Дисертації з теми "Radio jamming"

The usage of drones is steadily increasing as drones are becoming more available and useful to the general public, but drone usage also leads to problems as for example airports have had to shutdown due to drone sightings. It has become clear that a counter-drone system must be in place to neutralize intruding drones. However, neutralizing a drone is not an easy task, the risk of causing collateral damage and interfering with other radio systems must be highly considered when designing a counter-drone system. In this thesis a set of consumer drones was selected based on market popularity. By studying the wireless communication links of the selected drones a set of drone neutralization methods was identified. For each neutralization method a set of jamming and spoofing techniques was selected from current research. The techniques was used in practise by subjecting the drones to the techniques in a series of drone behaviour experiments. The results was used to evaluate the techniques in four criteria based on avoiding collateral damage, mitigating radio interference, identification requirement and handling multiple intruding drones. The evaluation was then summarized to discuss suitable drone neutralization methods and jamming & spoofing techniques. The results showed that there are neutralization methods that could potentially avoid causing col- lateral damage for certain drones. A full-band barrage jamming technique was shown to best the best performing based on the evaluation criteria, but was also the technique that theoretically induced the most radio interference. Furthermore, drones operating in way-point mode can only be neutralized using a GNSS jamming or spoofing neutralization method. Also using a GPS spoofing neutralization method was shown to be difficult to implement in practise.
Populariteten av att flyga drönare ökar stadigt i och med att drönartekniken blir mer tillgänglig och an- vändbart för allmänheten. Men användningen av drönare leder också till problem när till exempel flyg- platser har varit tvungna att stänga av på grund av drönar observationer. Det har blivit tydligt att ett anti-drönarsystem måste vara på plats för att neutralisera inkräktande drönare. Men att neutralisera en drönare är inte en enkel uppgift, risken för att orsaka sido-skador på personer, byggander eller objekt; eller störa andra radiosystem måste beaktas starkt när man utformar ett anti-drönarsystem. I detta examensarbete valdes en uppsättning konsumentdrönare ut baserat på marknadens popularitet. Genom att studera de trådlösa kommunikationslänkarna för de valda drönarna identifierades en uppsättning av drönar-neutraliseringsmetoder. För varje neutraliseringsmetod valdes en uppsättning av störnings- och spoofing-tekniker ut från aktuell forskning. Teknikerna användes i praktiken genom att utsätta drönarna för teknikerna i en serie drönar-beteendeexperiment. Resultaten användes sedan för att utvärdera teknikerna i fyra utvärderingskriterier baserade på att undvika sido-skador, mildra radiostörningar, identifieringsbehov och hantering av flera inkräktande drönare. Utvärderingen sammanfattades sedan för att diskutera lämpliga drönar-neutraliseringsmetoder och störnings- spoofing-tekniker. Resultaten visade att det finns neutraliseringsmetoder som potentiellt kan undvika att orsaka sido- skador eller radio-störningar för vissa typer av drönare. En full-bands störningsteknik visade sig vara bäst presterande baserat på utvärderingskriterierna, men var också den teknik som teoretiskt inducerade mest radiostörningar. Dessutom visades det att drönare som flyger i navigeringsläge endast kan neutraliseras med hjälp av en GNSS-störnings- eller spoofing metoder. Att använda en GPS-spoofing metod visade sig också vara svår att implementera i praktiken.

This work describes the evolution cf electronic warfare equipment and techniques in the USA, from the first instance of radio jamming in that country in 1901 until the end of World War II in 1945. It begins with a review of early work on telegraph, radio and radar systems throughout the world, and countermeasures used during trials or in combat prior to World War II. Immediately after the USA ertered the conflict in 1941, the Radio Research Laboratory was set up near Boston to develop radio countermeasures equipment for the US armed forces. The organisation rapidly outgrew the capacity of a angle laboratory and in October 1942 Division 15 of the National Defense Research Committee was formed, to co-ordinate US work on countermeasures. The activities of RRL and Division 15 are described in detail, using cortemporary records and accounts from participants. Radar jammers developed by Divison 15 were first used in action in July 1943 during the invason of Sicily, and went on to play important roles in support amphibious landings and strategic bombing operations in the European and Pacific theatres of operations. The jamming devices and tactics employed, the enemy attempts to develop counter-countermeasures and the US moves to counter these counters are all described in detail. Conclusions are drawn on the effectiveness of the various types of jamming, based on post-war interrogation of German and Japanese serving officers and technical personnel. Appendices give technical details of the countermeasures devices produced in the USA during World War II, and the development of radar and radar countermeasures in Germany and Japan.

With the increasing volume of wireless traffic that military operations require, the likelihood of transmissions interfering with each other is steadily growing to the point that new techniques need to be employed. Furthermore, to combat remotely operated improvised explosive devices, many ground convoys transmit high-power broadband jamming signals, which block both hostile as well as friendly communications. These wide-band jamming fields pose a serious technical challenge to existing anti-jamming solutions that are currently employed by the Navy and Marine Corps. This thesis examines the feasibility of removing such deterministic jammers from the spectral environment, enabling friendly communications. Anti-jamming solutions in self-jamming environments are rarely considered in the literature, principally due to the non-traditional nature of such jamming techniques. As a result, a combination of approaches are examined which include: Antenna Subset Selection, Spectral Subtraction, and Source Separation. These are combined to reduce environmental interference for reliable transmissions. Specific operational conditions are considered and evaluated, primarily to define the limitations and utility of such a system. A final prototype was constructed using a collection of USRP software defined radios, providing solid conclusions of the overall system performance.

The goal of this thesis is the development of an anti-jamming defense mechanism based on causal inference. The current state-of-the-art methods to compute causality, i.e., Granger Causality (GC), Transfer Entropy (TE) and Convergent Cross Mapping (CCM) are presented and they are used to detect the smart jammer into an appropriate simulation environment. The performances of the causality tools are evaluated, pointing out how the TE obtains the best results while the GC fails the detection of the intruder. The innovative CCM algorithm, instead, requires to function a deterministic structure of the communications. In the first part of the work, before that simulation environment is impemented, the three methods are compared to underline their theoretical advantages and disadvantages.

Thesis (Ph. D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008.
Committee Chair: Gordon L. Stuber; Committee Member: Alfred D. Andrew; Committee Member: John A. Buck; Committee Member: Steven W. McLaughlin; Committee Member: Ye (Geoffrey) Li.

In this study, various jamming techniques and their effects on detection and tracking performance have been investigated through a radar receiver simulation that models a search radar for target acquisition and single-target tracking radar during track operation. The radar is modeled as looking at airborne targets, and hence clutter is not considered. Customized algorithms have been developed for the detection of target azimuth angle, range and Doppler velocity within the modeled geometry and chosen radar parameters. The effects of varying parameters like jamming-to-signal ratio (JSR) and jamming signal`s Doppler shift have been examined in the analysis of jamming effectiveness.

In wireless communications, knowledge of the channel coefficients is required for coherent demodulation. In this thesis, a blind channel estimation method based on the Lloyd-Max algorithm is proposed for single-tap fading channels. The algorithm estimates the constellation points for the received signal using an iterative least squares approach. The algorithm is investigated for fast-frequency hopping systems with small block lengths and operating under partial-band and partial-time jamming for both detecting the jammer and estimating the channel. The performance of the Lloyd-Max channel estimation algorithm is compared to the performance of pilot-based channel estimation algorithms which also use the least squares approach and non-coherent demodulation and decoding.

The tremendous success of various wireless applications operating in unlicensed bands has resulted in the overcrowding of those bands. Cognitive radio (CR) is a new technology that enables an unlicensed user to coexist with incumbent users in licensed spectrum bands without inducing interference to incumbent communications. This technology can significantly alleviate the spectrum shortage problem and improve the efficiency of spectrum utilization. Networks consisting of CR nodes (i.e., CR networks)---often called dynamic spectrum access networks or NeXt Generation (XG) communication networks---are envisioned to provide high bandwidth to mobile users via heterogeneous wireless architectures and dynamic spectrum access techniques. In recent years, the operational aspects of CR networks have attracted great research interest. However, research on the security aspects of CR networks has been very limited. In this thesis, we discuss security issues that pose a serious threat to CR networks. Specifically, we focus on three potential attacks that can be launched at the physical or MAC layer of a CR network: primary user emulation (PUE) attack, spectrum sensing data falsification (SSDF) attack, and control channel jamming (CCJ) attack. These attacks can wreak havoc to the normal operation of CR networks. After identifying and analyzing the attacks, we discuss countermeasures. For PUE attacks, we propose a transmitter verification scheme for attack detection. The scheme utilizes the location information of transmitters together with their signal characteristics to verify licensed users and detect PUE attackers. For both SSDF attacks and CCJ attacks, we seek countermeasures for attack mitigation. In particular, we propose Weighted Sequential Probability Ratio Test (WSPRT) as a data fusion technique that is robust against SSDF attacks, and introduce a multiple-rendezvous cognitive MAC (MRCMAC) protocol that is robust against CCJ attacks. Using security analysis and extensive numerical results, we show that the proposed schemes can effectively counter the aforementioned attacks in CR networks.
Ph. D.

Les émulsions de type huile-dans-eau jouent un rôle important lors des opérations de ré-injection des eaux de production (PWRI). Ce travail s'intéresse à l'écoulement /rétention de ce type d'émulsions en milieux poreux et à leur impact sur l'injectivité. Deux mécanismes fondamentaux sont distingué selon la valeur du Jamming ratio Jr (taille des restrictions /taille des gouttes): le dépôt dit de surface aux forts Jr et le "straining" (blocage, par le forces capillaires, d'une ou plusieurs gouttes à l'amont d'une restriction) aux faibles Jr.Ce document traite, d'abord, de la physicochimie du dépôt de surface. L'étude en fonction de différents paramètres, tels que la salinité et le débit, permis de décrire la structure et la cinétique du dépôt. Nous avons notamment mis en évidence la formation d'une monocouche compacte é gouttelettes individuelles et montré que la cinétique du dépôt vérifie les lois d'échelle développées pour les colloïdes. L'ensemble de nos résulta conforte la similarité de comportement entre les émulsions stables et diluées et les systèmes colloïdaux.Ensuite, le "straining" est mis en évidence et discuté en fonction des distributions en taille -des restrictions et des gouttes- et des valeurs du nombi capillaire.Enfin, nous avons établi que l'endommagement associé au dépôt de surface peut être très significatif et que les pertes d'injectivité sont prédictibles par une loi de Poiseuille modifiée. Pour le "straining", l'impact est encore plus sévère mais sa vitesse de propagation est plus lente.En conclusion, l'effet de ce type d'émulsion doit être pris en compte pour minimiser les risques et optimiser le schéma de réinjection.

