Threat and Application of Frequency-Agile Radio Systems
As traditional wireless systems that only operate on fixed frequency bands are reaching their capacity limits, advanced frequency-agile radio systems are developed for more efficient spectrum utilization. For example, white space radios dynamically leverage locally unused TV channels to provide high-speed long-distance connectivity. They have already been deployed to connect the unconnected in rural areas and developing countries. However, such application scenarios are still limited due to low commercial demand. Hence, exploring better applications for white space radios needs more effort. With the benefits come the threats. As frequency-agile radio systems (e.g., software-defined radios) are flexible and become extremely low-cost and small-sized, it is very convenient for attackers to build attacking tools and launch wireless attacks using these radios. For example, civilian GPS signals can be easily spoofed by low-cost portable spoofers built with frequency-agile radio systems. In this dissertation, we study both the threat and application of frequency-agile radio systems. Specifically, our work focuses on the spoofing threat of frequency-agile radio towards GPS-based systems and the application of TV white space radio for ocean communications.
Firstly, we explore the feasibility of using frequency-agile radio to stealthily manipulate GPS-based road navigation systems without alerting human drivers. A novel attacking algorithm is proposed, where the frequency-agile radio transmits fake GPS signals to lead the victim to drive on a wrong path that looks very similar with the navigation route on the screen. The attack's feasibility is demonstrated with real-world taxi traces in Manhattan and Boston. We implement a low-cost portable GPS spoofer using an off-the-shelf frequency-agile radio platform to perform physical measurements and real-world driving tests, which shows the low level of difficulty of launching the attack in real road environment. In order to study human-in-the-loop factor, a deceptive user study is conducted and the results show that 95% of the users do not recognize the stealthy attack. Possible countermeasures are summarized and sensor fusion defense is explored with preliminary tests.
Secondly, we study similar GPS spoofing attack in database-driven cognitive radio networks. In such a network, a secondary user queries the database for available spectrum based on its GPS location. By manipulating GPS locations of surrounding secondary users with a frequency-agile radio, an attacker can potentially cause serious primary user interference and denial-of-service to secondary users. The serious impact of such attacks is examined in simulations based on the WhiteSpaceFinder spectrum database. Inspired by the characteristics of the centralized system and the receiving capability of cognitive radios, a combination of three defense mechanisms are proposed to mitigate the location spoofing threat.
Thirdly, we explore the feasibility of building TV white space radio based on frequency-agile radio platform to provide connectivity on the ocean. We design and implement a low-cost low-power white space router ($523, 12 watts) customized for maritime applications. Its communication capability is confirmed by field link measurements and ocean-surface wave propagation simulations. We propose to combine this radio with an energy harvesting buoy so that the radio can operate independently on the ocean and form a wireless mesh network with other similar radios.