Enhancing Physical Perimeter Defense Using SDR

Presented at AppSec USA 2017, Sept. 22, 2017, 11:30 a.m. (45 minutes).

Part One: The Problem The current solutions of sensor based perimeter defense have their limitations. Taking home defense as an example, sensors are located at all possible breach points of the perimeter (windows, doors, etc). The alarm is triggered only when there is an actual perimeter breach. It takes time for the alarm company to report to local police and more time for police to send patrol cars. If the attackers are determined to finish the task quickly and take off before police can arrive, the chance of getting away is very high.   There is one important additional weakness: this traditional method is limited to what information the sensors pick up. The old methods have no capability of identifying the reconnaissance, which happens very often before potential breaches.   Part Two: The Solution Most attackers carry cell phones during reconnaissance and the actual breach. This means the chances that a new cellular device will show up near the (potential) breach site is very likely.   I propose a solution of using software-defined radio to simulate cell tower signals within a short range, near the protected perimeters of a site. Through the analysis of abnormal devices within a certain range of the perimeter, we can: * Identify potential threats (reconnaissance, following, etc). * Post-breach investigation (by providing cellular device info). * Conviction (crime scene presence through the location of the device).   Part Three: Technical Implementation Details SDR Configuration * (The following SDR config is done only to a short range around the protected perimeter.) * Use SDR to simulate the cell tower within a short range. * SDR will force cell phones to downgrade to 2G for information gathering. * Frequency to power on the SDR. The SDR will NOT always be powered on. It only powers on every 30 minutes, for 1 minute. * SDR will capture the phone number, active time, and location (directions related to the SDR).   Data Storage The following data will be stored and encrypted: * Phone number * Active time * Location (relative to the SDR)   Data Analysis * Normal pattern (learning process): 1) Devices frequently showing up near perimeter (neighbours). 2) Devices only showing up at certain times of the day (mail delivery, garbage pickup, etc). * Exception pattern: Devices near perimeter that have never show up before (potential reconnaissance). Identify intrusion: Devices inside the perimeter that have never show up before. * Correlating the exception pattern with intrusion: identify and note the reconnaissance activity.   Part Four: Limitations and Thoughts Limitations * The solution assumes attackers carry cellular device during the recon or breach. * The location and direction of the device is based on signal strength and is therefore not guaranteed to be accurate.   Integrate with Other Solutions * Integration with existing perimeter defense solutions * Trigger the action of drones for 1) vehicle identification 2) real time images   Part Five: Video Demo   Disclaimer: This article and any related technical detail was prepared or accomplished by the author in his personal capacity. The opinions expressed in this article are the author's own and do not reflect the view of author's employer

Presenters:

  • Yitao Wang - Attacklytics
    Yitao Wang has over 10 years of experience in information security. Coming from the other side of the GFW he has great passion for internet and computer security since the wild 90s. Yitao is currently working on his own startup security company where he drives the products and provides consulting services. Previously he led the Red Team at CreditKarma and worked on different roles at Akamai(Kona) and Dell SecureWorks. When not in front of a computer he loves driving stick-shift cars and spend time with family.

Links:

Similar Presentations: