Due to its inherent broadcast nature, the wireless medium suffers security vulnerabilities that do not exist in wired networking. Recent research in wireless communications has strongly emphasized securing the physical layer against external security threats. One such security threat is the Denial-of-Service (DoS) attack at the physical layer, wherein the adversary transmits interfering signals, e.g. jamming signals, to make the wireless network become unavailable to legitimate users.
In its most basic form, a DoS attack can be just a continuous in-band jamming signal with sufficient power to corrupt all transmitted packets. A continuous jammer is simple to implement but suffers from two disadvantages: high power requirement for jamming operations and high probability of detection. Reactive jammers, on the other hand, are more efficient due to their ability to sense the wireless medium and to jam packets that are already in the air. By jamming packets reactively at critical moments, adversaries can significantly reduce network throughput using little energy while minimizing the chances of being detected. This type of jamming is much more efficient, as short bursts of jamming can still destroy the entire packet. In addition, reactive jamming is challenging to detect because the adversary creates limited interference with other nodes in the network, and the jamming signals only exist during the same duration as the packet.
Several categories of jammers have been identified in the literature based on their awareness of channel conditions and statefulness (e.g., E. Bayraktaroglu, C. King, X. Liu, G. Noubir, R. Rajaraman, and B. Thapa, “On the Performance of IEEE 802.11 under Jamming,” in Proc. of INFOCOM 2008, vol. 0448330, April 2008, pp. 1265-1273). Among them, reactive jammers are the most sophisticated due to their ability to “sense” the wireless medium and jam packets that are already in the air. The ability to be aware of channel conditions is highly desirable in adversarial jamming, as it can enable a wide range of sophisticated attacks. However, reactive jammers have not received much attention as a security threat in practice, mainly because of the implementation challenges in meeting strict real-time constraints in detecting and reacting to in-flight packets of high speed wireless networks.
Considerable prior research exists to characterize the effects of selective adversarial jamming to several wireless protocols. The problem of reactive jamming, in particular, has been studied from both the viewpoint of a jammer to devise optimal jamming strategies (M. Li, I. Koutsopoulos, and R. Poovendran, “Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks,” In Proc. of IEEE INFOCOM 2007, pages 1307-1315; S. Prasad and D. J. Thuente, “Jamming attacks in 802.11g—A cognitive radio based approach,” In Proc. of IEEE MILCOM 2011, pages 1219-1224, November 2011), and from the viewpoint of a wireless network to achieve jamming-resilient communications. Recently, the possibility of using self-jamming and cooperative jamming as a way to create secure wireless networks has also been considered. Gollakota and Katabi disclose in S. Gollakota and D. Katabi, “iJam: Jamming Oneself for Secure Wireless Communication,” Technical report, MIT, 2010; and S. Gollakota and D. Katabi, “Physical layer wireless security made fast and channel independent,” In Proc. of IEEE INFOCOM 2011, pages 1125-1133, April 2011) a data secrecy scheme called iJam wherein randomized self-jamming signals are used to deny potential eavesdroppers access to the raw signal data. Similarly, Shen et al. in “Ally Friendly Jamming How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time,” In Proc. of IEEE Symposium on Security and Privacy, pages 174-188, May 2013, develop a method to jam the wireless channel continuously while properly controlling the jamming signals with secret keys such that these signals interfere in an unpredictable fashion with unauthorized devices but are recoverable by authorized ones equipped with the secret keys.
While a majority of the above-mentioned research focuses on theoretical analysis and simulations, researchers still lack a practical way to deploy experimental protocols and evaluate their performances in typical high-speed wireless environments. The difficulties of achieving synchronization with real-time signals and timely RF responses are outlined and echoed throughout many prior art publications. For example, the iJam protocol was experimentally demonstrated using USRP radios; however, the transmitter must purposely introduce dummy paddings at the end of the PHY header, before the useful data, to account for the decoding and jamming response delays at the receiver. Applicants are aware of only a single study, by Wilhelm et al. in “Reactive Jamming in Wireless Networks—How Realistic is the Threat?,” In Proc. of ACM WiSec, pages 47-52, 2011, describing the performance of reactive jamming using software-defined radios (SDRs) on standard-compliant networks in real time. Wilhelm et al. demonstrate a hardware implementation of reactive jammers capable of operating in low-rate, Zigbee-based 802.15.4 networks. Hardware implemented reactive systems have a significant advantage over conventional SDR systems which utilize host side processing in that hardware implementations allow very short latency responses.
A need remains for a real-time, channel-aware, reactive jamming platform to permit the study of inherent vulnerabilities of wireless networks to eavesdropping and jamming attacks without requiring decoding at the receiver on a fully hardware implemented but host controlled platform. A need also remains for a reactive jamming platform with significantly faster RF response time for signal detection and response as well as additional degrees of freedom for performing live wireless security experiments with a variety of high-speed wireless standards. The present invention addresses these needs in the art.