ExternalVendorCode/openwifi
1
0
Fork 0
mirror of https://github.com/open-sdr/openwifi.git synced 2024-12-19 13:48:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update csi_fuzzer.md

Browse Source
This commit is contained in:
Jiao Xianjun 2021-06-22 09:36:24 +02:00 committed by GitHub
parent a86b7d6e01
commit 035b3a0430
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 48 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
doc/app_notes/csi_fuzzer.md
View File

@ -7,7 +7,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later
[Openwifi CSI fuzzer for authorized sensing and covert channels](https://arxiv.org/pdf/2105.07428.pdf) (accepted by ACM WiSec 2021)
CSI (Channel State Information) of WiFi systems is available in some WiFi chips and can be used for sensing the environment (keystrokes, people, object) passively and secretly.
## Concept
How could a CSI fuzzer stop unauthorized sensing?
![](./csi-fuzzer-system-before-vs-now.png)
@ -16,15 +18,55 @@ CSI fuzzer implementation principle.
![](./csi-fuzzer-principle.png)
## Demo instructions
Thanks to the full-duplex capability and CSI extraction feature of openwifi, you can monitor the artificial channel response via [side channel](./csi.md) by Tx-Rx over the air coupling without affecting the normal operation/traffic of openwifi. Before the self-monitoring, the auto-mute during Tx needs to be disabled.
The full demo steps are:
```
ssh root@192.168.10.122
(password: openwifi)
cd openwifi
./fosdem-11ag.sh
(setup openwifi AP)
./sdrctl dev sdr0 set reg xpu 1 1
(Disable auto-muting to listen self-TX)
insmod side_ch.ko num_eq_init=0
./side_ch_ctl wh1h2001
./side_ch_ctl wh6hffffffff
(Let's only monitor self-beacon-TX CSI over-the-air loopback)
./side_ch_ctl g1
```
Go to openwifi/user_space/side_ch_ctl_src, and run `python3 side_info_display.py 0`. You should see the over-the-air loopback CSI when CSI fuzzer is not enabled. Then stop the python3 side_info_display.py script to ease the next step.
Start another ssh session to the openwifi board:
```
ssh root@192.168.10.122
(password: openwifi)
cd openwifi
./csi_fuzzer_scan.sh 1
(CSI fuzzer applies possible artificial CSI by scanning all values)
(csi_fuzzer.sh is called. Please read both scripts to understand these commands)
```
Go to openwifi/user_space/side_ch_ctl_src, and run `python3 side_info_display.py 0`. Now you should see that CSI keeps changing like in this [video](https://youtu.be/aOPYwT77Qdw).
# Further explanation on parameters
CSI fuzzer in openwifi system architecture and related commands.
![](./csi-fuzzer-implementation.png)
Thanks to the full-duplex capability and CSI extraction feature of openwifi, you can monitor the artificial channel response via [side channel](./csi.md) by Tx-Rx over the air coupling without affecting the normal operation/traffic of openwifi. Before the self-monitoring, the auto-mute during Tx needs to be disabled:
```
./sdrctl dev sdr0 set reg xpu 1 1
```
# Example fuzzed CSI
CSI self-monitoring before fuzzing.