IFAC blog page

Category: wireless control

Jamming attacks: A major threat to controlling over wireless channels

Remote control and sensing over wireless communication has been continuously increasing. This trend will not slow down with so much expectation for the Internet of Things. However, the spread of wireless communication can create vulnerability to various control systems as it can easily be disrupted by Denial-of-Service attacks through jamming of transmissions. In this article, we provide a brief overview on this new critical issue and the current efforts made by researchers in IFAC.

Cyber security has become an important issue for the society. Information and communication technologies are heavily incorporated in many fields and yet they are exposed to cyber-attacks that threaten financial losses, environmental damages, and disruption of services used in daily life.

Recent research indicates that industrial control systems are no exception being under threats by malicious attackers. Communication channels used for transmission of measurement and control data are vulnerable against various types of attacks.

In this article, we focus on the so-called jamming attacks, which are Denial-of-Service attacks on wireless channels. Jamming attacks are perhaps the simplest types of attacks a control system may face, but they can be very dangerous. Generating a jamming attack does not require information about the internals of the control system. By simply emitting an interference signal, a jamming attacker can effectively block the communication on a wireless channel, disrupt the normal operation, cause performance issues, and even damage the control system.

Typically jamming attacks are classified in two categories: active jamming and reactive jamming 1. An active jammer’s goal is to keep the channel busy regardless of whether the channel is being used or not. For example, the attacker can continuously send strong radio signals to increase the signal-to-noise-plus-interference ratio at the receiver side. A reactive jammer on the other hand observes the channel activity and starts jamming only when the channel is being used.

One of the key issues that make jamming attacks a big threat is that they are easy to launch. As a recent survey2 indicates, jamming devices that can target various wireless technologies including GPS, mobile communications, and Wi-Fi are already available for purchasing. It is mentioned that in the case of Wi-Fi, even special devices may not be needed as computers can be turned into jammers.

On top of this, increasing security against jamming may not always be easy. Certain types of stealthy jamming attacks can cause significant amount of failures in packet delivery on a wireless channel without being detected. One of the ways of mitigating jamming attacks is to use frequency hopping methods, where transmissions are made over a random sequence of different frequencies. But a powerful attacker can still overcome such methods3,4.

There are a few cases of jamming incidents that indicate the criticality of the issue. In 2015, cars parked near a retail store could not be unlocked remotely using key fobs, which indicated the presence of a jammer that interrupted the key fob signals5. Another much more concerning case involves an explosion of an oil pipeline. A recent report6 on the explosion of Baku-Tbilisi-Ceyhan oil pipeline in 2008 hints the possibility of cyber-attacks that involved jamming of satellite communications to prevent transmission of alerts.

It appears that jamming will remain to be a major issue. Researchers point out that the next generation air traffic communication systems7, vehicle platoons8, the satellite navigation, and the power market9 are all susceptible to jamming attacks. With the expansion of the Internet of Things, the use of wireless communications is rapidly increasing in many fields and jamming is becoming a bigger threat. This prompts an important question: How can we be prepared for jamming attacks?

Within IFAC, researchers are addressing this question from the perspective of control engineering. These efforts include:

  • evaluation of the performance of existing control systems under jamming attacks, and,
  • development of new systems that are resilient to jamming attacks.

We briefly introduce these lines of research below. It is interesting that these researches deal with cyber attacks, but the approaches are not based on information technology oriented methods.

In a typical wireless networked control system setup, remotely located components exchange data with each other over wireless medium. Some researchers evaluate the performance of wireless networked control systems by investigating the level of jamming that they can tolerate without having major issues such as disruption of operation. Since emitting jamming signals requires energy, it is costly to the attacker. It would be ideal if a control system can operate even under attacks from an attacker with large resources.

The challenge in evaluating the performance of a control system under jamming attacks is that we cannot know exactly when jamming attacks may start/end. Another issue is that the power of the jamming signal used by the attacker may be changing each time there is an attack. Therefore, it is also not clear how likely a transmission failure might occur when there is jamming. One of the approaches to understand the effects of jamming even in this uncertainty is to consider the worst-case scenarios that may happen.

To identify the worst case, it is of interest to explore the question: What would be the optimal strategy of the attacker? The attacker would want to disrupt the normal operation of a system without using excessive resources. For instance, in several research articles, jamming energy is considered as a constraint in the problem, and it is assumed that the attacker tries to make as much damage as possible within specified energy limits. Another approach is to consider jamming energy as a part of the attacker’s cost function in an optimization problem where the attacker tries to minimize the energy usage. Some researchers also use game-theoretic methods for understanding how optimal strategies of the attacker would relate to the optimal strategy for the transmission of the measurement and the control data.

