Obfuscation of Transmission Fingerprints for Secure Wireless Communications

Abstract

Our world of people and objects is on the verge of transforming to a world of highly-interconnected wireless devices. Incredible advances in wireless communications, hardware design, and power storage have facilitated hasty spread of wireless technologies in human life. In this new world, individuals are often identified and reached via one or multiple wireless devices that they always carry (e.g., smartphones, smart wearable, implantable medical devices, etc.), and their biometrics identities are replaced by their digital fingerprints. In near future, vehicles will be controlled and monitored via wireless monitoring systems and various physical objects (e.g., home appliance and retail store items) will be connected to the Internet. The list of these changes goes on. Unfortunately, as different aspects of our lives are being immerged in and dependent to wireless devices and services, we will become more vulnerable to wireless service/connection interruptions due to adversarial behavior and our privacy will become more potent to be exposed to adversaries. An adversary can learn the procedures of a wireless system and analyze its stages, and accordingly, launch various attacks against the operations of the system or the privacy of the people. Existing data confidentiality and integrity services (e.g., advanced encryption algorithms) have been able to prevent the leakage of users' messages. However, in wireless networks, even when upper-layer payloads are encrypted, the users' privacy and the operation of a wireless network can be threatened by the leakage of transmission attributes at the physical (PHY) layer. Examples of these attributes are payload size, frequency offset (FO), modulation scheme, and the transmission rate. These attributes can be exploited by an adversary to launch passive or active attacks. A passive attacker may learn about the interests, sexual orientation, political views, and patentable ideas of the user through analyzing these features, whereas an active attacker exploits captured attributes to launch selective packet jamming/dropping and disrupt wireless services. These call for novel privacy preserving techniques beyond encryption. In this dissertation, we study the vulnerability of current wireless systems to the leakage of transmission attributes at the PHY layer and propose several schemes to prevent it. First, we design and experimentally demonstrate with USRPs an energy-efficient and highly disruptive jamming attack on the FO estimation of an OFDM system. OFDM is the core multiplexing scheme in many modern wireless systems (e.g., LTE/5G and 802.11a/n/ac) and is highly susceptible to FO. FO is the difference in the operating frequencies of two radio oscillators. This estimation is done by the receiver using the publicly-known frame preamble. We show that the leakage of FO value via the preamble can facilitate an optimally designed jamming signal without needing to know the channel between the transmitter and the legitimate receiver. Our results show that the jammer can guarantee a successful attack even when its power is slightly less than the transmitter's power. We then propose four mitigation approaches against the proposed FO attack. Next, we consider certain transmission attributes that are disclosed via unencrypted PHY/MAC headers. Example of these attributes are payload size, transmission rate, and MAC addresses. Beyond unencrypted headers, the adversary can estimate the frame size and transmission rate through identifying the payload's modulation scheme and measuring the transmission time. To prevent the leakage of these attributes, we propose Friendly CryptoJam scheme, which consists of three components: First, a modulation-aware encryption scheme to encrypt the headers. Second, an efficient modulation obfuscation techniques. Specifically, the proposed modulation obfuscation scheme embeds the modulation symbols of a frame's payload into the constellation of the highest-order modulation scheme supported by the system. Together with effective PHY/MAC header encryption at the modulation level, the proposed obfuscation scheme hides the transmission rate, payload size, and other attributes announced in the headers while avoiding any BER performance loss. Compared with prior art, Friendly CryptoJam enjoys less complexity and less susceptibility to FO estimation errors. The third component is a novel PHY-level identification method. To facilitate PHY/MAC header encryption when a MAC layer sender identifier cannot be used (e.g., due to MAC address encryption), we propose two preamble-based sender identification methods, one for OFDM and one for non-OFDM systems. A sender identifier is special message that can be embedded in the frame preamble. The extent of the applications of our embedding scheme goes beyond identifier embedding and include embedding part of the data frame, the sender's digital signature, or any meta-data that the sender provides. Our message embedding method can further be used to mitigate the FO estimation attack because the jammer can no longer optimize its jamming signal with respect to a fixed preamble signal. In addition, we considered friendly jamming technique in a multi-link/hop network to degrade the channels of the eavesdroppers and prevent successful decoding of the headers, while minimizing the required jamming power by optimally placing the friendly jamming devices.