anomaly detection.

Published September 2011 by Dartmouth College, Computer Science

TR2011-706: Tackling Latency Using FG

Thu, 29 Sep 2011 06:09:38 -0400

Applications that operate on datasets which are too big to fit in main memory, known in the literature as external-memory or out-of-core applications, store their data on one or more disks. Several of these applications make multiple passes over the data, where each pass reads data from disk, operates on it, and writes data back to disk. Compared with an in-memory operation, a disk-I/O operation takes orders of magnitude (approx. 100,000 times) longer; that is, disk-I/O is a high-latency operation. Out-of-core algorithms often run on a distributed-memory cluster to take advantage of a cluster's computing power, memory, disk space, and bandwidth. By doing so, however, they introduce another high-latency operation: interprocessor communication. Efficient implementations of these algorithms access data in blocks to amortize the cost of a single data transfer over the disk or the network, and they introduce asynchrony to overlap high-latency operations and computations.

FG, short for Asynchronous Buffered Computation Design and Engineering Framework Generator, is a programming framework that helps to mitigate latency in out-of-core programs that run on distributed-memory clusters. An FG program is composed of a pipeline of stages operating on buffers. FG runs the stages asynchronously so that stages performing high-latency operations can overlap their work with other stages. FG supplies the code to create a pipeline, synchronize the stages, and manage data buffers; the user provides a straightforward function, containing only synchronous calls, for each stage.

In this thesis, we use FG to tackle latency and exploit the available parallelism in out-of-core and distributed-memory programs. We show how FG helps us design out-of-core programs and think about parallel computing in general using three instances: an out-of-core, distribution-based sorting program; an implementation of external-memory suffix arrays; and a scientific-computing application called the fast Gauss transform. FG's interaction with these real-world programs is symbiotic: FG enables efficient implementations of these programs, and the design of the first two of these programs pointed us toward further extensions for FG. Today's era of multicore machines compels us to harness all opportunities for parallelism that are available in a program, and so in the latter two applications, we combine FG's multithreading capabilities with the routines that OpenMP offers for in-core parallelism. In the fast Gauss transform application, we use this strategy to realize an up to 20-fold performance improvement compared with an alternate fast Gauss transform implementation. In addition, we use our experience with designing programs in FG to provide some suggestions for the next version of FG.

Published September 2011 by Dartmouth College, Computer Science

TR2011-705: BGrep and BDiff: UNIX Tools for High-Level Languages

Sun, 18 Sep 2011 06:33:57 -0400

The rise in high-level languages for system administrators requires us to rethink traditional UNIX tools designed for these older data formats. We propose new block-oriented tools, bgrep and bdiff, operating on syntactic blocks of code rather than the line, the traditional information container of UNIX. Transcending the line number allows us to introduce longitudinal diff, a mode of bdiff that lets us track changes across arbitrary blocks of code. We present a detailed implementation roadmap and evaluation framework for the full version of this paper. In addition we demonstrate how the design of our tools already addresses several real-wold problems faced by network administrators to maintain security policy.

Published September 2011 by Dartmouth College, Computer Science

TR2011-704: Autoscopy Jr.: Intrusion Detection for Embedded Control Systems

Thu, 29 Sep 2011 10:13:13 -0400

Securing embedded control systems within the power grid presents a unique challenge: on top of the resource restrictions inherent to these devices, SCADA systems must also accommodate strict timing requirements that are non-negotiable, and their massive scale greatly amplifies costs such as power consumption. These constraints make the conventional approach to host intrusion detection--namely, employing virtualization in some manner--too costly or impractical for embedded control systems within critical infrastructure. Instead, we take an in-kernel approach to system protection, building upon the Autoscopy system developed by Ashwin Ramaswamy that places probes on indirectly-called functions and uses them to monitor its host system for behavior characteristic of control-flow-altering malware, such as rootkits. In this thesis, we attempt to show that such a method would indeed be a viable method of protecting embedded control systems.

