Phantom Boundaries and Cross-Layer Illusions in 802.15.4 Digital Radio

T. Goodspeed
{"title":"Phantom Boundaries and Cross-Layer Illusions in 802.15.4 Digital Radio","authors":"T. Goodspeed","doi":"10.1109/SPW.2014.33","DOIUrl":null,"url":null,"abstract":"The classic design of protocol stacks, where each layer of the stack receives and unwraps the payload of the next layer, implies that each layer has a parser that accepts Protocol Data Units and extracts the intended Service Data Units from them. The PHY layer plays a special role, because it must create frames, i.e., original PDUs, from a stream of bits or symbols. An important property implicitly expected from these parsers is that SDUs are passed to the next layer only if the encapsulating PDUs from all previous layers were received exactly as transmitted by the sender and were syntactically correct. The Packet-in-packet attack (WOOT 2011) showed that this false assumption could be easily violated and exploited on IEEE 802.15.4 and similar PHY layers, however, it did not challenge the assumption that symbols and bytes recognized by the receiver were as transmitted by the sender. This work shows that even that assumption is wrong: in fact, a valid received frame may share no symbols with the sent one! This property is due to a particular choice of low-level chip encoding of 802.15.4, which enables the attacker to co-opt the receiver's error correction. This case study demonstrates that PHY layer logic is as susceptible to the input language manipulation attacks as other layers, or perhaps more so. Consequently, when designing protocol stacks, language-theoretic considerations must be taken into account from the very bottom of the PHY layer, no layer is too low to be considered \"mere engineering\".","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Security and Privacy Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW.2014.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

Abstract

The classic design of protocol stacks, where each layer of the stack receives and unwraps the payload of the next layer, implies that each layer has a parser that accepts Protocol Data Units and extracts the intended Service Data Units from them. The PHY layer plays a special role, because it must create frames, i.e., original PDUs, from a stream of bits or symbols. An important property implicitly expected from these parsers is that SDUs are passed to the next layer only if the encapsulating PDUs from all previous layers were received exactly as transmitted by the sender and were syntactically correct. The Packet-in-packet attack (WOOT 2011) showed that this false assumption could be easily violated and exploited on IEEE 802.15.4 and similar PHY layers, however, it did not challenge the assumption that symbols and bytes recognized by the receiver were as transmitted by the sender. This work shows that even that assumption is wrong: in fact, a valid received frame may share no symbols with the sent one! This property is due to a particular choice of low-level chip encoding of 802.15.4, which enables the attacker to co-opt the receiver's error correction. This case study demonstrates that PHY layer logic is as susceptible to the input language manipulation attacks as other layers, or perhaps more so. Consequently, when designing protocol stacks, language-theoretic considerations must be taken into account from the very bottom of the PHY layer, no layer is too low to be considered "mere engineering".
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
802.15.4数字无线电中的幻影边界和跨层幻象
协议栈的经典设计是,栈的每一层接收并打开下一层的有效负载,这意味着每一层都有一个解析器,它接受协议数据单元并从中提取预期的服务数据单元。物理层起着特殊的作用,因为它必须从位或符号流中创建帧,即原始pdu。这些解析器隐含的一个重要属性是,只有当来自所有前一层的封装pdu与发送方发送的完全相同并且语法正确时,才会将pdu传递到下一层。包中包攻击(WOOT 2011)表明,这种错误的假设很容易在IEEE 802.15.4和类似的物理层上被违反和利用,但是,它并没有挑战接收方识别的符号和字节由发送方传输的假设。这项工作表明,即使是这种假设也是错误的:事实上,一个有效的接收帧可能与发送帧没有共享符号!此属性是由于802.15.4的低级别芯片编码的特殊选择,这使得攻击者能够共同选择接收器的纠错。本案例研究表明,物理层逻辑与其他层一样容易受到输入语言操作攻击,甚至更容易受到攻击。因此,在设计协议栈时,必须从物理层的最底层考虑语言理论方面的考虑,任何层都不能太低而被认为是“纯粹的工程”。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits Detecting Unknown Insider Threat Scenarios Can We Identify NAT Behavior by Analyzing Traffic Flows? A Case Study in Malware Research Ethics Education: When Teaching Bad is Good Resilience as a New Enforcement Model for IT Security Based on Usage Control
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1