 An increase in number of devices around us are wireless devices that are part of some larger system and speak some type of proprietary protocol over a wireless medium. This project emerged out of an internship that my student, Jinghao Xi, did at Microsoft Research and we've been collaborating with two excellent researchers there, Ranbir Chandra and Shivendu Lahiri on this problem. So from a Microsoft context, Microsoft makes this gaming system, you may have heard of it, it's called the Xbox, kind of popular, and they have gaming controllers for the Xbox, and this is a great example of a proprietary wireless device. It speaks some sort of protocol over the wireless medium to communicate with the Xbox to allow you to control the characters or whatever. I don't really play computer games, but this is how I'm told that these work. So the question becomes, the problem arises out of how these devices are made. Microsoft comes up with a protocol specification. That protocol specification is then sent out to some device manufacturer, and what I get back is this wireless controller for the Xbox. The question becomes, how do I know the controller correctly implements the protocol as specified in the documents that I gave to the company that made it? So I want to verify that the protocol implementation matches the specification that I provided. Why is this difficult? Well, it's difficult primarily because access to this device is hard. It's possible, for example, that this custom wireless device has no instrumentation capabilities, so there's no where I can plug in a wire or something and get a tap of all the packets that it's exchanging over the air so that I can figure out what it's transmitting and what it's receiving. Even if I could do that, it's also possible that that instrumentation would alter its behavior. So it wouldn't actually behave in the same way when the instrumentation is turned on, and then I'm not verifying the device as it's going to behave in the wild. I'm verifying a device that has some perturbations that are introduced by the instrumentation process. So how do I verify that this custom wireless device implements the protocol correctly? So the idea that Jinghao's been pursuing is using a third device called a wireless sniffer. So a sniffer is going to sit there passively in sort of co-location with these other two devices and try to record all the traffic that they exchange. And the sniffer-based approach has a lot of nice features to it. So for example, if I can get a sniffer that records packets on a particular channel, I can use this in a variety of different settings to collect information and verify lots of different types of devices. Even, for example, in situations where this device and this device are both proprietary implementations, or I have multiple devices, like four or ten, that I want to make sure interact properly, the sniffer can do this job. So it can record traffic and it can record a trace that I'm then going to use for verification. The other nice thing about the sniffer is that at least in our current formulation, the sniffer is entirely passive. So it just sits there, listens to traffic, requires no instrumentation here, no instrumentation here, doesn't perturb the protocol in any way. The devices are probably completely unaware of the fact that the sniffer even exists. It's just listening. So this was our goal, was to be able to come up with a way to verify the operation of a custom wireless device. And this could, right now, these may be our Wi-Fi devices in the future, they could be parts of a broader IoT system. How do I figure out that the implementation of that device matches the protocol specification that I provided to the Harbor vendor?