We first identify several issues with the original prototype, and present a new version of the program (dubbed Autoscopy Jr.) that uses trusted location lists to verify that control is coming from a known, trusted location inside our kernel. Although we encountered additional performance overhead when testing our new design, we developed a kernel profiler that allowed us to identify the probes responsible for this overhead and discard them, leaving us with a final probe list that generated less than 5% overhead on every one of our benchmark tests. Finally, we attempted to run Autoscopy Jr. on two specialized kernels (one with an optimized probing framework, and another with a hardening patch installed), finding that the former did not produce enough performance benefits to preclude using our profiler, and that the latter required a different method of scanning for indirect functions for Autoscopy Jr. to operate.

We argue that Autoscopy Jr. is indeed a feasible intrusion detection system for embedded control systems, as it can adapt easily to a variety of system architectures and allows us to intelligently balance security and performance on these critical devices.

Published August 2011 by Dartmouth College, Computer Science

TR2011-703: Large-scale Wireless Local-area Network Measurement and Privacy Analysis

Tue, 30 Aug 2011 16:24:57 -0400

The edge of the Internet is increasingly becoming wireless. Understanding the wireless edge is therefore important for understanding the performance and security aspects of the Internet experience. This need is especially necessary for enterprise-wide wireless local-area networks (WLANs) as organizations increasingly depend on WLANs for mission- critical tasks. To study a live production WLAN, especially a large-scale network, is a difficult undertaking. Two fundamental difficulties involved are (1) building a scalable network measurement infrastructure to collect traces from a large-scale production WLAN, and (2) preserving user privacy while sharing these collected traces to the network research community. In this dissertation, we present our experience in designing and implementing one of the largest distributed WLAN measurement systems in the United States, the Dartmouth Internet Security Testbed (DIST), with a particular focus on our solutions to the challenges of efficiency, scalability, and security. We also present an extensive evaluation of the DIST system. To understand the severity of some potential trace-sharing risks for an enterprise-wide large-scale wireless network, we conduct privacy analysis on one kind of wireless network traces, a user-association log, collected from a large-scale WLAN. We introduce a machine-learning based approach that can extract and quantify sensitive information from a user-association log, even though it is sanitized. Finally, we present a case study that evaluates the tradeoff between utility and privacy on WLAN trace sanitization.

Published August 2011 by Dartmouth College, Computer Science

TR2011-702: Hide-n-Sense: Privacy-aware secure mHealth sensing

Mon, 19 Sep 2011 13:08:16 -0400

As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge.

We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized MACs; and an asymmetric resource requirement. Second, we demonstrate a prototype on a Chronos wrist device, and evaluate it experimentally. Third, we provide a security, privacy, and energy analysis of our system.

Published September 2011 by Dartmouth College, Computer Science

TR2011-701: Beyond SELinux: the Case for Behavior-Based Policy and Trust Languages

Tue, 30 Aug 2011 16:24:57 -0400

Despite the availability of powerful mechanisms for security policy and access control, real-world information security practitioners---both developers and security officers---still find themselves in need of something more. We believe that this is the case because available policy languages do not provide clear and intelligible ways to allow developers to communicate their knowledge and expectations of trustworthy behaviors and actual application requirements to IT administrators. We work to address this policy engineering gap by shifting the focus of policy language design to this communication via behavior-based policies and their motivating scenarios.

Published August 2011 by Dartmouth College, Computer Science

TR2011-700: Scalable Object-Class Search via Sparse Retrieval Models and Approximate Ranking

Tue, 30 Aug 2011 16:24:58 -0400

In this paper we address the problem of object-class retrieval in large image data sets: given a small set of training examples defining a visual category, the objective is to efficiently retrieve images of the same class from a large database. We propose two contrasting retrieval schemes achieving good accuracy and high efficiency. The first exploits sparse classification models expressed as linear combinations of a small number of features. These sparse models can be efficiently evaluated using inverted file indexing. Furthermore, we introduce a novel ranking procedure that provides a significant speedup over inverted file indexing when the goal is restricted to finding the top-k (i.e., the k highest ranked) images in the data set. We contrast these sparse retrieval models with a second scheme based on approximate ranking using vector quantization. Experimental results show that our algorithms for object-class retrieval can search a 10 million database in just a couple of seconds and produce categorization accuracy comparable to the best known class-recognition systems.

