ROOTS 2019 Talk: Automatic Modulation Parameter Detection In Practice – Johannes Pohl

Internet of Things (IoT) devices have to be small and energy efficient so that resources for security mechanisms tend to be limited. Due to the lack of open source or license free standards, device manufacturers often use proprietary protocols. Software Defined Radios (SDR) provide a generic way to investigate wireless protocols because they operate on nearly arbitrary frequencies, but they output sine waves that have to be demodulated. This demodulation process slows down security investigations because it forces researchers to start on the physical layer while the real reverse-engineering is performed on the logical layer.

We contribute an auto-detection system that estimates all demodulation parameters of a wireless signal and, additionally, explicitly returns all these parameters so that they can be fine-tuned afterwards. This allows security researchers to skip the physical layer and work with the bits and bytes instead of sine waves. The contributed system is evaluated with both simulated signals and ten real-world signals captured from various IoT devices with SDRs. Furthermore, we show how parameters can be estimated during recording time and evaluate this technique by attacking an AES secured wireless door lock. Our solution is available as part of the open source software Universal Radio Hacker and follows the ergonomic philosophy of the main application.


Johannes Pohl studied Computer Science at the University of Applied Sciences Stralsund and received his Master of Science in 2013. Since then he works there as a PhD student and conducts research in the area of Location Privacy and Wireless Security. He worked for two years in DevOps research at Boreus Data Center, Germany. Since March 2017 he works as a Scientific Co-Worker at the University of Applied Sciences, Stralsund.

Tags: , , , ,

Leave a Comment