LTE Frequency Hopping Jammer

The goal of this project was to show that communication with a cellular base station and user equipment could be interfered with using narrowband jamming. Specifically, a randomized frequency hopping jammer was used as the main method to disrupt service. The testbed was built with OpenAirInterface, software-defined radios, and a Samsung s4 phone. It was found to be possible to greatly disrupt communications in an LTE system with a jammer

An improved medium access control protocol for real-time applications in WLANs and its firmware development

The IEEE 802.11 Wireless Local Area Network (WLAN), commonly known as Wi-Fi, has emerged as a popular internet access technology and researchers are continuously working on improvement of the quality of service (QoS) in WLAN by proposing new and efficient schemes. Voice and video over Internet Protocol (VVoIP) applications are becoming very popular in Wi-Fi enabled portable/handheld devices because of recent technological advancements and lower service costs. Different from normal voice and video streaming, these applications demand symmetric throughput for the upstream and downstream. Existing Wi-Fi standards are optimised for generic internet applications and fail to provide symmetric throughput due to traffic bottleneck at access points. Performance analysis and benchmarking is an integral part of WLAN research, and in the majority of the cases, this is done through computer simulation using popular network simulators such as Network Simulator ff 2 (NS-2) or OPNET. While computer simulation is an excellent approach for saving time and money, results generated from computer simulations do not always match practical observations. This is why, for proper assessment of the merits of a proposed system in WLAN, a trial on a practical hardware platform is highly recommended and is often a requirement. In this thesis work, with a view to address the abovementioned challenges for facilitating VoIP and VVoIP services over Wi-Fi, two key contributions are made: i) formulating a suitable medium access control (MAC) protocol to address symmetric traffic scenario and ii) firmware development of this newly devised MAC protocol for real WLAN hardware. The proposed solution shows signifocant improvements over existing standards by supporting higher number of stations with strict QoS criteria. The proposed hardware platform is available off-the-shelf in the market and is a cost effective way of generating and evaluating performance results on a hardware system

Design and Development of a Testbed Prototype for Cognitive Radio Transmission over TV White Space

Considering the ever-increasing demand and the associated high costs of wireless electromagnetic spectrum, technologies that can facilitate efficient spectrum utilization are of utmost importance. Cognitive radio (CR), in conjunction with TV White Spaces (TVWS), can be a viable solution, where unlicensed or secondary users can opportunistically use the not-currently-in-use, aka idle, TV channels registered to licensed or primary users. This thesis focuses on the design and development of a testbed prototype for real-time testing of secondary user transmission in TVWS. Once an unused TV channel has been identified, our system uses that idle channel for transmitting and receiving signals. The testbed is built on Universal Software Radio Peripheral (USRP) device powered by GNU Radio Software, Software Defined Radio (SDR) receptor, and Spectrum Analyser. The developed prototype splits a given TVWS channel into multiple small sub-channels and performs channel characterization through end-to-end transmission and reception of information carrying signals. The channel characteristics are presented through Bit Transfer Rate (BTR) and frequency spectrum results. The prototype also facilitates provisions for applying error correction coding as a mean of undertaking comparative performance testing

Route selection for multi-hop cognitive radio networks using reinforcement learning: an experimental study

Cognitive radio (CR) enables unlicensed users to explore and exploit underutilized licensed channels (or white spaces). While multi-hop CR network has drawn significant research interest in recent years, majority work has been validated through simulation. A key challenge in multi-hop CR network is to select a route with high quality of service (QoS) and lesser number of route breakages. In this paper, we propose three route selection schemes to enhance the network performance of CR networks, and investigate them using a real testbed environment, which consists of universal software radio peripheral and GNU radio units. Two schemes are based on reinforcement learning (RL), while a scheme is based on spectrum leasing (SL). RL is an artificial intelligence technique, whereas SL is a new paradigm that allows communication between licensed and unlicensed users in CR networks. We compare the route selection schemes with an existing route selection scheme in the literature, called highest-channel (HC), in a multi-hop CR network. With respect to the QoS parameters (i.e., throughput, packet delivery ratio, and the number of route breakages), the experimental results show that RL approaches achieve a better performance in comparison with the HC approach, and also achieve close to the performance achieved by the SL approach

