Investigation of Signal and Message Manipulations

on the Wireless Channel

Christina P opper, Nils Ole Tippenhauer, Boris Danev, and Srdjan Capkun
Department of Computer Science, ETH Zurich, Switzerland
{poepperc,tinils,bdanev,capkuns}@inf.ethz.ch
Abstract. We explore the suitability of Dolev-Yao-based attacker models for the
security analysis of wireless communication. The Dolev-Yao model is commonly
used for wireline and wireless networks. It is dened on abstract messages ex-
changed between entities and includes arbitrary, real-time modication of mes-
sages by the attacker. In this work, we aim at understanding and evaluating the
conditions under which these real-time, covert low-energy signal modications
can be successful. In particular, we focus on the following signal and message
manipulation techniques: symbol ipping and signal annihilation. We analyze
these techniques theoretically, by simulations, and experiments and show their
feasibility for particular wireless channels and scenarios.
Keywords: Wireless Security, Adversarial Interference, Signal Manipulation
1 Introduction
In wireless radio communications, message transmissions from a sender to one or sev-
eral receivers take place over the wireless channel. Given that this channel is an open
and shared medium, the communication is inherently exposed to threats related to
eavesdropping and intentional interference. The security analysis of wireless systems
usually evaluates these intrinsic threats with respect to specic application and system
properties (e.g., mobility, device complexity). As a result, a range of attacker models
and corresponding assumptions arise in practical evaluations.
Certain attacker models only consider passive (eavesdropping) attacks [10,36]. Oth-
ers are restricted to denial-of-service (DoS) jamming attacks in which the receiver is
precluded from retrieving and decoding the signal transmitted by the sender, e. g., in
military [19, 20] and increasingly in civilian [14, 35, 38] contexts. In stronger attacker
models, the attacker does not only have the ability to jam (i. e., block) the original trans-
mission, but she can also insert her own self-composed or replayed signals (insertion/
pollution attack) [1, 26, 28, 32]. The attacker usually achieves this by either transmitting
a signal with signicantly more power, which overshadows the original transmission
(this was, e. g., reported for GPS signals in [32] and for wireless access points in [26])
or by blocking the legitimate signal by jamming and then inserting her own signal at an-
other time or on another frequency channel (e. g., demonstrated for WLAN in [28]). In
both cases, in a successful attack, the receivers get deceived into receiving the inserted
signal of the attacker instead of the original signal.
The strongest attacker models (e. g., in [11, 16, 24, 25]) adhere to a Dolev-Yao [5]
model, in which the attacker has the capability to eavesdrop, modify, compose, and
(re)play any messages transmitted and received by authorized devices. In this model, in
addition to eavesdropping and insertion, the attacker can fully [24] or partially [11, 16,
25] modify and annihilate signals at the receivers antenna.
Since attacker models are the foundation of the security analysis of any system,
they should be based on a realistic assessment of the system vulnerabilities and at-
tacker capabilities. Weaker attacker models usually underestimate the threats because
they do not consider the full set of techniques that may be available to a determined
attacker. For example, any jamming detection based on the energy observed on the
channel could be circumvented if the attacker is using low-energy signals that corrupt
only the message preamble; many standard receivers would not be able to decode the
message, although the data part of the message would remain unchanged. On the other
hand, the strongest attacker models are often not motivated by practical considerations.
For example, Dolev-Yao based models will allow the attacker to transfer information to
remote locations instantaneously while this is not realistic [22]. Although designing a
system with an overestimation of the attacker capabilities does not harm the security of
the system, it may complicate the proposed solutions and create unnecessary overhead
on the communication or make the hardware setup more costly.
To investigate the suitability of different attacker models for wireless communica-
tion, in this work we explore the basic techniques for wireless signal (message) ma-
nipulations and investigate their assumptions and practical realization. We rst catego-
rize physical-layer techniques available to strong attackers and show how they affect
the received message at the logical layer. We then focus on techniques that allow the
attacker to achieve covert, low-energy manipulations during the signal transmission.
More specically, we investigate symbol ipping attacks, by which the attacker can
change symbols of the transmitted message and thus attack the message integrity, and
signal annihilation attacks, by which the attacker suppresses the senders signal at the
receiver.
In short, our main contributions are as follows:
We categorize adversarial interference in wireless transmissions and compare it to
the capabilities of a Dolev-Yao attacker.
We present a theoretical model to describe symbol ipping attacks.
We explore the effectiveness of symbol ipping and signal strength manipulation
(annihilation) attacks in simulations and validate our ndings experimentally using
USRP [6] devices.
The remainder of this paper is organized as follows: In Section 2, we describe re-
lated work and state the problem that we tackle. In Section 3, we dene and classify
adversarial interference in wireless communications and analyze its mapping to the
Dolev-Yao attacker model. We analyze symbol ipping attacks and the conditions for
their success theoretically in Section 4. In Section 5, we evaluate the feasibility of sym-
bol ipping and signal strength manipulation attacks by simulations and experiments.
We discuss implications of our ndings in Section 6 and conclude the paper in Sec-
tion 7.
2 Related Work and Problem Statement
2.1 Related Work on Signal Manipulations
Wireless communication jammers have been widely analyzed and categorized in terms
of their capabilities (e.g., broadband, narrowband, tone) and behavior (e.g., constant,
sweep, random, reactive) [13, 19, 38]. Jammer models used in prior works [13, 31, 38]
cover the interference with transmissions by signal jamming and dummy packet or
preamble insertions. The authors of [25, 30] explicitly consider signal modication,
overshadowing, and symbol ipping in their respective attacker models and propose
solutions that achieve jamming- (and overshadowing-)resistant communication. How-
ever, neither of the mentioned works investigates the feasibility of such attacks.
When signals collide, the stronger one may survive regardless of the kind of signal.
Whitehouse et al. [33] propose a technique for sensor networks to detect and recover
packets from (unintended) collisions taking advantage of the capture effect, whereby
the packet with the stronger signal strength can be received in spite of a collision. [23]
quanties the SINR conditions under which the capture effect can be observed. Another
example is GPS tampering by overriding [3]; the success of the attack is based on the
fact that GPS receivers tune in to the strongest (four) GPS signals available. The authors
of [9] point out that GPS signals can also be subject to spoong and ipping attacks
that succeed with a certain probability. While they do not derive these probabilities, our
ndings in the experimental evaluation are conform to their numbers.
The authors of [1, 21] show that for low-power wireless devices (sensor motes) pre-
dictable and deterministic symbol corruptions (ippings) are hard to achieve by mote-
class attackers. In these papers, the authors describe the effect of intentional interference
with a signal transmission in terms of the predictability of bit and packet corruptions.
Our work is related to this, however, we do not restrict our investigations to customary
sensor mote attackers but explore the underlying principles and conditions under which
message manipulations and signal annihilation can be successful.
2.2 Problem Statement
In this paper, we address the following problem: How can an attacker actively interfere
with ongoing wireless transmissions and which success rates can be achieved? This