Jamming is an ongoing threat that plagues wireless communications in contested areas. Unfortunately, jamming complexity and sophistication will continue to increase over time. The traditional approach to addressing the jamming threat is to harden radios, such that they sacrifice communications performance for more advanced jamming protection. To provide an escape from this trend, we investigate the previously unexplored area of jammer exploitation. This dissertation develops the concept of antifragile communications, defined as the capability for a communications system to improve in performance due to a system stressor or harsh condition. Antifragility refers to systems that increase in capability, resilience, or robustness as a result of disorder (e.g., chaos, uncertainty, stress). An antifragile system is fundamentally different from one that is resilient (i.e., able to recover from failure) and robust (i.e., able to resist failure). We apply the concept of antifragility to wireless communications through several novel strategies that all involve exploiting a communications jammer. These strategies can provide an increase in throughput, efficiency, connectivity, or covertness, as a result of the jamming attack itself. Through analysis and simulation, we show that an antifragile gain is possible under a wide array of electronic warfare scenarios. Throughout this dissertation we provide guidelines for realizing these antifragile waveforms. Other major contributions of this dissertation include the development of a communications jamming taxonomy, feasibility study of reactive jamming in a SATCOM-type scenario, and a reinforcement learning-based reactive jamming mitigation strategy, for times when an antifragile approach is not practical. Most of the jammer exploitation strategies described in this dissertation fall under the category of jammer piggybacking, meaning the communications system turns the jammer into an unwitting relay. We study this jammer piggybacking approach under a variety of reactive jamming behaviors, with emphasis on the sense-and-transmit type. One piggybacking approach involves transmitting using a specialized FSK waveform, tailored to exploit a jammer that channelizes a block of spectrum and selectively jams active subchannels. To aid in analysis, we introduce a generalized model for reactive jamming, applicable to both repeater-based and sensing-based jamming behaviors. Despite being limited to electronic warfare scenarios, we hope that this work can pave the way for further research into antifragile communications.
Ph. D.

With the advent of ubiquitous computing and Internet of Things (IoT), potentially billions of devices will create a broad range of data services and applications, which will require the communication networks to efficiently manage the increasing complexity. Cognitive network has been envisioned as a new paradigm to address this challenge, which has the capability of reasoning, planning and learning by incorporating cutting edge technologies including knowledge representation, context awareness, network optimization and machine learning. Cognitive network spans over the entire communication system including the core network and wireless links across the entire protocol stack. Cognitive Radio Network (CRN) is a part of cognitive network over wireless links, which endeavors to better utilize the spectrum resources. Core network provides a reliable backend infrastructure to the entire communication system. However, the CR communication and core network infrastructure have attracted various security threats, which become increasingly severe in pace with the growing complexity and adversity of the modern Internet. The focus of this dissertation is to exploit the security vulnerabilities of the state-of-the-art cognitive communication systems, and to provide detection, mitigation and protection mechanisms to allow security enhanced cognitive communications including wireless communications in CRNs and wired communications in core networks. In order to provide secure and reliable communications in CRNs: emph{first}, we incorporate security mechanisms into fundamental CRN functions, such as secure spectrum sensing techniques that will ensure trustworthy reporting of spectrum reading. emph{Second}, as no security mechanism can completely prevent all potential threats from entering CRNs, we design a systematic passive monitoring framework, emph{SpecMonitor}, based on unsupervised machine learning methods to strategically monitor the network traffic and operations in order to detect abnormal and malicious behaviors. emph{Third}, highly capable cognitive radios allow more sophisticated reactive jamming attack, which imposes a serious threat to CR communications. By exploiting MIMO interference cancellation techniques, we propose jamming resilient CR communication mechanisms to survive in the presence of reactive jammers. Finally, we focus on protecting the core network from botnet threats by applying cognitive technologies to detect network-wide Peer-to-Peer (P2P) botnets, which leads to the design of a data-driven botnet detection system, called emph{PeerClean}. In all the four research thrusts, we present thorough security analysis, extensive simulations and testbed evaluations based on real-world implementations. Our results demonstrate that the proposed defense mechanisms can effectively and efficiently counteract sophisticated yet powerful attacks.
Ph. D.

Du fait de la nature ouverte et partagée du canal radio, les communications sans fil souffrent de vulnérabilités sérieuses en terme de sécurité. Dans ces travaux de thèse, je me suis intéressé particulièrement à deux classes d'attaques à savoir l'attaque par relais et l'attaque par déni de service (brouillage). La technologie de couche physique UWB-IR a connu un grand essor au cours de cette dernière décennie et elle est une candidate intéressante pour les réseaux sans fil à courte portée. Mon objectif principal était d'exploiter les caractéristiques de la couche physique UWB-IR afin de renforcer la sécurité des communications sans fil. L'attaque par relais peut mettre à défaut les protocoles cryptographiques d'authentification. Pour remédier à cette menace, les protocoles de distance bounding ont été proposés. Dans ce cadre, je propose deux nouveaux protocoles (STHCP : Secret Time-Hopping Code Protocol et SMCP : Secret Mapping Code Protocol) qui améliorent considérablement la sécurité des protocoles de distance bounding au moyen des paramètres de la radio UWB-IR. Le brouillage consiste en l'émission intentionnelle d'un signal sur le canal lors du déroulement d'une communication. Mes contributions concernant le problème de brouillage sont triples. D'abord, j'ai déterminé les paramètres d'un brouilleur gaussien pire cas contre un récepteur UWB-IR non-cohérent. En second lieu, je propose un nouveau modèle de brouillage par analogie avec les attaques contre le système de chiffrement. Troisièmement, je propose une modification rendant la radio UWB-IR plus robuste au brouillage. Enfin, dans une dernière partie de mes travaux, je me suis intéressé au problème d'intégrer la sécurité à un réseau UWB-IR en suivant l'approche d'embedding. Le principe de cette approche consiste à superposer et à transmettre les informations de sécurité simultanément avec les données et avec une contrainte de compatibilité. Ainsi, je propose deux nouvelles techniques d'embedding pour la couche physique UWB-IR afin d'intégrer un service d'authentification.

