Transcript
University Of Connecticut Department of Electrical and Computer Engineering
ECE 4901 Fall 2014
Underwater Acoustic Networks (UAN) Security Project Proposal
Team 1518 Robert Draper (EE) Michael Kowalski (EE) Daniel McCulley (EE) Advisor: Shengli Zhou
1
Introduction Underwater Acoustic Networks (UANs) are underwater information networks that use acoustic wave propagation as a medium for information transfer between modems. UANs (Figure 1, below) are a wireless alternative to wired network underwater networks, which can be costly and inconvenient due to installation of underwater cabling. As UANs are wireless networks, they are subject to noise transmitted in parallel through their medium of choice. Underwater acoustic signals are subject to different sources of noise than electromagnetic signals transmitted through the air, notably the effects of multipathing, water viscosity and sediment absorption of power. Multipathing involves the transmitted signal bouncing off the walls of the environment and the surface of the water, increasing the time it takes a signal to reach the receiver based on the path the signal takes. Combined with the propagation delay of water, a transmitted signal can arrive quickly from one direction but slower from another, and confuse the router. Sediment absorption and water viscosity causes significant power loss in high frequency signals. High frequency signals (those above 100kHz) are quickly absorbed due to friction associated with the viscosity of water, and ionic relaxations of boric acid (up to 10kHz) and magnesium sulfate (from 10kHz to 100kHz). These properties of water in a natural environment causes underwater acoustic signals to use only low frequency channels, limiting them in terms of the ability to switch between different channels for improved communications. Accounting for these types of noise are essential to implementing an effective UAN as too much noise in the system can corrupt, or outright prevent, the signal during transmission.
Figure 1: Generalizes Underwater Acoustic Network These potential noise variables can be simulated in a controlled environment using an underwater signal jammer. Using software programs like Matlab can allow a user to control the
2
signal transmitted through the jammer with a high degree of control. High environmental noise can be simulated through the jammer by programming it to transmit signals at higher power, as well as low environmental noise with lower power. Simulated environmental noise can give a baseline to combat noise in the natural environment with anti-jamming techniques when the simulated noise is properly calibrated. Due to the wireless nature of UANs, they are also subject to malicious signal jamming attacks by a third party. This can be implemented with an underwater signal jammer, as the jammer can provide an effective means of data corruption and loss between modems on the network due to their ability to generate signals of varying frequencies. This can be used to interrupt and block data channels, or corrupt data being transmitted. Various techniques of jamming can be applied to the system with varying degrees of success on data corruption during transmission. Background This project seeks to expand on previous project research of the UAN modulation schemes Frequency Shift Keying (MFSK), Direct Sequence Spread Spectrum (DSSS), Sweep Spread Carrier Technology (S2C), and Orthogonal Frequency Division Multiplexing (OFDM) and the effect of intentional jamming by placing emphasis on testing in natural underwater environments, as to better reflect operating conditions for a UAN. Furthermore, this project seeks to test cooperative jamming techniques and their effects on the aforementioned modulation schemes. There is limited contemporary research on the effects of cooperative jamming strategies on a wireless communication network, particularly on UANs. Various factors can affect the result and efficiency of collaborative jamming due to the chosen signal medium of open environment water. Experimentation and analysis of results can yield important factors when considering the security against malicious attacks against a UAN. Finally, this project seeks to explore and implement potential anti-jamming strategies to increase UAN security. Security is of the utmost importance in networking, and underwater networking is no exception. Underwater acoustic networking is expensive, and is generally associated with expensive processes, such as Autonomous Underwater Vehicles (AUVs) tracking and communication, underwater research, underwater construction, and diver navigation. Successful implementation of security can be the difference between project success or expensive, and potentially deadly, failure. Hardware There are five modems that are part of our research, three of which have already been tested and two more that will arrive. Figure 2 shows the 5 modems we will be using. The jamming setup consists of two modems, a jammer, and a hydrophone, all connected to one or more computers as seen in Figure 3. The first modem is the LinkQuest UWM200H modem which uses DSSS communication. The second modem is the AquaSeNT modem which uses OFDM communication. The third modem is the Teledyne Benthos ATM-885 modem which uses 3
MFSK technology. The two modems that have yet to be tested are the Evologics modem which uses S2C communication and the DSPCOMM modem which uses DSSS communication. These modems are connected to the computer by RS-232 cables and controlled by terminal programs such as CuteCom, Hyperterminal, or Tera Term. The jammer is connected by audio cable to a NI USB 6211 Data Acquisition sampling card which is controlled by Matlab to produce analog waveforms that are then output by the jammer. The Hydrophone records the activity in the water and is connected to a preamplifier which filters out low frequency noise and that is connected to a NI USB 9215 Data Acquisition sampling card to input the hydrophone data into Matlab. This setup allows us to use Matlab to create waveforms for the jammer to output as an acoustic wave. We also have precise control of the timing of the jamming attack so we can reliably target individual sections of the message. We plan to expand our setup by using a Linux computer to control SeaLinx, a tool for network protocols designed for use with the underwater acoustic modems. We will then connect the modems and possibly another hydrophone to the Linux computer which will then control the network protocol for the modems so we can test antijamming measures. We will also use wireless radio controlled buoys for testing the modems on the lake. All the equipment is powered by twelve volt batteries that can be used in field tests.