question aims at exploring the feasibility of real-time manipulations of signals (mes-
sages) in which the attacker tampers with the signals while they are being transmitted.
In particular, we will practically investigate two types of attacks that may allow the
attacker to (i) modify signals and the data content of messages during their transmission
or (ii) disrupt the communication in a covert, hard-to-detect manner. We briey outline
these two types of attacks:
Symbol ipping targets the data payload or the packet preamble, trying to modify
the packets at the receivers. Flipped symbols in the preamble prevent both the decoding
of the data payload and the detection of the jamming attack on standard devices because
they do not allowthe receiver to detect the beginning of the message header or result in a
misinterpretation of the constellation diagram. Successful preamble corruption does not
require that specic symbols are ipped. Although integrity measures (e. g., checksums
and CRCs) may identify symbol ippings, they will not succeed if the attacker can
deterministically change bits of the CRC to conceal her modications. We note that a
number of wireless protocols do not employ integrity protection measures or do not
enforce them cryptographically (such as WEP 802.11, civilian GPS, or the RFID-M1
communication protocol).
Signal annihilation can be achieved when the attackers signal creates destruc-
tive interference with the senders signal at the receiver (similar to multipath interfer-
ence [29]). In this case, the senders signal gets attenuated and may be annihilated at
the receiver; hence the receiver cannot detect an ongoing transmission. This attack can
be performed without prior knowledge of the message content and is difcult to prevent
without resorting to hardware modications of the transceivers. Signal attenuation and
amplication attacks are also crucial to the security of RSSI-based localization [8].
The investigation of the research question above examines realistic attacker capabil-
ities that are assumed in a number of works on wireless communication without explo-
ration, e. g. in [11, 16, 24, 25]. We therefore see our work as an important building block
for constructing realistic threat models and appropriate countermeasures. This is spe-
cially relevant in view of the recent development of tools that practically interfere with
ongoing transmissions and show the feasibility of real-time reactive radio interference,
such as [34].
3 Classifying Wireless Attacks
Attacker models used in the security analysis of wireless protocols are often dened on
an abstract layer. They usually consider effectssuch as deletion and modication
that an attacker can have on the reception of messages at the receiver. We will explain
such an attacker model in more details in Section 3.1.
In the context of wireless systems, message-based attacker models have been adop-
ted in a number of works, e. g., in [11, 15, 16, 22, 24, 25]. In these works, the attacker
is usually assumed to be able to eavesdrop, insert, modify, replay, delay, or delete any
signal being transmitted on the wireless channel. Since messages are dened on the
abstract, logical level of bits and signals comprise also the physical characteristics of
the transmission, it is not clear that abstract network protocol attacker models can be
applied directly to wireless communications.
In the following, we summarize message-layer effects commonly used in abstract
attacker models and identify signal-layer effects which cause them (Section 3.1). To
model these effects, we dene adversarial interference as attacks in which the attacker
transmits her own signals to the channel and we investigate how this can be captured
in existing physical-layer reception models (Section 3.2). We then formally classify
attacks based on adversarial interference (Section 3.3).
3.1 Signal Manipulations and Effects on Messages
In attacker models such as the Dolev-Yao (DY) model [5], the attackers capabilities
include eavesdropping and the arbitrary modication and deletion of messages trans-
mitted by legitimate entities as well as the composition and insertion of the attackers
Fig. 1. Examples of signal-layer manipulations and their effects on the message layer. Signals
can, e. g., be annihilated or jammed, their signal strength can be modied, and their amplitude,
phase or frequency can be changed to inuence their demodulation. Message-layer effects can in
general be caused by multiple signal-layer effects. Signal-layer effects in bold will be investigated
in Section 4.
own messages at the receivers. In the following, we list the effects that a DY-like at-
tacker is assumed to be capable of achieving at the victims receiver and give examples
of how a wireless attacker can cause these effects on the signal layer (see Figure 1).
Message Eavesdropping: The attacker can observe all messages sent to one or
more receivers. In a wireless network, on the signal layer, an attacker can observe the
channel and record all signals with own antennas. The interpretation of the received
signals as messages may require secrets such as the used spreading codes, which might
not be available to the attacker. In some scenarios, the attacker can be restricted in the
number of channels that she can simultaneously monitor [4, 25, 37].
Message Insertion and Replay: The attacker acts like a legitimate member of the
network, and as such she can insert messages or replay previously received messages.
In wireless networks, this is a reasonable assumption on both the message and signal
layer because the attacker can construct own messages and transmit the corresponding
signals and she can also replay previously received signals and messages. Restrictions
on this can exist, e. g., in spread spectrum communication using secret sequences shared
between the sender and receivers [19].
Message Deletion: The attacker is in control of the network and can prevent the
reception of messages. To achieve this effect on a wireless channel, several methods
can be used on the signal layer. These methods include jamming of complete messages
using higher energy noise signals as well as jamming only the message preamble to hide
it from the receiver. A more covert attack is to annihilate the signal by sending inverse
signals to the receiver. While these methods all have the same effect on the message
layer, i. e., the deletion of the message, in each method the receiver will capture different
signals on the (physical) signal layer.
Message Modication: The attacker can modify the messages obtained by the re-
ceivers. To modify wireless messages, the attacker can either change the signals during
their transmission by adding own signalsthus inuencing the demodulation of single
symbols (symbol ipping)or prevent the receiver from obtaining the original message
(message deletion) and then insert a modied version of the message.
Signal-layer manipulations such as attenuation and amplication are not directly
reected in abstract attacker models. If the signal amplitude of the message is increased
or decreased (within a certain threshold), the data content on the message layer will
remain unchanged with most modulation schemes. However, the amplitude change can
be relevant for a number of wireless protocols, e. g., RSSI-based localization [8] for
which signal strength amplication and attenuation constitute an attack.
3.2 Model of Adversarial Interference
In this section, we present a model to describe the possible effects that signal-layer
manipulations can have on the message layer.
We start with a brief system description and introduction of the notation used. We
consider a sender A and a particular receiver B that are able to communicate over
a wireless radio link. Wireless transmissions are characterized by the messages (data)
being transmitted and the physical signals used to transmit the data. The physical signals
are determined by the used modulation scheme, power levels, etc. Let s(t) be the signal
transmitted by A; s(t) is the result of the encoding process at A that packages, error-
encodes, and modulates a data sequence S
A
. Let s(t) be the signal that B receives under
unintentional interference (including noise and signal attenuation). In order to receive
the message, B applies a function d() to demodulate s(t); it outputs the demodulated
symbol sequence S. If B does not detect the message on the channel
1
, the demodulation
results in the empty symbol sequence .
Let j(t) be the signal transmitted by an attacker J and

