skip to main content


Title: Launching Smart Selective Jamming Attacks in WirelessHART Networks
As a leading industrial wireless standard, WirelessHART has been widely implemented to build wireless sensor-actuator networks (WSANs) in industrial facilities, such as oil refineries, chemical plants, and factories. For instance, 54,835 WSANs that implement the WirelessHART standard have been deployed globally by Emerson process management, a WirelessHART network supplier, to support process automation. While the existing research to improve industrial WSANs focuses mainly on enhancing network performance, the security aspects have not been given enough attention. We have identified a new threat to WirelessHART networks, namely smart selective jamming attacks, where the attacker first cracks the channel usage, routes, and parameter configuration of the victim network and then jams the transmissions of interest on their specific communication channels in their specific time slots, which makes the attacks energy efficient and hardly detectable. In this paper, we present this severe, stealthy threat by demonstrating the step-by-step attack process on a 50-node network that runs a publicly accessible WirelessHART implementation. Experimental results show that the smart selective jamming attacks significantly reduce the network reliability without triggering network updates.  more » « less
Award ID(s):
1949640 2008049 1657275
NSF-PAR ID:
10284214
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
IEEE INFOCOM 2021 - IEEE Conference on Computer Communications
Page Range / eLocation ID:
1 to 10
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Wireless systems must be resilient to jamming attacks. Existing mitigation methods require knowledge of the jammer’s transmit characteristics. However, this knowledge may be difficult to acquire, especially for smart jammers that attack only specific instants during transmission in order to evade mitigation. We propose a novel method that mitigates attacks by smart jammers on massive multi-user multiple-input multiple-output (MU-MIMO) basestations (BSs). Our approach builds on recent progress in joint channel estimation and data detection (JED) and exploits the fact that a jammer cannot change its subspace within a coherence interval. Our method, called MAED (short for MitigAtion, Estimation, and Detection), uses a novel problem formulation that combines jammer estimation and mitigation, channel estimation, and data detection, instead of separating these tasks. We solve the problem approximately with an efficient iterative algorithm. Our simulation results show that MAED effectively mitigates a wide range of smart jamming attacks without having any a priori knowledge about the attack type. 
    more » « less
  2. Wireless communication systems are susceptible to both unintentional interference and intentional jamming attacks. For mesh and ad-hoc networks, interference affects the network topology and can cause the network to partition, which may completely disrupt the applications or missions that depend on the network. Defensive techniques can be applied to try to prevent such disruptions to the network topology. Most previous research in this area is on improving network resilience by adapting the network topology when a jamming attack occurs. In this paper, we consider making a network more robust to jamming attacks before any such attack has happened. We consider a network in which the positions of most of the radios in the network are not under the control of the network operator, but the network operator can position a few “helper nodes” to add robustness against jamming. For instance, most of the nodes are radios on vehicles participating in a mission, and the helper nodes are mounted on mobile robots or UAVs. We develop techniques to determine where to position the helper nodes to maximize the robustness of the network to certain jamming attacks aimed at disrupting the network topology. Using our recent results for quickly determining how to attack a network, we use the harmony search algorithm to find helper node placements that maximize the number of jammers needed to disrupt the network 
    more » « less
  3. Advances made in Unmanned Aircraft Vehicles (UAVs) have increased rapidly in the last decade resulting in new applications in both civil and military spheres. However, with the growth in the usage of these systems, various cybersecurity challenges arose unveiling the vulnerabilities of UAV wireless networks. Among the attacks that threaten the network's availability and reduce their performance are jamming attacks. Several approaches have been proposed to address this problem; however, most of them are not suitable for UAVs due to their reduced size, weight, and power constraints. In this paper, we propose a lightweight machine learning technique, LightGBM, to detect deceptive jamming attacks on UAV networks. The performance of this model is compared to that of three boosting and bagging-based machine learning models namely, XGBoost, Gradient Boost, and Random Forest. The results show that, although the LightGBM model has slightly lower accuracy (98.4%) than Gradient Boost (99%) and Random Forest (98.87%), it is 21 times faster and occupies two times less memory during the prediction than Gradient Boost and Random Forest. 
    more » « less
  4. Wireless systems must be resilient to jamming attacks. Existing mitigation methods based on multi-antenna processing require knowledge of the jammer's transmit characteristics that may be difficult to acquire, especially for smart jammers that evade mitigation by transmitting only at specific instants. We propose a novel method to mitigate smart jamming attacks on the massive multi-user multiple-input multiple-output (MU-MIMO) uplink which does not require the jammer to be active at any specific instant. By formulating an optimization problem that unifies jammer estimation and mitigation, channel estimation, and data detection, we exploit that a jammer cannot change its subspace within a coherence interval. Theoretical results for our problem formulation show that its solution is guaranteed to recover the users' data symbols under certain conditions. We develop two efficient iterative algorithms for approximately solving the proposed problem formulation: MAED, a parameter-free algorithm which uses forward-backward splitting with a box symbol prior, and SO-MAED, which replaces the prior of MAED with soft-output symbol estimates that exploit the discrete transmit constellation and which uses deep unfolding to optimize algorithm parameters. We use simulations to demonstrate that the proposed algorithms effectively mitigate a wide range of smart jammers without a priori knowledge about the attack type. 
    more » « less
  5. Mission-critical wireless networks are being upgraded to 4G long-term evolution (LTE). As opposed to capacity, these networks require very high reliability and security as well as easy deployment and operation in the field. Wireless communication systems have been vulnerable to jamming, spoofing and other radio frequency attacks since the early days of analog systems. Although wireless systems have evolved, important security and reliability concerns still exist. This paper presents our methodology and results for testing 4G LTE operating in harsh signaling environments. We use software-defined radio technology and open-source software to develop a fully configurable protocol-aware interference waveform. We define several test cases that target the entire LTE signal or part of it to evaluate the performance of a mission-critical production LTE system. Our experimental results show that synchronization signal interference in LTE causes significant throughput degradation at low interference power. By dynamically evaluating the performance measurement counters, the k-nearest neighbor classification method can detect the specific RF signaling attack to aid in effective mitigation. 
    more » « less