The problem of selecting users for downlink and uplink multi-user simultaneous transmissions was studied from two perspectives. From one side, we looked at how a smart jamming attacker can leverage different levels of knowledge about the communication protocols being used to maximize the DoS damage while minimizing the probability of attack detection. From the other side, we analyzed how different user selection policies can affect the throughput and fairness of the wireless network in novel ways. We used a WLAN network emulator for the multi-antennas, simultaneous transmissions system, and real traffic being generated by COTS devices to run this experimental study.
The main objective of this project is to find, analyze and understand the novel aspects brought to the security and performance of wireless networks with simultaneous multi-user transmissions, which is one of the strongest sources of gains in the massive MIMO technology.
We consider a WLAN scenario in which the AP has a large number of antennas, NAP, and many associated clients, M, where NAP is much larger than M, and the number of antennas at the clients is small compared to the AP. On top of that, we analyze the more realistic scenario where traffic is arbitrarily split among all associated users, and each user maintain one or more non-saturated flow with remote servers through the wireless link. On such case, to fully utilize the channel and multi-antenna capacity of the communication system, it is essential to utilize simultaneous multi-user transmissions between the AP and group of stations that have backlogged traffic. In the extreme case in which clients have a single antenna each, for every transmission, the access point must communicate with NAP simultaneous clients to achieve a transmission rate as close as possible to the system capacity.
We analyze the possible attack strategies that a smart jammer could employ to disrupt modern wireless communication links without being detected. Our main assumption on the attacker is that it has extensive knowledge about one or more protocols which are used in the wireless system. The TCP/IP network stack implemented in the WLAN standards for communication between clients & AP across multiple layers with dedicated functionality. Thus, a malicious user, Jammer/Mallory, with certain control plane information can potentially degrade the communication between the legitimate users. Using this knowledge, the attacker tries to identify key over-the-air transmissions to jam in order to maximize the disruption effects with respect to the number of packets jammed. We run an empirical evaluation of multiple jamming policies to understand the effect of each of them and gain insights into possible strong attacks that may be launched by such attacker.
On the performance side, we look at the problem of user triggering for uplink multi-user transmission with respect to traffic availability. Previous work has focused on fundamental problems of channel estimation, pre-coding, and user coordination based on physical layer aspects. We focus on the problem of multi-user transmissions with real network traffic, and the challenges that it poses for simultaneous uplink transmissions. Since in real networks each user has, or doesn’t have, traffic at any arbitrary time, with varying amount of backlogged payloads, the problem of selecting users for an uplink multi-user transmission requires a complex coordination process. We take an empirical approach to this problem and use an emulation platform to measure the performance of various user triggering algorithms under real network traffic. We measure the performance in the form of per-user throughput, average delay, and more to compare each family of algorithms and gain insights into factors that most affect the efficiency of uplink multi-user wireless systems.
The simultaneous multi-user transmissions security and performance analysis initiative is in its early stages, but several insights into novel behaviors of the system were already gained.
The security experimental analysis is all performed in the context of an 802.11ac WLAN with a single access point (Alice) and many associated clients (Bobs). The jammer (Mallory) is positioned within the BSS and has radio capacity comparable to Bobs. Mallory knows that Alice and the Bobs communicate in a wireless network compliant with the 11ac protocol and use the 802.11 control frames to coordinate multi-user transmissions. Additionally, Mallory can identify the type of ongoing frame transmissions and decide to jam or not the transmission.
In our experiments we selected different types of control frames to jam in each run and analyzed the individual effect. The results confirm that jamming certain control frames can be more efficient than jamming data frames, aggreging with precious work. But we also observe that some types of control frame produce a higher level of disruption to the communication channels than others. More specifically, starting from the lowest interface, i.e., link + PHY layer, Mallory jams control frames like, MAC ACK, channel setup frames, MAC DATA to degrade the throughput the effects of which propagate till the transport layer. At transport layer, Mallory jams the TCP handshake frames partially to slow down the connection establishment process or completely jam TCP handshake to terminate it completely. Such jamming schemes might impact the application layer performance because every application process has to successfully complete the TCP handshake before actual data transfer can happen. Additionally, at application layer the control messages constitute http request/response which if jammed, will further disrupt the end-user process by increasing the download/upload time. For example, jamming at application layer for a few milliseconds can increase the application download time by 5-7 times.
On the performance side, we gained insights into new behaviors that emerge in the wireless network with the introduction of uplink multi-user transmissions. First, we observed a novel tradeoff relationship between multi-user uplink transmissions and frame aggregation in the context of 802.11ax. The two features have the common goal of increasing the spectrum efficiency and offsetting overhead of the MAC coordination. However, because of the need for a backlog communication between each user and the AP, and the implicit report mechanism defined by the protocol, the mechanisms offset the gains of each other. The implicit report mechanism depends on the slow change of the backlog between transmissions, but the frame aggregation can favor emptying queues in a single channel access. Second, the balance between uplink and downlink traffic has a large effect on the performance of uplink multi-user transmissions. Namely, TCP and other reliable transport protocols rely on acknowledges sent on the opposite direction of data to guarantee the correct transmission of information. Because of that, even in a download-heavy traffic scenario the uplink multi-user transmissions have strong impact on the performance of the applications running on the link.
Publications
C.-Y Yeh and E. Knightly, “Eavesdropping in Massive MIMO: New Vulnerabilities and Countermeasures,” IEEE Transactions on Wireless Communications (in press).