More Like this

1. WINK: Wireless Inference of Numerical Keystrokes via Zero-Training Spatiotemporal Analysis

   https://doi.org/10.1145/3548606.3559339  

   Yang, Edwin; He, Qiuye; Fang, Song (November 2022, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22))

   Sensitive numbers play an unparalleled role in identification and authentication. Recent research has revealed plenty of side-channel attacks to infer keystrokes, which require either a training phase or a dictionary to build the relationship between an observed signal disturbance and a keystroke. However, training-based methods are unpractical as the training data about the victim are hard to obtain, while dictionary-based methods cannot infer numbers, which are not combined according to linguistic rules like letters are. We observe that typing a number creates not only a number of observed disturbances in space (each corresponding to a digit), but also a sequence of periods between each disturbance. Based upon existing work that utilizes inter-keystroke timing to infer keystrokes, we build a novel technique called WINK that combines the spatial and time domain information into a spatiotemporal feature of keystroke-disturbed wireless signals. With this spatiotemporal feature, WINK can infer typed numbers without the aid of any training. Experimental results on top of software-defined radio platforms show that WINK can vastly reduce the guesses required for breaking certain 6-digit PINs from 1 million to as low as 16, and can infer over 52% of user-chosen 6-digit PINs with less than 100 attempts. 

   more » « less
2. Mitigating Smart Jammers in MU-MIMO via Joint Channel Estimation and Data Detection

   https://doi.org/10.1109/ICC45855.2022.9838542  

   Marti, Gian; Studer, Christoph (May 2022, IEEE International Conference on Communications)

   Wireless systems must be resilient to jamming attacks. Existing mitigation methods require knowledge of the jammer’s transmit characteristics. However, this knowledge may be difficult to acquire, especially for smart jammers that attack only specific instants during transmission in order to evade mitigation. We propose a novel method that mitigates attacks by smart jammers on massive multi-user multiple-input multiple-output (MU-MIMO) basestations (BSs). Our approach builds on recent progress in joint channel estimation and data detection (JED) and exploits the fact that a jammer cannot change its subspace within a coherence interval. Our method, called MAED (short for MitigAtion, Estimation, and Detection), uses a novel problem formulation that combines jammer estimation and mitigation, channel estimation, and data detection, instead of separating these tasks. We solve the problem approximately with an efficient iterative algorithm. Our simulation results show that MAED effectively mitigates a wide range of smart jamming attacks without having any a priori knowledge about the attack type. 

   more » « less
3. Positioning Helper Nodes to Improve Robustness of Wireless Mesh Networks to Jamming Attacks

   Feng, Jixin; Dixon, Warren E.; Shea, John M. (January 2017, IEEE Global Communications Conference)

   Wireless communication systems are susceptible to both unintentional interference and intentional jamming attacks. For mesh and ad-hoc networks, interference affects the network topology and can cause the network to partition, which may completely disrupt the applications or missions that depend on the network. Defensive techniques can be applied to try to prevent such disruptions to the network topology. Most previous research in this area is on improving network resilience by adapting the network topology when a jamming attack occurs. In this paper, we consider making a network more robust to jamming attacks before any such attack has happened. We consider a network in which the positions of most of the radios in the network are not under the control of the network operator, but the network operator can position a few “helper nodes” to add robustness against jamming. For instance, most of the nodes are radios on vehicles participating in a mission, and the helper nodes are mounted on mobile robots or UAVs. We develop techniques to determine where to position the helper nodes to maximize the robustness of the network to certain jamming attacks aimed at disrupting the network topology. Using our recent results for quickly determining how to attack a network, we use the harmony search algorithm to find helper node placements that maximize the number of jammers needed to disrupt the network 

   more » « less
4. DISCO Might Not Be Funky: Random Intelligent Reflective Surface Configurations That Attack

   https://doi.org/10.1109/MWC.014.2300470  

   Huang, Huan; Dai, Lipeng; Zhang, Hongliang; Zhang, Chongfu; Tian, Zhongxing; Cai, Yi; Swindlehurst, A Lee; Han, Zhu (October 2024, IEEE Wireless Communications)

   Emerging intelligent reflective surfaces (IRSs) significantly improve system performance, but also pose a significant risk for physical layer security (PLS). Unlike the extensive research on legitimate IRS-enhanced communications, in this article we present an adversarial I RS-based, fully-passive jammer (FPJ). We describe typical application scenarios for disco IRS (DIRS)-based FPJ, where an illegitimate IRS with random, time-varying reflection properties acts like a “disco ball” to randomly change the propagation environment. We introduce the principles of DIRS-based FPJ and overview existing investigations of the technology, including a design example employing one-bit phase shifters. The DIRS-based FPJ can be implemented without either jamming power or channel state information (CSI) for the legitimate users (LUs). It does not suffer from the energy constraints of traditional active jammers, nor does it require any knowledge of the LU channels. In addition to the proposed jamming attack, we also propose an anti-jamming strategy that requires only statistical rather than instantaneous CSI. Furthermore, we present a data frame structure that enables the legitimate access point (AP) to estimate the DIRS-jammed channels' statistical characteristics in the presence of the DIRS jamming. Typical cases are discussed to show the impact of the DIRS-based FPJ and the feasibility of the anti-jamming precoder (AJP). Moreover, we outline future research directions and challenges for the DIRS-based FPJ and its anti-jamming precoding to stimulate this line of research and pave the way for practical applications. 

   more » « less
5. Beyond-Diagonal RIS Attacks on Physical Layer Key Generation

   https://doi.org/10.1109/SPAWC60668.2024.10694006  

   Wang, Haoyu; Nossek, Josef; Swindlehurst, A Lee (September 2024, IEEE)

   While reconfigurable intelligent surface (RIS) technology shows great promise for wireless communication, an adversary using such technology can threaten wireless performance. This paper explores an RIS-based attack on time-division duplex (TDD) based wireless systems that use channel reciprocity for physical layer key generation (PLKG). We demonstrate that deploying a non-reciprocal RIS with a non-symmetric "beyond diagonal" (BD) phase shift matrix can compromise channel reciprocity and thus break key consistency. The attack can be achieved without transmission of signal energy, channel state information (CSI), and synchronization with the legitimate system, and thus it is difficult to detect and counteract. We propose a physically consistent BD-RIS model and verify the impact of its attack on the secret key rate (SKR) of the legitimate system via simulations. Moreover, we provide a heuristic approach for optimizing the BD-RIS configuration to realize a more severe attack in cases where some partial knowledge of the channel state information is available. Our results demonstrate that such channel reciprocity attacks can significantly decrease the SKR of the legitimate system. 

   more » « less