Hanif Rahbari

Adaptive frequency hopping algorithms for multicast rendezvous in DSA networks

Establishing communications in a dynamic spectrum access (DSA) network requires communicating nodes to “rendezvous” before transmitting their data packets. Frequency hopping (FH) provides an effective method for rendezvousing without relying on a predetermined control channel. FH rendezvous protocols have mainly targeted pairwise rendezvous, using fixed (non-adaptive) FH sequences and assuming a homogeneous spectrum environment, i.e., all nodes perceive the same spectrum opportunities. In this paper, we address these limitations by developing three multicast rendezvous algorithms: AMQFH, CMQFH, and nested-CMQFH. The three algorithms are intended for asynchronous spectrum-heterogeneous DSA networks. They provide different tradeoffs between speed and robustness to node compromise. We use the uniform k-arbiter and the Chinese remainder theorem (CRT) quorum systems to design our multicast rendezvous algorithms. We also design two “optimal” channel ordering mechanisms for channel sensing and assignment, one for AMQFH and the other for CMQFH and nested-CMQFH. Finally, we develop a proactive out-of-band sensing based dynamic FH (DFH) algorithm for online adaptation of the FH sequences used in the proposed rendezvous algorithms. Extensive simulations are used to evaluate our algorithms.

Fast and secure rendezvous protocols for mitigating control channel DoS attacks

The operation of a wireless network relies extensively on exchanging messages over a universally known channel, referred to as the control channel. The network performance can be severely degraded if a jammer launches a denial-of-service (DoS) attack on such a channel. In this paper, we design quorum-based frequency hopping (FH) algorithms that mitigate DoS attacks on the control channel of an asynchronous ad hoc network. Our algorithms can establish unicast as well as multicast communications under DoS attacks. They are fully distributed, do not incur any additional message exchange overhead, and can work in the absence of node synchronization. Furthermore, the multicast algorithms maintain the multicast group consistency. The efficiency of our algorithms is shown by analysis and simulations.

Multicast Rendezvous in Fast-Varying DSA Networks

Establishing communications between devices in a dynamic spectrum access (DSA) system requires the communicating parties to “rendezvous” before transmitting data packets. Frequency hopping (FH) is an effective rendezvous method that does not rely on a predetermined control channel. Previous FH-based rendezvous designs mainly target unicast rendezvous, and do not intrinsically support multicast rendezvous, where a group of nodes need to rendezvous simultaneously. Furthermore, these designs do not account for fast-primary user (PU) dynamics, leading to long time-to-rendezvous (TTR). In this paper, we exploit the uniform k-arbiter and Chinese Remainder Theorem quorum systems to develop three FH-based multicast rendezvous algorithms, which provide different tradeoffs between rendezvous efficiency (e.g., low TTR) and security (e.g., robustness to node compromise). Our rendezvous algorithms are tailored for asynchronous and spectrum-heterogeneous DSA systems. To account for fast PU dynamics, we develop an algorithm for adapting the proposed FH designs on the fly. This adaptation is done through efficient mechanisms for channel ordering and quorum selection. Our simulations validate the effectiveness of the proposed rendezvous algorithms, their PU detection accuracy, and their robustness to insider attacks.

Security vulnerability and countermeasures of frequency offset correction in 802.11a systems

Frequency offset (FO) is an inherent feature of wireless communications. It results from differences in the operating frequency of different radio oscillators. Failure to compensate for the FO may lead to a decoding failure, particularly in OFDM systems. IEEE 802.11a/g systems use a globally known preamble to deal with this issue. In this paper, we demonstrate how an adversary can exploit the structure and publicity of 802.11as frame preamble to launch a low-power reactive jamming attack against the FO estimation mechanism. In this attack, the adversary will need to quickly detect a PHY frame and subsequently distort the FO estimation mechanism, irrespective of the channel conditions. By employing a fast frame detection technique, and optimizing the energy and structure of the jamming signal, we show the feasibility of such an attack. Furthermore, we propose some mitigation techniques and evaluate one of them through simulations and USRP testbed experimentation.

