Ensuring specification compliance, robustness, and security of wireless network protocols
Several newly emerged wireless technologies (e.g., Internet-of-Things, Bluetooth, NFC)—extensively backed by the tech industry—are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies include several communication protocols that usually have stringent requirements stated in their specifications. Failing to comply with such requirements can result in incorrect behaviors, interoperability issues, or even security vulnerabilities. Moreover, lack of robustness of the protocol implementation to malicious attacks—exploiting subtle vulnerabilities in the implementation—mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network. Even having a compliant and robust implementation alone may not suffice in many cases because these technologies often expose new attack surfaces as well as new propagation vectors, which can be exploited by unprecedented malware and can quickly lead to an epidemic. Given the stake associated with these wireless technologies, the requirement to ensure secure and reliable operations calls for both pre- and post-deployment mechanisms. In this dissertation, we focus on fortifying these emerging technologies along three dimensions. First, we propose an automatic compliance checking technique allowing a developer to ensure—before deployment—that the implementation is compliant with the protocol specifications. Second, we develop an automated adversarial testing platform to help developers find vulnerabilities in their protocol implementations prior to deployment, thereby ensuring robustness of the implementations in adversarial environments. Finally, we devise several countermeasures to mitigate infection in the event of attacks after deployment.
Fahmy, Purdue University.
Off-Campus Purdue Users:
To access this dissertation, please log in to our