# SOWN Exam 2018 ## 1. Wireless basics ### a) No, because the energy being received is under the receiver sensitivity. ### b) Graph: Antenna gain +20dB and the received signal at -50dBm. There would be an additional loss of 10dB (-50dBm - -60dBm) tolerated. Note: use dB when talking about differences and dBm when talking about absolute value. ## 2. Jamming ### a) The range from which the sender succeeds in communicating with the receiver, despite jamming, because the signal from the jammer is buried in noise and the receiver can easily tell those two apart. ### b) The higher the jammer transmit power the more likely the jamming will succeed. The more signal frequencies the message has, the harder it is to be jammed. The closer the jammer-to-receiver distance, the more likely the jamming will succeed. The closer the transmitter-to-receiver distance, the less likely jamming will succeed. ## 3. Broadcast Anti-jamming ### a) Because a shared secret (key), the spreading code, is needed. Any jammer present during the establishment of the shared secret could eavesdrop on it and any following transmission would not be protected against jamming anymore. ### b) UFH includes fragment linking schemes that make the reassembling of packets possible, even under poisoning (i.e. injection of fragments) Possible schemes: hash linking, one-way accumulators, short signatures MACs would not be feasible, way too much computational effort. ### c) DSSS uses a pre-agreed spreading code, UDSSS uses any from a public set. UDSSS has to record the message and then decode it from the buffer, trying different spreading codes. ## 4. Distance Bounding ### a) d = c*t_gain = c*(t_LC - t_ED - t_HW) = c*(90-20-5)*10^(-9) Note: 10^(-9) because speed of light is in m/s and we have ns ### b) ToF with short symbols and the t_p has to be 0 ### c) t_p has to be as short as possible, or ideally 0. ### d) To reduce t_p to more or less 0, the prover does not compute a function based on the received bit, from the bit string, but instead reflects the received bit on a different channel, depending on value of the corresponding bit in the prover's own bit string. ### e) - XOR is too slow - Commit N_p beforehand against Mafia Fraud and Distance Fraud - Transmit the delay after the fast phase against Mafia Fraud (How is a MF possible???) - Distance Hijacking is not possible, because MAC is symmetric (shared secret key) ## Cellular Networks ### a) 1. The attacker overwrites service control function's address with a fake one 2. The attacker can then redirect the call to a proxy relay which can then fully record the conversation (draw picture from slide 31) ### b) - The home network and the mobile device share a key K - The visited network and the mobile device share IMSI & TMSI - The home network generates the authentication vector using K, a random number RAND(i) with a cryptographic function - The home network sends the authentication vector to the visited network - The visited network asks the mobile device to authenticate itself and sends part of the authentication vector AUTN(i) and RAND(i) to the mobile device - The mobile device checks AUTN(i) using K and RAND(i), this authenticates the home network - The mobile device calculates RES(i) using K and sends it to the visited network - The visited network compares RES(i) with the XRES(i) from the authentication vector, this authenticates the mobile device ## 6. WiFi ### a) The throughput will decrease drastically. Nodes will have spikes, where they have more throughput, followed by long spans of time, where they have no throughput. ### b) The hash of the password (MIC) is neccessary, because without this, the attacker could not be able to try different passwords in the dictionary offline. With an online attack, the AP can create rules to prevent too many attempts, making it more difficult. ## 7. GNSS Security ### a) No, because the spoofer needs to send at least 4 signals with timestamps and the receiver calculates the location based in this, independent on his true location. ### b) Multiple receivers know the distance between each other and when their relative distance to each other changes, they can detect spoofing, for example when the spoofer gives each of them the same location. Receivers can't be too close to each other, since GPS is not precise enough. If the attacker has an omnidirectional antenna, he can't attack specific receivers and has to spoof all of them to the same location. If the receivers are not close enough to each other, they will detect the spoofing. ### c) The maximal time error should be 'rho'-'delta', because the spreading codes are released at t_m+'rho', which is when every message has to be already received. Since the message has length 'delta', the latest release time to still be in time has to be t_m+'rho'-'delta'. ### d) No. ### e) The attacker can change the location of the victim by recording the message, jam it and replay it later (replay attack). However, this is far more effort than just creating a new message, which is why this attack probably is not a huge threat. The attacker has less locations that can be spoofed, because of the time synchronization. ## 8. Broadcast authentication: TESLA ### a) Because for message verification, the message has to be received within the key validity interval, before the key was disclosed. ### b) 1. The receiver verifies that the hash of the key received is the key of the last time interval or the public known and certified key K_0 of the transmitter 2. The receiver uses a public known one-way function to derive the signing key from the received key 3. The receiver authenticates using the signing key and saves the received key for the next round ### c) That F is a one-way hash function and the key is only used within its interval. Each key is explicitly disclosed in cleartext after the interval. ### d) Less expensive overhead in terms of time to sign and verify. Replay attacks would be prevented. No cryptographic primitives are needed. ## 9. Physical-layer key establishment ### a) Shake-it-up, because they only need to tell each other their names, which is possible in almost all hardware. ### b) The property that the distortion of the signal which is sent at both ends of the key establishment is the same and therefore this distortion can be used as key. However, this only works if the attacker is at least 'lambda'/2 wavelengths away from both antennas that want to establish a key, else the attacker could retrieve the key as well. The entropy originates from multipath-fading. ## 10. Physical-layer confidentiality ### a) The transmitter knows the channels to the intended receiver as well as to the attacker. This allows to encode the data such that it can be measured at the receiver whilst the attacker measures nothing related to the data. ### b) The data is encoded, such that the attacker will receive data mixed with random noise. The attacker needs to be more than 'lambda'/2 away from the receiver. ### c) Protecting against eavesdropping requires that the eavesdropper is unable to separate the signals from the protected device from those originating at the collaborating device. For this to hold, the channel from the protected device to the attacker should not be correlated to the channel from the collaborating device to the attacker. To ensure this, the protected device and the collaborating device need to be typically placed less than half a carrier wavelength apart. ## 11. Integrity Codes ### a) In Integrity Codes we assumes that the sender is always sending and encodes the message in a specific way such that there is the same amount of 0s and 1s in the message. As a delimiter the mark the beginning and end of the message we use a sequence that is not possible with that encodeing but still has the same number of 0s and 1s. The receiver verifies that the message has the same number of 0s and 1s. ### b) The receiver is in the transmission range of the transmitter. ### c) The attacker can't change a 1 into a 0 with non negligible probability. ## 12. und 13. waren kein VL-Stoff ## 14. MC ### a) A. Wrong, the receiver subtracts the jamming noise (has to know the jamming noise) B. Wrong, because it is not for authentication C. True D. True, because beamforming directs more power to the direction of the receiver (have to know where the receiver is) ### b) A. Wrong, we just solved an exercise where we described an attack against Kuhn B. True ### c) B is true ### d) B is true