Jamming Resistance


This project deals with anti-jamming techniques for wireless radio transmissions and wireless networks. We explore ways to detect, prevent, and counteract signal jamming attacks in which a third party transmits targeted jamming signals that disrupt wireless communications between nodes.

We made the following proposals for jamming resistance; further information and related publications are given below:

Signal and Message Manipulations: Investigation of signal and message manipulations on the wireless channel.

Detection of Reactive Jamming in Sensor Networks: Detection of reactive jamming based on identification of the cause of bit errors during transmission.

Uncoordinated Spread Spectrum Techniques: Uncoordinated Spread Spectrum Techniques for enabling jammig-resistant communication; UDSSS and UFH are two instances.

Uncoordinated DSSS: Jamming-resistant radio broadcast communication without shared secret keys.

Uncoordinated Frequency Hopping: Key Establishment over a wireless channel in the presence of a communication jammer.


Syssec members on the project:

  • Boris Danev, Christina Pöpper, Mario Strasser, Srdjan Capkun
Enlarged view: ESORICS 2011


Investigation of Signal and Message Manipulations on the Wireless Channel

This work explores the possibilities of the attacker to tamper with the integrity of messages and signals on the wireless channel.

We explore the suitability of Dolev-Yao-based attacker models for the security analysis of wireless communication. The Dolev-Yao model is commonly used for wireline and wireless networks. It is defined on abstract messages exchanged between entities and includes arbitrary, real-time modification of messages by the attacker. In this work, we aim at understanding and evaluating the conditions under which these real-time, covert low-energy signal modifications can be successful. In particular, we focus on the following signal and message manipulation techniques: symbol flipping and signal annihilation. We analyze these techniques theoretically, by simulations, and experiments and show their feasibility for particular wireless channels and scenarios.

Related publication:
- Christina Pöpper, Nils Ole Tippenhauer, Boris Danev, Srdjan Capkun
Investigation of Signal and Message Manipulations on the Wireless Channel
In Proceedings of the European Symposium on Research in Computer Security (ESORICS), 2011

Enlarged view: Reactive jamming

Detection of Reactive Jamming in Sensor Networks

An integral part of most security- and safety-critical applications is a dependable and timely alarm notification. However, owing to the resource constraints of wireless sensor nodes (i.e., their limited power and spectral diversity), ensuring a timely and jamming-resistant delivery of alarm messages in applications that rely on wireless sensor networks is a challenging task. With current alarm forwarding schemes, blocking of an alarm by jamming is straightforward and jamming is very likely to remain unnoticed. In this work, we propose a novel jamming detection scheme as a solution to this problem. Our scheme is able to identify the cause of bit errors for individual packets by looking at the received signal strength during the reception of these bits and is well-suited for the protection of reactive alarm systems with very low network traffic. We present three different techniques for the identication of bit errors based on: predetermined knowledge, error correcting codes, and limited node wiring. We perform a detailed evaluation of the proposed solution and validate our findings experimentally with Chipcon CC1000 and CC2420 radios. The results show that our solution effectively detects sophisticated jamming attacks that cannot be detected with existing techniques and enables the formation of robust sensor networks for dependable delivery of alarm noti cations. Our scheme also meets the high demands on the energy efficiency of reactive surveillance applications as it can operate without introducing additional wireless network traffic.

Related publication:
- Mario Strasser, Boris Danev, Srdjan Capkun
Detection of Reactive Jamming in Sensor Networks
ACM Transactions on Sensor Networks (TOSN), 2010 [DownloadPDF (PDF, 726 KB)]

Uncoordinated Spread Spectrum: Anti-jamming Broadcast Communication using Uncoordinated Spread Spectrum Technique

