Radio Frequency (RF) Security in Industrial Engineering Processes

  • Martin FruhmannEmail author
  • Klaus Gebeshuber


Interconnection and information transparency are major players when it comes to the 4th Industrial Revolution, also known as the Industry 4.0 (I4.0). Hence, wireless transmission systems have a growing potential in the engineering of new industrial machines. In fact, Radio Frequency (RF) technologies have already found their ways into the engineering process. This trend, however, goes hand in hand with a rising awareness for IT security. Since industrial machines are known to have a great lifetime, it is inevitable to not consider security from the very first development phase onward. To improve the security of any industrial system findings from industrial penetration tests as well as possible mitigations should be already considered at an early stage of the design and development process. This chapter therefore discusses use cases and security measures of wireless systems in industrial facilities. Based on an overview of RF technologies in the industrial field, several devices and software products (software-defined radios) for the analysis of such systems are introduced. Furthermore, the feasibility for Penetration Testing of these devices is addressed to strengthen the security aspect when it comes to the I4.0.


RF Software-defined radio Information security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Airspy. (2018). Airspy low cost high performance sdr. Accessed 15 August 2018.
  2. Akerberg, J., Gidlund, M., & Bjoerkman, M. (2011). Future research challenges in wireless sensor and actuator networks targeting industrial automation. In 2011 9th IEEE International Conference on Industrial Informatics (pp. 410–415).
  3. Alliance, W. F. (2006). Wpa2™ security now mandatory for wi-fi certified™ products. Accessed 04 March 2019.Google Scholar
  4. Alliance, W. F. (2018). Wi-fi alliance® introduces wi-fi certified wpa3™ security. Accessed: 04 March 2019.Google Scholar
  5. Alrabady, A. I., & Mahmud, S. M. (2005). Analysis of attacks against the security of keyless-entry systems for vehicles and suggestions for improved designs. IEEE Transactions on Vehicular Technology, 54(1), 41–50. Scholar
  6. Analog Devices Inc. (2018b). Adalm-pluto sdr: Unboxing and initial testing. Accessed 11 August 2018.
  7. Analog Devices Inc. (2018c). Why “pluto”. Accessed 11 August 2018.
  8. atlas0fd00m.
    atlas0fd00m. (2018). Rfcat. Accessed 15 August 2018.
  9. Audacity. (2018). Audacity. Accessed 15 August 2018.
  10. Bluetooth, S. (2016). Bluetooth core specification v5. 0. San Jose, CA: Bluetooth SIG.Google Scholar
  11. Bowers, B. (2012). Zigbee wireless security: A new age penetration testers toolkit.Google Scholar
  12. Caro, D., et al. (2014). Wireless networks for industrial automation. ISA.Google Scholar
  13. Chapman, A. (2014). Hacking into internet connected light bulbs. Context 4.Google Scholar
  14. Chernyshev, M. (2013). Verification of primitive sub ghz rf replay attack techniques based on visual signal analysis.Google Scholar
  15. Clancy, T. C., & Goergen, N. (2008). Security in cognitive radio networks: Threats and mitigation. In 2008 3rd International Conference on Cognitive Radio Oriented Wireless Networks and Communications (CrownCom 2008) (pp. 1–8).
  16. Cryptic Apps. (2018). Hopper v4. Accessed 19 December 2018.
  17. Ettus. (2018) Usrp b200. Accessed 11 August 2018.
  18. Fadlullah, Z. M., Nishiyama, H., Kato, N., & Fouda, M. M. (2013). Intrusion detection system (ids) for combating attacks against cognitive radio networks. IEEE Network, 27(3), 51–56. Scholar
  19. FCC. (2018). Fcc - what we do. Accessed 19 August 2018.
  20. Fragkiadakis, A. G., Tragos, E. Z., & Askoxylakis, I. G. (2013). A survey on security threats and detection techniques in cognitive radio networks. IEEE Communications Surveys Tutorials, 15(1), 428–445. Scholar
  21. Frotzscher, A., Wetzker, U., Bauer, M., Rentschler, M., Beyer, M., Elspass, S., et al. (2014). Requirements and current solutions of wireless communication in industrial automation. In 2014 IEEE International Conference on Communications Workshops (ICC) (pp. 67–72).
  22. Github. (2018). Github. Accessed 20 August 2018.
  23. GQRX. (2018). Gqrx sdr. Accessed 12 August 2018.Google Scholar
  24. Great Scott Gadgets. (2016). Hackrf one. Accessed 01 March 2018.
  25. Haataja, K. M. J., & Hypponen, K. (2008). Man-in-the-middle attacks on bluetooth: A comparative analysis, a novel attack, and countermeasures. In 2008 3rd International Symposium on Communications, Control and Signal Processing (pp. 1096–1102).