j(t) be the corresponding
signal received at B. The demodulation of

j(t) at B results in d(

j(t)) = S
J
. We now
dene adversarial interference as follows:
Denition 1. Let o(t) be the superposition of two signals s(t) and

j(t) at B. Let S
A
=
d( s(t)), S
A
,= . Let S
B
= d( o(t)) at B. The transmission of j(t) is an interference
attack if S
B
,= S
A
or if P
o
(t) ,= P
s
(t), where P
o
(t) and P
s
(t) are power metrics for
o(t) and s(t).
This denition implies that, in a successful interference attack, the attacker changes
the message symbols and/or the signal power of the original signal s(t). We note that
s(t) and

j(t) must overlap in time and frequency band at B for the attack to succeed.
The dened signal-layer manipulations can be integrated in existing physical recep-
tion models for wireless communications, see Appendix A. This integration supports
and facilitates the identication of different types of attacks.
3.3 Classication
Given the considerations above, we can identify the following types of attacks based on
adversarial interference. We also map them to message-layer effects, see Figure 1. We
use the notation as introduced in Denition 1.
1
The detection of a signal may, e.g., not be triggered if the signals power lies below a threshold
or if its preamble does not match the used protocol.
Symbol ipping: One or more symbols of S
A
are ipped. o(t) gets demodulated
into a valid sequence S
B
, S
B
,= S
A
and S
B
,= S
J
. P
o
(t) P
s
(t) for the message
duration.
Amplication:

j(t) amplies s(t) at B. S
B
= S
A
. P
o
(t) > P
s
(t) for the entire
signal o(t).
Attenuation:

j(t) attenuates s(t) at B. S
B
= S
A
. P
o(t)
< P
s(t)
for the entire
signal o(t).
Annihilation: o(t) falls below the noise level. s(t) is removed at B by a (suf-
ciently close) inverse jamming signal

j(t) s
1
(t). S
B
= . P
o
(t) P
s
(t) for
the entire signal o(t).
Overshadowing: s(t) appears as noise in the much stronger signal

j(t). S
B
= S
J
.
P
o
(t) P
s
(t) for the entire signal o(t).
Noise jamming:

j(t) is noise to prevent B from detecting the message, thus block-
ing its reception. S
B
= . P
o
(t) P
s
(t) for the entire signal o(t).
Amplication, attenuation, and annihilation can be denoted as signal strength mod-
ication attacks. From the attackers point of view, a similar action is performed in all
attack cases listed above, namely the transmission of a signal j(t). What differs are the
type and strength of j(t) and its dependency on s(t): While j(t) is independent of s(t)
in overshadowing and noise jamming attacks, the attacker uses s(t) to construct j(t)
in signal strength modication attacks and both s(t) and o(t) in symbol modication
attacks, where o(t) is the signal that the attacker wants B to receive.
We note that, according to Denition 1, attacks in which the attacker jams the orig-
inal signal and inserts an adversarial signal with a shift in time or frequency band (e.g.,
exploiting the channel structure of WLAN 802.11 signals by transmitting on separate
frequencies [28]) are a combination of adversarial interference and a parallel inser-
tion/pollution attack [12, 25].
4 Theoretical Analysis of Symbol Flipping
In this section, we focus on symbol modication attacks and present our model of sym-
bol ipping. We restrict our considerations to single carrier modulations and reason
about ipping on the level of symbols. We distinguish symbol ipping attacks accord-
ing to the attackers goal. S
A
, S
B
, and j(t) are as in Denition 1.
Denition 2. A deterministic symbol ipping attack has the goal to make B demodu-
late S
B
= S
T
, where the symbol sequence S
T
,= S
A
has been dened by the attacker
before the transmission of j(t). A random symbol ipping attack targets at modifying
any symbol(s) of S
A
such that S
B
,= S
A
.
In the following, we denote the symbols of the sequence S
A
also as target symbols.
Deterministic symbol ipping requires a-priori knowledge about the target symbols,
i.e., about the parts of a message that are to be ipped. We next investigate how to
achieve successful symbol ipping.
The way multiple signals get superimposed depends on their modulations (including
signal power, phase shifts, etc.). We consider linear digital modulation schemes such
as 2-PAM, 4-QAM (QPSK), and 16-QAM, which divide the constellation space into
(a) (b)
1 ip
1 ip no ips
2 ips
(c)
Fig. 2. (a) Effect of imperfect baseband alignment of the ipping symbol w.r.t. the target QPSK
symbol. Given a delay Ts, the fraction of the energy will be added to the next symbol. (b)
Effect of the relative carrier phase offset between the target and the ipping signals. The phase
offset rotates the energy contribution of the ipping signal. As all ipping symbols have the same
carrier phase offset, all energy contributions get rotated. (c) Depending on the signal energy and
rotation, different constellation regions can be reached by symbol ipping.
decision regions with varying sizes and shapes. For QPSK (see Figure 2a), the decision
regions are separated by the axes of the IQ-plane. Given a modulation scheme and
the received signal vector s, the decision element in the receivers decoder outputs the
constellation point with the minimum Euclidean distance (ML detection) [20]. Moving
a signal vector s in the constellation implies a change in signal power (distance from
the origin of the constellation diagram) and/or a changed angular phase of the signal.
For QPSK, we dene two ways of ipping a symbol (this will later matter for our
simulations):
Denition 3. For QPSK, a short transition denotes the shift of a symbol vector into an
adjacent constellation region (ideally parallel to the I- or Q-axis). A long transition
denotes a diagonal shift into the opposite constellation region.
In Gray-encoded constellations, a short transition changes one bit of a symbol and
a long transition both bits of the symbol. Such transitions can be caused by adding a
QPSK symbol with modied carrier phase alignment and enough power. If this symbol
temporally overlaps with one or more target symbols, we call it ipping symbol.
In practice, three factors inuence the result of a symbol ipping attack: (i) the
baseband alignment of the senders and attackers symbols, (ii) the relative carrier phase
offset of the attackers signal, and (iii) the energy of the attackers symbol.
(i) The baseband alignment of the ipping symbols determines the amount of en-
ergy that will not be contributed to the target but to the neighboring symbols in the
message. Here, we assume a sequence of ipping symbols that are all delayed by the
same time T
s
, where T
s
is the symbol duration. Then, a fraction of the energy will
inuence the decoding of the following symbol. Figure 2a visualizes the effect of the
baseband symbol alignment and shows the effect on the next target symbol: the mis-
aligned ipping symbol, represented by the vector (2,0), will affect the current symbol
(1,1) with 1 and the following symbol with . A similar effect may occur to the
current symbol due the prior ipping symbol. We will analyze the required baseband
alignment by simulations and experiments in Section 5.
(ii) In addition to the effect of the baseband alignment, the relative carrier phase
offset of the ipping signal with respect to the target signal will rotate the energy
0
0.2
0.4
0.6
0.8
1
0.5 1 1.5 2 2.5 3
P
r
o
b
a
b
i
l
i
t
y

o
f

n

f
l
i
p
s

p
e
r

s
y
m
b
o
l
Relative energy of flipping signal
# flips n >= 1
# flips n = 1
# flips n = 2
Fig. 3. Analytical probability of success-
ful symbol ipping for random carrier
phase alignment and perfect baseband
alignment, depending on the relative sig-
nal energy.
contribution of the signal. As all ipping sym-
bols have the same carrier phase offset, all en-
ergy contributions get rotated in the same way,
see Figure 2b.
(iii) For short transitions, the minimum re-
quired signal energy (for exact carrier phase
and baseband alignment) is a factor 1/