Designing control systems that are resilient to jamming attacks is also an important research theme within IFAC. For instance, some researchers studied control systems that incorporate mechanisms to detect the presence of an attack. Furthermore, recently researchers also developed so-called event-triggered controllers to pick times of data transmissions so as to reduce the effect of jamming on the operation. If a particular transmission attempt faces a jamming attack, a new transmission time can be scheduled based on the performance requirements.

Literature on the cyber security of control systems indicates that as an attacker becomes more knowledgeable about the system, in addition to jamming, more sophisticated attacks may also become an option. The attacker can alter the data being transmitted, and in certain cases inject false data into the system without being noticed. In addition, control systems may also face replay attacks, where the attacker intercepts the transmissions and sends a valid but old measurement/control data to cause damages while still following the communication protocol.

As the risk of jamming and other types of attacks is increasing rapidly, ensuring cyber security of control systems will be a challenge of growing importance.

1. https://doi.org/10.1145/1062689.1062697
2. http://www.theiet.org/sectors/information-communications/signal-jamming.cfm
3. https://doi.org/10.1016/j.adhoc.2009.04.012
4. https://www.kth.se/social/files/56112825f276544047e235c7/freq_hopp_long.pdf
5. http://www.techrepublic.com/article/wireless-jammers-cast-a-dark-shadow-on-iot-security/
6. https://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar
7. https://doi.org/10.1007/978-3-642-38980-1_16
8. https://doi.org/10.1109/ITSC.2015.348
9. https://doi.org/10.1109/GLOCOMW.2011.6162363

Article provided by:
Ahmet Cetinkaya
Ahmet Cetinkaya, Postdoctoral Research Fellow
Hideaki Ishii, Associate Professor 
Tokyo Institute of Technology
IFAC TC 1.5 on Networked Systems

Wireless Automation and Industrial Internet

This contribution deals with the present categories of automation of industry production and mobile communication, their contents as well as their interrelations and meaning for the industrial wireless communication.

Present categories in the area of wireless automation, which deserve a reflection, are “Industrial Internet/Industry 4.0“ and “5G Generation Mobile Networks“.

In formulating of a new future-oriented goal, a category that summarizes this goal, makes it identifiable and addressable for activities, is required. Regularly, such categories are being used in contemporary context to demonstrate that activities, products and services are corresponding to this future-oriented goal, independently of the extent of achievement of this goal. If it is about future-oriented goals a contemporary goal attainment is hardly realistic. High expectations will be raised but at short notice they cannot be met fully. The inflationary reference to the category covers the aim and results into rejection of the category itself. The duty of the expert committees shall be to make awareness of the future-oriented goals, to give orientation and to evaluate the steps of technical developments.

Industry 4.0
Initially, the project Industry 4.0 is a political initiative of the German Federal Government and part of the “New High-Tech Strategy – Innovations for Germany“. With this project, the industry shall be supported in the active contribution for a change of the industry production. However, the national initiative does not mean that there is only a national goal. Furthermore, the same goals in international competition in different categories e.g. Advanced Manufacturing or as part of Internet of Things (IoT) are aspired.

The focus is on a new organization and control of the value chain of the life cycle of products. This cycle shall be oriented on individual customer wishes. This includes a continuous information management from the idea of a product, over the development, production and distribution to the final customer up to the recycling including the related services. “Basis for this is the availability of all relevant information in real time through connection of all instances that are involved in the adding value as well as the possibility to extract the optimal added value chain of the data at any time”. The optimal processing of information needs an as good as possible digital reflection of the added value chain, their so called virtualization.

Undoubtedly, the communication plays a central role for the availability of all relevant information in real time. Furthermore, it is indisputable that the mobility of the objects involved in the production as well as the necessary flexibility of the production require wireless communication systems. However, subject of a current discussion is if the available wireless communication technologies fulfil the requirements of an „Industrial Internet” respectively which characteristics have to be aspired. In Germany the special working group AK-STD-1941.0.2 “Radio standardization and Industry 4.0” of the German Commission for Electrical, Electronic & Information Technologies of DIN and VDE (DKE) is working on this question. Experts of the fields Mechanical Engineering, Electrical Industry and the Digital Economy exchange information with focus on:

• relevant use cases for wireless communication in industry production,
• reference models for wireless communication,
• activities in standardization and specification and
• research activities.

