Investigation of Signal and Message Manipulations on the Wireless Channel

  • Christina Pöpper
  • Nils Ole Tippenhauer
  • Boris Danev
  • Srdjan Capkun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)

Abstract

We explore the suitability of Dolev-Yao-based attacker models for the security analysis of wireless communication. The Dolev-Yao model is commonly used for wireline and wireless networks. It is defined on abstract messages exchanged between entities and includes arbitrary, real-time modification of messages by the attacker. In this work, we aim at understanding and evaluating the conditions under which these real-time, covert low-energy signal modifications can be successful. In particular, we focus on the following signal and message manipulation techniques: symbol flipping and signal annihilation. We analyze these techniques theoretically, by simulations, and experiments and show their feasibility for particular wireless channels and scenarios.

Keywords

Wireless Security Adversarial Interference Signal Manipulation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arora, A., Sang, L.: Capabilities of low-power wireless jammers. In: IEEE Infocom Miniconference (2009)Google Scholar
  2. 2.
    IEEE Standards Association. IEEE Standard 802.11b-1999: Wireless LAN MAC and PHY Specifications (1999), http://standards.ieee.org
  3. 3.
    Davidoff, S.: GPS spoofing (2008), http://philosecurity.org/2008/09/07/gps-spoofing
  4. 4.
    Desmedt, Y., Safavi-Naini, R., Wang, H., Charnes, C., Pieprzyk, J.: Broadcast anti-jamming systems. In: Proceedings of the IEEE International Conference on Networks, ICON (1999)Google Scholar
  5. 5.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Ettus. Universal software radio peripheral (USRP), http://www.ettus.com
  7. 7.
    Gupta, P., Kumar, P.R.: The capacity of wireless networks. IEEE Transactions on Information Theory 46(2) (2000)Google Scholar
  8. 8.
    Hightower, J., Borriello, G., Want, R.: SpotON: An indoor 3D location sensing technology based on RF signal strength. Technical Report 2000-02-02, University of Washington (2000)Google Scholar
  9. 9.
    Humphreys, T.E., Ledvina, B.M., Psiaki, M.L., O’Hanlon, B.W., Kintner Jr., P.M.: Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In: Proceedings of the ION GNSS International Technical Meeting of the Satellite Division (2008)Google Scholar
  10. 10.
    Jana, S., Premnath, S.N., Clark, M., Kasera, S.K., Patwari, N., Krishnamurthy, S.V.: On the effectiveness of secret key extraction from wireless signal strength in real environments. In: Proceedings of the ACM/IEEE International Conference on Mobile Computing and Networking, MobiCom (2009)Google Scholar
  11. 11.
    Jin, T., Noubir, G., Thapa, B.: Zero pre-shared secret key establishment in the presence of jammers. In: Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc). ACM Press, New York (2009)Google Scholar
  12. 12.
    Karlof, C., Sastry, N., Li, Y., Perrig, A., Tygar, D.: Distillation codes and applications to DoS resistant multicast authentication. In: Proceedings of the Network and Distributed Systems Security Symposium, NDSS (2004)Google Scholar
  13. 13.
    Li, M., Koutsopoulos, I., Poovendran, R.: Optimal jamming attacks and network defense policies in wireless sensor networks. In: Proceedings of the IEEE Conference on Computer Communications, InfoCom (2007)Google Scholar
  14. 14.
    Lin, G., Noubir, G.: On link layer denial of service in data wireless LANs: Research articles. Wireless Communications & Mobile Computing 5(3), 273–284 (2005)CrossRefGoogle Scholar
  15. 15.
    Liu, A., Ning, P., Dai, H., Liu, Y.: Defending DSSS-based broadcast communication against insider jammers via delayed seed-disclosure. In: Proceedings of Annual Computer Security Applications Conference, ACSAC (2010)Google Scholar
  16. 16.
    Liu, Y., Ning, P., Dai, H., Liu, A.: Randomized differential DSSS: Jamming-resistant wireless broadcast communication. In: Proceedings of the IEEE Conference on Computer Communications, InfoCom (2010)Google Scholar
  17. 17.
