Facilitating Flexible Link Layer Protocols for Future Wireless Communication Systems

This dissertation addresses the problem of designing link layer protocols which are flexible enough to accommodate the demands offuture wireless communication systems (FWCS).We show that entire link layer protocols with diverse requirements and responsibilities can be composed out of reconfigurable and reusable components.We demonstrate this by designing and implementinga novel concept termed Flexible Link Layer (FLL) architecture.Through extensive simulations and practical experiments, we evaluate a prototype of the suggested architecture in both fixed-spectrumand dynamic spectrum access (DSA) networks. FWCS are expected to overcome diverse challenges including the continual growthin traffic volume and number of connected devices.Furthermore, they are envisioned to support a widerange of new application requirements and operating conditions.Technology trends, including smart homes, communicating machines, and vehicularnetworks, will not only grow on a scale that once was unimaginable, they will also become the predominant communication paradigm, eventually surpassing today's human-produced network traffic. In order for this to become reality, today's systems have to evolve in many ways.They have to exploit allocated resources in a more efficient and energy-conscious manner.In addition to that, new methods for spectrum access and resource sharingneed to be deployed.Having the diversification of applications and network conditions in mind, flexibility at all layers of a communication system is of paramount importance in order to meet the desired goals. However, traditional communication systems are often designed with specific and distinct applications in mind. Therefore, system designers can tailor communication systems according to fixedrequirements and operating conditions, often resulting in highly optimized but inflexible systems.Among the core problems of such design is the mix of data transfer and management aspects.Such a combination of concerns clearly hinders the reuse and extension of existing protocols. To overcome this problem, the key idea explored in this dissertation is a component-based design to facilitate the development of more flexible and versatile link layer protocols.Specifically, the FLL architecture, suggested in this dissertation, employs a generic, reconfigurable data transfer protocol around which one or more complementary protocols, called link layer applications, are responsible for management-related aspects of the layer. To demonstrate the feasibility of the proposed approach, we have designed andimplemented a prototype of the FLL architecture on the basis ofa reconfigurable software defined radio (SDR) testbed.Employing the SDR prototype as well as computer simulations, thisdissertation describes various experiments used to examine a range of link layerprotocols for both fixed-spectrum and DSA networks. This dissertation firstly outlines the challenges faced by FWCSand describes DSA as a possible technology component for their construction.It then specifies the requirements for future DSA systemsthat provide the basis for our further considerations.We then review the background on link layer protocols, surveyrelated work on the construction of flexible protocol frameworks,and compare a range of actual link layer protocols and algorithms.Based on the results of this analysis, we design, implement, and evaluatethe FLL architecture and a selection of actual link layer protocols. We believe the findings of this dissertation add substantively to the existing literature on link layer protocol design and are valuable for theoreticians and experimentalists alike

Analyzing using software defined radios as wireless sensor network inspection and testing devices: An Internet of Things penetration testing perspective

Wireless sensor network (WSN) research and development is producing viable solutions for various innovative applications, including critical areas such as the Internet of Things (IoT), which is becoming a significant feature of modern technology. WSNs form an integral component of the IoT infrastructure by, frequently, implementing the communication links between sensors and the access point or central coordinator. This design and use in IoT applications intensifies the incentive to attack WSNs as sensitive data is available and transmitted in wireless links, which inherently contain security vulnerabilities, especially from external malicious interference. To ensure satisfactory performance, safety and privacy, communication links and WSN devices must be secure. Hence, penetration testing to identify security vulnerabilities and responses to external intrusions is a prerequisite to forming secure connections and an overall secure network. Derived from a prior study, this paper explores the benefits of using software-defined radios (SDRs) for WSN/IoT data analysis and penetration testing by concentrating on implementing various intrusions using signal processing block based software like Simulink or GNU Radio. A comparison with traditional WSN packet sniffing/debugging tools is provided and the main security vulnerabilities of existing WSNs are surveyed by adopting the ZigBee protocol. An extension to WSN security analysis and testing is established by utilizing low-cost SDRs and specifying the ease of implementing various analysis techniques even when certain equipment, such as anechoic chambers, are unavailable. Stemming from previous simulations, the benefits of obtaining the in-phase and quadrature-phase samples, both with and without external interference, is also discussed

Extending Comprehensive Maritime Awareness to Disconnected Vessels and Users

After the attacks of 9/11, increased security became a national priority that resulted in a focus on National Maritime Security. Maritime Domain Awareness (MDA) is an initiative developed by the Coast Guard, in partnership with the U.S. Navy and other agencies to increase awareness in the maritime domain in support of maritime security [Morgan and Wimmer, 2005]. The purpose of MDA is to generate actionable intelligence obtained via the collection, fusion and dissemination of information from U.S. joint forces, U.S. government agencies, international coalition partners and commercial entities. This actionable intelligence is the cornerstone of successful counterterrorist and maritime law enforcement operations and is critical to Maritime Security [Morgan and Wimmer, 2005]. The U.S. Navy, as a partner in the development and creation of MDA, has tasked its subordinate commands to identify and define capabilities to support this program. One effort sponsored is the Comprehensive Maritime Awareness (CMA) Joint Capabilities Technology Demonstration (JCTD) [CMA Architecture Team, 2007]. This project supports the CMA JCTD efforts by proposing a deployable system to enable a disconnected vessel to connect to the CMA network. A disconnected user can be seen as a merchant ship, hospital ship or any vessel that is not currently connected to the CMA network. This project's proposed deployable system, as a subset to the CMA network, facilitates information sharing in support of humanitarian efforts worldwide.http://archive.org/details/extendingcompreh109456932N

Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications

Smartphones come with a variety of sensors and communication interfaces, which make them perfect candidates for mobile communication testbeds. Nevertheless, proprietary firmwares hinder us from accessing the full capabilities of the underlying hardware platform which impedes innovation. Focusing on FullMAC Wi-Fi chips, we present Nexmon, a C-based firmware modification framework. It gives access to raw Wi-Fi frames and advanced capabilities that we found by reverse engineering chips and their firmware. As firmware modifications pose security risks, we discuss how to secure firmware handling without impeding experimentation on Wi-Fi chips. To present and evaluate our findings in the field, we developed the following applications. We start by presenting a ping-offloading application that handles ping requests in the firmware instead of the operating system. It significantly reduces energy consumption and processing delays. Then, we present a software-defined wireless networking application that enhances scalable video streaming by setting flow-based requirements on physical-layer parameters. As security application, we present a reactive Wi-Fi jammer that analyses incoming frames during reception and transmits arbitrary jamming waveforms by operating Wi-Fi chips as software-defined radios (SDRs). We further introduce an acknowledging jammer to ensure the flow of non-targeted frames and an adaptive power-control jammer to adjust transmission powers based on measured jamming successes. Additionally, we discovered how to extract channel state information (CSI) on a per-frame basis. Using both SDR and CSI-extraction capabilities, we present a physical-layer covert channel. It hides covert symbols in phase changes of selected OFDM subcarriers. Those manipulations can be extracted from CSI measurements at a receiver. To ease the analysis of firmware binaries, we created a debugging application that supports single stepping and runs as firmware patch on the Wi-Fi chip. We published the source code of our framework and our applications to ensure reproducibility of our results and to enable other researchers to extend our work. Our framework and the applications emphasize the need for freely modifiable firmware and detailed hardware documentation to create novel and exciting applications on commercial off-the-shelf devices

Decentralized Ultra-Reliable Low-Latency Communications through Concurrent Cooperative Transmission

Emerging cyber-physical systems demand for communication technologies that enable seamless interactions between humans and physical objects in a shared environment. This thesis proposes decentralized URLLC (dURLLC) as a new communication paradigm that allows the nodes in a wireless multi-hop network (WMN) to disseminate data quickly, reliably and without using a centralized infrastructure. To enable the dURLLC paradigm, this thesis explores the practical feasibility of concurrent cooperative transmission (CCT) with orthogonal frequency-division multiplexing (OFDM). CCT allows for an efficient utilization of the medium by leveraging interference instead of trying to avoid collisions. CCT-based network flooding disseminates data in a WMN through a reception-triggered low-level medium access control (MAC). OFDM provides high data rates by using a large bandwidth, resulting in a short transmission duration for a given amount of data. This thesis explores CCT-based network flooding with the OFDM-based IEEE 802.11 Non-HT and HT physical layers (PHYs) to enable interactions with commercial devices. An analysis of CCT with the IEEE 802.11 Non-HT PHY investigates the combined effects of the phase offset (PO), the carrier frequency offset (CFO) and the time offset (TO) between concurrent transmitters, as well as the elapsed time. The analytical results of the decodability of a CCT are validated in simulations and in testbed experiments with Wireless Open Access Research Platform (WARP) v3 software-defined radios (SDRs). CCT with coherent interference (CI) is the primary approach of this thesis. Two prototypes for CCT with CI are presented that feature mechanisms for precise synchronization in time and frequency. One prototype is based on the WARP v3 and its IEEE 802.11 reference design, whereas the other prototype is created through firmware modifications of the Asus RT-AC86U wireless router. Both prototypes are employed in testbed experiments in which two groups of nodes generate successive CCTs in a ping-pong fashion to emulate flooding processes with a very large number of hops. The nodes stay synchronized in experiments with 10 000 successive CCTs for various modulation and coding scheme (MCS) indices and MAC service data unit (MSDU) sizes. The URLLC requirement of delivering a 32-byte MSDU with a reliability of 99.999 % and with a latency of 1 ms is assessed in experiments with 1 000 000 CCTs, while the reliability is approximated by means of the frame reception rate (FRR). An FRR of at least 99.999 % is achieved at PHY data rates of up to 48 Mbit/s under line-of-sight (LOS) conditions and at PHY data rates of up to 12 Mbit/s under non-line-of-sight (NLOS) conditions on a 20 MHz wide channel, while the latency per hop is 48.2 µs and 80.2 µs, respectively. With four multiple input multiple output (MIMO) spatial streams on a 40 MHz wide channel, a LOS receiver achieves an FRR of 99.5 % at a PHY data rate of 324 Mbit/s. For CCT with incoherent interference, this thesis proposes equalization with time-variant zero-forcing (TVZF) and presents a TVZF receiver for the IEEE 802.11 Non-HT PHY, achieving an FRR of up to 92 % for CCTs from three unsyntonized commercial devices. As CCT-based network flooding allows for an implicit time synchronization of all nodes, a reception-triggered low-level MAC and a reservation-based high-level MAC may in combination support various applications and scenarios under the dURLLC paradigm