Figure 2: The Underwater Modems.
4
Figure 3: The setup for our research. This can be controlled by one computer or several. Lake Field Testing In order to properly test the security of UAN’s the vulnerabilities must be tested in real conditions. The optimal conditions in the lab do not take into account ambient noise conditions and longer distance communication conditions. One of the challenges of communicating with UAN’s is the long propagation delay for the acoustic signal. Based on the water’s temperature, pressure, and composition, the acoustic wave will travel at different speeds around 1500 m/s. This is much slower than electromagnetic waves and it will cause problems in communication. This may also cause problems with jamming, as the power of the jamming signal will decrease with distance and the propagation delay may make targeted jamming more difficult. Noise will also be a factor, making the modem communications more difficult and possibly adding to our jamming attack’s effectiveness. To properly test in real conditions we will perform a field test at the Mansfield Hollow Lake. The first thing to consider for the test is properly waterproofing all of our equipment and making sure all of our equipment can be used with portable batteries at the lake. The jammer currently is not properly waterproofed and a special cap and connector must be made so it can be 5
sealed. The modems will be controlled by using a wireless communication setup with several wireless buoys in the lake. Once preparations are completed we will test several variables with our setup. First we will test to see how the power of the jammer and modems decreases with distance. Second we will test to see how long the delay is for increased distance and compare that with the speed of sound. After that we will test if the jamming methods we used in the lab still work in the lake and modify them for delays and power dissipation. If they are not as effective we will try to design our collaborative jamming setup to compensate for these variables. Finally we will test if we can still detect the signal with the hydrophone by amplitude threshold. These results will inform us on whether other forms of signal detection are necessary in real conditions or if other forms of detection are necessary such as correlation. Testing in the lab shows that the signals tend to take a relatively long time to complete their communication. This means that propagation delays may not hinder targeted jamming very much because the jammer will be able to react quicker than the transmitter will be able to transmit the message, but at extreme distances the delay may be long enough for the targeted jammer to miss the packets. Signal packets generally take around 0.2 seconds to transmit, as shown in Figure 4, which means the jammer would have to be 300 meters away to miss the entire packet if it detects the signal immediately as it is received by the modem. However if the jammer is between the modems then propagation will not hinder the jamming attack because it will detect the signal before it is received. If the jammer detects the signal after the modem has begun receiving then the distance would have to be shorter to accommodate.
Figure 4: The packets of the signal tend to be long when compared to radio communications. With the slow speed of sound, delays can be large over distances of only several hundred meters. Testing New Modems Two new modems will be tested as part of our research. One of the modems is from DSPCOMM, which uses Direct Sequence Spread Spectrum to transmit. Previous research has
6
already been done upon the LinkQuest modem, which also used DSSS technology. DSSS technology spreads the signal over a larger frequency range for transmission and then recondenses it by using a special code. DSSS theoretically is very resilient to single frequency jamming attacks as the attack would be spread and have less strength, however previous research showed that the LinkQuest modem was easy to jam, but its network handshaking protocol, shown in Figure 5, made up for this by restarting communications when the signal failed to be received. The DSPCOMM modem may prove to be more resilient than the LinkQuest modem and it may also use a different network protocol. This must be tested for vulnerabilities and compared to the LinkQuest modem.
Figure 5: The handshaking used by LinkQuest has the receiver acknowledge that packets shown in blue are received by sending out pulses shown in pink The other modem that will be tested is the Evologics modem. Evologics uses its own patented communication scheme, Sweep Spread Carrier, which was developed by observing dolphins and whales and mimicking the way they communicate. This technology is resilient to noise and multipathing, but it must be tested against intentional jamming attacks. The same testing procedure shall be done to test the new modems as was done for the other modems. First the signals will be jammed with continuous sine waves at single frequencies to compare which frequencies are more effective for jamming, the results for the first three modems are shown in Figure 6.
7
Figure 6: Maximum SNR for Benthos (most resilient), AquaSeNT, and Linkquest. The modems will then be tested with frequency sweeps across its bandwidth and pulse jamming to see if they are more or less resilient to these attacks. Finally we will then target the different sections of the communication to see which parts are the most vulnerable to attack and therefore need more resiliency. Anti-Jamming The research we do on jamming is not primarily to devise a more effective jamming device but to find vulnerabilities in the modem communication. Once the vulnerabilities are analyzed we can theorize anti-jamming techniques to combat these weaknesses. There are several layers in which we can try to improve the resiliency of the signal. We can improve the physical layer of communication which is the basic transmission of the bits in the signal blocks. This can be done by adding redundancy and error correction to the code. We can improve the transport layer of the communication by adding handshaking and other protocols to achieve 8
jamming detection and mitigation. Finally we can use network layer protocols to route messages through different modems to bypass areas with high interference. Our project will focus on implementing a handshaking procedure into the link layer of the AquaSeNT modems. This will be implemented by having the receiver modem acknowledge the packets from the transmitter as they are received. If the transmitter doesn’t receive this acknowledgement it will know jamming is disrupting communications. By detecting the jamming attack the modem will compensate by initiating anti-jamming measures. The first antijamming measure we can implement is simply scaling the power up. By increasing the power of the signal we can reduce the effectiveness of the jamming attack. The jamming detection allows us to be more efficient by only expending more power if a jamming attack is detected. We will then theorize other anti-jamming measures to be implemented into this protocol. We will use the SeaLinx programming tools to modify the protocols of our modems. The LinkQuest modems already use this handshaking to increase the resiliency of the network but we want to adapt it to the higher bit rate AquaSeNT modems. The LinkQuest protocol doesn’t include adaptive power scaling but does resend the data as shown in Figure 7.
Figure 7: The LinkQuest modem re-sending the data after detecting the jamming attack. The Receiver requests the data upon detecting its corruption by sending a longer acknowledgement and the transmitter sends the data again.
9
Collaborative Jamming Cooperative jamming is the use of two or more jamming signals in an attempt to further increase the difficulty or corrupt information transfer between a modem and a receiver. As there is little concrete research on the effect of collaborative jamming, experimental implementation of collaborative jamming in a UAN is necessary to more fully understand its effects. Jammer distances between modem and receiver are important due to the propagation delay of signals underwater, as jamming signals that arrive before or after the signal they intend to jam will have a limited effect. Distance between the jammers and where they intersect is also important, as jamming signals with the same frequency that are in phase can jam a signal with double the power and can further reduce the signal to noise ratio of the information signal. This is known as constructive interference. However, if the area of intersection causes the jamming signals to be pi radians out of phase, then the jamming signals can cancel out and leave the information signal undisturbed. This is known as destructive interference. Figure 8 shows constructive and destructive interference.
Figure 8: Constructive vs. Destructive Interference Another consideration of cooperative jamming is the effect they will have on the general noise of a natural underwater environment. Signal multipathing from an underwater modem to a receiver is a well-known communication problem without the addition of any sort of jamming signal being introduced to the network. With two jamming signals being used cooperatively, more signals are present in the environment and can add to the multipathing issue. Cooperative jamming can also be used to shut down multiple frequency channels at once in an attempt to blindly jam a signal. Since information signals are limited to lower frequencies (10Hz to 1MHz), as opposed to topside signals with radio frequencies (3kHz to 300GHz), jammers can randomly emit these lower frequency signals in an attempt to block channels of communication. This form of jamming can also be reactive, with jammers reacting to detected 10
information signals and denying the modem and receiver the ability to freely switch to another acceptable channel. We will try to implement collaborative jamming by syncing two jammers together. By using wireless transmitters above water, we will be able to sync the two jammers together, allowing a jamming signal with up to twice the power. Figure 9 shows the basic setup we plan to utilize. By controlling distances d1 and d2, we can determine the optimal position of the jammers. It is difficult for the two signals to be exactly pi radians out of phase, so destructive interference can be minimized.
Figure 9: Collaborative Jamming Budget Our senior design team will be working closely with the UConn Underwater Sensor Network Lab (UWSN) which will supply us with most of the materials necessary to construct our testing setup and apply it in the lab and in the field. In addition we were appropriated $1000 dollars of budget that is given to all senior design teams. Some equipment that is necessary for our project include laptops to control the testing setup in the field, materials to waterproof the custom jamming device, radio equipment for collaborative jamming, and a Linux desktop to work with SeaLinx for anti-jamming measures. Other equipment such as power supplies,
11
function generators, multi-meters, soldering machines, basic circuit equipment, and batteries have been made available to us by the UConn UWSN lab. The modems and the jammer are property of the UWSN lab.
Timeline of Events
12