  26. Heinaearo, K. (2015). Cyber attacking tactical radio networks. In 2015 International Conference on Military Communications and Information Systems (ICMCIS) (pp. 1–6).
  27. Hex-Rays. (2018). Ida:about. Accessed 19 December 2018.
  28. Howard, M., & Lipner, S. (2006). The security development lifecycle, Vol. 8. Redmond: Microsoft Press.Google Scholar
  29. Kar, G., Mustafa, H., Wang, Y., Chen, Y., Xu, W., Gruteser, M., et al. (2014). Detection of on-road vehicles emanating gps interference. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14 (pp. 621–632). New York, NY: ACM. Scholar
  30. Klostermeier, G., & Deeg, M. (2016). Security of modern wireless input. Scholar
  31. Li, C., Raghunathan, A., & Jha, N. K. (2011). Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), 2011 (pp. 150–156). Piscataway: IEEE.Google Scholar
  32. Li, Z., Xu, W., Miller, R., & Trappe, W. (2006). Securing wireless systems via lower layer enforcements. In Proceedings of the 5th ACM Workshop on Wireless Security, WiSe ’06 (pp. 33–42). New York, NY: ACM. Scholar
  33. Liechti, M., Lenders, V., & Giustiniano, D. (2015). Jamming mitigation by randomized bandwidth hopping. In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, CoNEXT ’15 (pp. 11:1–11:13). New York, NY: ACM.
  34. Machado, R. G., & Wyglinski, A. M. (2015). Software-defined radio: Bridging the analog-digital divide. Proceedings of the IEEE 103(3), 409–423. Scholar
  35. Miek. (2018). Inspectrum. Accessed 12 August 2018.
  36. NooElec. (2018). Nooelec nesdr mini sdr and dvb-t usb stick. Accessed 01 March 2018.
  37. Nuand. (2018). Bladerf. Accessed 01 March 2018.
  38. Ossmann, M. (2016). Rapid radio reversing. Tech. rep.Google Scholar
  39. Ossmann, M., & Spill, D. (2017). What’s on the wireless? Automating rf signal identification. Tech. rep.Google Scholar
  40. Owor, R. S., Dajani, K., Okonkwo, Z., & Hamilton, J. (2007). An elliptical cryptographic algorithm for rf wireless devices. In Proceedings of the 39th Conference on Winter Simulation: 40 Years! The Best is Yet to Come, WSC ’07 (pp. 1424–1429). Piscataway, NJ: IEEE Press.Google Scholar
  41. Pancake. (2018). Radare. Accessed 19 August 2018.
  42. Picod, J., Lebrun, A., & Demay, J. (2014). Bringing software defined radio to the penetration testing community. In Black Hat USA Conference Google Scholar
  43. Pohl, J., & Noack, A. (2018). Universal radio hacker: A suite for analyzing and attacking stateful wireless protocols. In 12th USENIX Workshop on Offensive Technologies (WOOT 18). Baltimore, MD: USENIX Association.Google Scholar
  44. Punal, O., Aguiar, A., & Gross, J. (2012). In vanets we trust?: Characterizing rf jamming in vehicular networks. In Proceedings of the Ninth ACM International Workshop on Vehicular Inter-networking, Systems, and Applications, VANET ’12 (pp. 83–92). New York, NY: ACM. Scholar
  45. Qu, Y., & Chan, P. (2016). Assessing vulnerabilities in bluetooth low energy (ble) wireless network based iot systems. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) (pp. 42–48).
  46. Reaves, B., & Morris, T. (2012). Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems. International Journal of Critical Infrastructure Protection, 5(3–4), 154–174.CrossRefGoogle Scholar
  47. Ronen, E., Shamir, A., Weingarten, A., & O’Flynn, C. (2017). Iot goes nuclear: Creating a zigbee chain reaction. In 2017 IEEE Symposium on Security and Privacy (SP) (pp. 195–212).
  48. RTL-SDR. (2018). About rtl-sdr. Accessed 10 August 2018.
  49. Sastry, N., & Wagner, D. (2004). Security considerations for ieee 802.15.4 networks. In Proceedings of the 3rd ACM Workshop on Wireless Security, WiSe ’04 (pp. 32–42). New York, NY: ACM. Scholar
  50. Shafagh, H., & Hithnawi, A. (2014). Poster: Come closer: Proximity-based authentication for the internet of things. In Proceedings of the 20th Annual International Conference on Mobile Computing and Networking, MobiCom ’14 (pp. 421–424). New York, NY: ACM. Scholar
  51. Shodan. (2018). Shodan. Accessed 29 July 2018.
  52. Stolnikov, D. (2018). osmocom gnu radio blocks. Accessed 12 August 2018.
  53. The GNU Radio Foundation (2018) What is gnu radio? Accessed 12 August 2018.
  54. The Penetration Testing Standard. (2014). The penetration testing standard. Accessed 26 July 2018.Google Scholar
  55. Vanhoef, M. (2017). Key reinstallation attacks. Accessed 04 March 2019.CrossRefGoogle Scholar
  56. Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS). New York, NY: ACM.Google Scholar
  57. Wright, J., & Cache, J. (2015). Hacking exposed wireless: Wireless security secrets & solutions (3rd ed.). New York: McGraw-Hill Education Group.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.FH JOANNEUM GmbH, Institute of Internet Technologies & ApplicationsKapfenbergAustria

Personalised recommendations