Common control channels in cognitive radio (CR) ad hoc networks are spectrum resources temporarily allocated and commonly available to CR users for control message exchange. With no presumably available network infrastructure, CR users rely on cooperation to perform spectrum management functions. One the one hand, CR users need to cooperate to establish common control channels, but on the other hand, they need to have common control channels to facilitate such cooperation. This control channel problem is further complicated by primary user (PU) activities, channel impairments, and intelligent attackers. Therefore, how to reliably and securely establish control links in CR ad hoc networks is a challenging problem. In this work, a framework for control channel design and analysis is proposed to address control channel reliability and security challenges for seamless communication and spectral efficiency in CR ad hoc networks. The framework tackles the problem from three perspectives: (i) responsiveness to PU activities: an efficient recovery control channel method is devised to efficiently establish control links and extend control channel coverage upon PU's return while mitigating the interference with PUs, (ii) robustness to channel impairments: a reinforcement learning-based cooperative sensing method is introduced to improve cooperative gain and mitigate cooperation overhead, and (iii) resilience to jamming attacks: a jamming-resilient control channel method is developed to combat jamming under the impacts of PU activities and spectrum sensing errors by leveraging intrusion defense strategies. This research is particularly attractive to emergency relief, public safety, military, and commercial applications where CR users are highly likely to operate in spectrum-scarce or hostile environment.

Based on the analysis of reports and literature on the vulnerability of global navigation satellite systems, the robot presents a developed threat model and an intruder model for navigation information. Using the developed models, organizational and technical measures to protect information are determined. Directions for improving consumer equipment to jamming are given. Organizational measures for protecting against jamming are described.

Thesis (M.S. in Electrical Engineering and M.S. in Systems Engineering)--Naval Postgraduate School, March 2004.
Thesis advisor(s): Clark Robertson. Includes bibliographical references (p. 143). Also available online.

Dans cette thèse, nous nous sommes concentrés sur deux problèmes majeurs de la couche PHY et de la couche d'application: les attaques jamming de radiofréquence et les attaques Sybil. En particulier, nous avons adopté trois méthodes différentes de machine learning pour la détection des nœuds Sybil: Distance based clustering, Support Vector Machine (SVM) et k-nearest neighbours (kNN). Basé sur la base de la variation entre les véhicules légitimes et les nœuds Sybil dans leurs formes de conduite, les nœuds virtuels inexistants peuvent être détectés. Pour les attaques jamming de radiofréquence, nous nous sommes concentrés sur la conception de contremesures pour le problème de brouillage du canal de contrôle dans les réseaux véhiculaires, ce qui est d'une importance vitale pour la sécurité des communications I2V. Ainsi, nous avons étendu les problèmes de jamming dans les scénarios RSU multi-antennes, dans lesquels la RSU peut desservir plusieurs groupes de véhicules simultanément à l'aide de la technique de beamforming multi-groupe et multi-cast . En guise de solution, nous proposons un système anti-jamming en deux étapes. Les véhicules qui ont décodé avec succès le signal reçu dans la première étape seront sélectionnés en tant que relais pour desservir en coopération les véhicules victimes dans la deuxième étape en utilisant les techniques coordonnées de beamforming sur une canal de service sans blocage
This thesis has been dedicated to addressing the misbehaviour detection problem in vehicular networks. Specifically, we focus on two major issues in PHY layer and application layer respectively: Radio Frequency (RF) Jamming attacks and Sybil attacks. Specifically, we adopted three different machine learning methods including Distance based clustering, Support Vector Machine (SVM) and k-nearest neighbours (kNN) in Sybil nodes detection. Based on variation between benign vehicles and Sybil nodes in their driving patterns, the non-existent virtual nodes can be detected. For RF jamming attacks, we focused on the design of countermeasure for the control channel jamming issue in vehicular networks, which is of vital importance to the safety of I2V communications. We proposed to adopt the cooperative relaying techniques to address the control channel jamming problem in vehicular networks, which is based on the idea that the vehicles outside of the jamming area can serve as relays to help forward the control channel signal to the victim vehicles through other the jamming-free service channels. Thus, we extended the jamming issues in multi-antenna RSU scenarios, where the RSU can serve multiple groups of vehicles simultaneously using the multi-group multicast beamforming technique. As a solution, we propose a two stage anti-jamming scheme, whereby the vehicles who have successfully decoded the signal received in the first stage will be selected as relays to cooperatively serve the victim vehicles in the second stage using the coordinated beamforming techniques over a jamming-free service channel

Thesis (M.S. in Operations Research and M.S. in Applied Mathematics)--Naval Postgraduate School, June 2008.
Thesis Advisor(s): Alderson, David ; Zhou, Hong. "June 2008." Description based on title screen as viewed on August 22, 2008. Includes bibliographical references (p. 39-40). Also available in print.

Approved for public release; distribution is unlimited.
In military operations, covertness of operation is of paramount importance. The transmission power of the data link must be kept to the minimum to maintain a low probability of detection (LPD) from the adversary. However, a reduction in the transmitted power implies a reduction in the operating range, though the detection range by the enemy is also reduced. Therefore, to reduce the enemy’s detection range while maintaining operating distance, this thesis explores strategies to discriminate gain against an adversary’s sensor. The strategies involve using processing gain, directional antennas, polarization and the natural environment as a transmission shield. The processing gain strategy analyzed in this thesis uses a diversity technique called Maximal Ratio Combining (MRC) applied to an IEEE 802.16a link. Sinclair D. Smith carried out a study on the possible processing gain derivable from this technique and this thesis will bring his results to practical applications via link analyses. In the event that the link is detected and the enemy decides to carry out jamming, the thesis explores a possible anti-jamming (AJ) strategy by using MRC and a directional antenna. Daniel P. Zastrow carried out a study on the AJ capability of MRC and this thesis brings his results to practical applications via link analyses.
Major, Republic of Singapore Airforce