Enlarged view: Uncoordinated Spread Spectrum Techniques

Jamming-resistant communication is crucial for safety-critical applications such as emergency alert broadcasts or the dissemination of navigation signals in adversarial settings. In such applications, mission-critical messages are broadcast to a large and unknown number of (potentially untrusted) receivers that rely on the availability, integrity, and authenticity of the messages; here, availability primarily refers to the ability to communicate in the presence of jamming. Common techniques to counter jamming-based denial-of-service attacks such as Frequency Hopping (FH) and Direct Sequence Spread Spectrum (DSSS) cannot be applied in such settings because they depend on secret pairwise or group keys shared between the sender and the receivers before the communication. This dependency entails serious or unsolvable scalability and key-setup problems or weak jamming-resistance (a single malicious receiver can compromise the whole system). As a solution, in this work, we propose uncoordinated spread spectrum techniques that enable anti-jamming broadcast communication without shared secrets. Uncoordinated spread spectrum techniques can handle an unlimited amount of (malicious) receivers. We present two instances (Uncoordinated FH and Uncoordinated DSSS) and analyze differences in their performance as well as their combination. We further discuss the applications of these  techniques to anti-jamming navigation broadcast, bootstrapping of coordinated spread spectrum communication, and anti-jamming emergency alerts.

Related publication:
- Christina Pöpper, Mario Strasser, Srdjan Capkun
Anti-jamming Broadcast Communication using Uncoordinated Spread Spectrum Techniques
IEEE Journal on Selected Areas in Communications: Special Issue on Mission Critical Networking, 2010 [DownloadPDF (PDF, 418 KB)]

Enlarged view: Uncoordinated DSSS

Uncoordinated DSSS (Direct-Sequence Spread Spectrum): Jamming-resistant radio broadcast without pre-shared secrets

Many safety-critical application (such as emergency alert broadcasts or navigation signal dissemination in adversarial settings) share the need for jamming-resistant broadcast communication. More precisely, these applications rely on guaranteed authenticity and availability of messages which are broadcasted by base stations to a large and unknown number of (potentially untrusted) receivers. Common techniques to counter jamming attacks such as Direct-Sequence Spread Spectrum (DSSS) and Frequency Hopping are based on secrets that need to be shared between the sender and the receivers before the start of the communication, which suffers from serious and sometimes even unsolvable scalability and key-setup problems or from weak jamming-resistance. In this work, we therefore propose a solution called Uncoordinated DSSS (UDSSS) that enables spread-spectrum anti-jamming broadcast communication without the requirement of shared secrets. It is applicable to broadcast scenarios in which receivers hold a certificate of the sender’s public key, but do not share a secret key with it. We analyze the security and latency of UDSSS and complete our work by an experimental evaluation on a prototype implementation.

Related publication:
- Christina Pöpper, Mario Strasser, Srdjan Capkun
Jamming-resistant Broadcast Communication without Shared Keys
In Proceedings of the USENIX Security Symposium, 2009 [DownloadPDF (PDF, 625 KB)]

Related Technical Report 609, ETH Zürich, System Security Group, March 2009.

Enlarged view: Dependency cycle

Uncoordinated Frequency Hopping: Key establishment in the presence of communication jamming

We try to give an answer to the following question: How can two devices that do not share any secrets establish a shared secret key over a wireless radio channel in the presence of a communication jammer?

A challenge in solving this problem is that known anti-jamming techniques (e.g., frequency hopping or direct-sequence spread spectrum) which would support device communication during the key establishment require that the devices share a secret spreading key (or code) prior to the start of their communication. This requirement creates a circular dependency between anti-jamming spread-spectrum communication and key establishment (see image on the right: (a)). To the best of our knowledge, this dependency has not been addressed in this setting before.

We propose an Uncoordinated Frequency Hopping (UFH) scheme that breaks this circular dependency, and enables key establishment in the presence of a communication jammer (b); the key resulting from the UFH key establishment can then be used to support later coordinated frequency hopping communication. Our analysis shows that, although our UFH scheme has lower communication throughput and incurs higher storage and processing costs, it achieves the same level of anti-jamming protection as (coordinated) frequency hopping (which, however, unlike UFH, cannot be used in scenarios where devices do not share secret spreading keys).

Related publications:

- Mario Strasser, Christina Pöpper, Srdjan Capkun
Efficient Uncoordinated FHSS Anti-jamming Communication
In Proceedings of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), 2009 [DownloadPDF (PDF, 368 KB)]

- Mario Strasser, Christina Pöpper, Srdjan Capkun, Mario Cagalj
Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping
in Proceedings of IEEE Symposium on Security and Privacy, 2008 [DownloadPDF (PDF, 353 KB)]

JavaScript has been disabled in your browser