fiji f ighting i mplicit j amming i n 802 11 wlans
Download
Skip this Video
Download Presentation
FIJI : F ighting I mplicit J amming I n 802.11 WLANs

Loading in 2 Seconds...

play fullscreen
1 / 26

FIJI: Fighting Implicit Jamming In - PowerPoint PPT Presentation


  • 259 Views
  • Uploaded on

FIJI : F ighting I mplicit J amming I n 802.11 WLANs. Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis Srikanth V. Krishnamurthy, Leandros Tassiulas. The problem. “Performance anomaly” in 802.11.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'FIJI: Fighting Implicit Jamming In' - KeelyKia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
fiji f ighting i mplicit j amming i n 802 11 wlans

FIJI: Fighting Implicit Jamming In 802.11 WLANs

Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis

Srikanth V. Krishnamurthy, Leandros Tassiulas

the problem
The problem
  • “Performance anomaly” in 802.11.
    • Under saturation conditions, 802.11 provides the same long-termthroughput to all clients of an accesspoint (AP).

Low throughput

the problem ii
The problem (ii)
  • An attacker can exploit this behavioral trend.
    • The placement of a jammer next to a client can nullify the total throughput! -- Implicitly all clients are jammed.
the impact of the attack
The impact of the attack
  • The throughput of all clients is drastically degraded.
    • A measurement example from our testbed:

7 ft

our contribution
Our contribution
  • We propose FIJI, a framework for Fighting Implicit Jamming In 802.11 WLANs.
    • FIJI looks for anomalies in the AP load distribution toefficiently perform jammer detection.
    • It shapes the traffic such that:
      • Clients that are not explicitly jammed, stop experiencing starvation.
      • Jammed clients receive themaximum possible throughput under jamming.
  • We implement and evaluate FIJI on our testbed.
    • FIJI allocates the throughput in a fair and efficient way.
prior work on addressing the anomaly
Prior work on addressing the anomaly
  • Packet aggregation.
    • High-rate nodes transmit many packets back-to-back, separated by SIFS.
      • Efficient, but requires modifications on 802.11.
  • MAC contention window manipulation.
    • High-rate nodes get more frequent medium access.
      • Efficient, but also requires modifications on 802.11.
  • Use of predefined data rate classes.
    • Setting the data rate equal to the transmission rate for poor links.
      • Inadequate, since it still saturates the traffic at the MAC layer.
prior work on anti jamming
Prior work on anti-jamming
  • Frequency hopping techniques.
    • Legitimate nodes jump to different channels in order to avoid jammers.
    • Inadequate in wideband jamming scenarios.
      • Wideband jammers cover a large numberof bands.
  • Other previous anti-jamming techniques do not consider implicit jammers.
    • FIJI is the first system to address such attackers.
attack model
Attack model
  • Low-power deceptive jammer.
    • Transmits dummy packets back-to-back.
    • Ignores the back-off algorithm.
      • Challenging to detect, since transmitted packets are seemingly legitimate.
  • Placed right next to legitimate clients.
    • Use of very low power to conserve energy.
  • Able to operate on a wide band.
    • Frequency hopping rendered inappropriate.
fiji to combat the implicit jamming attack
FIJI to combat the implicit jamming attack
  • Thegoal of FIJI is twofold:
    • To detect the attack and restore the throughput on clientsthat are not explicitlyjammed.
      • We call these clientshealthy.
    • To maintain connectivity and provide the highest possible throughput to clients thatare explicitly jammed.
      • We call these clientsjammed.
  • FIJI consists of a jammer detection module and a traffic shaping module.
detection module
Detection module
  • Approach: measuring the client transmission delays:
    • Data unit transmission delay:
      • Client
      • Packet length
      • Instantaneous deliverable rate
    • Aggregate transmission delay Da: the sum of the delays of all clients of an AP.
    • A sudden, very high increase in Da typically implies that one or more clients is under jamming.
      • This works well, as we show through experimentation.
traffic shaping module notations
Traffic shaping module: notations
  • Number of clients jammed
  • Number of clients of AP
  • Jammed client i
  • Data unit transmission delay of client
  • Packet size in benign conditions
  • Packet size for client
  • Instantaneous deliverable rate for client
  • Aggregate transmission delay of jammed clients
traffic shaping module dpt
Traffic shaping module: DPT
  • With DPT, we seek to minimize the aggregate transmission delay for the jammed clients:
  • Constraint:
      • With DPT, we make sure that the healthy clients experience a similar aggregate transmission delay as in benign conditions. --->
how does dpt operate
How does DPT operate?
  • Let us consider 1 AP, 2 healthy clients (c1, c2) and 1 jammed client (c3).
    • c1, c2 and c3 have data unit delays d1, d2 and d3 respectively.
  • Client throughput in benign conditions:
  • When c3 is jammed, the throughput becomes:
how does dpt operate14
How does DPT operate?
  • DPT ensures that by setting a packet size towards the jammed client equal to
  • The throughput with DPT for healthy clients is:
  • Thus:
    • and hence FIJI restores the throughput at the healthy clients.
how does dpt operate15
How does DPT operate?
  • The jammed client cannot receive a higher throughput if we further decrease the packet size.
    • With packet size the throughput at is:
    • The required condition becomes:
    • … this is always true, hence:
implementation
Implementation
  • We use a prototype version of theIntel ipw2200AP driver/firmware.
    • We measure the data unit transmission delay per client at the AP, and from this the aggregate transmission delay.
  • Temporary variations of these delays are handled by using weighted moving average filtering.
  • We implement DPT in the Click Modular Router from MIT.
our testbed

