Xiaofan He

Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time

This paper presents a novel mechanism, called Ally Friendly Jamming, which aims at providing an intelligent jamming capability that can disable unauthorized (enemy) wireless communication but at the same time still allow authorized wireless devices to communicate, even if all these devices operate at the same frequency. The basic idea is to jam the wireless channel continuously but properly control the jamming signals with secret keys, so that the jamming signals are unpredictable interference to unauthorized devices, but are recoverable by authorized ones equipped with the secret keys. To achieve the ally friendly jamming capability, we develop new techniques to generate ally jamming signals, to identify and synchronize with multiple ally jammers. This paper also reports the analysis, implementation, and experimental evaluation of ally friendly jamming on a software defined radio platform. Both the analytical and experimental results indicate that the proposed techniques can effectively disable enemy wireless communication and at the same time maintain wireless communication between authorized devices.

A Byzantine Attack Defender in Cognitive Radio Networks: The Conditional Frequency Check

Security concerns are raised for collaborative spectrum sensing due to its vulnerabilities to the potential attacks from malicious secondary users. Most existing malicious user detection methods are reputation-based, which become incapable when the malicious users dominate the network. On the other hand, although Markovian models characterize the spectrum state behavior more precisely, there is a scarcity of malicious user detection methods which fully explore this feature. In this paper, a new malicious user detection method using two proposed conditional frequency check (CFC) statistics is developed under the Markovian model for the spectrum state. With the assistance of one trusted user, the proposed method can achieve high malicious user detection accuracy (≥ 95%) for arbitrary percentage of malicious users that may even be equipped with more advanced sensing devices, and can thus improve the collaborative spectrum sensing performance significantly. Simulation results are provided to verify the theoretical analysis and effectiveness of the proposed method.

Is link signature dependable for wireless security

A fundamental assumption of link signature based security mechanisms is that the wireless signals received at two locations separated by more than half a wavelength are essentially uncorrelated. However, it has been observed that in certain circumstances (e.g., with poor scattering and/or a strong line-of-sight (LOS) component), this assumption is invalid. In this paper, a Correlation ATtack (CAT) is proposed to demonstrate the potential vulnerability of the link signature based security mechanisms in such circumstances. Based on statistical inference, CAT explicitly exploits the spatial correlations to reconstruct the legitimate link signature from the observations of multiple adversary receivers deployed in vicinity. Our findings are verified through theoretical analysis, well-known channel correlation models, and experiments on USRP platforms and GNURadio.

HMM-Based Malicious User Detection for Robust Collaborative Spectrum Sensing

Collaborative spectrum sensing improves the spectrum state estimation accuracy but is vulnerable to the potential attacks from malicious secondary cognitive radio (CR) users, and thus raises security concerns. One promising malicious user detection method is to identify their abnormal statistical spectrum sensing behaviors. From this angle, two hidden Markov models (HMMs) corresponding to honest and malicious users respectively are adopted in this paper to characterize their different sensing behaviors, and malicious user detection is achieved via detecting the difference in the corresponding HMM parameters. To obtain the HMM estimates, an effective inference algorithm that can simultaneously estimate two HMMs without requiring separated training sequences is also developed. By using these estimates, high malicious user detection accuracy can be achieved at the fusion center, leading to more robust and reliable collaborative spectrum sensing performance (substantially enlarged operational regions) in the presence of malicious users, as compared to the baseline approaches. Different fusion methods are also discussed and compared.

Improving learning and adaptation in security games by exploiting information asymmetry

With the advancement of modern technologies, the security battle between a legitimate system (LS) and an adversary is becoming increasingly sophisticated, involving complex interactions in unknown dynamic environments. Stochastic game (SG), together with multi-agent reinforcement learning (MARL), offers a systematic framework for the study of information warfare in current and emerging cyber-physical systems. In practical security games, each player usually has only incomplete information about the opponent, which induces information asymmetry. This work exploits information asymmetry from a new angle, considering how to exploit local information unknown to the opponent to the players advantage. Two new MARL algorithms, termed minimax-PDS and WoLF-PDS, are proposed, which enable the LS to learn and adapt faster in dynamic environments by exploiting its private local information. The proposed algorithms are provably convergent and rational, respectively. Also, numerical results are presented to show their effectiveness through two concrete anti-jamming examples.

