Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Jamming Zigbee for Under $100 Jacob Brodsky, PE Control Systems Engineer WHY? Need Test Equipment to Validate Path Include built in diagnostics Denials of service will happen What will a control system do? Can you figure out why it happened? Would you rather find out the hard way? ISM Band Industrial Scientific Medical use 47 CFR 15.5 (b) Must shut down if interferes with licensed service Must accept interference from anywhere No legal recourse if it fails If you want legal recourse, contact UTC Get a License! Just Zigbee? Zigbee physical layer is IEEE 802.15.4 Used by 6LoWPAN Used by ISA-100.11a Same band includes 802.11b/g Bluetooth Lots of other proprietary stuff Protocols for This Experiment Not designing production devices 47 CFR 15.23 “Home Built Devices” Good Engineering Practice 47 CFR 15.247 (a) (3) & (4) Keep This REALLY simple Descriptions herein are prototypes Could be made for about $50 in quantity Not giving explicit details Definitions dBm: Decibels referenced to 1 milliWatt dBm = 10 log (Pmw/1mw) 0 dBm = 1 mW +6 dBm = 4 mW +30 dBm = 1 Watt One Decibel Compression Point (P1db) Power Output amplifier gain begins to limit Frequency Modulation For large modulation indexes sidebands appear over wider and wider spectra Sidebands are modulation frequency apart Some will null out How Jam Everything On 2.4 GHz Make a sideband on every channel Channels are 5 MHz apart IEEE 802.15.4 Passband is only 2 MHz wide Requires frequency accuracy May have a null on channel Guarantee a sideband in each passband More sidebands required Slightly less power per sideband Use modulating frequency of around 1 MHz Wide Deviation/High Index Voltage Controlled Oscillator A Low Noise/Medium Power Amplifier: P1db > +20 dBm Our High Tech Soldering Our First Test Rigs Purchased prefabricated units Could build our own, but let’s keep this simple Connectors make prototyping easy SMD soldering not hard with a toaster oven Our First Portable Jammer The Portable Jammer Spectra Results: Very Effective Works against 802.11b/g Works against Zigbee and 802.15.4 Can even jam ISA-100 Channel hopping may offer some resiliency Communications statistics not easily read As long as our noise is comparable strength, it will fail Works against Bluetooth Clear Channel Availability Play Nice: If energy present on channel above minimal threshold, inhibit transmitter What you hear may not be what the receiver hears “Dusty” networks can be jammed If you don’t talk, nobody will hear you Questionable Efficacy –especially in control applications Why CCA Doesn’t Always Work Receiving Antenna Transmitting Signal Other signals Other Types of Jammers Noise makers are easy to find if you know what you’re looking for Repeater jammers are NOT They only radiate when there is a signal Re-radiated signal can be offset by some frequency to confuse receiver Very Effective and efficient with power Good Luck finding it An Oversimplified Repeating Jammer TX antenna Receiver Antenna LPF I/Q Split Voltage Controlled Oscillator Still more methods Listen for specific address and transmit on top of it This has been done with Zigbee already Also very difficult to find Use three 802.11 transmitters and broadcast continuous trash on the band Who would know the difference? What Is Needed: RSSI and Signal to Noise in every node A “Wireless” Service Monitor Monitor signals on the air Monitor signal strength Generate known good interrogations If in a mesh, keep track of signal propagation path Beware of critical nodes Do Not Assume the Signal Will Get Through! Channel Hopping is more robust, HOWEVER Data rate will drop significantly while hunting for new channels Jammers can be adaptive too Retries are incredibly inefficient Forward Error Correction codes are better LDPC Turbo Codes Cryptography can authenticate messages, but… It can’t do much if it never gets the message Questions?