Published July 2011 by Dartmouth College, Computer Science

TR2011-699: Some Communication Complexity Results and their Applications

Tue, 30 Aug 2011 16:24:58 -0400

Communication Complexity represents one of the premier techniques for proving lower bounds in theoretical computer science. Lower bounds on communication problems can be leveraged to prove lower bounds in several different areas.

In this work, we study three different communication complexity problems. The lower bounds for these problems have applications in circuit complexity, wireless sensor networks, and streaming algorithms.

First, we study the multiparty pointer jumping problem. We present the first nontrivial upper bound for this problem. We also provide a suite of strong lower bounds under several restricted classes of protocols.

Next, we initiate the study of several non-monotone functions in the distributed functional monitoring setting and provide several lower bounds. In particular, we give a generic adversarial technique and show that when deletions are allowed, no nontrivial protocol is possible.

Finally, we study the Gap-Hamming-Distance problem and give tight lower bounds for protocols that use a constant number of messages. As a result, we take a well-known lower bound for one-pass streaming algorithms for a host of problems and extend it so it applies to streaming algorithms that use a constant number of passes.

Published July 2011 by Dartmouth College, Computer Science

TR2011-697: Effects of network trace sampling methods on privacy and utility metrics

Tue, 30 Aug 2011 16:24:57 -0400

Researchers studying computer networks rely on the availability of traffic trace data collected from live production networks. Those choosing to share trace data with colleagues must first remove or otherwise anonymize sensitive information. This process, called sanitization, represents a tradeoff between the removal of information in the interest of identity protection and the preservation of data within the trace that is most relevant to researchers. While several metrics exist to quantify this privacy-utility tradeoff, they are often computationally expensive. Computing these metrics using a sample of the trace, rather than the entire input trace, could potentially save precious time and space resources, provided the accuracy of these values does not suffer.

In this paper, we examine several simple sampling methods to discover their effects on measurement of the privacy-utility tradeoff when anonymizing network traces prior to their sharing or publication. After sanitizing a small sample trace collected from the Dartmouth College wireless network, we tested the relative accuracy of a variety of previously implemented packet and flow-sampling methods on a few existing privacy and utility metrics. This analysis led us to conclude that, for our test trace, no single sampling method we examined allowed us to accurately measure the trade-off, and that some sampling methods can produce grossly inaccurate estimates of those values. We were unable to draw conclusions on the use of packet versus flow sampling in these instances.

Published June 2011 by Dartmouth College, Computer Science

TR2011-696: Appearance-design interfaces and tools for computer cinematography: Evaluation and application

Tue, 30 Aug 2011 16:24:58 -0400

We define appearance design as the creation and editing of scene content such as lighting and surface materials in computer graphics. The appearance design process takes a significant amount of time relative to other production tasks and poses difficult artistic challenges. Many user interfaces have been proposed to make appearance design faster, easier, and more expressive, but no formal validation of these interfaces had been published prior to our body of work. With a focus on novice users, we present a series of investigations into the strengths and weaknesses of various appearance design user interfaces. In particular, we develop an experimental methodology for the evaluation of representative user interface paradigms in the areas of lighting and material design. We conduct three user studies having subjects perform design tasks under controlled conditions. In these studies, we discover new insight into the effectiveness of each paradigm for novices measured by objective performance as well as subjective feedback. We also offer observations on common workflow and capabilities of novice users in these domains. We use the results of our lighting study to develop a new representation for artistic control of lighting, where light travels along nonlinear paths.

