Air Force

Improved security monitoring and defenses for wireless personal area networks

Preamble manipulation enable multi-factor authentication, intrusion detection, and transceiver type fingerprinting

Communications Software & Information Technology

Demonstration setup (joining device authentication)

Low-rate wireless personal area networks (WPANs) on the IEEE 802.15.4 specification enable energy-efficient connectivity among large numbers of devices. Low implementation costs associated with WPAN interconnectivity has led to widespread adoption, particularly in critical infrastructure and military applications. For instance, ZigBee standards built upon this WPAN foundation operate advanced utility meters, over 65 million of which are deployed in the United States.

Building automation WPANs interface with the smart grid to significantly reduce energy costs through intelligent appliance and lighting control. WPANs are utilized in health care networks, indoor localization, and critical process controls.

With this ubiquity and accessibility comes concerns over data confidentiality, message integrity, and device authentication. Properly securing low-rate WPANs is challenging due to tight resource constraints. WPAN hardware is generally designed to be as inexpensive as possible, and tamper resistance was not an early vendor priority. For example, first and second-generation ZigBee chips were found to be vulnerable to encryption key extraction. Further, flash memory available for application development is typically limited to less than 100 kB, e.g., 48 kB on the TmoteSky mote and 60 kB on the Freescale MC13213. With flash at a premium, some application developer guides discourage the use of security. Security headers increase packet overhead, expending additional wireless transmission energy and presenting a trade-off for WPANs reliant upon battery power. IEEE 802.15.4 leaves security key establishment to higher layers, such as the ZigBee stack, yet the entire WPAN can be compromised if keys are mishandled.

Air Force scientists are beefing up security around WPANs through precise manipulation of the physical layer preamble (or header) – the initial signal used in network communications to synchronize transmission timing between systems. With this approach, when soliciting acknowledgments from wireless devices using a small number of packets with modified preambles, a response pattern identifies the true transceiver class of the device under test. Preamble manipulation enables wireless multi-factor authentication, intrusion detection, and transceiver type fingerprinting

In operation, the standard physical layer (PHY) preamble is modified by the joining device to a preamble that can be received by the coordinating device having an expected hardware configuration. The modified PHY preamble is transmitted to the coordinating device with an association request by the joining device. If a response containing an association response from the coordinating device is not received by the joining device, the hardware configuration of the coordinating device is determined to not be the expected hardware configuration.

Do you have questions or need more information on a specific technology? Let's talk.

Contact Us