Very nice work! This illuminates the path to a lot of interesting possibilities
Excellent work and as always a great presentation, you really do amazing HW things. One small, small nitpick; In the third para it reads "The idea is this: Layer 1 radio protocols are vulnerable injections". I guess the word "to" is missing.
Aloha! One thing the paper does not address/suggest is how to solve the situation. How should we add injection filtering, authentication and integrity protection on L1? Esp without seriously complicating the protocols and open up for other attacks. Upper level layers somehow assumes that they can trust the lower levels and security mechanisms are placed at the higher levels (IPsec, WPA, HTTPS or even 802.15.4 CCM* on L2)