Published March 2011 by Dartmouth College, Computer Science

TR2011-695: Assisting Human Motion-Tasks with Minimal, Real-time Feedback

Tue, 30 Aug 2011 16:24:57 -0400

Teaching physical motions such as riding, exercising, swimming, etc. to human beings is hard. Coaches face difficulties in communicating their feedback verbally and cannot correct the student mid-action; teaching videos are two dimensional and suffer from perspective distortion. Systems that track a user and provide him real-time feedback have many potential applications: as an aid to the visually challenged, improving rehabilitation, improving exercise routines such as weight training or yoga, teaching new motion tasks, synchronizing motions of multiple actors, etc. It is not easy to deliver real-time feedback in a way that is easy to interpret, yet unobtrusive enough to not distract the user from the motion task. I have developed motion feedback systems that provide real-time feedback to achieve or improve human motion tasks. These systems track the user's actions with simple sensors, and use tiny vibration motors as feedback devices. Vibration motors provide feedback that is both intuitive and minimally intrusive. My systems' designs are simple, flexible, and extensible to large-scale, full-body motion tasks. The systems that I developed as part of this thesis address two classes of motion tasks: configuration tasks and trajectory tasks. Configuration tasks guide the user to a target configuration. My systems for configuration tasks use a motion-capture system to track the user. Configuration-task systems restrict the user's motions to a set of motion primitives, and guide the user to the target configuration by executing a sequence of motion-primitives. Trajectory tasks assume that the user understands the motion task. The systems for trajectory tasks provide corrective feedback that assists the user in improving their performance. This thesis presents the design, implementation, and results of user experiments with the prototype systems I have developed.

Published June 2011 by Dartmouth College, Computer Science

TR2011-694: Minimum time kinematic trajectories for self-propelled rigid bodies in the unobstructed plane

Tue, 30 Aug 2011 16:24:57 -0400

The problem of moving rigid bodies efficiently is of particular interest in robotics because the simplest model of a mobile robot or of a manipulated object is often a rigid body. Path planning, controller design and robot design may all benefit from precise knowledge of optimal trajectories for a set of permitted controls. In this work, we present a general solution to the problem of finding minimum time trajectories for an arbitrary self-propelled, velocity-bounded rigid body in the obstacle-free plane. Such minimum-time trajectories depend on the vehicle's capabilities and on and the start and goal configurations. For example, the fastest way to move a car sideways might be to execute a parallel-parking motion. The fastest long-distance trajectories for a wheelchair-like vehicle might be of a turn-drive-turn variety. Our analysis reveals a wide variety of types of optimal trajectories. We determine an exhaustive taxonomy of optimal trajectory types, presented as a branching tree. For each of the necessary leaf nodes, we develop a specific algorithm to find the fastest trajec

Published June 2011 by Dartmouth College, Computer Science

TR2011-692: A New Artificial Intelligence for Auralux

Tue, 30 Aug 2011 16:24:57 -0400

This project focused on developing a more challenging artificial intelligence for the real-time strategy game Auralux. I designed and implemented an AI framework named FlexibleAI that could be configured with various parameters controlling different aspects of the overall algorithm. In this way, the AI could be tuned to be more successful. I then created a testing framework called AuraSim that simplified Auralux into an easily-simulated turn-based format.

After testing various configurations and tuning the FlexibleAI's parameters to be more successful, the AI eventually achieved a victory rate several times better than its average opponent. This provides the basis for a more challenging Auralux AI that will likely prove more satisfying to play against.

Published May 2011 by Dartmouth College, Computer Science

TR2011-691: A Multilevel, Posture-based Model for Motor Control in Simulation and Robotic Applications

Tue, 30 Aug 2011 16:24:57 -0400

This paper presents a multilevel, posture-based motor control model intended to plan collision-free movements in a 3D environment while maintaining computationally efficiency and accurately imitating human and primate motor function. Our model is a comprehensive approach that addresses the storage and lookup of postures and movements, path planning and the generation of new movements, and learning with experience. We demonstrate the functionality and computational advantages of the model through preliminary testing on a humanoid robot.

