Jiaming Wang

Bio: Jiaming Wang is an academic researcher from University of Illinois at Urbana–Champaign. The author has contributed to research in topics: Wireless network & Wireless. The author has an hindex of 3, co-authored 4 publications receiving 49 citations.

Ghostbuster: Detecting the Presence of Hidden Eavesdroppers

Abstract: This paper explores the possibility of detecting the hidden presence of wireless eavesdroppers. Such eavesdroppers employ passive receivers that only listen and never transmit any signals making them very hard to detect. In this paper, we show that even passive receivers leak RF signals on the wireless medium. This RF leakage, however, is extremely weak and buried under noise and other transmitted signals that can be 3-5 orders of magnitude larger. Hence, it is missed by today's radios. We design and build Ghostbuster, the first device that can reliably extract this leakage, even when it is buried under ongoing transmissions, in order to detect the hidden presence of eavesdroppers. Ghostbuster does not require any modifications to current transmitters and receivers and can accurately detect the eavesdropper in the presence of ongoing transmissions. Empirical results show that Ghostbuster can detect eavesdroppers with more than 95% accuracy up to 5 meters away.

Many-to-Many Beam Alignment in Millimeter Wave Networks

Abstract: • 2019 IEEE Fellow • 2018 Dean’s List of Excellent Teachers (2019, 2018, 2017, 2015) • 2018 Google Faculty Research Award • 2017 ACM MobiSys Best Paper Award • 2017 Named Jerry Sanders III AMD Scholar • 2016 Distinguished Alumni Award from CS@UIUC • 2015 ACM Sigmobile Rockstar Award • 2015 IBM Faculty Research Award • Best Demo, HotMobile 2015 • 2013 UbiComp Best Paper Honorable Mention • Best Paper Candidate, ACM MobiSys 2012 • Winner of ACM MobiSys Best Poster, Runner up for ACM MobiSys demo, 2011 • Runners Up of ACM MobiSys Demo Contest, 2011 • 2010 Winner of ACM MobiCom Student Research Competition • 2009 Hoffmann Krippner Award for Innovations in Engineering • Appointed Nortel Network Assistant Professor of ECE, 2009 • 2007 NSF CAREER Award • Vodafone Graduate Fellowship, 2005 • Motorola Center for Communications Fellowship, 2004 and 2003 • Best Paper Award – Personal Wireless Conference (PWC) 2003 • University Silver Medal, B.Tech, 2000

Understanding and embracing the complexities of the molecular communication channel in liquids

Abstract: Molecular communication has recently gained a lot of interest due to its potential to enable micro-implants to communicate by releasing molecules into the bloodstream. In this paper, we aim to explore the molecular communication channel through theoretical and empirical modeling in order to achieve a better understanding of its characteristics, which tend to be more complex in practice than traditional wireless and wired channels. Our study reveals two key new characteristics that have been overlooked by past work. Specifically, the molecular communication channel exhibits non-causal inter-symbol-interference and a long delay spread, that extends beyond the channel coherence time, which limit decoding performance. To address this, we design, μ-Link a molecular communication protocol and decoder that accounts for these new insights. We build a testbed to experimentally validate our findings and show that μ-Link can improve the achievable data rates with significantly lower bit error rates.

Enabling Dense Spatial Reuse in mmWave Networks

Abstract: Millimeter Wave (mmWave) networks can deliver multi-Gbps wireless links that use extremely narrow directional beams. This provides us with a new way to exploit spatial reuse in order to scale network throughput. In this work, we present MilliNet, the first millimeter wave network that can exploit dense spatial reuse to allow many links to operate in parallel in a confined space and scale the wireless throughput with the number of clients. Results from a 60 GHz testbed show that MilliNet can deliver a total wireless network data rate of more than 38 Gbps for 10 clients which is 5.8× higher than current 802.11 mmWave standards.

WINC: A Wireless IoT Network for Multi-Noise Source Cancellation

Abstract: This paper introduces Wireless IoT-based Noise Cancellation (WINC) which defines a framework for leveraging a wireless network of IoT microphones to enhance active noise cancellation in noise-canceling headphones. The IoT microphones forward ambient noise to the headphone over the wireless link which travels a million times faster than sound and gives the headphone a future lookahead into the incoming noise. While leveraging wireless lookahead has been explored in past work, prior systems are limited to a single noise source. WINC, however, can simultaneously cancel multiple noise sources by using a network of IoT nodes. Scaling wireless lookahead aware noise cancellation is non-trivial because the computational and protocol delays can defeat the purpose of leveraging wireless lookahead. WINC introduces a novel algorithm that operates in the frequency domain to efficiently cancel multiple noise sources. We implement and evaluate WINC to show that it can cancel three noise sources and outperforms past work and state-of-the-art headphones without requiring completely blocking the users’ ears.

