csi fuzzer document and publication (former paper) section udpate

This commit is contained in:
Xianjun Jiao 2021-05-16 16:14:26 +02:00
parent 0b900b776f
commit b49db4c59a
7 changed files with 41 additions and 14 deletions

View File

@ -15,7 +15,7 @@ This repository includes Linux driver and software. [openwifi-hw](https://github
[[Project document](doc/README.md)] [[Project document](doc/README.md)]
[[Application notes](doc/app_notes/README.md)] [[Application notes](doc/app_notes/README.md)]
[[Videos](#Videos)] [[Videos](#Videos)]
[[Papers](#Papers)] [[Publications](doc/publications.md)]
[[maillist](https://lists.ugent.be/wws/subscribe/openwifi)] [[maillist](https://lists.ugent.be/wws/subscribe/openwifi)]
[[Cite openwifi project](#Cite-openwifi-project)] [[Cite openwifi project](#Cite-openwifi-project)]
@ -29,7 +29,7 @@ Openwifi code has dual licenses. AGPLv3 is the opensource license. For non-opens
- DCF (CSMA/CA) low MAC layer in FPGA (10us SIFS is achieved) - DCF (CSMA/CA) low MAC layer in FPGA (10us SIFS is achieved)
- [802.11 packet injection and fuzzing](doc/app_notes/inject_80211.md) - [802.11 packet injection and fuzzing](doc/app_notes/inject_80211.md)
- [CSI](doc/app_notes/csi.md): Channel State Information, freq offset, equalizer to computer - [CSI](doc/app_notes/csi.md): Channel State Information, freq offset, equalizer to computer
- [CSI fuzzer](doc/app_notes/csi_fuzzer.md): Create fake CSI in WiFi transmitter - [CSI fuzzer](doc/app_notes/csi_fuzzer.md): Create artificial channel response in WiFi transmitter
- [[IQ capture](doc/app_notes/iq.md)]: real-time AGC, RSSI, IQ sample to computer. [[Dual antenna version](doc/app_notes/iq_2ant.md)] - [[IQ capture](doc/app_notes/iq.md)]: real-time AGC, RSSI, IQ sample to computer. [[Dual antenna version](doc/app_notes/iq_2ant.md)]
- Configurable channel access priority parameters: - Configurable channel access priority parameters:
- duration of RTS/CTS, CTS-to-self - duration of RTS/CTS, CTS-to-self
@ -257,14 +257,6 @@ This section explains the porting work by showing the differences between openwi
- CSI (Channel State Information) [[twitter](https://twitter.com/i/status/1314207380561780738)], [[link for CHN user](https://www.zhihu.com/zvideo/1297662571618148352)] - CSI (Channel State Information) [[twitter](https://twitter.com/i/status/1314207380561780738)], [[link for CHN user](https://www.zhihu.com/zvideo/1297662571618148352)]
- FOSDEM2021 [[Flash back](https://twitter.com/jxjputaoshu/status/1358462741703491584?s=20)], [[link for CHN user](https://www.zhihu.com/zvideo/1340748826311974912)]; [[Presentation](https://mirror.as35701.net/video.fosdem.org/2021/D.radio/fsr_openwifi_opensource_wifi_chip.webm)], [[link for CHN user](https://www.zhihu.com/zvideo/1345036055104360448)] - FOSDEM2021 [[Flash back](https://twitter.com/jxjputaoshu/status/1358462741703491584?s=20)], [[link for CHN user](https://www.zhihu.com/zvideo/1340748826311974912)]; [[Presentation](https://mirror.as35701.net/video.fosdem.org/2021/D.radio/fsr_openwifi_opensource_wifi_chip.webm)], [[link for CHN user](https://www.zhihu.com/zvideo/1345036055104360448)]
## Papers
- [openwifi: a free and open-source IEEE802.11 SDR implementation on SoC](https://www.orca-project.eu/wp-content/uploads/sites/4/2020/03/openwifi-vtc-antwerp-PID1249076.pdf)
- [csi murder](https://ans.unibs.it/projects/csi-murder/)
- [IEEE 802.11 CSI randomization to preserve location privacy: An empirical evaluation in different scenarios](https://www.sciencedirect.com/science/article/abs/pii/S138912862100102X)
Openwifi was born in [ORCA project](https://www.orca-project.eu/) (EU's Horizon2020 programme under agreement number 732174).
## Cite openwifi project ## Cite openwifi project
Any use of openwifi project which results in a publication should include a citation via (bibtex example): Any use of openwifi project which results in a publication should include a citation via (bibtex example):