Design of Wireless Communication Networks for Cyber-Physical Systems with Application to Smart Grid

Cyber-Physical Systems (CPS) are the next generation of engineered systems in which computing, communication, and control technologies are tightly integrated. On one hand, CPS are generally large with components spatially distributed in physical world that has lots of dynamics; on the other hand, CPS are connected, and must be robust and responsive. Smart electric grid, smart transportation system are examples of emerging CPS that have significant and far-reaching impact on our daily life. In this dissertation, we design wireless communication system for CPS. To make CPS robust and responsive, it is critical to have a communication subsystem that is reliable, adaptive, and scalable. Our design uses a layered structure, which includes physical layer, multiple access layer, network layer, and application layer. Emphases are placed on multiple access and network layer. At multiple access layer, we have designed three approaches, namely compressed multiple access, sample-contention multiple access, and prioritized multiple access, for reliable and selective multiple access. At network layer, we focus on the problem of creating reliable route, with service interruption anticipated. We propose two methods: the first method is a centralized one that creates backup path around zones posing high interruption risk; the other method is a distributed one that utilizes Ant Colony Optimization (ACO) and positive feedback, and is able to update multipath dynamically. Applications are treated as subscribers to the data service provided by the communication system. Their data quality requirements and Quality of Service (QoS) feedback are incorporated into cross-layer optimization in our design. We have evaluated our design through both simulation and testbed. Our design demonstrates desired reliability, scalability and timeliness in data transmission. Performance gain is observed over conventional approaches as such random access

Reverse Engineering: WiMAX and IEEE 802.16e

Wireless communications is part of everyday life. As it is incorporated into new products and services, it brings additional security risks and requirements. A thorough understanding of wireless protocols is necessary for network administrators and manufacturers. Though most wireless protocols have strict standards, many parts of the hardware implementation may deviate from the standard and be proprietary. In these situations reverse engineering must be conducted to fully understand the strengths and vulnerabilities of the communication medium. New 4G broadband wireless access protocols, including IEEE 802.16e and WiMAX, offer higher data rates and wider coverage than earlier 3G technologies. Many security vulnerabilities, including various Denial of Service (DoS) attacks, have been discovered in 3G protocols and the original IEEE 802.16 standard. Many of these vulnerabilities and new security flaws exist in the revised standard IEEE 802.16e. Most of the vulnerabilities already discovered allow for DoS attacks to be carried out on WiMAX networks. This study examines and analyzes a new DoS attack on IEEE 802.16e standard. We investigate how system parameters for the WiMAX Bandwidth Contention Resolution (BCR) process affect network vulnerability to DoS attacks. As this investigation developed and transitioned into analyzing hardware implementations, reverse engineering was needed to locate and modify the BCR system parameters. Controlling the BCR system parameters in hardware is not a normal task. The protocol allows only the BS to set the system parameters. The BS gives one setting of the BCR system parameters to all WiMAX clients on the network and everyone is suppose to follow these settings. Our study looks at what happens if a set of users, attackers, do not follow the BS\u27s settings and set their BCR system parameters independently. We hypothesize and analyze different techniques to do this in hardware with the goal being to replicate previous software simulations that looked at this behavior. This document details our approaches to reverse engineer IEEE 802.16e and WiMAX. Additionally, we look at network security analysis and how to design experiments to reduce time and cost. Factorial experiment design and ANOVA analysis is the solution. In using these approaches, one can test multiple factors in parallel, producing robust, repeatable and statistically significant results. By treating all other parameters as noise when testing first order effects, second and third order effects can be analyzed with less significance. The details of this type of experimental design is given along with NS-2 simulations and hardware experiments that analyze the BCR system parameters. This purpose of this paper is to serve as guide for reverse engineering network protocols and conducting network experiments. As wireless communication and network security become ubiquitous, the methods and techniques detailed in this study become increasingly important. This document can serve as a guide to reduce time and effort when reverse engineering other communication protocols and conducting network experiments

Timing analysis of an embedded architecture for a real-time power line communications network

Tese de mestrado. Engenharia Electrotécnica e de Computadores (Área de especialização de Telecomunicações). Faculdade de Engenharia. Universidade do Porto, Instituto Superior de Engenharia. Instituto Politécnico do Porto.. 200