Enhancing Critical Infrastructure Protection with innovative SECurity framework Denial-of-Service Jammer Detector Training Course Worldsensing The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.
Wireless everywhere Wireless networking plays an important role in achieving ubiquitous computing where network devices embedded in environments provide continuous connectivity and services, thus improving human’s quality of life. However, due to the exposed nature of wireless links, current wireless networks can be easily attacked by jamming technology. Jamming can cause Denial-of-Service (DoS) problem that may result in several other higher-layer security problems, although these are often not adequately addressed. © May 2018
Jamming Jamming makes use of intentional radio interferences to harm wireless communications by keeping communicating medium busy, causing a transmitter to back-off whenever it senses busy wireless medium, or corrupted signal received at receivers. Jamming mostly targets attacks at the physical layer but sometimes cross-layer attacks are possible too. © May 2018
The problem Jammers are malicious wireless nodes planted by an attacker to cause intentional interference in a wireless network. Depending upon the attack strategy, a jammer can either have the same or different capabilities from legitimate nodes in the network, which they are attacking. The jamming effect of a jammer depends on its radio transmitter power, location and influence on the network or the targeted node. © May 2018
Jamming techniques There are four main types of jamming signals: CONTINUOUS WAVE: RF sinusoidal narrowband signal with constant amplitude and constant frequency. FREQUENCY MODULATED: RF sinusoidal signal with constant amplitude and variable frequency that sweeps service band frequencies. © May 2018
Jamming techniques PULSED SIGNALS: Intermittent RF signal that has several harmonic components split in the entire service band. WIDEBAND: Transmits a band of frequencies that is large with respect to the bandwidth of a single emitter. © May 2018
Wireless bands in CI The following communication bands are frequently used in critical infrastructures: © May 2018
Jamming in practise Jammers can: Prevent your cell phone from operating, making it impossible to emit or receive calls or messages Prevent connections to the internet blocking digital payments and data transmission from a device Freezing the image on CCTV systems and security cameras Tamper with car central locking systems to facilitate robbery Prevent correct positioning to be received for GPS, making it impossible to track or locate a transportation mean and making it digitally invisible © May 2018
Jamming in hospital infrastructure case © LAIRD https://www.lairdtech.com/solutions/embedded-wireless/what-connected-hospital © May 2018
Jamming in train infrastructure case © GUMUSKAYA http://www.gumuskaya.com/ © May 2018
The solution DoSSensing provides a device that is capable of detecting different types of radio jammer signals at the physical layer and inform the users that a particular jammer is performing an attack. It will visually provide the jammer type and estimated power over time for a particular frequency or wireless channel. The users can then identify the threat and approach the area to find the jammer device. Having several devices on that area will better help to identify and find the threat that will be pointed out by more than one detector. © May 2018
The solution The monitoring tool helps identify whenever a jamming attack is taking place. © May 2018
The solution © May 2018
The solution © May 2018
The solution WIRELESS JAMMER DETECTOR: Detection of different types of radio frequency jamming attacks by analyzing the radio signal at the physical layer. ATTACK LOGGER: Logs and also communicates the jamming attacks detected, including type of jammer, jammer to noise ratio, timestamp and frequency. It is integrated with ATOS XL-SIEM solution. CONFIGURABLE: By default, the jammer detector analyses the WiFi 2.4 GHz band. However, it can be configured to analyze any frequencies between 1 MHz to 6 GHz PORTABLE: Software solution is portable to different processing environments to generate real time results using configurable bandwidth. PLUG & MONITOR: Plug the detector and monitor any anomalies affecting your wireless networks, through our visualization environment. © May 2018
The solution – General architecture SDR module Processing Board Monitoring Server Visualization Tool Antenna: used to capture the radiofrequency spectrum analogically SDR Module: it measures the wireless signals and transforms the wave to digital samples Processing Board: processes all the sampled data real time in order to make a decision whether there is a jamming signal or not Monitoring Server: it gathers detection decisions, post processes them and stores them so that they can be visualized Visualization Tool: used to present the detection results in a user friendly interface © May 2018
The solution – The code The code for the DoS Jammer Detector Sensor provided by Worldsensing in the framework of the CIPSEC project is OpenSource and can be found in the following repository: https://github.com/worldsensinginnovation/cipsec This software will allow users to connect a HackRf One to the processing board, perform the detection and visualize the detection results via standard output. In addition, the jammer_msg_rx executable is an example application that reads detection events from a Linux queue and prints them on standard output. This application shows how to retrieve the events in case the solution wants to be extended as it is done on the DoS Sensing solution. Note: the public repository does not include any Monitoring Server or Visualization Tool code. The output decisions obtained may need to be refined. © May 2018
The solution – The code (output) - No Jammer Main software (sdrjd executable) Example consumer (jammer_msg_rx) © May 2018
The solution – The code (output) - Jammer Main software (sdrjd executable) Example consumer (jammer_msg_rx) © May 2018
In Detail: Detection Algorithm Brief description of the steps taken place for the detection of the jamming attacks. STEPS: Compute the noise floor estimation. Create the spectrogram: representation in frequency. Project the measure into time domain (FT). Compute mean of the measures. Binarize the measures. FT to perform the decision making process. Decision Algorithm © May 2018
In Detail: Decision Algorithm © May 2018
In detail: The Hardware © May 2018
In detail: The platform - No jammer © May 2018
In detail: The platform - Jammer Detected © May 2018
Thank you for your attention,