View File

@ -17,7 +17,7 @@ Above figure shows software and hardware/FPGA modules that compose the openwifi
- [Regulation and channel config](#Regulation-and-channel-config) - [Regulation and channel config](#Regulation-and-channel-config)
- [Analog and digital frequency design](#Analog-and-digital-frequency-design) - [Analog and digital frequency design](#Analog-and-digital-frequency-design)
- [Debug methods](#Debug-methods) - [Debug methods](#Debug-methods)
- [Application notes](app_notes) - [Application notes](app_notes/README.md)
## Driver and software overall principle ## Driver and software overall principle

Binary file not shown.

After

Width:  |  Height:  |  Size: 94 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 36 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 121 KiB

View File

@ -4,12 +4,32 @@ SPDX-FileCopyrightText: 2021 UGent
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
--> -->
Coming soon for details. CSI (Channel Station Information) of WiFi systems is available in some WiFi chips and can be used for environment (people, object, activity) sensing passively and secretly.
CSI over the air loopback before fuzzing. How could a CSI fuzzer stop unauthorized sensing?
![](./csi-fuzzer-system-before-vs-now.png)
CSI fuzzer implementation principle.
![](./csi-fuzzer-principle.png)
CSI fuzzer in openwifi system architecture and related commands.
![](./csi-fuzzer-implementation.png)
Thanks to the full-duplex capability and CSI extraction feature of openwifi, you can monitor the artificial channel response via [side channel](./csi.md) by Tx-Rx over the air coupling without affecting the normal operation/traffic of openwifi. Before the self-monitoring, the auto-mute during Tx needs to be disabled:
```
./sdrctl dev sdr0 set reg xpu 1 1
```
CSI self-monitoring before fuzzing.
![](./csi-fuzzer-beacon-ant-back-0.jpg) ![](./csi-fuzzer-beacon-ant-back-0.jpg)
CSI over the air loopback after fuzzing command: csi_fuzzer.sh 1 45 0 13 CSI self-monitoring after fuzzing command: `csi_fuzzer.sh 1 45 0 13`
![](./csi-fuzzer-beacon-ant-back-1-45-0-13.jpg) ![](./csi-fuzzer-beacon-ant-back-1-45-0-13.jpg)
`csi_fuzzer_scan.sh` can scan the c1 and c2 in different styles/modes by calling `csi_fuzzer.sh`.

15
doc/publications.md Normal file
View File

@ -0,0 +1,15 @@
<!--
Author: Xianjun jiao
SPDX-FileCopyrightText: 2021 UGent
SPDX-License-Identifier: AGPL-3.0-or-later
-->
Openwifi related publications
Openwifi was born in ORCA project (EU's Horizon2020 programme under agreement number 732174).
- [openwifi: a free and open-source IEEE802.11 SDR implementation on SoC](https://www.orca-project.eu/wp-content/uploads/sites/4/2020/03/openwifi-vtc-antwerp-PID1249076.pdf)
- [CSI MURDER](https://ans.unibs.it/projects/csi-murder/)
- [IEEE 802.11 CSI randomization to preserve location privacy: An empirical evaluation in different scenarios](https://www.sciencedirect.com/science/article/abs/pii/S138912862100102X)
- [Enabling TSN over IEEE 802.11: Low-overhead Time Synchronization for Wi-Fi Clients](https://biblio.ugent.be/publication/8700714/file/8700715.pdf)