碩士
國立中央大學
資訊工程學系
107
In cognitive radio networks (CRNs), channel hopping communications are widely used to improve the utilization of licensed spectrum and solve unlicensed spectrum shortage problem. Besides, since the price of wireless transceivers becomes lower, devices in CRNs can be equipped with more radios to reduce the time to rendezvous (TTR). However, if SUs are equipped with many radios, all signals add together which brings a risk of destructive interference. It implies the devices should spend more computational resource and power to reduce interference. We consider that the devices in CRNs may be low power and low computing capability. Hence, the users (SUs) in CRNs are proper to be equipped with two radios. However, some existing multi-radios channel hopping schemes for CRNs, which have obvious patterns (i.e., a user utilizes a fixed channel for a long while), are vulnerable to jamming attacks in CRNs. Many existing anti-jamming channel hopping scheme in CRNs rely on pre-shared information (e.g., pre-shared channel hopping sequences) to build communication link between senders and receivers. However, pre-shared information among communication pairs is impractical in CRNs. Hence, anti-jamming channel hopping schemes without pre-sharing information have gained more research interests. In this paper, we propose an anti-jamming channel hopping scheme with two radios, DR-CH, and it has bounded time to rendezvous.

碩士
國立中央大學
資訊工程學系
103
In cognitive radio networks (CRNs), channel hopping-based communications are widely used to solve the licensed spectrum shortage problem. However, jamming attacks is one of the major threats in CRNs because of the highly dynamic spectrum availability and the lack of ownership of the spectrum. Pre-sharing secrets (e.g., hopping sequences) is one of approaches to resist against jamming attacks. Senders and receivers exploit these secrets to establish communications. But in CRNs, pre-shared secrets is usually impractical because neighborhoods may dynamic change. Hence, antijamming channel hopping algorithm without pre-shared secrets become more and more important. Most of existing approaches, e.g., uncoordinated frequency hopping (UFH), either have unbounded rendezvous time or require role pre-assignment. Role pre-assignment is inapplicable since each SU may play sender or receiver simultaneously. In this paper, we propose an antijamming channel hopping algorithm without pre-shared secrets, Tri-CH, which has bounded rendezvous time and without role pre-assignment.

碩士
國立中央大學
資訊工程學系
104
Cognitive radio network (CRN) is a promising technology to solve unlicensed spectrum shortage problem and enhance the utilization of licensed spectrum. Channel hopping scheme are widely used to develop communication links between users (SU) in CRNs. However, existing channel hopping for CRNs, which have fixed hopping patterns, are extremely vulnerable to malicious attacks in CRNs. Most of existing anti-jamming CH protocols need pre-shared informations (e.g. hopping sequences) to the communication link between the communication pairs. Due to the nature of opportunistic spectrum access, pre sharing informations is impractical in CRNs. Hence, anti-jamming channel hopping approaches without pre-shared secrets have gained more and more research interests. For anti-jamming CH protocols without pre-shared informations, they either have unbounded time to rendezvous or require role pre-assignment (i.e. every SU is pre-assigned as either a sender or a receiver). Role pre-assignment is inapplicable to scenarios that a SU may be a sender and receiver simultaneously. In this paper, we propose an anti-jamming channel hopping algorithm, SP CH, with bounded rendezvous time, but without pre-shared secrets.

碩士
國立臺灣海洋大學
資訊工程學系
106
In cognitive radio networks (CRNs), secondary users (SUs) are vulnerable to malicious attacks because SU nodes do not own the spectrum, hence their opportunistic access cannot be protected from adversaries. Thus, how to design a channel hopping scheme to protect SU nodes from jamming attacks becomes an important issue in CRNs. Existing anti-jamming channel hopping schemes have some limitations: Some require SU nodes to exchange pre-shared secrets in advance; some require an SU node to be either a receiver or a sender, and some are not flexible enough. Furthermore, existing anti-jamming channel hopping schemes do not consider the issue that different nodes have different traffic loads. In this paper, we propose an anti-jamming channel hopping protocol, Load awareness anti-jamming channel hopping scheme (LAA). Nodes running LAA are able to change their channel hopping sequences based on their sending and receiving of traffic. Specifically, LAA uses extended Langford pairing (ELP) to provide rendezvous guarantee and load awareness. Simulation results show that LAA can improve up to 89% and 303% in average time to rendezvous and throughput, respectively.

The GPS is currently the most widely used and best known example of a Global Navigation Satellite System (GNSS) and as a system relies on GPS positioning to make its next move, it is important to understand GPS vulnerabilities and acknowledge the threats like jamming and spoofing. Jamming and spoofing equipment can be openly purchased online at a low cost. The Software Defined Radio (SDR) technology is also bringing the flexibility and cost efficiency to a whole new level. This research aims to explore this technology by asking the following research questions: Is there a suitable combination of waveform, power and amplitude to disrupt the GPS signal? Is GPS jamming equally easy to accomplish in software as it is in hardware? Is GPS spoofing easier to accomplish in software? The study consists of two tests: a GPS jamming test where focus is to realize what combination of waveform, power and amplitude is able to jam the GPS signal and a GPS spoofing test where a HackRF One is used to fool a mobile. The results from the jamming test have shown that GPS jamming is easy to accomplish using different combinations as GPS signals have low received signal power. The spoofing test proved that it is capable to spoof a mobile with a fairly inexpensive SDR setup and freely available software.
O Sistema de Posicionamento Global (GPS) é actualmente o melhor exemplo e o mais usado Sistema de Navegação Global por Satélite (GNSS) e como maior parte dos veículos atuais dependem do posicionamento do GPS para terem autonomia, é importante perceber as vulnerabilidades do GPS e reconhecer as ameaças como o bloqueio e o jamming. Equipamentos para bloquear e fazer spoofing podem ser comprados online a um preço acessível. A tecnologia Software Defined Radio (SDR) traz a flexibilidade e provoca uma ainda maior diminuição de custo. Esta investigação tem como objectivo explorar esta tecnologia respondendo às seguintes questões: Existe uma combinação de forma de onda, potência e amplitude adequada para perturbar o sinal GPS? O bloqueio do GPS é igualmente fácil de realizar em software como é em hardware? Fazer spoofing ao GPS é mais fácil de realizar em software? O desenvolvimento deste trabalho consiste em dois testes: um teste de bloqueio ao GPS onde o foco é perceber qual a combinação de forma de onda, potência e amplitude que consegue bloquear o sinal GPS e um teste de spoofing ao GPS onde o HackRF One é usado para "enganar" um telemóvel. Os resultados do teste de bloqueio mostraram que o bloqueio ao GPS é fácil de realizar usando diferentes combinações, devido à baixa potência de sinal recebido dos receptores de GPS. O teste do spoofing provou que é possível fazer spoof a um telemóvel com uma configuração SDR com um custo acessível.

