Frequency jamming is the fiercest attack tool to disrupt wireless communication and its malicious aspects have received much attention in the literature. Yet, several recent works propose to turn the table and employ so-called friendly jamming for the benefit of a wireless network. For example, recently proposed friendly jamming applications include hiding communication channels, injection attack defense, and access control. This project investigates the practical viability of friendly jamming by applying it in a real-world network.
We developed a friendly jamming application on customer grade access points (the cheap WRT54GL, skip text and download here) and conducted a three weeks real-world study on the jammer's performance and side-effects on legitimate traffic (the cost of jamming) in a university office environment. Our results provide detailed insights on crucial factors governing the tradeoff between the effectiveness of friendly jamming (we evaluated up to 13 jammers) and its cost.
Our results characterize classical jamming performance metrics such as the hit ratio on a large scale, but also address a quantification of the cost of friendly jamming: negative side effects that impair the channel of legitimate background transmissions.
One important factor of the cost of friendly jamming is the power amplification effect: friendly jamming can significant increse the interference radius of a jamming-target's transmission. This effect effectively doubled the packet loss of legitimate background transmissions in our experimental setup -- a significant value under realistic deployment conditions.
These results, many more, and an additional simulative study of the detailed jamming success factors can be found in the 2014 WiSec paper Gaining Insight on Friendly Jamming in a Real-World IEEE 802.11 Network.
Friendly Jamming Firmware
The "friendly jamming" firmware was designed to study forced collisions of frames: frames transmitted by a specific node/target collide with specific jamming frames sent by a specifically configured WRT54GL. The "friendly jamming" firmware monitors a channel until it detects a frame signature from the target (e.g., based on the MAC address, or triggered by any bit in the frame). Then, it immediately stops receiving the remaining part of the frame and starts transmitting a jamming signal (which is actually a valid IEEE 802.11 frame).
To simplify reproducing our experiments we distribute a precompiled friendly jammer platform as is. This targets the Linksys WRT54G(L) access point series. If you have a few of them, you can start immediately.
Download our preconfigured OpenWRT image here and follow the instructions over at the Openwrt website to flash it to your hardware. Then, follow this README to learn how to configure the "Friendly Jamming" AP built on top of the WRT54GL.
|Ready-to-flash image for WRT54GL with full friendly jammer firmware and friendly jamming toolset||openwrt-brcm47xx-squashfs.trx||2.4M|
|README file for configuration of friendly jammer image||README.jammer||2.8KB|
You will (most likely) need our help to set up the b43-assembly compiler suite in order to work with the source code. We ask you to drop an email to Openfwwf. We will be happy to send you an access link.
- total measurement period 29 days: Nov 14 to Dec 13
- deployed in floor with student labs and faculty offices
- roughly 33mx15m jammer deployment area, 85mx20m monitor deployment area
- 24/7 monitoring of all traffic (pcap) at three positions
- 24/7 monitoring of received attacker (to-be-jammed traffic) with seven receivers
- TBJ to-be-jammed traffic from STA:linksys11 (iperf client) to AP:linksys05 (iperf server)
- ABG artificial background traffic from STA:linksys10 (iperf client) to AP:linksys14 (iperf server)
- STA applies round-robin rate selection, no retransmits, 802.11g conform medium access
- channel 6, real-world traffic of legitimate university wifi users
- additional artifical traffic on randomly-selected adjacent channels
|a description of the measurement data in order to get you started||MeasurementDescription.pdf||296KB|
|measurement data sample with a random selection of 13 micro experiments, including pcaps||13sample.tar.gz||250MB|
|sample with a random selection of 100 micro experiments, with pcap-headers in csv||100sample-withoutpcaps.tar.gz||153MB|
These are measurement samples, which should give an initial idea on the data collected and what can be done with it. In order to obtain the full 350GB of raw measurement data, post your affiliation, and instructions on how to connect to (e.g.) an SFTP server running in your institution to Openfwwf.
The research leading to these results was partially funded by the EU's 7th Framework Programme under grant n.258301 (CREW).