Jamming Wireless Networks: Attack and Defense Strategies

Similar documents
Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service

Wireless Network Security Spring 2012

Wireless Network Security Spring 2014

Wireless Network Security Spring 2016

Wireless Network Security Spring 2015

Wireless Sensor Networks

DEEJAM: Defeating Energy-Efficient Jamming in IEEE based Wireless Networks

LOCALIZATION AND ROUTING AGAINST JAMMERS IN WIRELESS NETWORKS

Multiple Receiver Strategies for Minimizing Packet Loss in Dense Sensor Networks

TRIESTE: A Trusted Radio Infrastructure for Enforcing SpecTrum Etiquettes

Lightweight Decentralized Algorithm for Localizing Reactive Jammers in Wireless Sensor Network

Defending Wireless Sensor Networks from Radio Interference through Channel Adaptation

Badri Nath Dept. of Computer Science/WINLAB Rutgers University Jointly with Wade Trappe, Yanyong Zhang WINLAB IAB meeting November, 2004

A Combined Approach for Distinguishing Different Types of Jamming Attacks Against Wireless Networks

Ultra-Low Duty Cycle MAC with Scheduled Channel Polling

UNDERSTANDING AND MITIGATING

Sensor Network Platforms and Tools

Feasibility and Benefits of Passive RFID Wake-up Radios for Wireless Sensor Networks

Effect of Antenna Placement and Diversity on Vehicular Network Communications

AS-MAC: An Asynchronous Scheduled MAC Protocol for Wireless Sensor Networks

Wireless Network Security Spring 2016

Jamming Attacks with its Various Techniques and AODV in Wireless Networks

INTRODUCTION TO WIRELESS SENSOR NETWORKS. CHAPTER 3: RADIO COMMUNICATIONS Anna Förster

DEALING WITH JAMMING IN WIRELESS SENSOR NETWORK

Funneling-MAC: A Localized, Sink-Oriented MAC For Boosting Fidelity in Sensor Networks

ENERGY EFFICIENT SENSOR NODE DESIGN IN WIRELESS SENSOR NETWORKS

On Practical Selective Jamming of Bluetooth Low Energy Advertising

IN4181 Lecture 2. Ad-hoc and Sensor Networks. Koen Langendoen Muneeb Ali, Aline Baggio Gertjan Halkes

PJ6400: Mobile Collector in Defense against Jamming Attack Written by: Lu Cui Supervised by: Natalija Vlajic, Andrew Eckford

Automotive Radar Sensors and Congested Radio Spectrum: An Urban Electronic Battlefield?

White Space Security: Securing our Spectral Resources. (Aka: Its going to be hard to understand what s going on in order to secure spectrum )

Prevention of Selective Jamming Attack Using Cryptographic Packet Hiding Methods

Spectrum Sensing Brief Overview of the Research at WINLAB

Field Testing of Wireless Interactive Sensor Nodes

The Pennsylvania State University The Graduate School COMPROMISE-RESILIENT ANTI-JAMMING COMMUNICATION IN WIRELESS SENSOR NETWORKS

Avoid Impact of Jamming Using Multipath Routing Based on Wireless Mesh Networks

Real-World Range Testing By Christopher Hofmeister August, 2011

The Impact of Channel Bonding on n Network Management

Simulation Based Analysis of Jamming Attack in OLSR, GRP, TORA. and Improvement with PCF in TORA using OPNET tool

On Denial of Service Attacks for Wireless Sensor Networks

The Armstrong Project Technical Report

Syed Obaid Amin. Date: February 11 th, Networking Lab Kyung Hee University

FTSP Power Characterization

Vulnerability modelling of ad hoc routing protocols a comparison of OLSR and DSR

ZigBee-based Intra-car Wireless Sensor Network

Mitigating Inside Jammers in Manet Using Localized Detection Scheme

Exercise Data Networks

Intelligent Adaptation And Cognitive Networking

Error Minimizing Jammer Localization Through Smart Estimation of Ambient Noise

Using Channel Hopping to Increase Resilience to Jamming Attacks

Reliable Videos Broadcast with Network Coding and Coordinated Multiple Access Points

All Beamforming Solutions Are Not Equal

Data Dissemination in Wireless Sensor Networks

Wi-Fi. Wireless Fidelity. Spread Spectrum CSMA. Ad-hoc Networks. Engr. Mian Shahzad Iqbal Lecturer Department of Telecommunication Engineering

DDRS algorithm over DoS Attack in Wireless Communication Due to Jammers Prof. Bhaumik Machhi 1

Application Note AN041

Wireless Communication

Internet of Things Prof. M. Cesana. Exam June 26, Family Name Given Name Student ID 3030 Course of studies 3030 Total Available time: 2 hours

Keeping Your Eyes Peeled: Sensing-Driven Feedback- Computing for Network Security

Energy-Efficient Data Management for Sensor Networks

Mohammed Ghowse.M.E 1, Mr. E.S.K.Vijay Anand 2

Location Estimation in Ad-Hoc Networks with Directional Antennas

Agenda. A short overview of the CITI lab. Wireless Sensor Networks : Key applications & constraints. Energy consumption and network lifetime

Literature Survey on Jamming Attack in Wireless Adhoc Network

Lecture on Sensor Networks

Computer Networks II Advanced Features (T )

Simulation Blocks for TOSSIM-T2

Detection and Prevention of Physical Jamming Attacks in Vehicular Environment

Book Title: XXXXXXXXXXXXXXXXXXXXXXXXXX. