1 / 43

Resilience To Jamming Attacks

Resilience To Jamming Attacks. Rabat Anam Mahmood Department of Electrical Engineering & Computer Science rabat@ittc.ku.edu. 24 July 2008. 1. Jamming Attacks Outline. Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks

reuben
Download Presentation

Resilience To Jamming Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Resilience To Jamming Attacks Rabat Anam Mahmood Department of Electrical Engineering & Computer Science rabat@ittc.ku.edu 24 July 2008 Jamming Attacks 1

  2. Jamming Attacks Outline • Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks • Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b • Defending Against Jamming Attacks in Wireless Local Area Networks • References Jamming Attacks 2

  3. Jamming Attacks Outline • Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks • Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b • Defending Against Jamming Attacks in Wireless Local Area Networks • References Jamming Attacks 3

  4. Jamming Attacks Wireless Networks • Definitions and Characteristics • A jammer is an entity who is purposefully trying to interfere with the physical transmission and reception of wireless communications • A jammer continuously emits RF signals to fill a wireless channel so that legitimate traffic will be completely blocked • Common characteristics for all jamming attacks is that their communications are not compliant with MAC protocols 24 July 2008 Jamming Attacks

  5. Jamming Attacks Wireless Networks • Packet Send Ratio • The ratio of packets that are successfully sent out by a legitimate traffic source compared to the number of packets it intends to send out at the MAC layer • Reason • Channel busy • Transmission delayed • New packets dropped when buffer space is full • Packets that are too long in the buffer, timeout • N packets to send; M sent successfully • PSR = M/N 24 July 2008 Jamming Attacks

  6. Jamming Attacks Wireless Networks • Packet Delivery Ratio • The ratio of packets that are successfully delivered to a destination compared to the number of packets that have been sent out by the sender • Reason • Destination may not be able to decode a received packet due to interference 24 July 2008 Jamming Attacks

  7. Jamming Attacks Wireless Networks • Jamming Attack Models • Constant Jammer • Deceptive Jammer • Random Jammer • Reactive Jammer 24 July 2008 Jamming Attacks

  8. Jamming Attacks Wireless Networks 24 July 2008 Jamming Attacks

  9. Jamming Attacks Wireless Networks • Constant Jammer • Continuously emits a radio signal • Sends out random bits to the channel • Does not follow any MAC layer etiquette • Does not wait for the channel to become idle 24 July 2008 Jamming Attacks

  10. Jamming Attacks Wireless Networks • Deceptive Jammer • Constantly injects regular packets to the channel • Normal nodes will be deceived by the packets • Normal nodes just check the preamble and remain silent • Hence jammer can only send out preambles 24 July 2008 Jamming Attacks

  11. Jamming Attacks Wireless Networks • Random Jammer • Alternates between sleeping and jamming • After jamming for tj units of time, it turns off its radio and enters the sleeping mode • After sleeping for ts units of time it will wake up and resume jamming • tj and ts may be random or fixed intervals taking energy conservation into consideration • During wake up phase it can behave as a constant or a deceptive jammer 24 July 2008 Jamming Attacks

  12. Jamming Attacks Wireless Networks • Reactive Jammer • Not necessary to block the channel when nobody is communicating • Jammer stays quiet when the channel is idle • Jammer starts transmitting a radio signal as soon as it senses activity on the channel • Does not conserve energy because the jammer’s radio must be continuously on in order to sense the channel • However, it is harder to detect 24 July 2008 Jamming Attacks

  13. Jamming Attacks Wireless Networks • Detecting Jamming Attacks • Signal Strength • Carrier Sensing Time • Packet Delivery Ratio 24 July 2008 Jamming Attacks 13

  14. Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b Defending Against Jamming Attacks in Wireless Local Area Networks References Jamming Attacks Outline 24 July 2008 Jamming Attacks 14

  15. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • Coexistence • Ability of one system to perform a task in a given shared environment where other systems may or may not be using the same set of rules. • Solution • Multiple radio channels for the coexistence of 802.15.4 LR WPAN and 802.11b WLAN 24 July 2008 Jamming Attacks 15

  16. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • 802.11b has a radio transmission range of 100m • 802.15.4 has a radio transmission range of 10m • 802.11b gives radio interference to 802.15.4 system in a large area and from a long distance • Performance degradation of 802.15.4 caused by the interference from 802.11b by 92% (a study shows) 24 July 2008 Jamming Attacks 16

  17. Radio Channel Allocation Coexistence of 802.15.4 and 802.11b 24 July 2008 Jamming Attacks 17

  18. Radio Channel Allocation Coexistence of 802.15.4 and 802.11b • IEEE 802.11b has 11 channels • Each channel has a frequency range of 22 MHz • IEEE 802.15.4 has 16 channels • Each channel is 5 MHz apart • Each channel has a frequency range of 3 MHz • Frequencies of each 802.11 channel overlaps with frequency ranges for four different 802.15.4 channels • Channels 25 & 26 can be used where frequent interference of 802.11b is expected 24 July 2008 Jamming Attacks 18

  19. Radio Channel Allocation Coexistence of 802.15.4 and 802.11b 24 July 2008 Jamming Attacks 19

  20. Radio Channel Allocation Coexistence of 802.15.4 and 802.11b • Interference Detection • Clear channel assessment or energy detection provided as RSSI (Received Signal Strength Indicator) services in 802.15.4. • RSSI services called periodically or on demand when a sudden degradation of user throughput below a threshold is detected • If RSSI confirms that the energy level on a current channel is above the threshold, channel interference is recognized 24 July 2008 Jamming Attacks 20