2 of
the energy of the target signal; for long tran-
sitions, at least as much energy as in the tar-
get signal is required. Figure 2c gives an ex-
ample of a short transition (one bit changed)
and a long transition (two bits changed). Based
on our model, we can predict the probability
of successful symbol ipping for a random car-
rier phase offset. Figure 3 displays the analyti-
cal ipping probabilities depending on the rel-
ative signal energy, derived using trigonometri-
cal functions.
5 Simulation and Experimental Evaluation
In this section, we explore the conditions for successful symbol ipping and signal an-
nihilation (as dened in Section 3.3) under an attacker as presented in Section 5.1. We
verify our theoretical symbol ipping model of Section 4 by simulations in Matlab [27]
in Section 5.2. The main results are then validated using signals captured from recorded
wireless communications in Section 5.3. We also explore signal annihilation and atten-
uation by experiments with wireless devices in Section 5.4.
5.1 Simulation Setup and Attacker Model
Simulation setup. For our simulation and experimental evaluation of symbol ipping
and annihilation, we focus on QPSK modulation due to its widespread use (e.g., in
802.11 and Bluetooth 3.0). We implemented an 802.11 digital QPSK modem with an
AWGN channel. The matched lter g(t) was implemented by a root raised cosine lter.
The carrier frequency was xed to f
c
= 2.4 GHz with
1
(t) = cos(2f
c
t) and
2
(t) =
sin(2f
c
t) for the I and Q channels, respectively. Figure 7 in Appendix B displays
the simulation setup.
Our simulations are based on 1000 random QPSK symbols that we use to create the
ipping symbols. For long transitions, we invert each symbol and double its amplitude;
for short transitions we combine the inverted symbol with its complex-conjugate. We
use the following notations: The original (target) symbol is denoted by T , the short
transition ipping symbol by o, and the long transition ipping symbol by L. is a
ipping symbol with random carrier phase offset and same power as L.
Attacker model. In our simulations, we focus on two attacker types: (a) a strong
attacker with perfect carrier phase alignment, able to predict which symbols are going
to be sent, and therefore using perfect ipping signals; (b) a weak attacker without
carrier phase alignment and therefore random ipping signals. The goal of the strong
attacker is to perform a deterministic symbol ipping attack, while the weak attacker
tries to perform a random symbol ipping attack (see Denition 2). In order to achieve
their goals, the attackers follow these strategies:
The strong attacker uses a short transition ipping signal o to ip a specic bit of
a target symbol. To ip both bits of the symbol, she uses a (more powerful) long
transition ipping signal L. In both cases, the ipping signals have perfect carrier
phase alignment with the target signal.
The weak attacker uses ipping symbols with the same power as L but with
random carrier phase (rotating the signal vector in the IQ-plane) with respect to
the target signal.
We note that a short transition by a strong attacker is successful only if the intended bit
was ipped, while for a weak attacker the ipping of any of the two bits (or both bits)
of the symbol are considered a success.
5.2 Simulated Modication of Modulated Signals
Following our model from Section 4, we will now predict the effects of varying power,
carrier phase offset, and baseband offset of the ipping signal. Finally, we will predict
their impact on annihilation attacks.
Power of the Flipping Signal. According to our model, the power of the ipping
signal needs to be greater than a fraction 1/

2 of the target signal. Flipping in this case

is only successful if the ipping signal has the optimal phase (e.g., shifts the symbol
(1,1) into the direction of (1,-1)). For random phases, the power of the ipping signal
must be higher.
Figure 4a displays the inuence of the relative power of the ipping signal on the
probability to ip QPSK symbols (for random carrier phases of the ipping signal and
perfect baseband symbol alignment). The plot shows the probability of a random sym-
bol ip for a weak attacker and a deterministic ip for a strong attacker, for an SNR
level of 20 dB. The weak attacker has no carrier phase synchronization and thus no
control over the angle of the ipping signal. The strong attacker uses a ipping signal
with perfect phase synchronization.
The simulation conrms that, for a low noise level (high SNR), the power P
S
of
a short transition symbol must satisfy P
S

P
T

2
, where P
T
is the power of the target
symbol, in order to change a single bit of the symbol. The weak attackers probability
to ip a single bit converges towards 50 % for P
R
P
T
and her chance to ip both
bits of a symbol towards 25 % for P
R
(not shown in Figure 4a).
Carrier Phase Offset for Symbol Flipping. The carrier phase offset between the
target signals and the ipping signals at the receiver is hard to control for the attacker.
This is the main reason why symbol modication attacks are difcult to conduct even
with perfect advance knowledge of the data to be sent. The effect of a constant carrier
phase offset under noise is displayed in Figure 4b for P
R
= P
L
= 2P
T
, P
S
=

2P
T
,
and 20 dB SNR.
Relative power of added symbol
Baseband offset of added symbol (in T )
Carrier phase offset of added symbol in
SNR (dB)
C
h
a
n
c
e