Exploiting Frame Preamble Waveforms to Support New Physical-Layer Functions in OFDM-Based 802.11 Systems

The frame preamble in current WiFi systems is designed to facilitate various PHY-layer functions, including frequency offset estimation and frame detection. However, this preamble is typically fixed and is never used to convey any user-specific bits. Embedding information into the preamble opens the door for several new PHY-layer applications. For example, the PHY header no longer needs to be transmitted at a known (lowest) rate if this rate can be announced earlier in the preamble. A full-duplex transmitter can use the embedded information to inform other devices of its current operation mode (e.g., transmit/receive versus transmit/sense), obviating the need for additional control packets. In security applications, a PHY-layer sender identifier can be embedded in the preamble to facilitate PHY-level encryption. However, modifying the standard preamble to embed user information may disrupt the operation of 802.11a/n/ac devices. In this paper, we propose P-modulation, a method that enables an OFDM-based 802.11 transmitter to embed up to 19 user-specific bits in the frame preamble while maintaining the highest reliability required by the system. The proposed P-modulation is also backward-compatible with legacy receivers. Our analysis and USRP-based experimental results confirm the practicality of the scheme. Our scheme further provides insights into designing time-varying preambles for future wireless systems.

Secrecy beyond encryption: obfuscating transmission signatures in wireless communications

The privacy of a wireless user and the operation of a wireless network can be threatened by the leakage of side-channel information (SCI), even when encryption and authentication are employed. In this article, we describe various passive (traffic analysis) and active (jamming) attacks that are facilitated by SCI. Our goal is to highlight the need for novel PHY-layer security techniques that can be used to complement classical encryption methods. We discuss several of these techniques along with advanced hardware that exhibits promising capabilities for countering privacy and SCI-related attacks.

Rolling preambles: Mitigating stealthy FO estimation attacks in OFDM-based 802.11 systems

Modern wireless systems and standards increasingly rely on OFDM for high-throughput communications. However, these systems are often highly vulnerable to selective jamming attacks, particularly when a jammer targets (part of) the known frame preamble. In this paper, we consider one of the most disruptive jamming attacks against the preamble-based frequency offset (FO) estimation in IEEE 802.11a/n/ac/ax systems and develop four techniques to mitigate this attack. Two of these techniques are based on randomly changing the first half of the standard frame preamble at the transmitter while maintaining its backward compatibility with legacy receivers. Specifically, we design a set of new preamble waveforms that satisfy the expected characteristics of a preamble in 802.11 systems. The other two techniques take a receiver-based approach and exploit the parts of the preamble that are not under attack to estimate the FO. We conduct extensive simulations and illustrative USRP experiments to study the effectiveness of these countermeasures.

Full Frame Encryption and Modulation Obfuscation Using Channel-Independent Preamble Identifier

The broadcast nature of wireless communications exposes various transmission attributes, such as the packet size, inter-packet times, and the modulation scheme. These attributes can be exploited by an adversary to launch passive (e.g., traffic analysis) or selective jamming attacks. This security problem is present even when frame headers and payloads can be encrypted. For example, by determining the modulation scheme, the attacker can estimate the data rate, and hence the payload size. In this paper, we propose Friendly CryptoJam (FCJ), a scheme that decorrelates the payloads modulation scheme from other transmission attributes by embedding information symbols into the constellation map of the highest-order modulation scheme supported by the system (a concept we refer to as indistinguishable modulation unification). Such unification is done using the least-complex trellis-coded modulation schemes, which are combined with a secret pseudo-random sequence in FCJ to conceal the rate-dependent pattern imposed by the code. It also preserves the bit error rate performance of the payloads original modulation scheme. At the same time, modulated symbols are encrypted to hide PHY-/MAC layer fields. To identify the Tx and synchronously generate the secret sequence at the Tx and Rx, an efficient identifier embedding technique based on Barker sequences is proposed, which exploits the structure of the preamble and overlays a frame-specific identifier on it. We study the implications of the scheme on PHY-layer functions through simulations and testbed experiments. Our results confirm the efficiency of FCJ in hiding the targeted attributes.

Supporting PHY-Layer Security in Multi-Link Wireless Networks Using Friendly Jamming

Friendly jamming is a PHY-layer technique used to secure wireless communications. Unlike previous efforts that fix the placement of the friendly jamming devices, in this paper we consider small- scale multi-link wireless networks, e.g., peer-to- peer or multihop, and jointly optimize the powers and locations of the friendly jamming devices so as to minimize the total jamming power while simultaneously achieving a given secrecy constraint. We use distributed MIMO techniques and incorporate the necessary conditions to ensure nullification of the friendly jamming signals at legitimate receivers. Two optimization strategies are explored: per-link and network-wide. Our optimization framework is based on formulating a signomial programming problem using condensation techniques to approximate the problem as a geometric program, which can then be transformed into a convex problem. We also consider the secrecy-aware routing problem for multihop networks and propose a routing metric based on the total jamming power along the path. Simulations show that our proposed schemes outperform previous schemes in terms of energy efficiency (55%-99% power saving). Moreover, our formulation ensures protecting legitimate transmissions by nullifying friendly jamming signals at legitimate receivers.