Interleaving Jamming in Wi-Fi Networks

The increasing importance of Wi-Fi in today's wireless communication systems, both as a result of Wi-Fi offloading and its integration in IoT devices, makes it an ideal target for malicious attacks. In this paper, we investigate the structure of the combined interleaver/convolutional coding scheme of IEEE 802.11a/g/n. The analysis of the first and second-round permutations of the interleaver allows us to design deterministic jamming patterns across subcarriers that when de-interleaved results in an interference burst. We show that a short burst across carefully selected sub-carriers exceeds the error correction capability of Wi-Fi. We implemented this attack as a reactive interleaving jammer on the firmware of the low-cost HackRF SDR. Our experimental evaluation shows that this attack can completely block the Wi-Fi transmissions with jamming power less than 1% of the communication (measured at the receiver) and block 95% of the packets with less than 0.1% energy. Furthermore, it is at least 5dB and up to 15dB more power-efficient than jamming attacks that are unaware of the Wi-Fi interleaving structure.

[1]  Tao Jin,et al.  Efficient Spread Spectrum Communication without Preshared Secrets , 2013, IEEE Transactions on Mobile Computing.

[2]  Wenyuan Xu,et al.  Defending wireless sensor networks from radio interference through channel adaptation , 2008, TOSN.

[3]  Suhas N. Diggavi,et al.  Intercarrier interference in MIMO OFDM , 2002, IEEE Trans. Signal Process..

[4]  Guevara Noubir,et al.  A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication , 2013, NDSS.

[5]  Loukas Lazos,et al.  Security vulnerability and countermeasures of frequency offset correction in 802.11a systems , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[6]  Radha Poovendran,et al.  Mitigation of Control Channel Jamming under Node Capture Attacks , 2009, IEEE Transactions on Mobile Computing.

[7]  Triet Vo Huu,et al.  Mitigating Rate Attacks through Crypto-Coded Modulation , 2015, MobiHoc.

[8]  Wenyuan Xu,et al.  Anti-jamming timing channels for wireless networks , 2008, WiSec '08.

[9]  Koorosh Firouzbakht,et al.  On the Performance of Adaptive Packetized Wireless Communication Links Under Jamming , 2013, IEEE Transactions on Wireless Communications.

[10]  Radha Poovendran,et al.  Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[11]  Sisi Liu,et al.  Time-Delayed Broadcasting for Defeating Inside Jammers , 2015, IEEE Transactions on Dependable and Secure Computing.

[12]  Xin Liu,et al.  Transmission power control for ad hoc wireless networks: throughput, energy and fairness , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[13]  A. Coulson Narrowband interference in pilot symbol assisted OFDM systems , 2004, IEEE Transactions on Wireless Communications.

[14]  Yih-Chun Hu,et al.  SimpleMAC: a jamming-resilient MAC-layer protocol for wireless channel coordination , 2012, Mobicom '12.

[15]  Heejo Lee,et al.  A jamming approach to enhance enterprise Wi-Fi secrecy through spatial access control , 2015, Wirel. Networks.

[16]  Roberto Di Pietro,et al.  Freedom of speech: thwarting jammers via a probabilistic approach , 2015, WISEC.

[17]  Srdjan Capkun,et al.  Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[18]  Christian Scheideler,et al.  A jamming-resistant MAC protocol for single-hop wireless networks , 2008, PODC '08.

[19]  Roberto Di Pietro,et al.  Silence is Golden: Exploiting Jamming and Radio Silence to Communicate , 2013, TSEC.

[20]  T. Charles Clancy,et al.  Phase warping and differential scrambling attacks against OFDM frequency synchronization , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[21]  Yih-Chun Hu,et al.  Cross-layer jamming detection and mitigation in wireless broadcast networks , 2007, MobiCom.

[22]  Wade Trappe,et al.  Efficient OFDM Denial in the Absence of Channel Information , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[23]  Guevara Noubir,et al.  On link layer denial of service in data wireless LANs , 2005, Wirel. Commun. Mob. Comput..

[24]  Ivan Martinovic,et al.  Gaining insight on friendly jamming in a real-world IEEE 802.11 network , 2014, WiSec '14.

[25]  Shuichi Ohno,et al.  Preamble and pilot symbol design for channel estimation in OFDM systems with null subcarriers , 2011, EURASIP J. Wirel. Commun. Netw..

[26]  Yih-Chun Hu,et al.  Cross-Layer Jamming Detection and Mitigation in Wireless Broadcast Networks , 2007, IEEE/ACM Transactions on Networking.

[27]  Xin Liu,et al.  Broadcast Control Channel Jamming: Resilience and Identification of Traitors , 2007, 2007 IEEE International Symposium on Information Theory.

[28]  David Starobinski,et al.  Jamming-resistant rate adaptation in Wi-Fi networks , 2014, Perform. Evaluation.

[29]  Xin Liu,et al.  Performance of IEEE 802.11 under Jamming , 2008, Mobile Networks and Applications.

[30]  Triet Vo Huu,et al.  Counter-jamming using mixed mechanical and software interference cancellation , 2013, WiSec '13.

[31]  Srdjan Capkun,et al.  Anti-jamming broadcast communication using uncoordinated spread spectrum techniques , 2010, IEEE Journal on Selected Areas in Communications.

[32]  Koorosh Firouzbakht,et al.  On the capacity of rate-adaptive packetized wireless communication links under jamming , 2012, WISEC '12.

[33]  Peng Ning,et al.  Defending DSSS-based broadcast communication against insider jammers via delayed seed-disclosure , 2010, ACSAC '10.

[34]  Bo Sheng,et al.  On the robustness of IEEE 802.11 rate adaptation algorithms against smart jamming , 2011, WiSec '11.

[35]  Dong Chao,et al.  Universal Software Radio Peripheral , 2010 .

[36]  Ivan Martinovic,et al.  Short paper: reactive jamming in wireless networks: how realistic is the threat? , 2011, WiSec '11.