Add to collection(s) Add to saved
  1. No category
Uploaded by miibrahem42

5087211(1)

advertisement 
ITTC
© Rabat Anam Mahmood
Resilience To Jamming Attacks
Rabat Anam Mahmood
Department of Electrical Engineering & Computer Science
rabat@ittc.ku.edu
24 July 2008
Jamming Attacks
1
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Outline
• Feasibility of Launching & Detecting Jamming Attacks
in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting
Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local
Area Networks
• References
24 July 2008
Jamming Attacks
2
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Outline
• Feasibility of Launching & Detecting Jamming
Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting
Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local
Area Networks
• References
24 July 2008
Jamming Attacks
3
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Definitions and Characteristics
– A jammer is an entity who is purposefully trying to interfere
with the physical transmission and reception of wireless
communications
– A jammer continuously emits RF signals to fill a wireless
channel so that legitimate traffic will be completely blocked
– Common characteristics for all jamming attacks is that their
communications are not compliant with MAC protocols
24 July 2008
Jamming Attacks
4
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Packet Send Ratio
– The ratio of packets that are successfully sent out by a
legitimate traffic source compared to the number of packets
it intends to send out at the MAC layer
• Reason
–
–
–
–
–
–
Channel busy
Transmission delayed
New packets dropped when buffer space is full
Packets that are too long in the buffer, timeout
N packets to send; M sent successfully
PSR = M/N
24 July 2008
Jamming Attacks
5
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Packet Delivery Ratio
– The ratio of packets that are successfully delivered to a
destination compared to the number of packets that have
been sent out by the sender
• Reason
– Destination may not be able to decode a received packet
due to interference
24 July 2008
Jamming Attacks
6
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Jamming Attack Models
–
–
–
–
Constant Jammer
Deceptive Jammer
Random Jammer
Reactive Jammer
24 July 2008
Jamming Attacks
7
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
24 July 2008
Jamming Attacks
8
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Constant Jammer
–
–
–
–
Continuously emits a radio signal
Sends out random bits to the channel
Does not follow any MAC layer etiquette
Does not wait for the channel to become idle
24 July 2008
Jamming Attacks
9
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Deceptive Jammer
–
–
–
–
Constantly injects regular packets to the channel
Normal nodes will be deceived by the packets
Normal nodes just check the preamble and remain silent
Hence jammer can only send out preambles
24 July 2008
Jamming Attacks
10
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Random Jammer
– Alternates between sleeping and jamming
– After jamming for tj units of time, it turns off its radio and
enters the sleeping mode
– After sleeping for ts units of time it will wake up and resume
jamming
– tj and ts may be random or fixed intervals taking energy
conservation into consideration
– During wake up phase it can behave as a constant or a
deceptive jammer
24 July 2008
Jamming Attacks
11
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Reactive Jammer
– Not necessary to block the channel when nobody is
communicating
– Jammer stays quiet when the channel is idle
– Jammer starts transmitting a radio signal as soon as it
senses activity on the channel
– Does not conserve energy because the jammer’s radio must
be continuously on in order to sense the channel
– However, it is harder to detect
24 July 2008
Jamming Attacks
12
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Wireless Networks
• Detecting Jamming Attacks
– Signal Strength
– Carrier Sensing Time
– Packet Delivery Ratio
24 July 2008
Jamming Attacks
13
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Outline
• Feasibility of Launching & Detecting Jamming
Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting
Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local
Area Networks
• References
24 July 2008
Jamming Attacks
14
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Coexistence
– Ability of one system to perform a task in a given shared
environment where other systems may or may not be using
the same set of rules.
• Solution
– Multiple radio channels for the coexistence of 802.15.4 LR
WPAN and 802.11b WLAN
24 July 2008
Jamming Attacks
15
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• 802.11b has a radio transmission range of 100m
• 802.15.4 has a radio transmission range of 10m
• 802.11b gives radio interference to 802.15.4 system
in a large area and from a long distance
• Performance degradation of 802.15.4 caused by the
interference from 802.11b by 92% (a study shows)
24 July 2008
Jamming Attacks
16
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
24 July 2008
Jamming Attacks
17
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• IEEE 802.11b has 11 channels
–
Each channel has a frequency range of 22 MHz
• IEEE 802.15.4 has 16 channels
–
–
Each channel is 5 MHz apart
Each channel has a frequency range of 3 MHz
• Frequencies of each 802.11 channel overlaps with
frequency ranges for four different 802.15.4 channels
• Channels 25 & 26 can be used where frequent
interference of 802.11b is expected
24 July 2008
Jamming Attacks
18
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
24 July 2008
Jamming Attacks
19
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Interference Detection
– Clear channel assessment or energy detection provided as
RSSI (Received Signal Strength Indicator) services in
802.15.4.
– RSSI services called periodically or on demand when a
sudden degradation of user throughput below a threshold is
detected
– If RSSI confirms that the energy level on a current channel
is above the threshold, channel interference is recognized
24 July 2008
Jamming Attacks
20
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Group Formation
– Nodes under the effect of interference start broadcasting
Group Formation messages to the immediate neighbors
– Due to interference nodes may or may not receive GF
message
– Nodes in a group change the current radio channel to a new
one from the switching table.
– Border nodes provide channel conversion for the group.
24 July 2008
Jamming Attacks
21
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Tear Down
– Nodes in a group periodically check if the previous channel is
clear of interference.
