Jamming-resistant Broadcast Communication without Shared Keys - - PowerPoint PPT Presentation

Motivation Uncoordinated DSSS UDSSS Application Conclusion

Jamming-resistant Broadcast Communication without Shared Keys

Christina P¨

• pper

Joint work with Mario Strasser and Srdjan ˇ Capkun System Security Group ETH Z¨ urich

August 2009

1/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion Broadcast Communication Jamming Attacks Problem Statement Our Solution

Broadcast Communication

◮ Setting:

◮ Broadcast of (authenticated) messages to a (large) number of

receivers

◮ Wireless RF communication ◮ Receivers may be unknown and/or untrusted

◮ Broadcast Applications:

◮ Alarm broadcast ◮ Broadcast of navigation signals ◮ ... 2/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion Broadcast Communication Jamming Attacks Problem Statement Our Solution

Jamming Attacks

◮ Jamming Attacks:

◮ Jamming devices are cheap and easy to obtain

◮ Anti-Jamming Techniques:

◮ Spread Spectrum Techniques, e.g., ◮ Frequency Hopping Spread Spectrum ◮ Direct-Sequence Spread-Spectrum (DSSS) ◮ Rely on a secret key (or code) pre-shared between sender

and receivers before the communication

3/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion Broadcast Communication Jamming Attacks Problem Statement Our Solution

Jamming Attacks

◮ Anti-Jamming Techniques in Broadcast Settings:

◮ Pre-sharing keys is complex or infeasible ◮ Public key cryptography does not help ◮ Even if secret keys are pre-shared, receivers still need to be

trusted

→ Anti-jamming Broadcast Problem

4/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion Broadcast Communication Jamming Attacks Problem Statement Our Solution

Problem Statement

◮ Problem Statement: How can we enable jamming-resistant

broadcast communication if the sender does not share secret keys with (all the) receivers?

◮ In [Desmedt et al., ICON99] and [Chiang et al., InfoCom08],

solutions were proposed for jamming-resistant broadcast, but they rely on shared secret information

5/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion Broadcast Communication Jamming Attacks Problem Statement Our Solution

Our Solution

◮ Anti-jamming Broadcast without Shared Secrets

◮ Scheme called Uncoordinated DSSS (UDSSS) ◮ Achieve communication to an unknown/untrusted set of

receivers in the presence of communication jamming

◮ Key Idea: Base the communication on DSSS but release the

requirement of shared secret keys by randomization

◮ Key Observation: “Whatever has arrived unjammed at the

receiver can be decoded” B t t A M M M M

6/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Uncoordinated DSSS (UDSSS)

◮ DSSS

7/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Uncoordinated DSSS (UDSSS)

◮ DSSS ◮ UDSSS

7/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Uncoordinated DSSS (UDSSS)

• Public set C of spreading sequences

Sender randomly selects sequence cs ∈ C to spread message M Receivers record signal and despread M by applying sequences from C using a trial-and-error method

◮ UDSSS

7/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

UDSSS Sender Side

◮ Message repetitions, due to

◮ lacking synchronization between sender and receivers ◮ the possibility of successful jamming attacks

B M1 M2 decoding (Td) sampling (sTm) A M1 M2 M2 M2 M2 M1 M1 M1 M1

t t

buffer buffer

8/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

UDSSS Code Set & Despreading

◮ Code set C composed of n code sequences ◮ Each code sequence is composed of ℓ spreading codes

containing N chips

◮ E.g., N = 100 chips →

20 dB processing gain

◮ Auto-correlation and

cross-correlation properties

N chips per code n code sequen- ces M M[1] M[2] cs,1

cs c1 c2

cs,ℓ M[ℓ] ℓ codes per code sequence cn,1 cn,ℓ cs,1 cs,2 c2,2 c1,2 c1,ℓ

cn

c1,1 c2,1 cs,ℓ c2,ℓ cn,2

◮ Successful despreading requires to hit the correct spreading

sequence and the correct synchronization

9/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Attacker Analysis

◮ Attacker goal: To prevent communication ◮ Attacker types

◮ Non-reactive jammers blindly jam part of the spectrum ◮ Reactive jammers sense for ongoing transmissions ◮ Decoding jammers: try to find the used spreading codes and

construct the corresponding jamming signal

◮ Repeater jammers: intercept the signal and re-radiate it

without knowledge of the used spreading codes

◮ Attacker strength: Jamming probability pj (with respect to

a given message transmission)