    Oppenheim, A.V., Schafer, R.W., Buck, J.R.: Discrete-Time Signal Processing, 2nd edn. Prentice-Hall Signal Processing Series (1998)Google Scholar
  18. 18.
    Iserte, A.P.: Channel state Information and joint transmitter-receiver design in multi-antenna systems. PhD thesis, Polytechnic University of Catalonia (2005)Google Scholar
  19. 19.
    Poisel, R.A.: Modern Communications Jamming Principles and Techniques. Artech House Publishers, Boston (2006)Google Scholar
  20. 20.
    Poisel, R.A.: Foundations of Communications Electronic Warfare. Artech House Publishers, Boston (2008)Google Scholar
  21. 21.
    Sang, L., Arora, A.: Capabilities of low-power wireless jammers. Technical Report OSU-CISRC-5/08-TR24, The Ohio State University (2008)Google Scholar
  22. 22.
    Schaller, P., Schmidt, B., Basin, D., Čapkun, S.: Modeling and verifying physical properties of security protocols for wireless networks. In: Proceedings of the IEEE Computer Security Foundations Symposium (2009)Google Scholar
  23. 23.
    Son, D., Krishnamachari, B., Heidemann, J.: Experimental study of concurrent transmission in wireless sensor networks. In: Proceedings of the ACM Conference on Networked Sensor Systems, SenSys (2006)Google Scholar
  24. 24.
    Strasser, M., Danev, B., Čapkun, S.: Detection of reactive jamming in sensor networks. ACM Transactions on Sensor Networks 7, 16:1–16:29 (2010)Google Scholar
  25. 25.
    Strasser, M., Pöpper, C., Čapkun, S., Čagalj, M.: Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, S&P (2008)Google Scholar
  26. 26.
    Symantec. Securing enterprise wireless networks. White Paper (2003)Google Scholar
  27. 27.
    The MathWorks, Inc. Matlab – a numerical computing environment, www.mathworks.com
  28. 28.
    Tippenhauer, N.O., Rasmussen, K.B., Pöpper, C., Čapkun, S.: Attacks on Public WLAN-based Positioning. In: Proceedings of the ACM Conference on Mobile Systems, Applications and Services, MobiSys (2009)Google Scholar
  29. 29.
    Tse, D., Viswanath, P.: Fundamentals of wireless communication. Cambridge University Press, Cambridge (2005)CrossRefMATHGoogle Scholar
  30. 30.
    Čagalj, M., Hubaux, J.-P., Čapkun, S., Rengaswamy, R., Tsigkogiannis, I., Srivastava, M.: Integrity (I) Codes: Message Integrity Protection and Authentication Over Insecure Channels. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, S&P (2006)Google Scholar
  31. 31.
    Čagalj, M., Čapkun, S., Hubaux, J.-P.: Wormhole-based antijamming techniques in sensor networks. IEEE Transactions on Mobile Computing 6(1), 100–114 (2007)CrossRefGoogle Scholar
  32. 32.
    Warner, J.S., Johnston, R.G.: Think GPS Cargo Tracking = High Security? Think Again. Technical report, Los Alamos National Laboratory (2003)Google Scholar
  33. 33.
    Whitehouse, K., Woo, A., Jiang, F., Polastre, J., Culler, D.: Exploiting the capture effect for collision detection and recovery. In: Proceedings of the IEEE workshop on Embedded Networked Sensors (EmNets) (2005)Google Scholar
  34. 34.
    Wilhelm, M., Martinovic, I., Schmitt, J., Lenders, V.: Reactive jamming in wireless networks: How realistic is the threat? In: Proceedings of the forth ACM Conference on Wireless Network Security, WiSec (2011)Google Scholar
  35. 35.
    Wood, A.D., Stankovic, J.A.: Denial of service in sensor networks. IEEE Computer 35(10), 54–62 (2002)CrossRefGoogle Scholar
  36. 36.
    Xiao, L., Greenstein, L., Mandayam, N., Trappe, W.: Fingerprints in the ether: Using the physical layer for wireless authentication. In: Proceedings of the IEEE International Conference on Communications, ICC (2007)Google Scholar
  37. 37.
    Xu, W., Trappe, W., Zhang, Y.: Channel surfing: defending wireless sensor networks from jamming and interference. In: Proceedings of the ACM Conference on Networked Sensor Systems, SenSys (2006)Google Scholar
  38. 38.
    Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing, MobiHoc (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Christina Pöpper
    • 1
  • Nils Ole Tippenhauer
    • 1
  • Boris Danev
    • 1
  • Srdjan Capkun
    • 1
  1. 1.Department of Computer ScienceETH ZurichSwitzerland

Personalised recommendations