t
o

f
l
i
p

s
y
m
b
o
l
C
h
a
n
c
e

t
o

f
l
i
p

s
y
m
b
o
l
C
h
a
n
c
e

t
o

f
l
i
p

s
y
m
b
o
l
C
h
a
n
c
e

t
o

f
l
i
p

s
y
m
b
o
l
carrier offset=0.05
,short transition ,long transition ,long transition ,short transition
(a) (b)
(c) (d)
s
Fig. 4. Inuence of the ipping symbol on the probability to change a QPSK symbol using a
random-phase ipping symbol R (weak attacker) or a perfect short/long ipping symbol (S/L)
(strong attacker). (a) Inuence of the relative power of the ipping symbol. (b) Inuence of the
carrier phase offset of the ipping signal. (c) Inuence of the baseband offset (relative to the
symbol duration Ts) of the ipping symbol. (d) Inuence of the SNR for a xed carrier phase
offset of 0.05.
Simulations without noise show that a strong attacker must hit the carrier phase
within about 13.5 % of the carrier phase duration to ip both bits of the target sym-
bol (long transition). Short transitions for the strong attacker require less carrier phase
precision, the tolerance is 25 %. The carrier phase offset has no impact for a weak at-
tacker because she uses ipping signals with random phase; the carrier phase offset
does therefore not inuence her probability to ip bits.
If the attacker does not synchronize correctly to the senders carrier frequency, this
will make it almost impossible for her to predict the optimal carrier phase alignment
for the ipping symbols. However, the attacker must synchronize the carrier frequency
of her ipping signals only once to a target transmission, which will then result in the
same carrier phase offset for all ipping signals with respect to the target transmission.
Baseband Offset for Symbol Flipping. A weak attacker might have problems
aligning the ipping symbols correctly to the target symbols. This has the effect that
the energy of the ipping symbol will not only contribute to the target symbol but also
inuence neighboring symbols (see Section 4). We evaluated the impact of this base-
band offset by simulations, see Figure 4c. We set P
R
= P
L
= 2P
T
and P
S
=

2P
T
as
before for the power of the ipping signals and 20 dB SNR. The simulation results show
that the probability for a weak attacker to ip a bit degrades smoothly. In Figure 4c, her
Offset in carrier periods, simulated
A
t
t
e
n
u
a
t
i
o
n

i
n

d
B
30
20
10
0
-10
0 2 4 6 8 10 12
(a)
Offset in carrier periods, recorded
A
t
t
e
n
u
a
t
i
o
n

i
n

d
B
30
20
10
0
-10
0 2 4 6 8 10 12
(b)
samples (@40GS/s)
A
m
p
l
i
t
u
d
e
1 2 3 4
x10
5
0.1
0.2
-0.2
-0.1
0
Original signal
Attenuated signal
(c)
Fig. 5. Signal annihilation attack. Figures (a) and (b) depict the signal attenuation obtained by
adding the same signal delayed with different carrier offsets. (a) shows the results using signals
simulated in Matlab (with an SNR of 30 dB), (b) uses recorded signals (measured SNR of around
30 dB). (c) shows the practical signal attenuation obtained using our experimental carrier.
probability does not converge to zero for a baseband misalignment of one symbol du-
ration (T
s
) because the following symbol is ipped (which is a success for the weak
attacker). The strong attacker has a probability of 1 to ip both bits of a symbol if the
baseband offset is smaller than 50 % (with sufciently high SNR).
Similarly to the carrier frequency offset, an offset in the baseband symbol rate be-
tween the attacker and the sender will lead to changing baseband offsets for a sequence
of ipping symbols, which will not inuence the weak attacker but make deterministic
attacks for the strong attacker almost impossible.
Inuence of the SNR. We next investigate the inuence of the Signal-to-Noise-
Ratio on the attackers probability to perform successful symbol ipping. Intuitively,
the higher the SNR at the receiver, the better a strong attacker can predict the effects
of the ipping attack. To demonstrate the effect of the SNR on the attackers success
probability, we ran a simulation with P
R
= P
L
= 2P
T
, P
S
=

2P
T
, carrier phase
offset 0.05, and perfect baseband alignment. The results in Figure 4d show that the
SNR does not inuence the weak attacker, but lower SNR values require the strong
attacker to have a more accurate carrier phase synchronization to ip the target.
Simulation of Signal Strength Modication. We now investigate signal annihi-
lation attacks (cp. Section 3.3). For this purpose, we use the legitimate signal of the
sender to attenuate the senders signal at the receiver by destructive interference, simi-
lar to worst-case effects in multipath environments. The attackers goal is to attenuate
the overall power of the signal so that it is not detected at the receiver (instead of chang-
ing the message content). Since this attack repeats the signals transmitted by the sender,
it is agnostic to the actual data content of the message; the attacker does not need to
know it in advance. The repeated signal will also have the same carrier frequency as the
original signal, eliminating this possible source of randomness for the attacker. To fully
annihilate the original signal, the attackers signal needs to have the same power as the
senders signal at the receiver.
Figure 5a shows the simulated signal attenuation at the receiver for variable de-
lays between the transmitted (original) and the repeated (adversarial) signal using the
simulation setup in Section 5.1 with an SNR of 30 dB. The highest attenuation of ap-
proximately 28 dB is achieved only when shifting by a delay of and high attenuation
is reached every 2 of the carrier delay. This high attenuation slightly decreases for
higher offsets in carrier periods due to the resulting larger time offset between the two
signals. We refer to this attack as a -shift-attack. We note that the original signal can
also be amplied instead of attenuated. This would occur when shifting by a delay of
2 and multiples of it. The original signal could be amplied by up to 6 dB.
Given that the -shift-attack does not require demodulation or complex logic at
the attacker, it can be implemented using only directional antennas and possibly an
amplier. In Section 5.4, we present a practical implementation of this attack and show
that high attenuation is also possible in practice.
5.3 Simulated Modication of Recorded Signals
We continue our evaluation with signals transmitted over the air and recorded by an
oscilloscope. This allows us to validate the simulation results of symbol ipping and
signal attenuation (Section 5.2) with a non-ideal transceiver and lossy communication
channel. In our experiment, we combine our digital QPSK modem with the capabilities
of a universal software radio peripheral (USRP [6]). We use fully modulated messages
in a frame that closely resembles the 802.11b frame specication [2] with a preamble for
carrier frequency offset estimation and synchronization [17]. Figure 8 in Appendix C
displays our setup for the experimental investigations in Sections 5.3-5.4.
Symbol Flipping of Recorded Signals. Our main goal of this experiment is to val-
idate our predicted probabilities for an attacker using optimal o/L ipping symbols to
reach her goal with random carrier phase synchronization. In addition, we are interested
in the chance of a weak attacker ipping any (neighboring) bits. We simulated the ad-
dition of the recorded ipping symbol with varying baseband offsets of 0, 0.25T
s
, and
0.5T
s
and averaged carrier phase offsets between 0 and 2. The power of the ipping
symbols is P
R
= P
L
= 2P
T
, P
S
=

