Evaluating Hamming Distance as a Metric for the Detection of CRC-based Side-channel Communications in MANETs

AbstractSide-channel communication is a form of traffic in which malicious parties communicate secretly over a wireless network. This is often established through the modification of Ethernet frame header fields, such as the Frame Check Sequence (FCS). The FCS is responsible for determining whether or not a frame has been corrupted in transmission, and contains a value calculated through the use of a predetermined polynomial. A malicious party may send messages that appear as nothing more than naturally corrupted noise on a network to those who are not the intended recipient. We use a metric known as Hamming distance in an attempt to differentiate purposely corrupted frames from naturally corrupted ones. In theory, it should be possible to recognize purposely corrupted frames based on how high this Hamming distance value is, as it signifies how many bits are different between the expected and the received FCS values. It is hypothesized that a range of threshold values based off of this metric exist, which may allow for the detection of side-channel communication across all scenarios. We ran an experiment with human subjects in a foot platoon formation and analyzed the data using a support vector machine. Our results show promise on the use of Hamming distance for side-channel detection in MANETs

Embracing corruption burstiness: Fast error recovery for ZigBee under wi-Fi interference

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.The ZigBee communication can be easily and severely interfered by Wi-Fi traffic. Error recovery, as an important means for ZigBee to survive Wi-Fi interference, has been extensively studied in recent years. The existing works add upfront redundancy to in-packet blocks for recovering a certain number of random corruptions. Therefore the bursty nature of ZigBee in-packet corruptions under Wi-Fi interference is often considered harmful, since some blocks are full of errors which cannot be recovered and some blocks have no errors but still requiring redundancy. As a result, they often use interleaving to reshape the bursty errors, before applying complex FEC codes to recover the re-shaped random distributed errors. In this paper, we take a different view that burstiness may be helpful. With burstiness, the in-packet corruptions are often consecutive and the requirement for error recovery is reduced as ”recovering any k consecutive errors” instead of ”recovering any random k errors”. This lowered requirement allows us to design far more efficient code than the existing FEC codes. Motivated by this implication, we exploit the corruption burstiness to design a simple yet effective error recovery code using XOR operations (called ZiXOR). ZiXOR uses XOR code and the delay is significantly reduced. More, ZiXOR uses RSSI-hinted approach to detect in packet corruptions without CRC, incurring almost no extra transmission overhead. The testbed evaluation results show that ZiXOR outperforms the state-of-the-art works in terms of the throughput (by 47%) and latency (by 22%)This work was supported by the National Natural Science Foundation of China (No. 61602095 and No. 61472360), the Fundamental Research Funds for the Central Universities (No. ZYGX2016KYQD098 and No. 2016FZA5010), National Key Technology R&D Program (Grant No. 2014BAK15B02), CCFIntel Young Faculty Researcher Program, CCF-Tencent Open Research Fund, China Ministry of Education—China Mobile Joint Project under Grant No. MCM20150401 and the EU FP7 CLIMBER project under Grant Agreement No. PIRSES-GA- 2012-318939. Wei Dong is the corresponding author

PPR: Partial Packet Recovery for Wireless Networks

Bit errors occur over wireless channels when the signal isn't strongenough to overcome the effects of interference and noise. Currentwireless protocols may use forward error correction (FEC) to correct forsome (small) number of bit errors, but generally retransmit the wholepacket if the FEC is insufficient. We observe that current wirelessmesh network protocols retransmit a number of packets and that most ofthese retransmissions end up sending bits that have already beenreceived multiple times, wasting network capacity. To overcome thisinefficiency, we develop, implement, and evaluate a partial packetrecovery (PPR) system.PPR incorporates three new ideas: (1) SoftPHY, an expandedphysical layer (PHY) interface to provide hints to the higher layersabout how ``close'' the actual received symbol was to the one decoded,(2) a postamble scheme to recover data even when a packet'spreamble is corrupted and not decodable at the receiver, and (3) PP-ARQ, an asynchronous link-layer retransmission protocol that allowsa receiver to compactly encode and request for retransmission only thoseportions of a packet that are likely in error.Our experimental results from a 27-node 802.15.4 testbed that includesTelos motes with 2.4 GHz Chipcon radios and GNU Radio nodes implementingthe Zigbee standard (802.15.4) show that PPR increases the framedelivery rate by a factor of 2x under moderate load, and7x under heavy load when many links have marginal quality

Development of Simulation Components for Wireless Communication

abstract: This thesis work present the simulation of Bluetooth and Wi-Fi radios in real life interference environments. When information is transmitted via communication channels, data may get corrupted due to noise and other channel discrepancies. In order to receive the information safely and correctly, error correction coding schemes are generally employed during the design of communication systems. Usually the simulations of wireless communication systems are done in such a way that they focus on some aspect of communications and neglect the others. The simulators available currently will either do network layer simulations or physical layer level simulations. In many situations, simulations are required which show inter-layer aspects of communication systems. For all such scenarios, a simulation environment, WiscaComm which is based on time-domain samples is built. WiscaComm allows the study of network and physical layer interactions in detail. The advantage of time domain sampling is that it allows the simulation of different radios together which is better than the complex baseband representation of symbols. The environment also supports study of multiple protocols operating simultaneously, which is of increasing importance in today's environment.Dissertation/ThesisMasters Thesis Electrical Engineering 201

How Well Sensing Integrates with Communications in MmWave Wi-Fi?