Nowadays with the development and cost reduction of unmanned vehicles, armed forces around the world have been using these systems as a replacement or complement for conventional manned systems. Because of all the advantages inherent to the use of these vehicles, there have been many possible applications for these systems. One of possible applications is its use as a vehicle for carrying an Electronic Warfare package. Electronic Warfare, since the military started using and depending on the electromagnetic spectrum to achieve their objectives, has been a major warfare area of high interest. In my thesis, I suggest the creation of an Electronic Warfare package with jamming and spoofing capacities for communication systems, designed to be implemented on an unmanned vehicle, with remote control dedicated programs. To do this, I took advantage of the Software Defined Radio technology along with the GNU Radio software, installed on a Raspberry Pi computer in order to be transportable even by small vehicles.
Atualmente, com o desenvolvimento e a redução de custos dos veículos não tripulados, as forças armadas em todo o mundo têm utilizado estes sistemas como substituto ou complemento aos sistemas tripulados. Devido às vantagens inerentes à sua utilização, têm havido inúmeras aplicações para estes sistemas. Uma das possíveis aplicações é a sua utilização como veículo para transporte de um pacote de Guerra Eletrónica. A Guerra Eletrónica, desde que os militares começaram a utilizar e a depender do espetro eletromagnético para alcançar os seus objetivos, tem sido uma das principais áreas da guerra de elevado interesse. Nesta dissertação, sugiro a criação de um módulo de Guerra Eletrónica com a capacidade de efetuar empastelamento e mistificação de a sistemas de comunicações, idealizado para ser implementado num veículo não tripulado, com programas dedicados para controlo remoto. Para isto, recorri à tecnologia do Radio Definido por Software assim como ao software GNU Radio, instalado num computador Raspberry Pi por forma a poder ser transportado também por pequenos veículos.

This research aims to explore jamming on digital mobile systems, with an initial focus towards the 2G and Global System of Mobile Communications (GSM) technologies. The main goal is to develop a jammer with an efficiency and complexity greater than the existent ones, capable to better disrupt digital mobile systems. The study consists of an analysis of the different techniques of jamming, that can disrupt the mobile cellular system’s communication, through a series of simulations using the Software Defined Radio (SDR) and the GNU Radio ecosystem. The same techniques will then be studied and evaluated in real life scenarios in order to select which one is the best regarding spectral efficiency, energy and complexity. Finally, the jammer returning the best results will be the one chosen to contribute sustainably for the issue with flying drones on restrict areas, such as airports and residential zones, and thus, decrease the number of accidents which nowadays happen usually with this kind of aircrafts.
Neste estudo será feita uma abordagem ao jamming em sistemas móveis digitais, dando um maior foco inicial à tecnologia 2G, Sistema Global para Comunicações Móveis (GSM). O objetivo principal será o desenvolvimento de um sinal jammer, diferente dos já existentes em termos de eficiência e complexidade, capaz de causar interferência em sistemas móveis celulares. Será feito então uma análise às diferentes técnicas de interferência de sinal, capazes de perturbar a comunicação em sistemas móveis celulares, através da realização de simulações a partir da tecnologia Software Defined Radio (SDR) nomeadamente, a plataforma GNU Radio. As mesmas técnicas também serão estudadas e avaliadas num cenário real, de forma a fazer-se a seleção da melhor em termos de eficiência espectral, energia e complexidade. Finalmente, a técnica de jamming que demonstrar melhores resultados, irá representar o jammer que poderá contribuir de forma sustentável para a problemática da circulação de drones em zonas restritas, como aeroportos e zonas residenciais, para a diminuição dos acidentes, atualmente registados, com este tipo de aeronaves.

This qualitative study uses narrative inquiry (Connelly & Clandinin, 1988, 1990, 2001) and self-study to investigate ways to further understand and facilitate the integration of holistic philosophies of education with media literacy pedagogies. As founder and director of the Youth Media Literacy Project and a self-titled Imagitator (one who agitates imagination), I have spent over 10 years teaching media literacy in various high schools, universities, and community centres across North America. This study will focus on my own personal practical knowledge (Connelly & Clandinin, 1982) as a culture jammer, educator and cancer survivor to illustrate my original vision of a ‘holistic media literacy pedagogy’. This research reflects on the emergence and impact of holistic media literacy in my personal and professional life and also draws from relevant interdisciplinary literature to challenge and synthesize current insights and theories of media literacy, holistic education and culture jamming.