Published June 2011 by Dartmouth College, Computer Science

TR2011-690: Screen Capture for Sensitive Systems

Tue, 30 Aug 2011 16:24:58 -0400

Maintaining usable security in application domains such as healthcare or power systems requires an ongoing conversation among stakeholders such as end-users, administrators, developers, and policy makers. Each party has power to influence the design and implementation of the application and its security posture, and effective communication among stakeholders is one key to achieving influence and adapting an application to meet evolving needs.

In this thesis, we develop a system that combines keyboard/video/mouse (KVM) capture with automatic text redaction to produce precise technical content that can enrich stakeholder communications, improve end-user influence on system evolution, and help reveal the definition of ``usable security.'' Text-redacted screen captures reduce sensitivity of captured material and thus can facilitate timely data sharing among stakeholders.

KVM-based capture makes our system both application and operating-system independent because it eliminates software-interface dependencies on capture targets. Thus, our work can be used to instrument closed or certified systems where capture software cannot be installed or documentation and support lack. It can instrument widely-varying platforms that lack standards-compliance and interoperability or redact special document formats while displayed onscreen.

We present three techniques for redacting text from screenshots and two redaction applications. One application can capture, text redact, and edit screen video and the other can text redact and edit static screenshots. We also present empirical measurements of redaction effectiveness and processing latency to demonstrate system performance.

When applied to our principal dataset, redaction removes text with over 93\% accuracy and simultaneously preserves more than 76\% of image pixels on average. Thus by default, it retains more visual context than a technique such as blindly redacting entire screenshots. Finally, our system redacts each screenshot in 0.1 to 21 seconds depending on which technique it applies.

Published May 2011 by Dartmouth College, Computer Science

TR2011-689: 802.15.4/ZigBee Analysis and Security: tools for practical exploration of the attack surface

Tue, 30 Aug 2011 16:24:57 -0400

This thesis explores methods and techniques for surveying 802.15.4 and ZigBee wireless networks. The tools developed will aid in reconnaissance attacks against target networks; information gathered during this process will be used to profile a target network and its devices, as well as to pinpoint the geolocation of devices for executing physical attacks against the onboard hardware. Attacks against the PHY and MAC layers of the 802.15.4 standard will be explored as well.

Published June 2011 by Dartmouth College, Computer Science

TR2011-688: Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques Without Native Executable Code

Tue, 30 Aug 2011 16:24:57 -0400

The study of vulnerabilities and exploitation is one of finding mechanisms affecting the flow of computation and of finding new means to perform unexpected computation. In this paper we show the extent to which exception handling mechanisms as implemented and used by \gcc can be used to control program execution. We show that the data structures used to store exception handling information on UNIX-like systems actually contain Turing-complete bytecode, which is executed by a virtual machine during the course of exception unwinding and handling. We discuss how a malicious attacker could gain control over these structures and how such an attacker could utilize them once control has been achieved.

Published June 2011 by Dartmouth College, Computer Science

TR2011-687: IEEE 802.15.4 Wireless Security: Self-Assessment Frameworks

Tue, 30 Aug 2011 16:24:57 -0400

This thesis analyzes the security of networks built upon the IEEE 802.15.4 standard, specifically in regard to the ability of an attacker to manipulate such networks under real-world conditions. The author presents a set of tools, both hardware and software, that advance the state-of-the-art in reconnaissance and site surveying, intelligent packet generation, and launching of attacks. Specifically, tools provide increased hardware support for the KillerBee toolkit, a Scapy layer for forming 802.15.4 packets, reflexive jamming of packets, and other research enablers. This work aims to advance the ability of security auditors to understand the threats to IEEE 802.15.4 networks by providing auditors usable and low-cost tools to carry out vulnerability assessments.

Published June 2011 by Dartmouth College, Computer Science