[tlb]

TL;DR: wireless communications can be attacked by injecting partial packets into the wireless stream. An attacker just needs a higher-power transmitter. They propose adding a second signature using on-off keying because an attacker can't simulate an "off".

First of all, it's not true that a jammer can't simulate silence. It's tricky and requires phase locking with accurate propagation delay estimates to the receiver, but possible.

It also does nothing against a relay attack where the client can't hear the server directly. For example, I could relay the wireless AP from two rooms over so you'd connect to that one entirely through my relay.