The development of integrated sensing and communication (ISAC) systems has recently gained interest for its ability to offer a variety of services including resources sharing and new applications, for example, localization, tracking, and health care related. While the sensing capabilities are offered through many technologies, rending to their wide deployments and the high frequency spectrum they provide and high range resolution, its accessibility through the Wi-Fi networks IEEE 802.11ad and 802.11ay has been getting the interest of research and industry. Even though there is a dedicated standardization body, namely the 802.11bf task group, working on enhancing the Wi-Fi sensing performance, investigations are needed to evaluate the effectiveness of various sensing techniques. In this project, we, in addition to surveying related literature, we evaluate the sensing performance of the millimeter wave (mmWave) Wi-Fi systems by simulating a scenario of a human target using Matlab simulation tools. In this analysis, we processed channel estimation data using the short time Fourier transform (STFT). Furthermore, using a channel variation threshold method, we evaluated the performance while reducing feedback. Our findings indicate that using STFT window overlap can provide good tracking results, and that the reduction in feedback measurements using 0.05 and 0.1 threshold levels reduces feedback measurements by 48% and 77%, respectively, without significantly degrading performance.Comment: arXiv admin note: substantial text overlap with arXiv:2207.04859 by other author

The SoftPHY Abstraction: from Packets to Symbols in Wireless Network Design

At ever-increasing rates, we are using wireless systems to communicatewith others and retrieve content of interest to us. Current wirelesstechnologies such as WiFi or Zigbee use forward error correction todrive bit error rates down when there are few interferingtransmissions. However, as more of us use wireless networks toretrieve increasingly rich content, interference increases inunpredictable ways. This results in errored bits, degradedthroughput, and eventually, an unusable network. We observe that thisis the result of higher layers working at the packet granularity,whereas they would benefit from a shift in perspective from wholepackets to individual symbols.From real-world experiments on a 31-node testbed of Zigbee andsoftware-defined radios, we find that often, not all of the bitsin corrupted packets share fate. Thus, today's wireless protocolsretransmit packets where only a small number of the constituent bitsin a packet are in error, wasting network resources. In thisdissertation, we will describe a physical layer that passesinformation about its confidence in each decoded symbol up to higherlayers. These SoftPHY hints have many applications, one ofwhich, more efficient link-layer retransmissions, we will describe indetail. PP-ARQ is a link-layer reliable retransmission protocolthat allows a receiver to compactly encode a request forretransmission of only the bits in a packet that are likely in error.Our experimental results show that PP-ARQ increases aggregate networkthroughput by a factor of approximately 2x under variousconditions. Finally, we will place our contributions in the contextof related work and discuss other uses of SoftPHY throughout thewireless networking stack

Alibi framework for identifying reactive jamming nodes in wireless LAN

Reactive jamming nodes are the nodes of the network that get compromised and become the source of jamming attacks. They assume to know any shared secrets and protocols used in the networks. Thus, they can jam very effectively and are very stealthy. We propose a novel approach to identifying the reactive jamming nodes in wireless LAN (WLAN). We rely on the half-duplex nature of nodes: they cannot transmit and receive at the same time. Thus, if a compromised node jams a packet, it cannot guess the content of the jammed packet. More importantly, if an honest node receives a jammed packet, it can prove that it cannot be the one jamming the packet by showing the content of the packet. Such proofs of jammed packets are called "alibis" - the key concept of our approach. In this paper, we present an alibi framework to deal with reactive jamming nodes in WLAN. We propose a concept of alibi-safe topologies on which our proposed identification algorithms are proved to correctly identify the attackers. We further propose a realistic protocol to implement the identification algorithm. The protocol includes a BBC-based timing channel for information exchange under the jamming situation and a similarity hashing technique to reduce the storage and network overhead. The framework is evaluated in a realistic TOSSIM simulation where the simulation characteristics and parameters are based on real traces on our small-scale MICAz test-bed. The results show that in reasonable dense networks, the alibi framework can accurately identify both non-colluding and colluding reactive jamming nodes. Therefore, the alibi approach is a very promising approach to deal with reactive jamming nodes.published or submitted for publicationnot peer reviewe

Design and Evaluation of Primitives for Passive Link Assessment and Route Selection in Static Wireless Networks

Communication in wireless networks elementally comprises of packet exchanges over individual wireless links and routes formed by these links. To this end, two problems are fundamental: assessment of link quality and identification of the least-cost (optimal) routes. However, little is known about achieving these goals without incurring additional overhead to IEEE 802.11 networks. In this thesis, I design and experimentally evaluate two frameworks that enable individual 802.11 nodes to characterize their wireless links and routes by employing only local and passively collected information. First, I enable 802.11 nodes to assess their links by characterizing packet delivery failures and failure causes. The key problem is that nodes cannot individually observe many factors that affect the packet delivery at both ends of their links and in both directions of 802.11 communication. To this end, instead of relying on the assistance of other nodes, I design the first practical framework that extrapolates the missing information locally from the nodes' overhearing, the observable causal relationships of 802.11 operation and characterization of the corrupted and undecodable packets. The proposed framework employs only packet-level information generally reported by commodity 802.11 wireless cards. Next, I design and evaluate routing primitives that enable individual nodes to suppress their poor route selections. I refer to a route selection as poor whenever the employed routing protocol fails to establish the existing least-cost path according to an employed routing metric. This thesis shows that an entire family of the state-of-the art on-demand distance-vector routing protocols, including the standards-proposed protocol for IEEE 802.11s mesh networks, suffers from frequent and long-term poor selections having arbitrary path costs. Consequently, such selections generally induce severe throughput degradations for network users. To address this problem, I design mechanisms that identify optimal paths locally by employing only the information readily available to the affected nodes. The proposed mechanisms largely suppress occurrence of inferior routes. Even when such routes are selected their durations are reduced by several orders of magnitude, often to sub-second time scales. My work has implications on several key areas of wireless networking: It removes systematic failures from wireless routing and serves as a source of information for a wide range of protocols including the protocols for network management and diagnostics