Session
Hauptprogramm 35C3
Hardware & Making

Hunting the Sigfox: Wireless IoT Network Security

Dissecting the radio protocol of Sigfox, the global cellular network for the IoT you have probably never heard of
Adams
Florian Euchner (Jeija)
<a href="https://www.sigfox.com/">Sigfox</a> is an emerging low-power wide-area network (LP-WAN) technology for IoT devices, comparable to <a href="https://lora-alliance.org/">LoRa</a>. This talk recounts my analysis of Sigfox's radio protocol and presents an open reference implementation of an alternative Sigfox protocol stack. It confirms that while Sigfox ensures authenticity and integrity, transmitted payloads are not confidential. This presentation is targeted at a technical audience with some basic knowledge of cryptography (security goals, AES), but <b>no</b> knowledge in RF technology (modulation, scrambling, error correction) is required.

Sigfox can be compared to a cellular network, but for mostly battery-powered IoT devices that don't need to transmit much data. While some sparse details on Sigfox's architecture and its security have been published and some basic reverse engineering has been carried out, most of the protocol specifications remain proprietary and closed, so by now, no independent security audit was performed. Advertised use cases of Sigfox include air quality monitoring, weather stations, utilities metering and tracking farm animals. In this talk, I illustrate why these applications are fine, but why one might not want to track a money transporter with Sigfox or base a home alarm system on it.

The Sigfox network is very atypical, with uplink and downlink based on different physical layers. After a short introduction, I begin the presentation by taking a deep dive into Sigfox's radio protocol with a focus on its Security. Basics of radio technology (SDRs, ultra-narrow band (UNB) modulation, SRD bands) and techniques for analyzing protocols are briefly summarized and the uplink's and downlink's frame structures are presented.

Subsequently, I show how a radio sniffer that has captured Sigfox messages can extract the uplink's and downlink's contents. While the uplink's payload is already contained in plaintext, the downlink is scrambled, but I indicate how the downlink's pseudorandom whitening sequence used for scrambling can be generated or brute-forced by an eavesdropper. Moreover, I outline attacks that could even compromise Sigfox's authenticity checking.

Finally, I provide some suggestions on how to improve Sigfox's security.

The reference implementation of an alternative Sigfox protocol stack &quot;librenard&quot; that was created as part of this work as well as reconstructed protocol specifications detailing the uplink and significant portions of the downlink protocol will be published immediately after this talk.

Additional information

Type lecture
Language English

More sessions

12/27/18
Hardware & Making
hammes hacks
Dijkstra
When a electrical device needs to be a piece of art or used as a mechanical component, a printed circuit board is more than a piece of fiberglass with wires embedded in it. In chemical engineering applications internal holes which allow fluids to be transported through the PCB need to be placed in complex precise patterns. As art, holes can be used to create positive and negative space, allowing you to see a charlieplexed LED display as a snowflake. Creating complex shapes in PCB design software ...
12/27/18
Hardware & Making
Eliza
While a lot of projects are currently developing their own processors, mostly as open source in Verilog, VHDL or even Chisel, we miss the free process that actually manufactures these chips. So we're developing the "Libre Silicon" project, a portable semiconductor manufacturing process and technology, using only free and open source tools: We would like to introduce the project, who we are, what we are doing and where we are now.
12/27/18
Hardware & Making
Friederike
Clarke
Encoding or decoding random radio-waveforms doesn't need incredible expensive hardware anymore which offers new possibilities for building up over-the-air communication systems. There are Software Defined Radios providing affordable cellular radio to remote villages, Community Radios are using SDR to build up digital radio networks and other cool stuff. Some basic knowledge what is going on in SDR Hard/Software as the influence of the samplerate, I/Q-data of the math behind the waterfall-diagram ...
12/27/18
Hardware & Making
zaolin
Dijkstra
Open Source firmware ist ein Begriff seit 1999 wo LinuxBIOS (coreboot) und u-boot als Projekt starteten. Heute nach fast 20 Jahren ist endlich Open Source firmware bei den Herstellern von Hardware angekommen: Google Chromebooks - coreboot Facebook Open Compute Hardware - coreboot / LinuxBoot Purism Laptops - coreboot Microsoft Olympus - TianoCore Microsoft Surface - TianoCore IBM Power 9 - Hostboot / Skiboot ARM Hardware - ARM Trusted Firmware Intel Minnowboard - TianoCore, coreboot A lot ...
12/28/18
Hardware & Making
Tim 'mithro' Ansell
Clarke
The <a href="http://symbiflow.github.io">SymbiFlow project</a> aims to be the "GCC of FPGAs" - a fully open source toolchain supporting, multiple FPGAs from different vendors. Allowing compilation from Verilog to bitstream without touching vendor provided tools, it includes support for large modern FPGAs like the Lattice ECP5 and Xilinx 7 series. These FPGAs can be used for things previously out of reach of FOSS tools, things like high resolution video and many gigabit networking. We have also ...
12/28/18
Hardware & Making
Clifford Wolf
Clarke
Project IceStorm provides the first end-to-end open source FPGA toolchain, was originally presented at 32c3, and only targetted Lattice iCE40 FPGAs. nextpnr is the next big step for open source FPGA tools, providing a retargetable open source FPGA place-and-route tool that will enable open source flows for many different FPGAs from many different vendors.
12/28/18
Hardware & Making
Mike Sperber
Borg
Teaching beginners how to program is often <i>hard</i>. We love building programs, and seeing our loved ones struggle with this is painful. Showing them how to copy-paste a few example programs and change a few parameters is easy, but bridging from there to building substantial programs is a different game entirely. This talk is about how to teach programming successfully, through comprehensible <i>design recipes</i>, which anyone can follow, using languages and tools designed for beginners. ...