FIJI : F ighting I mplicit J amming I n 802.11 WLANs - PowerPoint PPT Presentation

Fiji f ighting i mplicit j amming i n 802 11 wlans l.jpg
Download
1 / 26

FIJI : F ighting I mplicit J amming I n 802.11 WLANs. Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis Srikanth V. Krishnamurthy, Leandros Tassiulas. The problem. “Performance anomaly” in 802.11.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

FIJI : F ighting I mplicit J amming I n 802.11 WLANs

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Fiji f ighting i mplicit j amming i n 802 11 wlans l.jpg

FIJI: Fighting Implicit Jamming In 802.11 WLANs

Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis

Srikanth V. Krishnamurthy, Leandros Tassiulas


The problem l.jpg

The problem

  • “Performance anomaly” in 802.11.

    • Under saturation conditions, 802.11 provides the same long-termthroughput to all clients of an accesspoint (AP).

Low throughput


The problem ii l.jpg

The problem (ii)

  • An attacker can exploit this behavioral trend.

    • The placement of a jammer next to a client can nullify the total throughput! -- Implicitly all clients are jammed.


The impact of the attack l.jpg

The impact of the attack

  • The throughput of all clients is drastically degraded.

    • A measurement example from our testbed:

7 ft


Our contribution l.jpg

Our contribution

  • We propose FIJI, a framework for Fighting Implicit Jamming In 802.11 WLANs.

    • FIJI looks for anomalies in the AP load distribution toefficiently perform jammer detection.

    • It shapes the traffic such that:

      • Clients that are not explicitly jammed, stop experiencing starvation.

      • Jammed clients receive themaximum possible throughput under jamming.

  • We implement and evaluate FIJI on our testbed.

    • FIJI allocates the throughput in a fair and efficient way.


Prior work on addressing the anomaly l.jpg

Prior work on addressing the anomaly

  • Packet aggregation.

    • High-rate nodes transmit many packets back-to-back, separated by SIFS.

      • Efficient, but requires modifications on 802.11.

  • MAC contention window manipulation.

    • High-rate nodes get more frequent medium access.

      • Efficient, but also requires modifications on 802.11.

  • Use of predefined data rate classes.

    • Setting the data rate equal to the transmission rate for poor links.

      • Inadequate, since it still saturates the traffic at the MAC layer.


Prior work on anti jamming l.jpg

Prior work on anti-jamming

  • Frequency hopping techniques.

    • Legitimate nodes jump to different channels in order to avoid jammers.

    • Inadequate in wideband jamming scenarios.

      • Wideband jammers cover a large numberof bands.

  • Other previous anti-jamming techniques do not consider implicit jammers.

    • FIJI is the first system to address such attackers.


Attack model l.jpg

Attack model

  • Low-power deceptive jammer.

    • Transmits dummy packets back-to-back.

    • Ignores the back-off algorithm.

      • Challenging to detect, since transmitted packets are seemingly legitimate.

  • Placed right next to legitimate clients.

    • Use of very low power to conserve energy.

  • Able to operate on a wide band.

    • Frequency hopping rendered inappropriate.


Fiji to combat the implicit jamming attack l.jpg

FIJI to combat the implicit jamming attack

  • Thegoal of FIJI is twofold:

    • To detect the attack and restore the throughput on clientsthat are not explicitlyjammed.

      • We call these clientshealthy.

    • To maintain connectivity and provide the highest possible throughput to clients thatare explicitly jammed.

      • We call these clientsjammed.

  • FIJI consists of a jammer detection module and a traffic shaping module.


Detection module l.jpg

Detection module

  • Approach: measuring the client transmission delays:

    • Data unit transmission delay:

      • Client

      • Packet length

      • Instantaneous deliverable rate

    • Aggregate transmission delay Da: the sum of the delays of all clients of an AP.

    • A sudden, very high increase in Da typically implies that one or more clients is under jamming.

      • This works well, as we show through experimentation.


