orthogonality sabotaging attacks against ofdma based
play

Orthogonality-Sabotaging Attacks against OFDMA-based Wireless - PowerPoint PPT Presentation

Orthogonality-Sabotaging Attacks against OFDMA-based Wireless Networks Shangqing Zhao, Zhuo Lu, Zhengping Luo, Yao Liu University of South Florida OUTLINE Background Attack Strategy and Evaluation Motivation of orthogonality


  1. Orthogonality-Sabotaging Attacks against OFDMA-based Wireless Networks Shangqing Zhao, Zhuo Lu, Zhengping Luo, Yao Liu University of South Florida

  2. OUTLINE • Background • Attack Strategy and Evaluation – Motivation of orthogonality sabotaging – Experimental Evaluation • Identification and Detection • Conclusion

  3. JAMMING ATTACKS • Jamming attacks

  4. JAMMING ATTACKS • Jamming attacks --- broadcast nature of wireless signals Jamming attack works well against Attacker narrowband systems Signal Jammer User AP Frequency

  5. JAMMING ATTACKS • Traditional: jammer cannot disrupt signals beyond its covered bandwidth Narrow-band jamming is usually not effective for broadband systems How about the broadband system ? Jammer Affect area 802.11n: 40 MHz 802.11ac/ax: 160 MHz Signal Frequency

  6. JAMMING ATTACKS • Traditional: jammer cannot disrupt signals beyond its covered bandwidth NOT always hold in OFDM(A (A) systems !! 802.11ax 4G, 5G

  7. OFDMA • OFDMA --- spectrum is split into multiple orthogonal subcarriers --- assigns a part of subcarriers to each user Subcarriers User 1 User 2 AP User 3

  8. OFDMA • OFDMA Receiver (at the AP) Y Y Y Y 2 3 4 1 A/D and S/P FFT π − j 2 ni N 1 1 − ∑ = N Y S e n i N = 0 i frequency Sampling points Fact 1: Fact 2: Frequency-domain signals are on all subcarriers system is susceptible to the frequency drift are orthogonal to each other

  9. ATTACK Orthogonality-Sabotaging Attacks • Key idea: – Use a narrowband jamming signal to disrupt the broadband OFDMA based system • Methodology: – Intentionally transmits a jamming signal with unaligned central frequency to other subcarriers, to break the orthogonality. • Two goals: • Understand its impact • Detect and localize the attack

  10. ATTACK • Attack with no frequency offset Interference Jammer frequency

  11. ATTACK • Attack with frequency offset Jammer frequency Frequency offset Interference

  12. ATTACK STRATEGIES • Strategies – Exact subcarrier jamming no offset – Continuous-subcarrier attack same offset – Scattered subcarrier attack different offsets Power Exact subcarrier Continuous- Scattered- jamming subcarrier attack subcarrier attack Subcarrier Index 1 2 3 4 5 6 7 8 9 10 11 12 User 1 User 2 User 3

  13. EXPERIMENTS • Experimental setup --- USRP X300s with CBX daughterboards --- 8 USRPs are users, 1 USRP is AP, and 1 USRP is attacker --- Use Linksys EA8500 as the commercial AP (802.11ac) • Parameters setting (802.11ax) --- 245 subcarriers --- attacker user 18 subcarriers --- each user occupies 26 subcarriers

  14. EXPERIMENTS • Indoor environment • Metrics – Bit error rate (BER) – Packet drop rate – Normalized throughput

  15. 802.11AX NETWORK • Varying frequency offset 9 Continuous Scattered 8 Bit error rate (%) 7 6 5 -0.5 -0.3 -0.1 0.1 0.3 0.5 Frequency shift BER reaches the maximum at |0.5| bandwidth of subcarrier

  16. 802.11AX NETWORK • Varying modulation scheme 50 50 50 BPSK BPSK QPSK BPSK QPSK 40 40 40 16QAM 30 30 30 Bit error rate (%) Bit error rate (%) Bit error rate (%) 20 20 20 10 10 10 0 0 0 50 75 100 125 150 175 200 50 50 75 75 100 100 125 125 150 150 175 175 200 200 Subcarrier index Subcarrier index Subcarrier index Attack can disrupt the signal with up to a bandwidth 500% broader than its own bandwidth

  17. 802.11AX NETWORK • Impact on users 100 Continuous Scattered 80 Packet drop rate (%) 60 40 20 0 1 2 3 4 5 6 7 8 User index Attack can affect up to 5 users using a single user’s bandwidth

  18. 802.11AC NETWORK • Impact on commercial AP (Linksys EA8500) 10 2 Continuous Scattered Narrowband Normalized throughput (%) 10 0 10 -2 0 10 20 30 40 50 Bandwidth occupation ratio (%) Orthogonality-Sabotaging Attacks are more efficient

  19. IDENTIFICATION AND LOCALIZATION How to identify and localize such attacks ?

  20. IDENTIFICATION AND LOCALIZATION • Spectrum analysis Outlier 21 20 Power 19 Frequency 2.4 GHz

  21. IDENTIFICATION AND LOCALIZATION • Spectrum analysis Outliers 21 20 Power 19 Hard to say which one is from Frequency (2.4 GHz) attacks or random fading.

  22. IDENTIFICATION AND LOCALIZATION • virtual subcarriers --- serves as the guard zones to protect interferences between users … …… Subcarrier Index User K-1 User 1 User 2 User K Virtual Subcarrier --- carry no information with 0 power, so … A positive measurement of power can be only due to noise or jamming interference.

  23. IDENTIFICATION AND LOCALIZATION • Given measurements on virtual subcarriers, we can do … Localization Identification Find the locations of Identify the attack is: subcarriers where Broadband jamming • attacker occupy • Orthogonality sabotaging attack • Exact subcarrier jamming

  24. LOCALIZATION • Localization Jammer measurement Φ 3 Subcarrier Index 1 2 3 4 5 User 2 Virtual User 1 subcarrier

  25. LOCALIZATION • Localization Offset ε a sinc function [ ] Φ = π + ε 2 P sin c((3-1) ) 3 Power P Subcarrier Index 1 3 Location

  26. IDENTIFICATION • Identification – Broadband-like jamming – Orthogonality sabotaging attack – Exact subcarrier jamming SNR Broadband Jamming Orthogonality- sabotaging Subcarrier Jamming 1 2 3 4 5 6 7 8 9 10 Virtual Subcarrier

  27. ATTACK LOCALIZATION • Localization error 0.5 0.4 Continuous 0.3 Localization error Scattered 0.2 0.1 0 1 2 3 4 5 Location index Localization error is as low as 0.1–0.45 subcarrier spacing.

  28. ATTACK IDENTIFICATION • Identification accuracy Orth. - Sab Broad. - like Exact - sub. Iden. as Orth. - Sab 92.99% 2.4% 0.2% Iden. as Broad. - like 2.62% 98.6% 0.0% Iden. as Exact - sub. 4.39% 0.0% 99.8% The overall accuracy is no less than 92% under different attacks

  29. SUMMARY • Orthogonality-Sabotaging attacks are very efficient. – is orthogonal to recent smart jamming strategies (e.g., jamming preambles) • The localization and identification methods achieve a high accuracy.

  30. SUMMARY Thank you !

Recommend


More recommend