Design
A key challenge that we had to overcome to realize the architecture
of the shield is to design a small wearable radio that simultaneously jams
the IMD’s signal and receives it. We build on prior work in the area
of full-duplex radio design, which enables a single node to transmit
and receive simultaneously. However, the state-of-the-art design for
full-duplex radios yields large devices unsuitable for our application.
Specifically, it exploits the property that a signal reverses its
phase every half a wavelength; it transmits the same signal from
two antennas and puts a receive antenna exactly half a wavelength
closer to one of the transmit antennas than the other. An antenna
separation of half a wavelength, however, is unsuitable for our context:
the IMDs we consider operate in the 400 MHz band with
a wavelength of about 75 cm. A shield that requires the antennas to
be rigidly separated by exactly half a wavelength (37.5 cm) challenges
the notion of wearability and therefore patient acceptability.
In this project, we present a full-duplex radio that does not impose restrictions
on antenna separation or positioning, and hence can be
built as a small wearable device. Our design uses two antennas:
a jamming antenna and a receive antenna. The jamming antenna
transmits a random signal to prevent eavesdroppers from decoding
the IMD’s transmissions. However, instead of relying on a particular
positioning to cancel the jamming signal at the receive antenna,
we connect the receive antenna simultaneously to both a transmit
and a receive chain. We then make the transmit chain send an antidote
signal that cancels the jamming signal at the receive antenna’s
front end, allowing it to receive the IMD’s signal and decode it.
The resulting design does not restrict antenna separation and can
therefore be built as a wearable radio.
Our design has additional desirable features. Specifically, because
the shield can receive while jamming, it can detect adversaries
who try to alter the shield’s signal to convey unauthorized
messages to the IMD. It can also ensure that it stops jamming the
medium when an adversarial signal ends, allowing legitimate devices
to communicate.