The system can protect against selective jamming.
For example, explained the University, Bluetooth LE has per-packet hopping across 80 1MHz channels, hopping every 612μs “but attackers can locate the channel during the first 1μs and then jam the packet”, allowing them to over-write the data in the remainder of packet”. Also, with BLE modulation, a fixed 250kHz offset is always used to transmit ‘1’ and -250kHz for ‘0’. “That means, if hackers can pinpoint the carrier frequency, they too have access to that information. If hackers can see a 250kHz offset on, say, channel 14, they’ll know that’s an incoming 1 and begin messing with the rest of the data packet”.
The MIT system uses pairs of separate channels across the 80-channel spectrum each μs.
Per μs, based on a secret key pre-shared between transmitter and receiver, one channel is designated for carrying a ‘1’ and the other to carry a ‘0’, and the transmitter only sends on the channel appropriate to the bit it wants to send this time. “The receiver then compares the energy in those two channels, notes which one has a higher energy, and decodes for the bit sent on that channel,” said the university.
Channel selection is fast and apparently random, there is no tell-tale fixed frequency offset, and the hacker does not know if the channel used during that bit period was designated for 1 or 0 transmission. “For an attacker, that means they can’t do any better than random guessing, making selective jamming infeasible,” said MIT engineer Dr Rabia Tugce Yazicigil.
Securing smart meters and medical devices are potential applications.
Yazicigil presented ‘Ultra-fast bit-level frequency-hopping transmitter for securing low-power wireless devices’, a paper on the protocol, at the IEEE Radio Frequency Integrated Circuits Symposium (pictured).
The work was supported Texas Instruments, the Hong Kong Innovation and Technology Fund, the US National Science Foundation.