Battery depletion attacks on NB-IoT devices using interference

Narrowband-Internet of Things (NB-IoT) is a relatively new Low PowerWide Area Network (LPWAN) technology used to implement large-scale IoT applications. The economic viability of most applications depends on a long battery life of deployed devices (~10 years). In this paper, we document two interference attacks on the NB-IoT communication link that lead to a battery depletion in devices. These attacks can be carried out without disruption of data delivery and are therefore hard to detect. We describe a Matlab based simulation environment that can be used to investigate interference on NB-IoT communication, and we then use this environment to study the two attacks. For example, we show that battery lifetime can be reduced from 17 years to as low as four months

Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey

This paper provides a comprehensive review of the domain of physical layer security in multiuser wireless networks. The essential premise of physical-layer security is to enable the exchange of confidential messages over a wireless medium in the presence of unauthorized eavesdroppers without relying on higher-layer encryption. This can be achieved primarily in two ways: without the need for a secret key by intelligently designing transmit coding strategies, or by exploiting the wireless communication medium to develop secret keys over public channels. The survey begins with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security. We then describe the evolution of secure transmission strategies from point-to-point channels to multiple-antenna systems, followed by generalizations to multiuser broadcast, multiple-access, interference, and relay networks. Secret-key generation and establishment protocols based on physical layer mechanisms are subsequently covered. Approaches for secrecy based on channel coding design are then examined, along with a description of inter-disciplinary approaches based on game theory and stochastic geometry. The associated problem of physical-layer message authentication is also introduced briefly. The survey concludes with observations on potential research directions in this area.Comment: 23 pages, 10 figures, 303 refs. arXiv admin note: text overlap with arXiv:1303.1609 by other authors. IEEE Communications Surveys and Tutorials, 201

Robust Wireless Communication for Multi-Antenna, Multi-Rate, Multi-Carrier Systems

Abstract Today's trend of migrating radio devices from hardware to software provides potential to create flexible applications for both commercial and military use. However, this raises security concerns, as malicious attackers can also be generated easily to break legitimate communications. In this research work, our goal is to design a robust anti-jamming radio framework. We particularly investigate three different aspects of jamming threats: high-power jammers, link attacks on rate adaptation, and jamming in multicarrier systems. The threats of high-power jamming to wireless communications today are realistic due to the ease of access to powerful jamming sources such as the availability of commercial GPS/WiFi/cellular devices on the market, or RF guns built from microwave ovens' magnetron. To counter high-power jamming attacks, we develop SAIM which is a hybrid system capable of resisting jammers of up to 100,000 times higher power than legitimate communication nodes. The system robustness relies on our own antenna structure specially designed for anti-jamming purpose. We develop an efficient algorithm for auto-configuring the antenna adaptively to dynamic environments. We also devise a software-based jamming cancellation technique for appropriately extracting original signals, which is more robust than traditional MIMO approaches, as pilot signals are not required in SAIM. In spite of the robustness of SAIM, our design is more appropriate for malicious environments with powerful jammers, where mechanical steering is feasible, e.g., military applications. Residential and commercial wireless communication systems are still vulnerable to even limited-power jamming, as in today's standard wireless protocols, rate information is exposed to adversaries. Rate-based attacks have been demonstrated to severely degrade the networks at very low cost. To mitigate rate-based attacks, we develop CBM, a system capable of hiding rate and -at the same time -increasing resiliency against jammers up to seven times higher than regular systems, where rate is exposed. We achieve the resiliency boost by generalizing Trellis Coded Modulation to allow non-uniform codeword mapping. We develop an efficient algorithm for finding good non-uniform codes for all modulations in {BPSK, QPSK, 8-PSK, 16-QAM, 64-QAM}. To conceal rate information, we devise an efficient method for generating cryptographic interleaving functions. In recently deployed communication networks such as WiFi and LTE systems, MIMO and OFDM are the two main techniques for increasing bandwidth efficiency. While MIMO increases the channel capacity by spatial processing on multiple received signals, OFDM mitigates impacts of dynamic variations in wide-band channels and allows frequency reuse with overlapping carriers. Synchronization is a key for high-throughput performance in MIMO and OFDM systems. In this work, we study impacts of jamming attacks specifically targeting to control channels in WiFi and LTE networks. Our study focuses on efficient techniques for both jamming and anti-jamming in multicarrier systems

Channel Access in Wireless Networks: Protocol Design of Energy-Aware Schemes for the IoT and Analysis of Existing Technologies

The design of channel access policies has been an object of study since the deployment of the first wireless networks, as the Medium Access Control (MAC) layer is responsible for coordinating transmissions to a shared channel and plays a key role in the network performance. While the original target was the system throughput, over the years the focus switched to communication latency, Quality of Service (QoS) guarantees, energy consumption, spectrum efficiency, and any combination of such goals. The basic mechanisms to use a shared channel, such as ALOHA, TDMA- and FDMA-based policies, have been introduced decades ago. Nonetheless, the continuous evolution of wireless networks and the emergence of new communication paradigms demand the development of new strategies to adapt and optimize the standard approaches so as to satisfy the requirements of applications and devices. This thesis proposes several channel access schemes for novel wireless technologies, in particular Internet of Things (IoT) networks, the Long-Term Evolution (LTE) cellular standard, and mmWave communication with the IEEE802.11ad standard. The first part of the thesis concerns energy-aware channel access policies for IoT networks, which typically include several battery-powered sensors. In scenarios with energy restrictions, traditional protocols that do not consider the energy consumption may lead to the premature death of the network and unreliable performance expectations. The proposed schemes show the importance of accurately characterizing all the sources of energy consumption (and inflow, in the case of energy harvesting), which need to be included in the protocol design. In particular, the schemes presented in this thesis exploit data processing and compression techniques to trade off QoS for lifetime. We investigate contention-free and contention-based chanel access policies for different scenarios and application requirements. While the energy-aware schemes proposed for IoT networks are based on a clean-slate approach that is agnostic of the communication technology used, the second part of the thesis is focused on the LTE and IEEE802.11ad standards. As regards LTE, the study proposed in this thesis shows how to use machine-learning techniques to infer the collision multiplicity in the channel access phase, information that can be used to understand when the network is congested and improve the contention resolution mechanism. This is especially useful for massive access scenarios; in the last years, in fact, the research community has been investigating on the use of LTE for Machine-Type Communication (MTC). As regards the standard IEEE802.11ad, instead, it provides a hybrid MAC layer with contention-based and contention-free scheduled allocations, and a dynamic channel time allocation mechanism built on top of such schedule. Although this hybrid scheme is expected to meet heterogeneous requirements, it is still not clear how to develop a schedule based on the various traffic flows and their demands. A mathematical model is necessary to understand the performance and limits of the possible types of allocations and guide the scheduling process. In this thesis, we propose a model for the contention-based access periods which is aware of the interleaving of the available channel time with contention-free allocations