They designed a transmitter able to frequency hop each individual 1 or 0 bit of a data packet, every microsecond, fast enough to thwart even the quickest hackers, they report in a paper titled “Frequency-Hopping Transmitter for Securing Low-Power Wireless Devices” presented at the IEEE Radio Frequency Integrated Circuits Symposium.
Lead author Rabia Tugce Yazicigil from MIT’s Department of Electrical Engineering and Computer Science explains that while today’s transmitters are susceptible to selective jamming due to long dwell times in a given channel, such attacks can be mitigated through a physically-implemented ultra-fast bit-level frequency-hopping (FH) scheme, based on the frequency agility of bulk acoustic wave resonators (BAW).
As a proof of concept, the researchers designed an integrated bit-level FH transmitter (TX) that hops at a 1μs period and uses data-driven random dynamic channel selection to enable secure wireless communications with additional data encryption. The system consists of a time-interleaved BAW-based TX implemented in 65nm CMOS technology with 80MHz coverage in the 2.4GHz ISM band. In operation, the system only draws 10.9mW of power from a 1.1V supply, a low power consumption that was only achievable through a physical-layer implementation of the ultra-fast frequency-hopping scheme.
In order to randomize channel selection and bit encoding, the researchers employed a system that each microsecond generates a pair of separate channels across the 80-channel spectrum. Based on a pre-shared secret key with the transmitter, the receiver does some calculations to designate one channel to carry a 1 bit and the other to carry a 0 bit (instead of relying on a fixed 250kH offset for 1s and 0s). The receiver can then pinpoint the channel with the highest energy (for if there is a 1 to decode).
Because the channel selection is so fast and random, without any fixed frequency offset to hint what may be the bit value being transmitted, hackers can never tell which bit is going to which channel, which renders selective jamming infeasible according to Yazicigil.
Another innovative feature of the transmitter’s architecture is its time-interleaved transmitter paths, allowing the inactive transmitter to receive the selected next channel while the active transmitter sends data on the current channel. Alternating the workload helps the chip reach its 1-microsecond frequency-hop rate and support a 1Mbit/s data rate similar to BLE-type transmitters.
The work was supported by Hong Kong Innovation and Technology Fund, the National Science Foundation, and Texas Instruments. The chip fabrication was supported by TSMC University Shuttle Program.
The researchers hope their new protocol and radio frequency architecture will translate into more secure wearable medical devices.