Traffic shaping module notations l.jpg

Traffic shaping module: notations

  • Number of clients jammed

  • Number of clients of AP

  • Jammed client i

  • Data unit transmission delay of client

  • Packet size in benign conditions

  • Packet size for client

  • Instantaneous deliverable rate for client

  • Aggregate transmission delay of jammed clients


Traffic shaping module dpt l.jpg

Traffic shaping module: DPT

  • With DPT, we seek to minimize the aggregate transmission delay for the jammed clients:

  • Constraint:

    • With DPT, we make sure that the healthy clients experience a similar aggregate transmission delay as in benign conditions. --->


How does dpt operate l.jpg

How does DPT operate?

  • Let us consider 1 AP, 2 healthy clients (c1, c2) and 1 jammed client (c3).

    • c1, c2 and c3 have data unit delays d1, d2 and d3 respectively.

  • Client throughput in benign conditions:

  • When c3 is jammed, the throughput becomes:


How does dpt operate14 l.jpg

How does DPT operate?

  • DPT ensures that by setting a packet size towards the jammed client equal to

  • The throughput with DPT for healthy clients is:

  • Thus:

    • and hence FIJI restores the throughput at the healthy clients.


How does dpt operate15 l.jpg

How does DPT operate?

  • The jammed client cannot receive a higher throughput if we further decrease the packet size.

    • With packet size the throughput at is:

    • The required condition becomes:

    • … this is always true, hence:


Implementation l.jpg

Implementation

  • We use a prototype version of theIntel ipw2200AP driver/firmware.

    • We measure the data unit transmission delay per client at the AP, and from this the aggregate transmission delay.

  • Temporary variations of these delays are handled by using weighted moving average filtering.

  • We implement DPT in the Click Modular Router from MIT.


Our testbed l.jpg

Intel-2915

Our testbed

  • 28 Soekris net4826 nodes

  • Intel 2915a/b/g cards

  • Omni antennas

  • Kernel v2.6 over NFS

    • We perform experiments late at night with 802.11a and g

      • Avoid external interference


Constant jammer implementation l.jpg

Constant jammer implementation

  • We implement a user-space utility that saturates the system with broadcast UDP packets.

    • Deceptive jammer; back-to-back dummy packets.

  • We set the CCA (Clear Channel Assessment) threshold to be 0 dBm.

    • The card ignores all 802.11 signals during carrier sensing

    • We bypass the MAC back-off procedure.


Evaluating the speed of detection l.jpg

Evaluating the speed of detection

  • Very quick detection

  • The client delay increases sharply in less than 700 msec

    • By 26 times in this experiment


Evaluating the accuracy of detection l.jpg

Evaluating the accuracy of detection

  • Detecting jamming on good quality links

    • Typically in all of our experiments: If > 9, then FIJI can effectively detect the attack.


Evaluating the accuracy of detection21 l.jpg

Evaluating the accuracy of detection

  • FIJI and poor quality links

    • Difficult to make a decision

    • But unlikely to be the case

      • Jammer want to harm the network as much as possible.

      • Selecting poor quality linksdoes not harm the network much.

      • A clever attacker will typically prefer high-quality AP->client links


Evaluating the traffic shaping module l.jpg

Evaluating the traffic shaping module

  • DPT is the most fair solution


Evaluating the traffic shaping module23 l.jpg

AP

Jammer

Jammed clients

Evaluating the traffic shaping module

  • FIJI can easily handle scenarios with multiple jammed clients.

    • Here, both nodes #11 and #37 are jammed.


Evaluating the traffic shaping module24 l.jpg

Evaluating the traffic shaping module

  • Data rate shaping techniques are not as fair as DPT


Conclusions l.jpg

Conclusions

  • FIJI is able to efficiently detect the implicit jamming attack in most cases.

  • FIJI performs a fair and efficient throughput allocation.

    • Healthy clients are shielded from experiencing starvation.

    • Jammed clients receive as much as they can get under jamming.

  • Applicable with minor wireless driver/firmware updates.


Questions l.jpg

Questions?

  • Thank you.


  • Login