Understanding and Mitigating the Impact of RF Interference on 802.11 Networks
advertisement
Understanding and Mitigating the Impact of RF Interference on 802.11 Networks Ramki Gummadi (MIT), David Wetherall (UW) Ben Greenstein (IRS), Srinivasan Seshan (CMU) 1 Growing interference in unlicensed bands • Anecdotal evidence of problems, but how severe? • Characterize how 802.11 operates under interference in practice Other 802.11 2 • Throughput to decrease linearly with interference • There to be lots of options for 802.11 devices to tolerate interference – – – – – – Bit-rate adaptation Power control FEC Packet size variation Spread-spectrum processing Transmission and reception diversity Throughput (linear) What do we expect? Interferer power (log-scale) 3 Key questions for this talk – How damaging can a low-power and/or narrow-band interferer be? – How can today’s hardware tolerate interference well? • What 802.11 options work well, and why? 4 • Effects of interference more severe in practice • Caused by hardware limitations of commodity cards, which theory doesn’t model Throughput (linear) What we see Interferer power (log-scale) 5 Talk organization • Characterizing the impact of interference • Tolerating interference today 6 Experimental setup Access Point UDP flow 802.11 Interferer 802.11 Client 7 802.11 receiver path PHY To RF Amplifiers Amplifier control RF AnalogSignal ADC signal Timing Recovery 6-bit samples PHY MAC MAC AGC Barker Correlator Demodulator Descrambler Data (includes beacons) Preamble Detector/ Header CRC-16 Checker Receiver SYNC SFD CRC Payload PHY header Extend SINR model (in paper) to capture these vulnerabilities Interested in worst-case natural or adversarial interference 8 Timing recovery interference • Interferer sends continuous SYNC pattern – Interferes with packet acquisition (PHY reception errors) 1000 100 1200 Weak interferer Moderate interferer 1000 800 Throughput Log-scale 600 10 400 Latency 1 Latency (microseconds) Throughput (kbps) 10000 200 0.1 0 −∞ -20 -12 -2 0 8 12 15 Interferer Power (dBm) 20 9 Dynamic range selection • Interferer sends on-off random patterns (5ms/1ms) – AGC selects a low-gain amplifier that has high processing noise (packet CRC errors) 900 Narrow-band interferer 1000 100 700 Throughput 10 500 300 Latency 1 100 0.1 Latency (microseconds) Throughput (kbps) 10000 -100 −∞ -20 -12 -2 0 8 12 15 Interferer Power (dBm) 20 10 Header processing interference • Interferer sends continuous 16-bit Start Frame Delimiters • Affects PHY header processing (header CRC errors) Unsynchronized interferer 1000 1000 800 100 600 Throughput 10 400 Latency 1 200 0.1 Latency (microseconds) Throughput (kbps) 10000 0 −∞ -20 -12 0 8 12 15 Interferer Power (dBm) 20 11 Interference mitigation options • • • • • Lower the bit rate Decrease the packet size Choose a different modulation scheme Leverage multipath (802.11n) Move to a clear channel 12 Impact of 802.11 parameters • Rate adaptation, packet sizes, FEC, and varying CCA parameters do not help Throughput (kbps) 10000 With and Changing CCA without FEC mode Rate adaptation 1000 100 10 11Mbps, PBCC 1Mbps 11Mbps CCA Mode 1, 11Mbps 2Mbps 5.5Mbps, 5.5Mbps Changing PBCC 100-byte packets, 11Mbps 1 packet size 0.1 −∞ -20 -12 -2 8 12 Interferer Power (dBm) 15 20 13 Impact of 802.11g/n Throughput (kbps) 100000 High throughputs 1000 without interference Significant drops with 802.11n Throughput weak interferer 800 10000 1000 100 10 600 802.11g Throughput 400 802.11g Latency 200 1 Latency (microseconds) • No significant performance improvement 802.11n Latency 0.1 0 −∞ -20 -12 0 8 12 15 Interferer Power (dBm) 20 14 Impact of frequency separation • But, even small frequency separation (i.e., adjacent 802.11 channel) helps – Channel hopping to mitigate interference? Throughput (kbps) 10000 15MHz separation 1000 10MHz separation 5MHz separation (good performance) Same channel (poor performance) 100 10 1 0.1 −∞ -20 -12 0 8 12 Interferer Power (dBm) 15 20 15 Talk organization • Characterizing the impact of interference • Tolerating interference today 16 Rapid channel hopping • Use existing hardware – Design dictated by radio PHY and MAC properties (synchronization, scanning, and switching latencies) • Design must accommodate adversarial and natural interference channel hopping – Test with an oracle-based adversary • Design overview – Packet loss during switching + adversary’s search speed 10ms dwell period – Next hop is determined using a secure hash chain – Triggered only when heavy packet loss is detected 17 Evaluation of channel hopping • Good TCP & UDP performance, low loss rate Throughput (kbps) 10000 CH, UDP traffic 1000 CH, TCP traffic Weak interference, Moderate interference, 17% degradation 1Mbps throughput 100 No CH, UDP traffic 10 1 No CH, TCP traffic 0.1 0 5 10 15 20 Interferer Power (dBm) 18 Evaluation of channel hopping • Acceptable throughput even with multiple interferers Throughput (kbps) 1600 Three orthogonal 802.11 interferers 450 400 1400 350 1200 300 1000 250 800 200 600 150 Linear scale 400 100 200 50 Interferers 0 Latency (microseconds) 1800 19 0 Conclusions • Lot of previous work on RF interference – We show 802.11 NICs have additional PHY and MAC fragilities • Interference causes substantial degradation in commodity NICs – Even weak and narrow-band interferers are surprisingly effective • Changing 802.11 parameters does not mitigate interference, but rapid channel hopping can 20 Thanks! Questions? ramki@csail.mit.edu 21 Channel hopping performance breakdown • Few losses, low multiple retransmits 100% Losse 250 80% 200 20% 150 100 Average Latency (microseconds) 40% Single retransmits 60% Latenc No retransmits Fraction of Transmissions by Type Multiple retransmits 50 0% 0 0 4 8 12 16 20 PRISM Interferer Power (dBm) 22 Related work • RF interference and jamming (narrow-band jamming, demodulator interference) – We expose additional vulnerabilities in receive path • 802.11 DoS (e.g., CCA, association, and authentication attacks) – We target PHY instead of MAC • Slow channel hopping (e.g., SSCH, MAXchop, 802.11 FH) – Rapid channel hopping uses both direct-sequence and frequency hopping to tolerate agile adversaries 23 Evaluation Setup CP P3 C3 AP Z P2 C2 C1 J P1 24 25