– If so, a tear down message is sent to all the nodes in a
group and the group is torn down.
24 July 2008
Jamming Attacks
22
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
24 July 2008
Jamming Attacks
23
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Interference size represents the number of nodes in
interference
• Success rate is percentage value relative to without
interference
24 July 2008
Jamming Attacks
24
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
24 July 2008
Jamming Attacks
25
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• The percentage value is the delay increase relative to
the delay without interference
• Since packets are routed through the interference
area, the delay is not increased much
24 July 2008
Jamming Attacks
26
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
24 July 2008
Jamming Attacks
27
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Comparison between packet delays of AODV and
AODV plus (adaptive scheme)
• Due to adaptive scheme, lower packet delay is
attained
24 July 2008
Jamming Attacks
28
ITTC
© Rabat Anam Mahmood
Radio Channel Allocation
Coexistence of 802.15.4 and 802.11b
• Conclusion
– Performance degradation by interference is mainly caused
from changing routing path.
– The overhead for switching radio channels is very small
– Hence, by employing the adaptive scheme, routing does not
need to find a new path when it hits into an interference
area.
24 July 2008
Jamming Attacks
29
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Outline
• Feasibility of Launching & Detecting Jamming
Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting
Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local
Area Networks
• References
24 July 2008
Jamming Attacks
30
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• Wireless Jamming Attacks
– RTS Jamming
– CTS Jamming
• Solution
– Cumulative-Sum-based (CUSUM) Detection Method
24 July 2008
Jamming Attacks
31
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• RTS Jamming
– Jammer occupies channel by continuously sending RTS
frames with large NAV to access point (AP)
– AP replies with CTS which can be heard by nearby nodes
– Neighbor nodes will keep silent for a period of time indicated
by NAV
– Neighbor nodes can hardly occupy the channel to
communicate with the AP
24 July 2008
Jamming Attacks
32
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
24 July 2008
Jamming Attacks
33
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• CTS Jamming
– Jammer sends CTS frames with spoofed ID which is as same
as AP
– Jammer keeps AP unaware of this behavior by either using
directional antenna or remaining far away from the AP
– Neighbor nodes will assume AP is busy receiving data from a
hidden node and will remain silent
– Neighbor nodes will never get a chance to occupy the
channel
24 July 2008
Jamming Attacks
34
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
24 July 2008
Jamming Attacks
35
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• Defending against RTS/CTS attacks
–
–
–
–
–
–
Two separate data windows for RTS & CTS
Size of the window is fixed
Source ID information of the frame is recorded
Latest frame gets the smallest index
Different score given to each frame using a function
Smallest index gains the highest score
24 July 2008
Jamming Attacks
36
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• CUSUM Method
– Sequential Detection Change Point method
Mean value of some variable under surveillance will change
from negative to positive whenever a change occurs.
24 July 2008
Jamming Attacks
37
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• Channel is nearly fairly shared among nodes
• Source ID distribution of CTS / RTS frames is uniform
• If a node constantly occupies the channel, the
uniform distribution in this period will change
• CUSUM is applied to detect changes in CTS window
• When a change point is detected, corresponding CTS
frames are suspicious
24 July 2008
Jamming Attacks
38
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
•
•
•
•
•
•
Ct series CTS scores received sequentially
In normal situation E(Ct)=c
a is an upper bound of c i.e. a≥c
ct=Ct-a negative value during normal operation
ct=Ct-a positive value during attack
CUSUM value exceeds the threshold N, jamming
attack alarm launched
24 July 2008
Jamming Attacks
39
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
24 July 2008
Jamming Attacks
40
ITTC
© Rabat Anam Mahmood
Defend Against Jamming Attacks
Wireless Local Area Networks
• Conclusion
– CUSUM can accurately detect RTS/CTS jamming attacks with
little computation and storage cost
– Although these attacks cannot totally prevent other nodes
from communication, they can seriously degrade the
network throughput
– These attacks have lower traffic rates than normal jamming
attack and are more difficult to detect
24 July 2008
Jamming Attacks
41
ITTC
© Rabat Anam Mahmood
Jamming Attacks
Outline
• Feasibility of Launching & Detecting Jamming
Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting
Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local
Area Networks
• References
24 July 2008
Jamming Attacks
42
ITTC
© Rabat Anam Mahmood
Jamming Attacks
References
• http://www.winlab.rutgers.edu/~trappe/Papers/Jam
Detect_Mobihoc.pdf
• http://ieeexplore.ieee.org/iel5/10422/33099/0155900
4.pdf?arnumber=1559004
• http://www.springerlink.com/content/l2qp0215r1268
p4t/fulltext.pdf
24 July 2008
Jamming Attacks
43
Related documents
Risk-Aware Mitigation for MANET Routing Attacks Abstract
Risk-Aware Mitigation for MANET Routing Attacks Abstract
- Krest Technology
- Krest Technology
MICROCONTROLLER BASED MOBILE CONTROL ELECTRONICS
MICROCONTROLLER BASED MOBILE CONTROL ELECTRONICS
Packet-Hiding Methods for Preventing Selective Jamming Attacks
Packet-Hiding Methods for Preventing Selective Jamming Attacks
Combining Cryptographic Primitives to Prevent Jamming Attacks in
Combining Cryptographic Primitives to Prevent Jamming Attacks in
IPC Revision WG * Definition Project
IPC Revision WG * Definition Project
Download
advertisement