(Wireless) Communication Security

In this project, we investigate systematic and automated security testing of (Wireless) Communication Protocols. Our work in this area has uncovered critical security vulnerabilities such as SweynTooth and BrakTooth, among others. Additionally, our security testing tool has been translated by Keysight Technologies into Keysight IoT Security Assesssment Software. Our research in this topic was featured in WIRED (1), WIRED (2), PCMag Magazine, Hacker News, HACKADAY, MalwareBytes, Register, Bleeping Computer, Threatpost, The Record (by Recorded Future), Heise Online, and many news articles and podcasts (Podcast 1, Podcast 2) worldwide.

Representative Publications:

Towards Automated Fuzzing of 4G/5G Protocol Implementations Over the Air
Matheus E. Garbelini, Zewen Shang, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
IEEE Global Communications Conference (GLOBECOM), 2022

Greyhound: Directed Greybox Wi-Fi Fuzzing
Matheus E. Garbelini, Chundong Wang, and Sudipta Chattopadhyay
IEEE Transactions on Dependable and Secure Computing (TDSC), 2020

BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing
Matheus E. Garbelini, Vaibhav Bedi, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
USENIX Security Symposium, 2022

SweynTooth: Unleashing Mayhem over Bluetooth Low Energy
Matheus E. Garbelini, Chundong Wang, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
USENIX Annual Technical Conference (USENIX ATC), 2020

Acknowledgement: We are grateful to Keysight Technologies, National Research Foundation and Ministry of Education for generously supporting this project.