The security of link signature: A view from channel models

Link signature (LS) provides security to wireless devices by exploiting multipath characteristics, with an essential assumption that half-wavelength separation is sufficient to prevent nearby adversary sensors from effectively inferring the legitimate LS. However, such an assumption may be too optimistic; high channel correlation has been observed in real world experiments even when the spatial separation is much larger than half-wavelength. In fact, channel correlation varies for different wireless environments. Considering this, various well-established channel correlation models are investigated in this work and a set of physical factors that have significant influence on link signature security are identified. With the obtained insights, we build a generic channel correlation model for LS security assessment in various wireless environments of interest. Numerical experiments are conducted to explore corresponding guard zone designs.

Toward Proper Guard Zones for Link Signature

Motivated by information-theoretic security, link signature (LS)-based security mechanisms exploit the ample channel characteristics between wireless devices for security establishment. Nevertheless, LS is originated from wireless environments and hence may exhibit potential vulnerabilities that can be exploited by adversary in the vicinity. As to this, it is widely believed in existing literature on LS that, a half-wavelength guard zone is sufficient to decorrelate the adversary channel from the legitimate one and thereby secures the legitimate LS. However, such an assumption may not hold universally - in some environments, high channel correlations have been observed for much larger spatial separations. Considering this, a comprehensive understanding of channel correlation in different wireless environments is needed for more confident deployment of LS-based security mechanisms. To this end, various well-established channel correlation models are investigated in this work. A set of important physical factors that have significant influence on LS security are identified, and with the obtained insights, extensive simulations are conducted to explore suitable guard zone sizes for LS in several typical indoor and outdoor environments. Experimental results based on universal software radio peripheral (USRP) platforms and GNURadio are also presented to further support the analysis.

Faster Learning and Adaptation in Security Games by Exploiting Information Asymmetry

With the advancement of modern technologies, the security battle between a legitimate system (LS) and an adversary is becoming increasingly sophisticated, involving complex interactions in unknown dynamic environments. Stochastic game (SG), together with multi-agent reinforcement learning (MARL), offers a systematic framework for the study of information warfare in current and emerging cyber-physical systems. In practical security games, each player usually has only incomplete information about the opponent, which induces information asymmetry. This paper exploits information asymmetry from a new angle, considering how to exploit information unknown to the opponent to the players advantage. Two new MARL algorithms, termed minimax post-decision state (minimax-PDS) and Win-or-Learn Fast post-decision state (WoLF-PDS), are proposed, which enable the LS to learn and adapt faster in dynamic environments by exploiting its information advantage. The proposed algorithms are provably convergent and rational, respectively. Also, numerical results are presented to show their effectiveness through three important applications.

MCR Decoding: A MIMO approach for defending against wireless jamming attacks

This paper presents a novel technique - Multi-Channel Ratio (MCR) Decoding, which aims at providing an anti-jamming wireless communication capability for multi-antenna wireless devices. The basic idea of MCR decoding is to fully leverage the repeated preamble signals and the multi-channel characteristics in MIMO communications to detect and recover the desired transmission signals under constant and reactive jamming attacks. This paper also reports the analysis, implementation, and experimental evaluations of MCR decoding on a software-defined radio platform - GNURadio and USRP, which show that the proposed MCR decoding can detect the desired transmission reliably under the jamming attack and remove jamming signals effectively in the real world environment.

A stochastic multi-channel spectrum access game with incomplete information

To ensure continuous functioning and satisfactory performance, a wireless communication system has to not only learn and adapt to the unknown and ever-changing wireless environment, but also strategically deal with the usually unfamiliar peers. Incomplete information stochastic game (SG) is a promising model for the corresponding analysis and strategy design. In this work, an exemplary multi-channel spectrum access game (SAG) with unknown environment dynamics and limited information of the other player is considered to illustrate the proposed solution for the corresponding incomplete information SG. To find the best communication strategy in the face of uncertainty, a joint reinforcement learning and type identification algorithm is developed, which is provably convergent under certain technical conditions. Numerical results show that using the proposed algorithm, a wireless user can gradually achieve the same performance as that in the corresponding complete information game.