Intel-2915

Our testbed
  • 28 Soekris net4826 nodes
  • Intel 2915a/b/g cards
  • Omni antennas
  • Kernel v2.6 over NFS
    • We perform experiments late at night with 802.11a and g
      • Avoid external interference
constant jammer implementation
Constant jammer implementation
  • We implement a user-space utility that saturates the system with broadcast UDP packets.
    • Deceptive jammer; back-to-back dummy packets.
  • We set the CCA (Clear Channel Assessment) threshold to be 0 dBm.
    • The card ignores all 802.11 signals during carrier sensing
    • We bypass the MAC back-off procedure.
evaluating the speed of detection
Evaluating the speed of detection
  • Very quick detection
  • The client delay increases sharply in less than 700 msec
    • By 26 times in this experiment
evaluating the accuracy of detection
Evaluating the accuracy of detection
  • Detecting jamming on good quality links
    • Typically in all of our experiments: If > 9, then FIJI can effectively detect the attack.
evaluating the accuracy of detection21
Evaluating the accuracy of detection
  • FIJI and poor quality links
    • Difficult to make a decision
    • But unlikely to be the case
      • Jammer want to harm the network as much as possible.
      • Selecting poor quality linksdoes not harm the network much.
      • A clever attacker will typically prefer high-quality AP->client links
evaluating the traffic shaping module
Evaluating the traffic shaping module
  • DPT is the most fair solution
evaluating the traffic shaping module23

AP

Jammer

Jammed clients

Evaluating the traffic shaping module
  • FIJI can easily handle scenarios with multiple jammed clients.
    • Here, both nodes #11 and #37 are jammed.
evaluating the traffic shaping module24
Evaluating the traffic shaping module
  • Data rate shaping techniques are not as fair as DPT
conclusions
Conclusions
  • FIJI is able to efficiently detect the implicit jamming attack in most cases.
  • FIJI performs a fair and efficient throughput allocation.
    • Healthy clients are shielded from experiencing starvation.
    • Jammed clients receive as much as they can get under jamming.
  • Applicable with minor wireless driver/firmware updates.
questions
Questions?
  • Thank you.
ad