Wireless signals are susceptible to naturally occurring periodic and random phenomena such as background noise, EMI, RFI, CME, and EMP to name a few. Some wireless technologies, such as AM, are susceptible to impulse noise like distant lighting strikes; and others, such as FM, can be sensitive to certain in-band noise from fluorescent lights. As designers, we try and anticipate the situations and circumstances our designs will be subject to and provide fixes, work-arounds, or other types of solutions to solve these problems.
However, there is another type of situation that wireless links are particularly vulnerable to and that is deliberate jamming. Here, someone deliberately sets out to block a link’s communications ability by targeting an attack that is particularly effective against the specific link or family of links. Jamming can be attempted for mischievous purposes, for motives such as profit, or for military advantage in times of war.
Kids with little boxes or kits can make and use jammers to annoy parents, schools, and commit similar forms of mayhem. Corporations can use jammers to interfere with a competitor’s operations, slow down or crash a company’s network, or prevent vital data from making it to its destination. Financial institutions can jam communications to provide even a millisecond’s advantage in completing a transaction that can be leveraged for gain. Military jamming can make drones crash, interfere with tactical communications, and even jam or change GPS signals to confuse the enemy.
This article looks at jamming techniques and technologies as well as anti-jamming measures and devices that allow wireless communications to continue even while under targeted attack. All parts, tutorials, reference designs, and development kits mentioned can be found online at Digi-Key’s website.
Hooray for Hollywood
The first use of electronic counter-measure jamming traces back to WWII. Radar-controlled artillery were taking down a lot of Allied planes. These systems employed radar signals to lock and track aerial targets and direct anti-aircraft fire. When a critical allied operation was to take place, RF jammers were placed by resistance operatives in close proximity to these weapons. Newsreel film footage shows howitzers spinning wildly and firing randomly because of the jammers. The designers of the cannons were too arrogant to take the possibility of jamming into account so they never incorporated a “manual-override” switch.
Eliminating jamming is not a new problem. Actress Hedy Lamar and composer George Antheil developed spread-spectrum frequency-hopping technology during WWII specifically to stop torpedoes from being jammed via broadcasting of radio frequencies that interfered with their operation and would cause the torpedoes to go off course.
They used a piano-roll principle from a player piano to “unpredictably” change the base frequency between the base station and the torpedo. When started together in sync, the control center’s short burst of seemingly random control frequencies made it virtually impossible to jam. It is interesting to note (no pun intended) that initially 88 frequencies were used corresponding to the white and black keys of a piano.
Approaches to jamming
There are several ways jammers can interfere with normal operations of a system. If remote access to the control center can be achieved, steering a dish, for example, to a null point can effectively silence a link. This problem is becoming increasingly important as more of our critical infrastructure is placed online and transmitted to the cloud, providing vulnerability for those who seek to cut power, redirect a link, or even shut it down.
Local jamming is a more direct approach, since targets may be in motion. Here, higher power levels than the initial signals when delivered at specific bands can overwhelm a receiver and block communications. Spark gaps emit noise, presenting energy in every band and at every frequency. However, noise in a narrower band of frequencies can also wreak havoc. As an example, mischievous people have designed, built, demonstrated, and even made available simple jammers to ruin everyone else’s day. For example, kits, and plans for pocket-sized RF jammers and noise generators (Figure1) found online can generate noise in the 0 to 128 MHz range specifically to interfere with radio-controlled objects such as planes, boats, cars, and robots1. These kits are marketed as educational products because intentional jamming of RF signals is illegal2.
Figure 1: Public domain and “educational” kits and devices are readily available to jam and interfere with common bands and services. It is becoming increasingly important to incorporate anti-jamming technology inside single-chip radios.
In addition to power- and frequency-based jamming, smart jammers are also a problem. Here, techniques are designed to mess with wireless protocol operations instead of overwhelming the receiver with noise. For example, with Ethernet and IP protocols centered around 802.11, you can disobey inter-frame spacing rules and spoof RTS/CTS messages to make the channel look continuously busy. If you can gain access to a layer-3 router wirelessly, you can even redirect traffic, intercept it, corrupt it, and then send it on its way.
