Attacking IoT wireless protocols with preamble extraction and SDR

Abstract

The wide adoption of Internet-of-Things (IoT) technologies enabled smart things to connect to the Internet easily by different means. The increasing number of devices are equipped with various IoT Wireless Protocols with Low-Power Wide-Area Network (LPWAN) technologies like Sigfox and LoRa, which can be obtained relatively inexpensively and operate in unlicensed Industrial, Scientific, Medical (ISM) bands. As more IoT devices are being rolled out, some bear with novel proprietary wireless technologies with different security implications. The emergence of Software-Defined Radios (SDRs) provides the ability of Cognitive Radio (CR), which allows high flexibility and reconfigurability of radios with Commercial-Off-the-Shelf (COTS) hardware with signal processing blocks handled on a computer. In this regard, we wish to utilize SDRs to perform IoT Wireless Protocols LPWAN-based attacks. One of the most vulnerable parts of an LPWAN packet is the preamble. It is usually found prefixed on a physical layer (PHY) packet of a wireless protocol, allowing these low-powered IoT receivers to wake up from deep sleep and to perform channel tasks including Automatic Gain Control (AGC), frequency, and phase offset estimation for the reception of packets. With the knowledge of the preamble, it is possible to perform high-accuracy jamming attacks and reverse-engineering of the underlying LPWAN protocols. In this thesis, we presented a work that aims to exploit the crucial nature of the preamble, focusing on attacking IoT Wireless Protocols by extracting the preamble part of arbitrary LPWAN signals with SDRs to support preamble attacks. To extract the preamble of the LPWAN packets, our algorithm requires acquiring the time-frequency location of arbitrary LPWAN signals of different protocol parameters, data rates, bandwidth, and frequencies before doing any band-pass operations on the SDR in-phase / quadrature (IQ) data. To this end, unlike SOTA algorithms that only classify without time-frequency localization of whole IQ data for LPWAN technologies, we also proposed a time-frequency localization machine learning (ML) model for LPWAN signals, based on a Deformable DEtection TRansformer (DETR) architecture, which contains a new attention mechanism called "Multi-Scale Deformable Radial Attention" (MSDRA) based on original Deformable DETR architecture. Application of DETR in LPWAN signals effectively transforms the domain of image detection into IoT Wireless Protocols LPWAN time-frequency localization. This allows our ML model not only to support our preamble extraction attacks but also to enable better spectrum management and band planning with reconnaissance capability, further enhancing the security of IoT.