The disertation is focused on development and importance of the Czechoslovak desk of the Radio Free Europe in period between 1950 and 1994. This broadcasting have gained in time of strong censorship significant and till now unresearched importance. In February 1948 the Communist party took power in the Czechoslovakia. After that Czech and Slovak democratic politicians had left country to the West. They wanted to break the isolation of people living behind the Iron Curtain and promote restoration of democracy in their homeland. In 1949 was in the USA established the National Committee for Free Europe as fomally independent citizens association. As its most known activity had became the Radio Free Europe (RFE). This radio station had became an important tool for political strugle between two blocks in time of the Cold War. The basic qestion is what real position RFE broadcasting have reached in this struggle. The estabilishing of foreign broadcasting to the Czechoslovakia was very difficult task. RFE started its activity as exiles platform for purpose of liberation the Czechoslovakia from rule of the Communistic Party regime. The programming position of the RFE was in reality influented by american politicians and was depending on changing global political conditions as well. The unique position of...

As técnicas de espalhamento de espectro foram inicialmente desenvolvidas para sistemas militares e têm aplicações importantes no âmbito da segurança e confidencialidade das comunicações. Estas técnicas podem ser utilizadas em ambientes civis, como o caso da terceira geração que usam o Code Division Multiple Access (CDMA) ou Long Term Evolution (LTE), contudo é nas aplicações militares que podem ter o seu potencial. Nesta dissertação vão ser utilizadas técnicas de sistemas de espalhamento de espectro com o objectivo de bloquer intencionalmente uma comunicação móvel de qualquer operador, usando as tecnologias 2G, 3G ou 4G, assim como uma rede WiFi, dado que as frequências de operação são muito próximas. As técnicas que permitem este tipo de ação são conhecidas por jamming e o dispositivo que gera os sinais potencialmente bloqueadores da comunicação é denominado de jammer. As frequências utilizadas nos testes são as usadas pelas operadoras residentes em Portugal e serão intencionalmente afetadas para motivos de testes académicos, intencionalmente com potências muito baixas e dentro de uma sala afastada para não causar problemas nas comunicações vizinhas. O jammer foi implementado numa plataforma de hardware BladeRFx40, juntamente com a ajuda de rotinas da biblioteca de software livre GNURadio que permite criar múltiplos sistemas de rádio sem a necessidade de hardware e que são vulgarmente conhecidas por Software Defined Radio (SDR). Foram realizados alguns testes usando técnicas de espalhamento de espectro conhecidas de jamming e verificados os resultados numa comunicação com um telemóvel na rede móvel nacional.
Spectrum spreading techniques have been applied to military systems and important applications in the field of security and confidentiality of communications. Some of these techniques can be used in civilian environments, such as the 3th Generation (3G) that uses Code Division Multiple Access (CDMA) or 4G, Long Term Evolution (LTE), but it is in military applications that can have their full potential. In this dissertation, we will use spectrum spreading techniques in order to intentionally block mobile communication from any operator using 2G, 3G or 4G technologies, such as an WiFi network, since it can operate in the same frequency range. The communications operating in the intended frequency range can be blocked and the device that generates the potentially blocker signal is called a jammer. The frequencies used in the tests are those used by telecom operators resident in Portugal and will be intentionally affected by laboratory tests, intentionally but with very low power and within a reserved room, not to cause any interference in the neighborhood communications. The jammer was implemented on a BladeRFx40 hardware platform, which could be programmed by modified routines of the GNURadio open source library, allowing the creation of a hardware-free radio system that is commonly known by SDR (Software Defined Radio). Some tests were conducted using spread spectrum techniques, whose results are reported for a communication using a mobile phone in the national mobile network.