  21. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • Group Formation • Nodes under the effect of interference start broadcasting Group Formation messages to the immediate neighbors • Due to interference nodes may or may not receive GF message • Nodes in a group change the current radio channel to a new one from the switching table. • Border nodes provide channel conversion for the group. 24 July 2008 Jamming Attacks 21

  22. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • Tear Down • Nodes in a group periodically check if the previous channel is clear of interference. • If so, a tear down message is sent to all the nodes in a group and the group is torn down. 24 July 2008 Jamming Attacks 22

  23. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b 24 July 2008 Jamming Attacks

  24. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • Interference size represents the number of nodes in interference • Success rate is percentage value relative to without interference 24 July 2008 Jamming Attacks

  25. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b 24 July 2008 Jamming Attacks

  26. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • The percentage value is the delay increase relative to the delay without interference • Since packets are routed through the interference area, the delay is not increased much 24 July 2008 Jamming Attacks

  27. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b 24 July 2008 Jamming Attacks

  28. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • Comparison between packet delays of AODV and AODV plus (adaptive scheme) • Due to adaptive scheme, lower packet delay is attained 24 July 2008 Jamming Attacks

  29. Radio Channel AllocationCoexistence of 802.15.4 and 802.11b • Conclusion • Performance degradation by interference is mainly caused from changing routing path. • The overhead for switching radio channels is very small • Hence, by employing the adaptive scheme, routing does not need to find a new path when it hits into an interference area. 24 July 2008 Jamming Attacks 29

  30. Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b Defending Against Jamming Attacks in Wireless Local Area Networks References Jamming Attacks Outline 24 July 2008 Jamming Attacks 30

  31. Defend Against Jamming AttacksWireless Local Area Networks • Wireless Jamming Attacks • RTS Jamming • CTS Jamming • Solution • Cumulative-Sum-based (CUSUM) Detection Method 24 July 2008 Jamming Attacks 31

  32. Defend Against Jamming AttacksWireless Local Area Networks • RTS Jamming • Jammer occupies channel by continuously sending RTS frames with large NAV to access point (AP) • AP replies with CTS which can be heard by nearby nodes • Neighbor nodes will keep silent for a period of time indicated by NAV • Neighbor nodes can hardly occupy the channel to communicate with the AP 24 July 2008 Jamming Attacks 32

  33. Defend Against Jamming AttacksWireless Local Area Networks 24 July 2008 Jamming Attacks

  34. Defend Against Jamming AttacksWireless Local Area Networks • CTS Jamming • Jammer sends CTS frames with spoofed ID which is as same as AP • Jammer keeps AP unaware of this behavior by either using directional antenna or remaining far away from the AP • Neighbor nodes will assume AP is busy receiving data from a hidden node and will remain silent • Neighbor nodes will never get a chance to occupy the channel 24 July 2008 Jamming Attacks 34

  35. Defend Against Jamming AttacksWireless Local Area Networks 24 July 2008 Jamming Attacks 35

  36. Defend Against Jamming AttacksWireless Local Area Networks • Defending against RTS/CTS attacks • Two separate data windows for RTS & CTS • Size of the window is fixed • Source ID information of the frame is recorded • Latest frame gets the smallest index • Different score given to each frame using a function • Smallest index gains the highest score 24 July 2008 Jamming Attacks 36

  37. Defend Against Jamming AttacksWireless Local Area Networks • CUSUM Method • Sequential Detection Change Point method Mean value of some variable under surveillance will change from negative to positive whenever a change occurs. 24 July 2008 Jamming Attacks 37

  38. Defend Against Jamming AttacksWireless Local Area Networks • Channel is nearly fairly shared among nodes • Source ID distribution of CTS / RTS frames is uniform • If a node constantly occupies the channel, the uniform distribution in this period will change • CUSUM is applied to detect changes in CTS window • When a change point is detected, corresponding CTS frames are suspicious 24 July 2008 Jamming Attacks 38

  39. Defend Against Jamming AttacksWireless Local Area Networks • Ct series CTS scores received sequentially • In normal situation E(Ct)=c • a is an upper bound of c i.e. a≥c • ct=Ct-a negative value during normal operation • ct=Ct-a positive value during attack • CUSUM value exceeds the threshold N, jamming attack alarm launched 24 July 2008 Jamming Attacks

  40. Defend Against Jamming AttacksWireless Local Area Networks 24 July 2008 Jamming Attacks

  41. Defend Against Jamming AttacksWireless Local Area Networks • Conclusion • CUSUM can accurately detect RTS/CTS jamming attacks with little computation and storage cost • Although these attacks cannot totally prevent other nodes from communication, they can seriously degrade the network throughput • These attacks have lower traffic rates than normal jamming attack and are more difficult to detect 24 July 2008 Jamming Attacks 41

  42. Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b Defending Against Jamming Attacks in Wireless Local Area Networks References Jamming Attacks Outline 24 July 2008 Jamming Attacks 42

  43. http://www.winlab.rutgers.edu/~trappe/Papers/JamDetect_Mobihoc.pdfhttp://www.winlab.rutgers.edu/~trappe/Papers/JamDetect_Mobihoc.pdf http://ieeexplore.ieee.org/iel5/10422/33099/01559004.pdf?arnumber=1559004 http://www.springerlink.com/content/l2qp0215r1268p4t/fulltext.pdf Jamming Attacks References 24 July 2008 Jamming Attacks 43

More Related