The Community for Technology Leaders
RSS Icon
Issue No.08 - Aug. (2012 vol.11)
pp: 1386-1398
Wade Trappe , Rutgers University, New Brunswick
Rob Miller , Rutgers University, New Brunswick
Multiple-input multiple-output (MIMO) technologies are a popular choice for emerging wireless systems due to their promised gains in throughput and reliability. In order to realize any gains over traditional non-MIMO communication systems, these systems must possess accurate knowledge of the wireless channel. In this paper, we investigate strategies for disrupting MIMO communications by developing attacks that target the often overlooked, but essential, channel estimation procedure. Our study focuses on the two most popular and well-known MIMO techniques: the capacity achieving SVD-based MIMO scheme, and the Alamouti space-time block code (STBC), which spans many protocols including 802.11n, WiMAX, and 3GPP. We augment theoretical and simulation results with real-world experimentation using the USRP/GNU Radio software defined radio platform. We also present novel methodology to protect the channel estimation procedure from such attacks by embedding authentication messages into physical layer features of the transmissions.
MIMO, Jamming, Channel estimation, Eigenvalues and eigenfunctions, Protocols, Wireless communication, Noise measurement, channel estimation., Denial of service, jamming, MIMO
Wade Trappe, Rob Miller, "On the Vulnerabilities of CSI in MIMO Wireless Communication Systems", IEEE Transactions on Mobile Computing, vol.11, no. 8, pp. 1386-1398, Aug. 2012, doi:10.1109/TMC.2011.156
[1] "BLAST: Bell Labs Layered Space-Time—An Architecture for Realizing Very High Data Rates over Fading Wireless Channels,", 2010.
[2] "GNU Radio," http://gnuradio.orgtrac, 2012.
[3] "Intro to MIMO Systems," http:/, 2012.
[4] "USRP," http:/, 2012.
[5] S.M. Alamouti, "A Simple Transmit Diversity Technique for Wireless Communications," IEEE J. Selected Areas on Comm., vol. 16, no. 8, pp. 1451-1458, Oct. 1998.
[6] T. Basar, "The Gaussian Test Channel with an Intelligent Jammer," IEEE Trans. Information Theory, vol. 29, no. 1, pp. 152-157, Jan. 1983.
[7] P.A. Bello, "Characterization of Randomly Time-Variant Linear Channels," IEEE Trans. Comm. Systems, vol. 11, no. 4, pp. 360-393, Dec. 1963.
[8] D. Shiu, D. Gesbert, M. Shafi, and P. Smith, "From Theory to Practice: An Overview of Space-Time Coded MIMO Wireless Systems," IEEE J. Selected Areas on Comm., vol. 21, no. 3, pp. 281-302, Apr. 2003.
[9] H. Boche, E.A. Jorswieck, and M. Weckerle, "Optimal Transmitter and Jamming Strategies in Gaussian MIMO Channels," Proc. IEEE Vehicular Technology Conf. (VTC '05), vol. 2, pp. 978-982, 2005.
[10] G.J. Foschini, "Layered Space-Time Architecture for Wireless Communication in a Fading Environment Using Multi-Element Antennas," Bell-Labs Technical J., vol. 1, pp. 41-59, 1996.
[11] G.J. Foschini and M.J. Gans, "On Limits of Wireless Communication in a Fading Environment when Using Multiple Antennas," Wireless Personal Comm., vol. 6, no. 3, pp. 311-335, 1998.
[12] M. Faulkner, G. Lebrun, and J. Gao, "MIMO Transmission over a Time-Varying Channel Using SVD," IEEE Trans. Wireless Comm., vol. 4, no. 2, pp. 757-764, Mar. 2005.
[13] M. Faulkner, G. Lebrun, and S. Spiteri, "Channel Estimation for an SVD-MIMO System," Proc. IEEE Int'l Conf. Comm., pp. 3025-3029, 2004.
[14] G.H. Golub and C.F. Van Loan, Matrix Computations. The Johns Hopkins Univ. Press, 1996.
[15] IEEE Standard 802.11: Wireless LAN Medium Access Control and Physical Layer Specifications, IEEE, 2007.
[16] IEEE Std 806.16e-2005: Air Interface for Fixed and Mobile Broadband Wireless Access Systems, IEEE, 2006.
[17] J. MitolaIII, "Cognitive Radio: An Integrated Agent Architecture for Software Defined Radio," PhD thesis, Royal Inst. of Technology (KTH), May 2000.
[18] A.T. James, "Distributions of Matrix Variates and Latent Roots Derived from Normal Samples," Annals Math. Statistics, vol. 35, no. 1, pp. 475-501, 1964.
[19] P.J. Smith, L.M. Garth, and M. Shafi, "Exact Symbol Error Probabilities for SVD Transmission of BPSK Data over Fading Channels," Proc. IEEE Int'l Conf. Comm., pp. 2271-2276, 2005.
[20] M.Z. Win, M. Chiani, and A. Zanella, "On the Capacity of Spatially Correlated Mimo Rayleigh-Fading Channels," IEEE Trans. Information Theory, vol. 49, no. 10, pp. 2363-2371, Oct. 2003.
[21] J. Kim, K. Kwak, S. Lee, S. Han, M. Han, T. Yu, and D. Hong, "OFDM Channel Estimation with Jammed Pilot Detector under Narrow-Band Jamming," IEEE Trans. Vehicular Technology, vol. 57, no. 3, pp. 1934-1939, May 2008.