10/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Performance Evaluation

◮ Evaluation metric: Message transmission time

◮ One receiver: Expected time for message recovery at a receiver

with jamming (pj > 0) and without jamming (pj = 0)

◮ Multiple receivers: Expected time until all l receivers have

received the message (for independent receptions) under pj

◮ One receiver: Tr ≈ Ts + Td = 2|M|N R

+

n 2 kqN|M|+|M|

ΛB(N)

◮ R = 1/Tc chip rate ◮ q samples per chip ◮ ΛB(N): # bit despreading operations that the receiver can

perform per second

◮ despread k bits before decision on code sequence, etc. 11/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Analytical Evaluation and Simulation

◮ Multiple (l) receivers

0.2 0.4 0.6 0.8 1 10 20 30 40 50 number of message decodings (i) Probability that a message is received by all l = 100 receivers m = 1 pj = 0.0 pj = 0.2 pj = 0.5 pj = 0.8 10 20 30 40 50 60 1 10 100 1000 number of receivers (l) Time (in sec) after which all l receivers have decoded the message Td = 2s m = 1 pj = 0.0 pj = 0.2 pj = 0.5 pj = 0.8

◮ UDSSS can be enhanced to yield the same performance as

(non-synchronized) DSSS in the absence of jamming by two parallel signal transmission using C1 = {c1} and C2

12/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Implementation

◮ Prototype implementation of UDSSS on USRP/GnuRadio

◮ Carrier frequency of 2.4 GHz ◮ (8,4)-Hamming-code ECC ◮ 2 USRPs positioned indoors at a distance of around 5 m USRP usrp sink bit scrambling usrp source bit despreading bit unscrambling USRP ECC encoding message sender message receiver ECC decoding bit spreading 13/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

Implementation Results

20 40 60 80 100 120 140 100 200 300 400 500 code length N per bit Duration (in sec) to receive and decode a message n IPS = 100 = 4.7⋅108 |M| = 256 |M| = 512 |M| = 1024 |M| = 1536 |M| = 2048 20 40 60 80 100 120 140 100 200 300 400 500 number of code sequences n Duration (in sec) to receive and decode a message N IPS = 256 = 4.7⋅108 |M| = 256 |M| = 512 |M| = 1024 |M| = 1536 |M| = 2048

◮ Increasing the processing gain (i.e., N) is more harmful to the

latency/throughput than increasing the code set (i.e., n)

14/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion UDSSS Scheme Security Analysis Performance Evaluation UDSSS Enhancement

UDSSS Optimization

◮ Idea: Use UDSSS to transmit the spreading key only ◮ Trick: First transmit message M using a random spreading

code K, then transmit the spreading code K using UDSSS

K M K M

cs ∈ C

A B

t t UDSSS despreading K K ∈ {0, 1}∗ ◮ Advantages: Smaller spreading code set. Quicker decoding.

Longer messages. More flexible security level.

15/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion Navigation Signals

UDSSS Application: Navigation Signal Broadcasts

◮ For positioning and/or time-synchronization ◮ Requirements:

◮ signals from three to four different base stations ◮ precise time-stamping of signal reception

Receiver

buffer UDSSS

J A4 A1 A2 A3

t2, pos2 t3, pos3 t1, pos1 t, pos t4, pos4 noise level

received power broadband recording

UDSSS signals

t

tr tr + Tr

◮ UDSSS provides:

◮ anti-jamming transmission of multiple signals in parallel ◮ precise time-stamping of signal reception (despite delayed

recovery) & updated time-stamps in each transmitted message

◮ anti-spoofing protection of authenticated messages 16/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion

Concluding Remarks

◮ We tackled the anti-jamming broadcast problem: anti-

jamming broadcast communication without pre-shared secrets such that devices cannot jam the reception of other receivers

◮ Uncoordinated Spread Spectrum techniques are a solution to

the anti-jamming broadcast problem

◮ UDSSS ◮ ZPK-DSSS [Jin et al, MobiHoc09] ◮ UFH [Strasser et al., S&P08], [Strasser et al., MobiHoc09],

and [Slater et al., WiSec09]

◮ Basic idea: randomize the spreading operation (random code

selection)

◮ Application: e.g., anti-jamming navigation signal broadcasts

17/18

Motivation Uncoordinated DSSS UDSSS Application Conclusion

Questions

18/18