2P
T
as in the previous simulations.
Table 1. Probability of modications of the
target (T) and neighboring (N) symbols in
simulated vs. recorded signals for random
carrier phase offset (%).
Baseband Offset
0 0.25 T
s
0.5 T
s
Sim T N T N T N
, short 25 0 25 0 0 0
, long 13.5 0 9.3 0 0 49.96
, any 63.5 59.3 74.82
Recorded T N T N T N
, short 24.3 0 25.0 0 21.5 9.7
, long 11.1 0 11.1 0 2.8 27.8
, any 58.3 58.3 70.8
Table 1 compares the chances for suc-
cessful attacks on the target symbol (T) and
(unwanted) ipping of neighboring symbols
(N) between the results of simulation with-
out noise (Sim) and the ndings based on
our recorded signals (Recorded). We observe
that the predicted probabilities for long and
short transitions closely follow the probabil-
ities computed from the recorded signals for
baseband offsets of 0 and 0.25T
s
. The inu-
ence on the target and neighboring symbols
only differ for an offset of 0.5T
s
. This is most
likely due to the fact that the probabilities to
symbol ipping at 0.5T
s
occupy a transition
region (Figure 4c) and thus can take differ-
ent values in the presence of noise. Never-
theless, our main result is conrmed by the
experimental evaluation: about 13 % ipping
chance for long transitions and about 25 % for a short transition, both with random
carrier phase offset and small baseband offset.
Signal Annihilation of Recorded Signals. We used recorded messages as de-
scribed in 5.3 to simulate the effect of signal annihilation by adding time-shifted copies
of the signal. The lower plot in Figure 5 shows the obtained attenuation. In comparison
to the simulation with ideal signals (i.e., upper plot in Figure 5), the achieved highest at-
tenuation was lower by few decibels. Correct demodulation at the receiver was still not
possible with our implementation, hence the signal was successfully annihilated. We
also observe that there are several possible carrier offsets at which this high attenuation
can be achieved.
5.4 Experimental Evaluation of Signal Annihilation
The main goal of this evaluation is to estimate how accurately the carrier phase offset
can be controlled and what attenuation could be achieved in real multipath environ-
ments. For this purpose, we built the experimental signal annihilation setup shown in
Figure 8 (Appendix C). The setup consists of a transmitter (USRP), a receiver (oscillo-
scope), and two directional antennas (with a gain of 15 dBi) connected by a cable. One
antenna is directed at the transmitter and the second antenna repeats the received sig-
nal towards the receiver. The USRP sends periodic signals, which are simultaneously
repeated by the antennas, received at the oscilloscope, and demodulated in Matlab. To
achieve signal annihilation, the amplitude and carrier phase delay of the attackers sig-
nal must closely match the legitimate signal at the receiver. We controlled the carrier
phase offset between the transmitted and repeated signals by changing the distance be-
tween the antennas. Since we used high gain directional antennas, we could also adapt
the power of the repeated signal by directing the antenna away from the receiver by
some degrees. For a distance of 2 m between the USRP and the receiver and an appro-
priate positioning of the directional antennas (approximately 1 m away from the line of
sight), we achieved the predicted signal attenuation down to the noise level. Figure 5c
shows the signals received at the oscilloscope with and without the two directional an-
tennas. Our results show an attenuation of approximately 23 dB. By using a longer (1 m)
cable between the directional antennas, we also veried that the resulting higher base-
band offset between the transmitted and repeated signals does have a signicant impact
on the achieved attenuation. We note that for longer distances, the same setup would
require additional amplication between the directional antennas.
5.5 Summary of Results
We evaluated the inuence of carrier and baseband offsets, amplitude mismatches, and
the SNR on symbol ipping, rst theoretically in Section 4 and then by simulations
and experiments. Our ndings show that, given accurate carrier phase and baseband
synchronization, deterministic symbol ipping is feasible for strong attackers.
If the attacker cannot adapt to the senders carrier phase offset, a random offset will
allow her to achieve long transitions causing deterministic symbol ippings in around
13.5 % of the cases; for a short transition, this chance reaches up to 25 % (see Table 1).
The weak attacker aiming at changing one bit of any symbol will achieve this with a
Fig. 6. Examples for wireless networks. (a) Static networks in quasi-static, quasi-free-space envi-
ronments allow a strong attacker to perform deterministic signal manipulations; we thus conrm
the Dolev-Yao model as an appropriate worst-case attacker model. (b) Environments with multi-
path effects and networks with mobile nodes suggest that deterministic, covert signal manipula-
tions are hard to achievea probabilistic attacker model is more realistic.
chance of 50 % (see Figure 4 and Table 1) per ipping symbol as long as her signal
has enough power, regardless of the carrier phase offset and baseband offset. Since the
carrier phase offset is inuenced by the channel and the geometric setup of the sender,
attacker, and receiver, it might be hard to exactly match the target offset in practice. We
discuss the impact of this on deterministic message manipulations in Section 6.
We also predicted an attenuation of the original signal to the noise level by adding
the same signal shifted by a certain carrier phase offset for realistic SNR levels (e.g.,
20 dB). We reproduced the attenuation with recorded signal traces in Matlab and showed
its practical feasibility in a lab environment using two directional antennas.
We discussed the use of rotated and scaled QPSK symbols as ipping signals. The
use of alternative, e.g., shorter symbols of higher bandwidth, is left for future work.
6 Implications
In the previous sections, we have investigated the practicability of low-energy symbol
ipping and signal annihilation attacks through simulations and experiments. We will
now discuss the implications of our results in selected scenarios.
In a rst scenario, we consider a wireless network with static wireless nodes and
quasi-static, quasi-free-space channel properties. An example of such a network could
be wireless sensor nodes deployed in rural areas, see Figure 6a. If an attacker with strong
signal manipulation capabilities is allowed to access any location, she can measure dis-
tances and estimate the channel with high precision to any target node. The attacker
would thus be able to achieve carrier phase synchronization and control the signal am-
plitude levels at the target receiver in order to ip symbols and/or annihilate transmitted
signals with very high probability (for our system with non-coherent receivers). This
corresponds to the model of our strong attacker (Section 5.1).
In a number of scenarios that are typical for wireless network deployments at least
one of the assumptions in the above case is violated. Examples include static wireless
networks in dynamic environments (e.g., urban areas) or mobile wireless networks, see
