Wireless Communication Security: Software Defined Radio-based Threat Assessment

  • Simon Ballantyne

Student thesis: Master's ThesisMaster of Science by Research


The rapid evolution of radio technology into the software defined era, has accelerated the availability of advanced radio receivers that can cover very large portions of the radio spectrum (70MHz to 6GHz) at low cost. Coupled with the democratisation of knowledge that has occurred through the internet, the threat environment for Electronic Warfare (EW) has changed markedly over the last 5
years. Previously EW threat would have arisen from a state actor that could fund the expensive equipment and antenna arrays that would be required for the intercept and disruption of military signals activities. Instead it is now possible to download freely available software to launch EW attacks on widely publicised
radio link standards.

The aim of this research is to explore the security of wireless communication systems when exposed to threats generated by Software Defined Radios (SDR). The research is aimed at exploring this vulnerability due to the rapidly decreasing cost and the lowering of skill barriers to launch advanced EW attacks on wireless
communication systems.

The first objective was to understand what current knowledge exists on the EW threat on the RF environment, allowing an understanding of this advanced threat against wireless infrastructure. The literature review has showed that the
vulnerabilities of wireless networks are in existence and there are potential methods of protection that have been studied, although these protection schemes do not seem to have been implemented in production quality systems.

The second objective is to validate this prognosis against a test bed, constructed as a threat source that could be typical of a hobbyist or script kiddie, allowing two threat scenarios to be demonstrated, validating the threat source. This research
included the execution of two laboratory based attacks against wireless systems, namely a record and replay attack against the Personal Role Radio (PRR) and a Meaconing attack against GPS. These experiments showed that a flexible Vulnerability Analysis test bed can be assembled to conduct Vulnerability Investigation against wireless standards. Specifically, this also showed the
Vulnerability of the PRR radio against record and replay attacks.
Date of Award2016
Original languageEnglish
Awarding Institution
  • Coventry University
SupervisorSiraj Shaikh (Supervisor)


  • Cyber Security
  • Software Defined Radio
  • Waveform Vulnerability
  • Threat Assessment
  • ; Cyber Vulnerability Investigation (CVI)

Cite this