This is becoming an increasingly more effective technique. It can be stealthy since it uses less energy and is less obvious to the victim. With forward-looking military and defense systems increasingly counting on RF links, encryption, and frequency-hopping alone may not be good enough.
Even if data is not extracted or changed, a jamming signal hitting interference bands could cause the transmitter to stay on a lot longer than it normally would. The accumulating effect would be to drain batteries much faster than anticipated so as to bring down a remote or buried link.
For these reasons the Defense Advanced Research Projects Agency (DARPA) is looking for innovative jam-resistant solutions and is soliciting requests under its Hyper-wideband Enabled RF Messaging (HERMES) program3. The entire federal government, including law enforcement, military, communications, and control has rights to only 1.4 percent of the total spectrum. This can make military spectrum management difficult, especially with an increasing threat of signal fratricide or interference. This dovetails into the 2010 Presidential order to make another 500 MHz of spectrum available for commercial use by the year 2020, and to use the spectrum more efficiently and make it more interference resistant.
Among the security tools designers have in their bag of tricks are wider bands, narrower bandwidths, and dynamic reconfiguration. Other proprietary techniques will also be employed because, as you might imagine, this technology is like Colonel Sanders’ recipe: very closely guarded.
The DARPA proposals are looking for greater than 10 GHz of instantaneous bandwidth while operating below 20 GHz. Hardware and DSP techniques will be needed to employ coding gain and the use of spectral filtering to dynamically shift a signal as well as compensate for atmospheric absorption. The overall goal is to achieve more than 70 dB of jammer suppression. Parts like the Analog Devices ADSP-BF609BBCZ-5 Blackfin Dual-Core processor may be a good choice since each 500 MHz core contains MACs, ALUs, and barrel shifters for implementing proprietary DSP-based encryption and hopping algorithms.
Texas Instruments also has a mixed, dual-core solution, the TMS320C6727BZDH350 that combines a DSP and ARM for generating re-seeded encryption keys on the fly using complex algebraic and differential hopping algorithms.
Another technique is to use a great many narrow-band signals with short data bursts that do not let a jammer detect or countermand the transmission. For example, a 1 Kbit/sec transmission centered between 2,414,012 MHz and 2,414,013 MHz would easily allow a jammer to find and overpower that transmission by centering its power at that frequency. But if your design uses 100-bit bursts of data each at one of 5,000 different 2 KHz-wide frequency bands within the 2,410 Mhz to 2,420 MHz range, a jammer would need to use 500 times more power and would only be 10 percent effective at annoying the receiver with a few hits here and there. Encoded forward-error correction can reduce or eliminate the need for re-transmission as well.
The more bands and the faster the hop rates (and even variable hop rates), can make it increasingly more difficult to jam once the transmitter and receiver are in sync.
Encryption will also play a role here. Anything that can be done to slow down a smart jammer or prevent data interception is a good thing. Again, hardware-based real-time encryption and decryption techniques perform better than software encryption alone.
Development kits like the Digi-International XEB-AW140-DK for the Xpress crypto module could be a good place to start (Figure 2). It not only allows fast development of NIST certifications, it can be a PCI slave peripheral to an embedded micro for rapid testing of wired or wireless links. Performance is tunable for low latency or throughput and two separate password-protected user modes—Crypto Officer and User—ensure that secure day-to-day operations can be tested.
Figure 2: Dedicated encryption modules and development systems can help designers develop proprietary encryption or hopping algorithms to make it harder to find and jam wireless communications.
Real-world applications may dictate the use of ASIC- or FPGA-based keys and algorithms for secure and proprietary hopping and spectral use. In this article we have looked at jamming techniques and technologies as well as anti-jamming approaches that allow communications to continue even while under targeted attack. However, no matter which anti-jamming techniques are utilized, designers in this field know at the outset that this is a cat-and-mouse game and the mice sometimes win.
For more information on the parts mentioned in this article, use the links provided to access product information pages on the Digi-Key website.
- Instructables: “How to Build an RF Jammer”
- FCC Hearing and Ruling
- Defense Systems article “DARPA wants more efficient, jam-resistant RF communications”