CBL - Campus del Baix Llobregat

Projecte llegit

Títol: Security assessment of package locker


Estudiants que han llegit aquest projecte:


Director/a: LEÓN ABARCA, OLGA

Departament: ENTEL

Títol: Security assessment of package locker

Data inici oferta: 25-02-2025     Data finalització oferta: 25-02-2025



Estudis d'assignació del projecte:
    GR ENG TELEMÀTICA
Tipus: Individual
 
Lloc de realització: ERASMUS
 
Paraules clau:
Security assessment, cybersecurity, encryption, BLE, reverse engineering
 
Descripció del contingut i pla d'activitats:
 
Overview (resum en anglès):
This report presents a security assessment of SwipBox's Infinity parcel locker system, with a focus on the Bluetooth Low Energy communication between user's mobile device and the unmanned lockers.

The assessment employed reverse engineering and static code analysis of SwipBox's SDK for android applications to understand the communication flow. While Bluetooth Low Energy traffic analysis revealed that the system lacks standard pairing and encryption protocols.

A test bed consisting of three nRF52820 microcontrollers was developed to emulate a phone, locker and an attacker. Testing demonstrated that Man-in-the-Middle attacks could successfully intercept authentication challenges and parcel tokens, which would enable potential unauthorized access to parcels.

Proposed mitigation strategies include timeout mechanisms, preshared secret keys for nonce signing, and use of signed certificates. While some of solutions may conflict with low-energy requirements, implementation of appropriate countermeasures may be needed to address identified vulnerabilities.

The findings highlight a potentially critical security gap. Future research should include direct testing of the actually system to validate these theoretical vulnerabilities.


© CBLTIC Campus del Baix Llobregat - UPC