76 students in 15 teams
The objective of this module is to provide a broad understanding of computer security with some indepth discussions on selected topics in system and network security. This module covers the following topics: intrusion detection, DNS security, electronic mail security, authentication, access control, buffer overflow, memory and stack protection, selected topics in application security, for instance, web security, and well-known attacks.
Research and implementation of the use of Software Defined Radio (SDR) and Fake WiFi Access Points to spoof location services on portable devices, mainly smart phones. Additionally, we aim to create a portable solution to conduct such attacks with convenience and ease.
LTE is one of the most widely used standards for mobile communication today. Due to it's popularity, outages and open attack vectors can potentially lead to severe risks. One possible attack on LTE is a redirection and downgrade attack, where a phone is redirected from their original LTE network to a rogue 2G network. As such, we will be investigating redirection attacks against LTE networks in Singapore and analyze the implications of these attacks.
We introduce the key re-installation attacks by forcing nonce reuse in WPA2. This attack uses the design flaws in the 802.11 standard, where re-transmissions of messages are accepted as part of the 4-way handshake. This resets the key's associated parameters, such as nonce and replay counters. In our demo, we are able to trick our victim into reinstalling an already in use key. This can be achieved by manipulating and replaying handshake messages, which will reset the nonce and replay counter to their initial value (all zeros)
As the concept of Internet Of Things (IOT) becomes increasingly popular in recent years, the technologies used in these devices has also seen tremendous changes and brought about greater convenience to consumers. What are the new technologies incorporated into modern IoT devices, and what impact(s) do they have on the security aspect of IoT devices? How did modern trends influence the technologies used and subsequently, the security aspects of IoT? Our team has embarked on a project to seek answers to these questions while exploring the security defences and loopholes of IoT devices - IP cameras in particular for the scope of this project.
With prevalent adoption of 4G LTE services island-wide, security of cellular networks are of utmost importance. User Equipment (UE), such as mobile phones, would connect to cell towers based on the tower's signal strength. However, the LTE protocol is designed in such a way that the initial exchange of messages with the cell towers are unencrypted. As a result, the protocol is susceptible to attacks such as Denial of Service (DoS) and downgrade attacks. In this project, we explore ways to perform DoS on UEs using a bogus LTE network through the use of a Software Defined Radio.
The Wi-Fi deauthentication attack, termed deauth for short, is a denial-of-service (DoS) attack where an attacker interrupts the connections between user devices and the target access point. It can also be used as a precursor to sniff the three way handshake between a router and a device when they first authenticate themselves. This project aims to explore the ease of using a popular IoT hardware device, ESP8266, to launch a deauth attack. To identify these malicious deauth attacks, we propose a solution which uses the ESP8266 as a deauth detector, where it would detect the deauth packets in the network, investigate whether a deauth request is legitimate or malicious, and send an alert email to the owner of device once it is proven to be malicious.