The goal is to develop contributions for the Standardization Roadmap Industry 4.0. Two essential aspects have become apparent:

1. Even though, there are a lot of useful industrial wireless communication applications, additional more efficient wireless communication technologies will be necessary for the aspired change.

2. The increasing number of required radio connections for the Industrial Internet demands new concepts and solutions for an application-oriented and efficient usage of the wireless media.

These aspects address technical and political issues. This is highlighted by the recent project “ICT 2020 – Reliable wireless communication in industry“, funded by the German Federal Ministry of Research. A total of eight research projects address the aspects mentioned above from different perspectives. The coexistent coordinating research project deals with superior scientific questions of reliable wireless communication as well as with the coordination of the processing of the project.

The category “5G” means “5th Generation Mobile Networks“ or “5th Generation Wireless Systems“. First international research projects regarding basis technologies and concepts are completed. In parallel to a second research initiative the standardization process shall be started at the end of 2015. The goal for this new generation arranges with the tradition of the development of telecommunication. It is about significant improvements of performance parameters, such as:

• 100 times higher data rate as present LTE networks (up to 10,000 Mbit/s),
• about 1000 times higher capacity,
• worldwide 100 billion mobile phones can be addressed simultaneously,
• extremely low latency periods, Ping less than 1 millisecond,
• 1/1000 energy consumption per transferred bit,
• 90 % lower power consumption per mobile service.

This development alone is no sufficient reason to pursue 5G in relation to Industrial Internet, especially, because there are restrictions of the automation industry against a scientific and technical dependency of mobile providers that shall not be neglected. However, it is remarkable that with 5G numerous application areas, so called verticals that exceed the classical telecommunication are in focus. One of these application areas is called Massive Machine Type Communications (MMTC) and addresses the industrial wireless communication. But, there are still many unanswered questions. For instance, do the development goals of these new technologies consider the requirements of Industrial Internet? Currently, the telecommunication community specifies the use cases as well as the requirement profiles. Who from the areas of machinery and plant engineering as well as electrical engineering accompanies the development in this application area? Will be there a complete integration of the wireless communication technologies into the concepts of Industrial Internet? This affects both, the consistent communication concept from sensor to command and control level and the illustration as digital representation for virtual production. After all, the communication is not only a means to an end but also an object of an industry plant. Planning, implementing and operation are not independently from the production plant. Who is dedicated to the device and system description? Who is responsible for engineering, guarantee of availability of the communication according to the production target? The application plays a different role than the traditional user of telecommunication. So, the question how the accomplishments of the user requirements can be guaranteed arises. This is the responsibility of the device and system manufacturer as well of the operator of the communication systems. But also requirements and conditions of the production plant are important. These interdependences and interrelations require an across sectoral standardization. The standard IEC 62657 (IEC 62657-1 Industrial communication networks – Wireless communication networks) may be the initial basis, which describes the requirements and conditions of industrial automation of the wireless communication. Furthermore, it is important to define the interfaces to radio standardization.

One important question to clarify: Is the client willing to pay for the availability of the information exchange?

With focus on the contents of the categories Industrial Internet and 5G it can be determined that the new mobile communication has great potential for an all-embracing provision of production relevant information as it is planned for the change of the industry production. It is, though, of essential importance to overcome the barriers between telecommunication and industry automation. This concerns the industry boundaries as well as the interfaces of the technical implements and their standardization. In first instance, a common language in literal sense has to be found. Based on this, the concepts that enable the integration of telecommunication into the industry automation have to be matched. Current research projects and new tenders offer the possibility for this. Moreover, the communication in expert committees and standardization bodies shall be used to make new telecommunication concepts usable for the change of the industry production. The success for the economy depends on their engagement regarding the global editing of the open question as well as their usage of the created political framework conditions.

Then, wireless communication will provide the potential to influence the automation concepts. Categories shall be used for technical orientation and less as a marketing instrument.

Article provided by
Ulrich Jumar 
Lutz Rauchhaupt , Institute of Automation and Communication e.V. at the Otto-von-Guericke-University Magdeburg, Germany
IFAC Technical Committee 3.3 Telematics: Control via Communication Networks

Copyright © 2018 IFAC blog page

All rights reserved unless otherwise explicitly indicated. — Up ↑