Figure 6b. In both examples, wireless nodes communicate over time-varying fading
channels [29]. This channel makes carrier phase synchronization and amplitude control
at the target receiver very difcult (if not infeasible) for the attacker as it requires her to
know the state information of the sender-receiver channels. Given that feedback signal-
ing is typically needed for channel state information (CSI) estimation [18], it is hard to
launch deterministic attacks without receiver cooperation. Failing to do so signicantly
reduces the probability of a strong attacker to perform deterministic short and long sym-
bol ipping (Denitions 2 and 3) to 25% and 12.5%, respectively (in our scenario using
QPSK modulation).
Furthermore, our results show that an attacker without a priori knowledge of the
transmitted data has a chance of up to 75 % (see Table 1) to change any symbol (ip
one or two bits) by adding a ipping symbol with twice the signal power. Depending on
the error-correcting mechanisms employed at the receiver, this can allow the attacker to
jam messages (or message preambles) in an energy-efcient way.
In summary, we draw the following conclusions: We conclude that the attacker
models selected for the security analysis of wireless communication need to be chosen
in accordance with the deployed network and scenario. In the worst case, the attacker
can covertly and deterministically delete and manipulate messages if the wireless net-
work deployment cannot guarantee that the channel is dynamic. These attacks would
not be detected by existing energy-based jamming detection countermeasures, as they
do not add signicantly more energy on the channel. In this aspect, the attackers capa-
bilities become very close to those of the Dolev-Yao model. If a dynamic channel can be
assumed, even the strongest attacker can only probabilistically delete and modify mes-
sages without risking detection by energy-based jamming detection techniques. Such a
probabilistic attacker model captures dynamic time-varying channels in the sense that
the carrier phase offset is likely to change between individual messages. We note that
the probability with which the attacker will be successful depends on a number of sys-
tem parameters, including coherency or non-coherency of the reception process of the
receiver, multipath effects, etc. We leave the investigation of these settings open for
future work.
7 Conclusion
In this paper, we investigated the applicability of abstract attacker models of wireline
protocols in the security analysis of wireless protocols. We rst categorized different
types of signal-layer attacks and mapped them to the Dolev-Yao attacker model. Then
we explored the feasibility of basic techniques for manipulating wireless signals and
messages. We focused on symbol ipping and signal annihilation attacks that both allow
covert, low-energy manipulations of signals during their transmission. Our theoretical
analysis, simulations, and experiments identied their conditions for success for QPSK-
modulated signals and showed their practical feasibility given quasi-static, quasi-free-
space channels. Our ndings conrm the need of strong attacker models (similar to
Dolev-Yaos model) in specic static scenarios, but they also suggest to construct alter-
native, probabilistic attacker models for a number of common wireless communication
scenarios.
Acknowledgments
This work was partially supported by the Zurich Information Security Center. It repre-
sents the views of the authors.
References
1. Anish Arora and Lifeng Sang. Capabilities of low-power wireless jammers. In IEEE Infocom
Miniconference, 2009.
2. IEEE Standards Association. IEEE Standard 802.11b-1999: Wireless LAN MAC and PHY
Specications, 1999. http://standards.ieee.org.
3. Sherri Davidoff. GPS spoong. http://philosecurity.org/2008/09/07/
gps-spoofing, 2008.
4. Yvo Desmedt, Rei Safavi-Naini, Huaxiong Wang, Chris Charnes, and Josef Pieprzyk. Broad-
cast anti-jamming systems. In Proceedings of the IEEE International Conference on Net-
works (ICON), 1999.
5. Danny Dolev and Andrew C. Yao. On the security of public key protocols. IEEE Transac-
tions on Information Theory, 29(2):198208, 1983.
6. Ettus. Universal software radio peripheral (USRP). http://www.ettus.com.
7. Piyush Gupta and P. R. Kumar. The capacity of wireless networks. IEEE Transactions on
Information Theory, 46(2), 2000.
8. Jeffrey Hightower, Gaetano Borriello, and Roy Want. SpotON: An indoor 3D location sens-
ing technology based on RF signal strength. Technical Report 2000-02-02, University of
Washington, 2000.
9. Todd E. Humphreys, Brent M. Ledvina, Mark L. Psiaki, Brady W. OHanlon, and Paul
M. Kintner Jr. Assessing the spoong threat: Development of a portable GPS civilian spoofer.
In Proceedings of the ION GNSS International Technical Meeting of the Satellite Division,
2008.
10. Suman Jana, Sriram Nandha Premnath, Mike Clark, Sneha Kumar Kasera, Neal Patwari, and
Srikanth V. Krishnamurthy. On the effectiveness of secret key extraction from wireless signal
strength in real environments. In Proceedings of the ACM/IEEE International Conference
on Mobile Computing and Networking (MobiCom), 2009.
11. Tao Jin, Guevara Noubir, and Bishal Thapa. Zero pre-shared secret key establishment in the
presence of jammers. In Proceedings of the ACM International Symposium on Mobile Ad
Hoc Networking and Computing (MobiHoc). ACM Press, 2009.
12. Chris Karlof, Naveen Sastry, Yaping Li, Adrian Perrig, and Doug Tygar. Distillation codes
and applications to DoS resistant multicast authentication. In Proceedings of the Network
and Distributed Systems Security Symposium (NDSS), 2004.
13. Mingyan Li, Iordanis Koutsopoulos, and Radha Poovendran. Optimal jamming attacks and
network defense policies in wireless sensor networks. In Proceedings of the IEEE Confer-
ence on Computer Communications (InfoCom), 2007.
14. Guevara Lin and Guolong Noubir. On link layer denial of service in data wireless LANs:
Research articles. Wireless Communications & Mobile Computing, 5(3):273284, 2005.
15. An Liu, Peng Ning, Huaiyu Dai, and Yao Liu. Defending DSSS-based broadcast commu-
nication against insider jammers via delayed seed-disclosure. In Proceedings of Annual
Computer Security Applications Conference (ACSAC), 2010.
16. Yao Liu, Peng Ning, Huaiyu Dai, and An Liu. Randomized differential DSSS: Jamming-
resistant wireless broadcast communication. In Proceedings of the IEEE Conference on
Computer Communications (InfoCom), 2010.
17. Alan V. Oppenheim, Ronald W. Schafer, and John R. Buck. Discrete-Time Signal Processing.
Prentice-Hall Signal Processing Series, 2nd edition, 1998.
18. Antonio Pascual Iserte. Channel state Information and joint transmitter-receiver design in
multi-antenna systems. PhD thesis, Polytechnic University of Catalonia, 2005.
19. Richard A. Poisel. Modern Communications Jamming Principles and Techniques. Artech
House Publishers, 2006.
20. Richard A. Poisel. Foundations of Communications Electronic Warfare. Artech House Pub-
lishers, 2008.
21. Lifeng Sang and Anish Arora. Capabilities of low-power wireless jammers. Technical Report
OSU-CISRC-5/08-TR24, The Ohio State University, 2008.
22. Patrick Schaller, Benedikt Schmidt, David Basin, and Srdjan

