Researcher: Rohit Negi
Further Investigations into Wireless Broadcast from a Security Perspective
In 2003, Cylab funded the PI’s proposal to investigate the broadcast nature of wireless networks. To recap the motivation for that project, the PI claimed that wireless channels differ from their wireline counterparts, in the fact that each wireless transmission is heard by (potentially) several, if not all receivers, legitimate or otherwise. Whereas this broadcast nature of the wireless medium has been studied from the point of view of channel capacity, when security considerations become paramount, a whole new set of interesting and crucial issues need to be addressed regarding the broadcast medium. Specifically, the broadcast nature allows jammers to effectively disrupt wireless network communications with clever strategies that use minimal jammer resources. This denial of service can be made catastrophic by utilizing semantic information in the Medium Access Control and routing layers. The broadcast nature also means that eavesdroppers can hear transmissions without much effort, raising privacy concerns. However, at the same time, the broadcast medium allows innovative security measures, such as a recently introduced, innovative, information-theoretically secure, key generation mechanism can be used to replenish keys during the course of long communication streams.
Based on last year’s funding, the PI employed a Ph.D. student to work on the problem. The student has made valuable progress on identifying the key issues with solving the problem. Based on this past work, the PI proposes the following research plan, to continue our investigation.
There are two aspects to the research plan, which were begun last year, and which will be continued this year. The specific details of these aspects that will be investigated this year are as follows.
Denial-of-service at MAC and routing layers: In , we had shown that the Medium Access Control protocol in a wireless network, such as in 802.11 consumer systems, needs to be ‘jammer-proof’, so as to not cause catastrophic loss of throughput. To elaborate, jamming is an inexpensive method of denying service to legitimate users. Typically, jamming attacks in the physical layer have been considered in the past, leading to CDMA techniques to protect against such attacks. However, this proposal will consider more sophisticated ‘jamming’ attacks in the MAC and network layers. A very simple example will serve to illustrate the novelty of such attacks, and the catastrophic effect it could have on network communications. Consider a slotted CSMA/CA based wireless network, such as the 802.11 Distributed Coordination function, where link-layer communications occurs by using an Request to Send/Clear to Send (RTS/CTS) exchange, followed by the transmission of the data packet (assuming a successful exchange), ending with an Acknowledgment from the receiver. How much damage, in terms of loss of throughput, could an intelligent jammer cause?
If the jammer does not take into account the semantics of data transmission (as in a pure physical layer attack), then an idealistic analysis will indicate that the loss is proportional to the jammer power. Specifically, assuming that the jammer has enough power to jam a fraction of the slots, the loss in throughput will be approximately P. However, an intelligent jammer could cleverly utilize the semantics of the data transmission, by interpreting the packet-on-the-air and deciding its relative importance, and carry out a jamming attack at the MAC-layer. In the context of CSMA/CA, the jammer could detect the transmission of valuable RTS control packets, and jam such crucial information-bearing packets, to prevent other users from accessing the channel. Due to the random backoff, this creates a cascade effect, which will waste a large bandwidth. Further, it could utilize an idle slot to broadcast an RTS packet, to reserve the channel for the longest possible duration, and simply not broadcast a data packet. Thus, the jammer would be able to leverage a small amount of power (jamming the small but semantically important RTS slot) to waste large bandwidth.
Preliminary mathematical analysis, using a Poisson arrival model for data packets shows that, contrary to intuition, and against the conventional wisdom of networking to choose large K’s to improve efficiency, as the ratio K of data packet size to RTS packet size increases, the efficiency decreases asymptotically to zero, even for a relatively modest jammer power. In fact, even if the jammer is active for only a fraction slots, the throughput for large K (say, 100) has already reduced to 50%. This is in sharp contrast to the case of no jammer (), where the throughput increases with K ! This suggests that protocol choice (and parameter optimization) can be considerably different, if malicious MAC-layer jammers are considered.
This simple example shows the catastrophic effect of intelligent jamming in the MAC layer. A similar result will hold in the network layer also, since a larger ‘leveraging effect’ is possible in the higher layers, by jamming crucial control information. As part of this proposal, the PIs will investigate intelligent jamming attacks in the link and network layers, quantify the loss of throughput caused, and design protocols which are resistant to such attacks.
Privacy and information-theoretic security: Last year, the PI began work on using the approach in  which intelligently utilizes the feedback channel between and transmitter and receiver of a wireless link, to achieve privacy, even if the eavesdropper has a communication channel that is better than that of the legitimate receiver. This is an approach that promises information-theoretic security, as opposed to the traditional computational cryptographic systems. Such approaches may be preferable in situations where computational ‘guarantees’ of privacy using hardness of certain problems are not good enough (information-theoretic guarantees are provably secure). The specific result is extremely non-intuitive from a communication viewpoint, since it is assumed that if the eavesdropper has a higher capacity, she should be able to decode all the information transmitted correctly. However, since the result is information-theoretic, it guarantees achievability only if immense computation power is available to the legitimate parties. The proposed research will continue last year’s effort to explore this idea for wireless networks, to obtain practical schemes that can utilize this interesting result in actually constructing a system.