Electronic Warfare: Protecting Waveforms

Due to the broadcast nature of radio propagation, the wireless transmission can be readily overheard by unauthorised users for interception purposes and is thus highly vulnerable to eavesdropping attacks. To this end, physical-layer security is emerging as a promising paradigm to protect the wireless communications against eavesdropping attacks by exploiting the physical characteristics of wireless channels.

Existing communications systems typically adopt cryptographic techniques to prevent an eavesdropper from tapping the data transmission between legitimate users. By considering the symmetric key encryption as an example, the original data (called plaintext) is first encrypted at source node by using an encryption algorithm along with a secret key that is shared with destination node only. Then, the encrypted plaintext (also known as ciphertext) is transmitted to destination that will decrypt its received ciphertext with the pre-shared secret key. In this way, even if an eavesdropper overhears the ciphertext transmission, it is still difficult to interpret the plaintext by the eavesdropper from its intercepted ciphertext without the secret key.

It is pointed out that the ciphertext transmission is not perfectly secure, since the ciphertext can still be decrypted by an eavesdropper with the exhaustive key search, which is also known as the brute-force attack. These have been conducted in practice against operational systems such as GSM mobile phone (A2 Encryption algorithm, WPA and WEP). To this end, physical-layer security (the waveform for wireless systems) is emerging as an alternative paradigm to protect the wireless communications against eavesdropping attacks, including the increasing instances brute-force attack against encryption algorithms, including AES 256 and the recognition by the NSA that Suite B Algorithms will be obsolete in the near future due to the availability of Quantum computing.

Spread Spectrum

Spread-spectrum techniques are methods by which a signal generated with a particular bandwidth is deliberately spread in the frequency domain, resulting in a signal with a wider bandwidth. These techniques are used for a variety of reasons, including the establishment of secure communications, increasing resistance to natural interference, noise and jamming, to prevent detection, and to limit power flux density (e.g. in satellite downlinks).

Spread-spectrum is a signal structuring technique that employs direct sequence, frequency hopping, or a hybrid of these, which can be used for multiple access and/or multiple functions. This technique decreases the potential interference to other receivers whilst traditionally achieving privacy. Spread spectrum generally makes use of a sequential noise-like signal structure to spread the normally narrowband information signal over a relatively wideband (radio) band of frequencies. The receiver correlates the received signals to retrieve the original information signal. Originally there were two motivations: either to resist enemy efforts to jam the communications or to hide the fact that communication was even taking place, (sometimes called low probability of intercept (LPI)).

However, it must be recognised that due to the general availability of Software Defined Radios that can make use of bandwidths of up to 120MHz, the spreading of the signal to avoid detection could be viewed as becoming obsolescent. Along with the wide bandwidth nature, signal processing techniques such as auto correlation ensure that clock and spreading code recovery are relatively straight forward tasks to complete with off the shelf hardware and software allowing the assailant to gain real time access to the system.

Frequency Hopping

The notion of frequency hopping in radio systems was originally credited to Hedy Lamarr cooriginator of the idea of spread spectrum transmission (Antheil George, 1942). She and her pianist were issued a patent for the technique during World War II. They discovered the technique using a player piano to control the frequency hops, and envisioned it as a way to provide secure communications during wartime. This technique was used for the basis of modern spread spectrum and frequency hopping techniques used in Bluetooth, Coded Orthogonal Frequncy Duplex Modulation (COFDM), and Conde Division Multiple Access (CDMA).

Frequency Hopping (FH) has had a long lineage in protecting military communications, using the constantly changing frequency to stop the direct intercept of communications. Recently attack approaches to crack Frequency Hopping in commercial systems, such as the Hop Along Heady-attack, have circumvented these protection measures. Military encoded FH systems are by their nature more complex, but given the techniques work generically against FH, it shows that with effort and computing it is possible to break these systems.

Summary

The vulnerability of wireless systems to attack from both intercept and jamming is one that has evolved since the dawn of wireless communications. Recent technology developments have made a further evolution of these protection mechanisms necessary to counter the threat from advanced SDR platforms and their seemingly vast ability to reverse engineer even secure waveforms.

It is likely in a post quantum (>2025) world that link layer security relying on solely the encryption of data traffic will be vulnerable to intercept and spoofing. This will require the implementation of new techniques to protect the waveform from being de-modulated by an adversary as a first layer of defence, allowing the packet encryption to be afforded greater protection. Although there is current academic research, this is not necessarily going to result in enhanced waveform protection for Defence purposes without directed funding and direction.

Download this insight as a PDF