Capkun. Modeling and veri-
fying physical properties of security protocols for wireless networks. In Proceedings of the
IEEE Computer Security Foundations Symposium, 2009.
23. Dongjin Son, Bhaskar Krishnamachari, and John Heidemann. Experimental study of con-
current transmission in wireless sensor networks. In Proceedings of the ACM Conference on
Networked Sensor Systems (SenSys), 2006.
24. Mario Strasser, Boris Danev, and Srdjan

Capkun. Detection of reactive jamming in sensor
networks. ACM Transactions on Sensor Networks, 7:16:116:29, September 2010.
25. Mario Strasser, Christina P opper, Srdjan

Capkun, and Mario

Cagalj. Jamming-resistant Key
Establishment using Uncoordinated Frequency Hopping. In Proceedings of the IEEE Sym-
posium on Research in Security and Privacy (S&P), 2008.
26. Symantec. Securing enterprise wireless networks. White Paper, 2003.
27. The MathWorks, Inc. Matlab a numerical computing environment. www.mathworks.
com.
28. Nils Ole Tippenhauer, Kasper Bonne Rasmussen, Christina P opper, and Srdjan

Capkun. At-
tacks on Public WLAN-based Positioning. In Proceedings of the ACM Conference on Mobile
Systems, Applications and Services (MobiSys), 2009.
29. David Tse and Pramod Viswanath. Fundamentals of wireless communication. Cambridge
University Press, 2005.
30. Mario

Cagalj, Jean-Pierre Hubaux, Srdjan

Capkun, Ramkumar Rengaswamy, Ilias Tsigko-
giannis, and Mani Srivastava. Integrity (I) Codes: Message Integrity Protection and Authen-
tication Over Insecure Channels. In Proceedings of the IEEE Symposium on Research in
Security and Privacy (S&P), 2006.
31. Mario

Cagalj, Srdjan

Capkun, and Jean-Pierre Hubaux. Wormhole-based antijamming tech-
niques in sensor networks. IEEE Transactions on Mobile Computing, 6(1):100114, 2007.
32. J. S. Warner and R. G. Johnston. Think GPS Cargo Tracking = High Security? Think Again.
Technical report, Los Alamos National Laboratory, 2003.
33. Kamin Whitehouse, Alec Woo, Fred Jiang, Joseph Polastre, and David Culler. Exploiting
the capture effect for collision detection and recovery. In Proceedings of the IEEE workshop
on Embedded Networked Sensors (EmNets), 2005.
34. Matthias Wilhelm, Ivan Martinovic, Jens Schmitt, and Vincent Lenders. Reactive jamming
in wireless networks: How realistic is the threat? In Proceedings of the forth ACM conference
on Wireless network security (WiSec), 2011.
35. Anthony D. Wood and John A. Stankovic. Denial of service in sensor networks. IEEE
Computer, 35(10):5462, 2002.
36. Liang Xiao, Larry Greenstein, Narayan Mandayam, and Wade Trappe. Fingerprints in the
ether: Using the physical layer for wireless authentication. In Proceedings of the IEEE
International Conference on Communications (ICC), 2007.
37. Wenyuan Xu, Wade Trappe, and Yanyong Zhang. Channel surng: defending wireless sen-
sor networks from jamming and interference. In Proceedings of the ACM Conference on
Networked Sensor Systems (SenSys), 2006.
38. Wenyuan Xu, Wade Trappe, Yanyong Zhang, and Timothy Wood. The feasibility of launch-
ing and detecting jamming attacks in wireless networks. In Proceedings of the ACM Inter-
national Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), 2005.
A Integration into the SINR Model
In the physical SINR model [7], the transmission from a node Ais successfully received
by node B under simultaneous transmissions from a set I
i
of transmitters if
P
AB
N +

i
P
iB

B
, (1)
where P
AB
= P
s(t)
and P
iB
are the senders and the transmitters signal powers at
B, respectively, N is the ambient noise level, and
B
is the minimum SINR (Signal
to Interference plus Noise Ratio) required for successful message reception at B. The
SINR model represents the reception of the original transmission s(t) under concurrent
signals of sufcient or insufcient power.
In order to capture adversarial interference in the SINR model, we split the over-
all interference into legitimate (neighboring) transmissions and interference from an
attacker J. Let P
JB
= P

j(t)
denote Js signal power at B (originating from one or
multiple collaborating attackers). In order to reect different types of adversarial in-
terference, we distinguish constructive and destructive interference. We denote by P
c
JB
the fraction of P
JB
that creates constructive interference with s(t), by P
d
JB
the fraction
of P
JB
that creates destructive interference with s(t), and by P
n
JB
the fraction of P
JB
that appears as noise at B; P
c
JB
+ P
d
JB
+ P
n
JB
= P
JB
. B receives a signal of sufcient
power to enable demodulation for P
AB
+ P
c
JB
P
d
JB
> 0 if
P
AB
+ P
c
JB
P
d
JB
N +

i
P
iB
+ P
n
JB

B
. (2)
The left-hand side of Equation 2 is the power of the signal o(t) at B. Based on this
equation, we can distinguish the following cases:
P
d
JB
= P
AB
+ P
c
JB
:
This attack annihilates the signal with d( o(t)) = .
P
n
JB
P
AB
+ P
c
JB
:
This results in noise jamming with d( o(t)) = .
P
c
JB
P
d
JB
is in the order of P
AB
and P
n
JB
does not cause a blocked message at
B:
This can modify (ip) bits in the message and we get d( o(t)) ,= and d( o(t)) ,=
S
A
. If this happens in the packet preamble we get d( o(t)) = .
P
c
JB
and P
d
JB
do not modify the demodulation result and P
n
JB
does not block the
reception at B:
In this case, we get d( o(t)) = d( s(t)) = S
A
, possibly under an amplied (with
P
c
JB
> P
d
JB
) or attenuated (with P
c
JB
< P
d
JB
) signal.
P
c
JB
P
d
JB
P
AB
and P
n
JB
does not cause a blocked message at B:
In this case, B will demodulate d( o(t)) = d(

j(t)) = S
J
, hence the attackers
message is overshadowing the message from A.
B Simulation setup
Figure 7 shows the simulation setup used for the Matlab simulations. The modulated
data symbols are passed through a matched lter g(t) (root raised cosine) and up-
converted to the carrier frequency (2.4 GHz band) ((t)). The channel is simulated by
adding Gaussian noise (AWGN). After sampling with rate kT
s
, a Maximum Likelihood
(ML) decoder outputs the decoded symbols.
mapper
symbol ML
decoder
AWGN(t)
d

1
(t)
g
1
(t)
(t)
g(t)
s(t) s(t)
S
B
S
A
kT
s
Fig. 7. Simulation setup used for the Matlab simulations.
C Experimental setup
Figure 8 shows the setup we used for our practical experiments. Symbols are generated
by a QPSK modulator and form the input to a USRP that transmits them over the air.
We capture the original or manipulated transmissions using an oscilloscope. We then
demodulate and analyze the data.
Antennas
USRP
(a)
QPSK Modulator
Matlab
Matlab
Oscilloscope
flipping
signal
QPSK Demodulator
(b)
Fig. 8. Experimental setup. (a) For simulated symbol ipping of recorded signals, we add the
ipping signals to the captured signals in Matlab. (b) For the experiments on signal attenuation,
two antennas capture and repeat the signals.