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures

Abstract: Perception plays a pivotal role in autonomous driving systems, which utilizes onboard sensors like cameras and LiDARs (Light Detection and Ranging) to assess surroundings. Recent studies have demonstrated that LiDAR-based perception is vulnerable to spoofing attacks, in which adversaries spoof a fake vehicle in front of a victim self-driving car by strategically transmitting laser signals to the victim's LiDAR sensor. However, existing attacks suffer from effectiveness and generality limitations. In this work, we perform the first study to explore the general vulnerability of current LiDAR-based perception architectures and discover that the ignored occlusion patterns in LiDAR point clouds make self-driving cars vulnerable to spoofing attacks. We construct the first black-box spoofing attack based on our identified vulnerability, which universally achieves around 80% mean success rates on all target models. We perform the first defense study, proposing CARLO to mitigate LiDAR spoofing attacks. CARLO detects spoofed data by treating ignored occlusion patterns as invariant physical features, which reduces the mean attack success rate to 5.5%. Meanwhile, we take the first step towards exploring a general architecture for robust LiDAR-based perception, and propose SVF that embeds the neglected physical features into end-to-end learning. SVF further reduces the mean attack success rate to around 2.3%.

Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers

Abstract: This paper presents a new side channel that affects mixed-signal chips used in widespread wireless communication protocols, such as Bluetooth and WiFi. This increasingly common type of chip includes the radio transceiver along with digital logic on the same integrated circuit. In such systems, the radio transmitter may unintentionally broadcast sensitive information from hardware cryptographic components or software executing on the CPU. The well-known electromagnetic (EM) leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna. We call the resulting leak screaming channels. Attacks exploiting such a side channel may succeed over a much longer distance than attacks exploiting usual EM side channels. The root of the problem is that mixed-signal chips include both digital circuits and analog circuits on the same silicon die in close physical proximity. While processing data, the digital circuits on these chips generate noise, which can be picked up by noise-sensitive analog radio components, ultimately leading to leakage of sensitive information. We investigate the physical reasons behind the channel, we measure it on several popular devices from different vendors (including Nordic Semiconductor nRF52832, and Qualcomm Atheros AR9271), and we demonstrate a complete key recovery attack against the nRF52832 chip. In particular, we retrieve the full key from the AES-128 implementation in tinyAES at a distance of 10 m using template attacks. Additionally, we recover the key used by the AES-128 implementation in mbedTLS at a distance of 1 m with a correlation attack. Screaming channel attacks change the threat models of devices with mixed-signal chips, as those devices are now vulnerable from a distance. More specifically, we argue that protections against side channels (such as masking or hiding) need to be used on this class of devices. Finally, chips implementing other widespread protocols (e.g., 4G/LTE, RFID) need to be inspected to determine whether they are vulnerable to screaming channel attacks.

M-Cube: a millimeter-wave massive MIMO software radio

Abstract: Millimeter-wave (mmWave) technologies represent a cornerstone for emerging wireless network infrastructure, and for RF sensing systems in security, health, and automotive domains. Through a MIMO array of phased arrays with hundreds of antenna elements, mmWave can boost wireless bit-rates to 100+ Gbps, and potentially achieve near-vision sensing resolution. However, the lack of an experimental platform has been impeding research in this field. This paper fills the gap with M3 (M-Cube), the first mmWave massive MIMO software radio. M3 features a fully reconfigurable array of phased arrays, with up to 8 RF chains and 288 antenna elements. Despite the orders of magnitude larger antenna arrays, its cost is orders of magnitude lower, even when compared with state-of-the-art single RF chain mmWave software radios. The key design principle behind M3 is to hijack a low-cost commodity 802.11ad radio, separate the control path and data path inside, regenerate the phased array control signals, and recreate the data signals using a programmable baseband. Extensive experiments have demonstrated the effectiveness of the M3 design, and its usefulness for research in mmWave massive MIMO communication and sensing.