Understanding and Mitigating the Impact of RF Interference on 802.11 Networks
We study the impact on 802.11 networks of RF interference from devices such as Zigbee and cordless phones that increasingly crowd the 2.4GHz ISM band, and from devices such as wireless camera jammers and non-compliant 802.11 devices that seek to disrupt 802.11 operation. Our experiments show that commodity 802.11 equipment is surprisingly vulnerable to certain patterns of weak or narrow-band interference. This enables us to disrupt a link with an interfering signal whose power is 1000 times weaker than the victim’s 802.11 signals, or to shut down a multiple AP, multiple channel managed network at a location with a single radio interferer. We identify several factors that lead to these vulnerabilities, ranging from MAC layer driver implementation strategies to PHY layer radio frequency implementation strategies. Our results further show that these factors are not overcome by simply changing 802.11 operational parameters (such as CCA threshold, rate and packet size) with the exception of frequency shifts. This leads us to explore rapid channel hopping as a strategy to withstand RF interference.We prototype a channel hopping design using PRISM NICs, and find that it can sustain throughput at levels of RF interference well above that needed to disrupt unmodified links, and at a reasonable cost in terms of switching overheads.
| Attachment | Size |
|---|---|
| sigcomm07.pdf | 520.25 KB |
RSS and CS
I enjoyed the paper. Two comments:
In tests such as this, I would have preferred to see a much more controlled environment. The tests were parameterized in terms of “transmit power”; what matters – of course – is the signal strength at the receiver of the various signal sources. As this is not reported in the paper, I am left wondering what it actually was. A particular concern is that when attempting to control transmit power by attaching hardware attenuators, signals will leak out into the air before they even have a chance to be attenuated. My experience is that anything close to 0 dBm requires extensive shielding if one expects to eliminate this leakage effect. -20 dBm would almost certainly require excellent shielding. Reporting measured signal strength at the receiver instead of transmit power would eliminate this problem or at least give assurance that the signals were isolated.
This paper discusses at length the ill effects of interference on a receiver. I found the discussion to be quite interesting. Unfortunately, however, the paper seemed to assume without proof that the degradation in throughput due to interference was due to the receiver-side effects discussed. Without strong proof, I am inclined to believe that the major cause of degraded throughput may simply be the 802.11 carrier sense mechanism which is only very briefly mentioned in passing. If carrier sense is the cause, then the results observed are not a “surprising” flaw, but a conscious design decision. I think pinning down the cause rigorously is important in order to allow future work to focus on the right direction.
Thanks for your insightful
Thanks for your insightful comments.
Regarding your first question, we did measure the interference power at the receiver. We don't show them as the x-axis values of the graph because the readings at the receiver were non-uniform: for example, an emitted interferer power of 0dBm could correspond to reported received power of -35dBm, while interferer power of 8dBm corresponds to reported power of -21dBm, which we suspect is because of non-uniform sensitivity. Since this would skew the graphs, we show the trend using a uniform scale for the x-axis, while describing the actual numbers as part of the SINR model (Section 5.2).
Regarding your second question, we made sure interference-specific losses rather than CCA deferrals were not the main cause of low throughput, as explained in each of the interference-pattern sections (Sections 4.1--4.3).
In general, I agree that acquiring a deeper understanding of interference causes and effects, perhaps by using wireless channel emulators, would be useful future work.
Just to be clear: while I
Just to be clear: while I agree - of course - that an emulator would be the ideal solution, conducting controlled versions of these experiments requires little more than two RF cables and an attenuator.
Paper Abstract and PDF
The abstract and PDF seem to be missing for some reason.
Abstract: We study the impact on 802.11 networks of RF interference from devices such as Zigbee and cordless phones that increasingly crowd the 2.4GHz ISM band, and from devices such as wireless camera jammers and non-compliant 802.11 devices that seek to disrupt 802.11 operation. Our experiments show that commodity 802.11 equipment is surprisingly vulnerable to certain patterns of weak or narrow-band interference. This enables us to disrupt a link with an interfering signal whose power is 1000 times weaker than the victim’s 802.11 signals, or to shut down a multiple AP, multiple channel managed network at a location with a single radio interferer. We identify several factors that lead to these vulnerabilities, ranging from MAC layer driver implementation strategies to PHY layer radio frequency implementation strategies. Our results further show that these factors are not overcome by simply changing 802.11 operational parameters (such as CCA threshold, rate and packet size) with the exception of frequency shifts. This leads us to explore rapid channel hopping as a strategy to withstand RF interference.We prototype a channel hopping design using PRISM NICs, and find that it can sustain throughput at levels of RF interference well above that needed to disrupt unmodified links, and at a reasonable cost in terms of switching overheads.
The PDF is available here
Another Method to Jam/Disrupt Wireless Networks
This attack basically works by 1) authenticating clients from their AP, 2) flooding the AP with authentication frames, and 3) flooding the client with many false APs
The attack is running on a La Fonera wireless router loaded with a third party firmware known as Legend. The program performing the attack is called MDK3. It is possible to take the small La Fonera, load it with the necessary software, and attach a battery pack to make it mobile. With its small size, you can place it (or throw it) anywhere you like to disrupt any networks nearby.
Video/full details:
http://fonerahacks.com/index.php/Tutorials-and-Guides/The-Fon-Bomb-Wirel...