Interleaving Jamming in Wi-Fi Networks

Triet D. Vo-Huu, Tien D. Vo-Huu, Guevara Noubir

The increasing importance of Wi-Fi in today’s wireless communication systems, both as a result of Wi-Fi offloading and its integration in IoT devices, makes it an ideal target for malicious attacks. In this paper, we investigate the structure of the combined interleaver/convolutional coding scheme of IEEE 802.11a/g/n. The analysis of the first and second-round permutations of the interleaver, allows us to design deterministic jamming patterns across subcarriers that when de-interleaved results in an interference burst. We show that a short burst across carefully selected sub-carriers exceeds the error correction capability of Wi-Fi. We implemented this attack as a reactive interleaving jammer on the firmware of the low-cost HackRF SDR. Our experimental evaluation shows that this attack can completely block the Wi-Fi transmissions with jamming power less than 1% of the communication (measured at the receiver) and block 95% of the packets with less than 0.1% energy. Furthermore, it is at least 5 dB and up to 15 dB more power-efficient than jamming attacks that are unaware of the Wi-Fi interleaving structure.

Review:
This paper proposes and implements a reactive jamming attack against popular wireless systems such as Wi-Fi, which employ OFDM communications at the physical layer. The attack specifically targets the interleaving/convolutional coding function to reduce the energy necessary for denying wireless transmissions and also minimize the adversary’s presence on the wireless channel. The proposed jamming technique takes advantage of the publicly known interleaver structure to “surgically” insert shorts bursts of energy across subcarriers such that errors appear in long bursts after de-interleaving. These long bursts overwhelm the error correction capability of the decoder. In testbed experiments on low-cost SDRs and commercial Wi-Fi cards, interleaver jamming was shown to completely block Wi-Fi transmissions with less than 1% of average jamming power relative to the received signal power at the targeted receiver.

The reviewers appreciated the thoroughness in the treatise of the problem. The authors presented a detailed analysis of the interleaver/convolutional encoder structure in OFDM systems and justified the design of their attack. Moreover, the attack extended beyond previous theoretical approaches that focused on the temporal aspect of interleaving and exploited interleaving both in frequency and time. The extensive testbed experimentation on an SDR platform and on commercial Wi-Fi cards was highly valued. The reviewers agreed that the experimental results clearly demonstrate the performance advantages of the proposed jamming method. Some concerns were raised about the omission of secondary costs related to launching intelligent attacks such as the cost of acquiring frame synchronization. Moreover, the reviewers pointed out that the power advantage over random jamming could be diminished if cryptographic interleaving is applied. Overall, the PC was confident that jamming designed to target the interleaving function has a detrimental impact in OFDM communications.