Dissertação de Mestrado em Segurança Informática apresentada à Faculdade de Ciências e Tecnologia
O sigilo contra recetores ilegítimos sempre foi uma preocupação principalmente com o crescimento de dispositivos sem fio, dado que não é possível direcionar uma determinada comunicação para um recetor específico. Embora a criptografia ajude a garantir o sigilo numa comunicação, baseia-se na premissa de "poder computacional inviável" para quebrar a segurança de um determinado esquema criptográfico. Os esquemas que de facto são inquebráveis são na realidade impraticáveis devido às suas restrições. Dito isto, nos últimos anos, foram feitos esforços na segurança a nível da camada física para atuar como um complemento aos esquemas criptográficos já existentes e implementados no intuito de melhorar a segurança de uma comunicação.Recentemente, foi proposto um esquema de codificação para sigilo denominado Scrambled Coding for Secrecy with a Hidden Key (SCS-HK) que se baseia na mistura de uma mensagem utilizando uma chave e codificando os dois utilizando um código de correção de erros. Alguns dos bits do código resultante são apagados antes da transmissão para garantir que apenas o recetor legítimo possa recuperar corretamente a informação, e portanto, recuperar a chave para descodificar a informação original. Esse esquema leva em consideração a existência de um canal de escuta, isto é, assume uma melhor relação sinal-ruído no canal para o recetor legítimo do que o canal para o recetor ilegítimo, o que permite o recetor legítimo recuperar os bits apagados.Essa vantagem do recetor legítimo sobre o ilegítimo é difícil de garantir todas as vezes, pelo que emergiram esquemas chamados de interferência cooperativa, onde outro transmissor ajuda a degradar o canal do recetor ilegítimo. No entanto, esse tipo de esquemas apresentam algumas desvantagens como a sincronização, a disposição de cooperação pela parte do ajudante dado que gasta a sua energia para deixar uma comunicação de outrem segura, e ainda, pode degradar o canal do recetor legítimo. Neste trabalho, abordamos esses problemas propondo a utilização do recetor como gerador de interferência e consequentemente aumentando a segurança na comunicação legítima. Além disso, isto elimina a dependência de terceiros (resolve a disposição para a cooperação), ajuda a resolver o problema da sincronização e facilita a remoção da interferência porque o recetor sabe as características do sinal de interferência gerado. Neste trabalho é utilizado o GNU-Radio e as Universal Software Radio Peripherals (USRP) B210 para desenvolver o esquema visionado.Nesta tese é apresentado: 1) Design e implementação de uma adaptação do esquema SCS-HK; 2) Implementação de um esquema de geração de interferência por parte do recetor legítimo, a sincronização e mecanismos/algoritmos de cancelamento da interferência própria (são estudados o Least Mean Squares, o Normalized Least Mean Squares, o Recursive Least Squares e o QR Decomposition Recursive Least Squares); 3) Experimentação e avaliação do SCS-HK e da geração de ruído pelo recetor, de forma independente e combinada, para um conjunto de cenários (um justo, um vantajoso para o recetor legítimo e outro vantajoso para o recetor ilegítimo).
Secrecy against illegitimate actors always been a concern mainly with the growth of wireless devices, since it is not possible to direct a transmission to a given single receptor. Though modern cryptography helps to ensure secrecy in a communication it settles on the premise of "computer power infeasible" to rely on the impossibility of breaking some cryptographic scheme. The information-theoretically secure schemes are unbreakable, however, are unpractical due its constraints. That said, in the past few years there have been efforts on physical layer security to act as a complement of the already existing and implemented modern cryptographic schemes in order to improve security of a communication.Recently it was proposed a coding for secrecy scheme called as Scrambled Coding for Secrecy with a Hidden Key (SCS-HK) which relies on scrambling the information with a random key, followed by encoding them together with an error correction code. Some of the bits of the resulted codeword are erased before the transmission to guarantee that only the legitimate receiver can correctly recover the message, and therefore, recover the key to descrambler into the original information. This scheme takes into account there is a wiretap channel, which assumes a better signal-to-noise ratio of the legitimate receiver's channel than the eavesdropper's channel, which enables the legitimate receiver recover the erased bits.This advantage of the legitimate receiver over illegitimate one is difficult to assure all times, leading to the emergence of cooperative jamming schemes, where another transmitter helps to degrade the eavesdropper's channel. However, this type of schemes has some drawbacks like synchronization, willingness of cooperation by the helper since he has to spend his own energy to make others secure and also can degrade the legitimate receiver’s channel. In this work, we address these drawbacks by proposing the use of the receiver as interference generator and consequently increasing security on a communication. Additionally, this removes a third-party dependency (resolves the willingness for cooperation), helps to solve the synchronization problem and it facilitates the removal of interference, because the receiving device knows the characteristics of the interference signal being generated. In this work is used GNU-Radio and the Universal Software Radio Peripherals (USRP) B210 to develop the envisioned scheme.In this thesis it is presented: 1) Design and implementation of an adapted SCS-HK scheme; 2) Implementation of an interference generation scheme by the legitimate receiver, and of the synchronization and Self-interference cancellation mechanisms/algorithms (the Least Mean Squares, Normalized Least Mean Squares, Recursive Least Squares and QR Decomposition Recursive Least Squares are studied); 3) Experimentation and evaluation of the SCS-HK scheme and the noise generation by the receiver, independently and combined, for a set of scenarios (one fair, one advantageous to the legitimate receiver and another advantageous to the illegitimate receiver).
Outro - This work was funded by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Lisbon under Grant POR LISBOA 2020, by the Competitiveness and Internationalization Operational Programme (COMPETE 2020) of the Portugal 2020 framework [Project 5G with Nr. 024539 under Grant POCI-01-0247-FEDER-024539], and by FCT/MCTES through national funds and when applicable co-funded EU funds under the projects UIDB/EEA/50008/2020, PES3N (SAICT-45-2017-POCI-01-0145-FEDER-030629), SWING2 (PTDC/EEI-TEL/3684/2014).

Three novel approaches that are based on a recent communication technique called time compression overlap-add (TC-OLA), are introduced into pulse compression (PC) radar systems to improve the radar waveform shaping and enhance radar performance. The first approach lays down a powerful framework for combining the TC-OLA technique into traditional PC radar system. The new TC-OLA-based radar obtained is compared with other radars, namely traditional linear frequency modulation (LFM), and wideband LFM which has the same processing gain under different background situations. The results show the superiority of the proposed radar over the others. The second approach combines a random phase noise signal with a selected radar signal to build a new radar system, SSLFM radar, that enjoys the low-probability of intercept property, and, therefore, has higher immunity against noise jamming techniques compared with other radar systems. The properly recovery of the transmitted signal, however, requires a synchronization system at the receiver side. In this dissertation, we propose three synchronization systems each having different pros and cons. The last approach takes the radar waveform design methodology in a different direction and proposes a novel framework to combine any number of radar signal and transmit them simultaneously. Instead of trying to achieve universality through waveform shaping optimization, we do so via pluralism. As a proof of concept, all the proposed radars have been implemented and tested on software-defined radar (SDR). The theoretical and the experimental results showed the superiority of all proposed radar systems. Since TC-OLA is fundamental to this work, we add a chapter to propose a new technique called downsample upsample shift add (DUSA) to address the limitations of the existing implementation of TC-OLA.
Graduate

碩士
國立成功大學
土木工程學系碩博士班
98
In the present study, the EDEM simulation package, which is based on the discrete element method, is employed to study the effects of the aspect ratio on the jamming processes of a dry elliptic granular matter flowing from a two-dimensional hopper. In the simulations’ the aspect ratio is taken as the primary simulation parameter, while the volumes of the elliptic particles are kept unchanged at different aspect ratios. Numerical simulations show that the jamming probability increases as the aspect ratio increases. This is due to the facts that arching near the opening of the hopper is easier to be found in elliptic grains. In addition, it is also found that the average volume flow rate decreases as the aspect ratio increases.