[22] T. Mao and M. Motani, "STBC-VBLAST for MIMO Wireless Communication Systems," Proc. IEEE Int'l Conf. Comm., pp. 2266-2270, 2005.
[23] M. Medard, "The Effect upon Channel Capacity in Wireless Communications of Perfect and Imperfect Knowledge of the Channel," IEEE Trans. Information Theory, vol. 46, no. 3, pp. 933-946, May 2000.
[24] M. Mohseni, M.H. Brady, and J.M. Cioffi, "Spatially-Correlated Jamming in Gaussian Multiple Access and Broadcast Channels," Proc. 40th Ann. Conf. Information Sciences and Systems, pp. 1635-1639, 2006.
[25] L. Mirksy, "Symmetric Gage Functions and Unitarily Invariant Norms," Quarterly J. Math., vol. 11, pp. 50-59, 1960.
[26] G. Noubir and G. Lin, "Low-Power DoS Attacks in Data Wireless Lans and Countermeasures," SIGMOBILE Mobile Computing and Comm. Rev., vol. 7, pp. 29-30, 2003.
[27] C. Oestges and B. Clerckx, MIMO Wireless Communications. Academic, 2007.
[28] B. Park and T.F. Wong, "Optimal Training Sequence in MIMO Systems with Multiple Interference Sources," Proc. IEEE GlobeCom, vol. 1, pp. 86-90, 2004.
[29] B. Ackland (PI), M. Bushnell, D. Raychaudhuri, C. Rose, and T. Sizer, "NeTs-ProWin: High Performance Cognitive Radio Platform with Integrated Physical and Network Layer Capabilities," Nat'l Science Foundation NeTS-0435370, 2004.
[30] G.D. Golden, R.A. Valenzuela, P.W. Wolniansky, and G.J. Foschini, "V-BLAST: An Architecture for Realizing Very High Data Rates over the Rich-Scattering Wireless Channel," Proc. Int'l Symp. Signals, Systems, and Electronics, 1998.
[31] R. Miller, W. Xu, P. Kamat, and W. Trappe, "Service Discovery and Device Identification in Cognitive Radio Networks," Proc. IEEE Workshop Networking Technologies for Software Defined Radio (SDR) Networks (Held in Conjunction with IEEE SECON), pp. 40-47, 2007.
[32] C.J. Foschini, R.A. Valenzuela, G.D. Golden, and P.W. Wolniansky, "Detection Algorithm and Initial Laboratory Results Using V-BLAST Space-Time Communication Architecture," Electronics Letters, vol. 35, no. 1, pp. 14-15, 1999.
[33] T.S. Rappaport, Wireless Communications: Principles and Practice. Prentice Hall, 2002.
[34] A. Cano, S. Farahmand, and G.B. Giannakis, "Anti-Jam Distributed MIMO Decoding Using Wireless Sensor Networks," Proc. IEEE Int'l Conf. Acoustics, Speech and Signal Processing (ICASSP '08), pp. 2257-2260, 2008.
[35] P. Moulin, S. Ray, and M. Medard, "On Jamming in the Wideband Regime," Proc. IEEE Int'l Symp. Infomation Theory (ISIT), pp. 2574-2577, 2006.
[36] S.Y. Seidel, T.S. Rappaport, S. Jain, M.L. Lord, and R. Singh, "Path Loss, Scattering, and Multipath Delay Statistics in Four European Cities for Digital Cellular and Microcellular Radiotelephone," IEEE Trans. Vehicular Technology, vol. 40, no. 4, pp. 721-730, Nov. 1991.
[37] O. Shin, S.H. Nam, and K.B. Lee, "Transmit Power Allocation for a Modified V-BLAST System," IEEE Trans. Comm., vol. 52, no. 7, pp. 1074-1079, July 2004.
[38] G.W. Stewart, "Perturbation Theory for the Singular Value Decomposition," Computer, pp. 99-109, 1990.
[39] I.E. Telatar, "Capacity of Multi-Antenna Gaussian Channels," European Trans. Telecomm., vol. 10, no. 6, pp. 585-595, 1999.
[40] Y. Tsai and C. Rose, "MIMO Power Strategies for Limited Transmitter CSI," Proc. IEEE Conf. Info Sciences and Systems, 2010.
[41] N. Venkatesh, "Wireless Handheld Devices—The 802.11n Advantage," Mobile Handset DesignLine, 2008.
[42] Y. Zhang, W. Xu, W. Trappe, and T. Wood, "The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks," Proc. MobiHoc, pp. 46-57, 2005.
[43] H. Weyl, "Das Asymptotische Verteilungsgestez Der Eigenwert Linearer Partieller Differentialgleichungen (Mit Einer Anwendung Auf Der Theorie Der Hohlraumstrahlung)," Math. Annalen, vol. 71, pp. 441-479, 1912.
[44] A. Perrig, Y. Hu, and D.B. Johnson, "Wormhole Attacks in Wireless Networks," IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 370-380, Feb. 2006.
[45] T. Yoo and A. Goldsmith, "Capacity and Power Allocation for Fading MIMO Channels with Channel Estimation Error," IEEE Trans. Information Theory, vol. 52, no. 5, pp. 2203-2214, May 2006.
[46] Z. Li and W. Xu, and R. Miller, and W. Trappe, "Securing Wireless Systems via Lower Layer Enforcements," Proc. Fifth ACM Workshop Wireless Security (WiSe '06), pp. 33-42, 2006.
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool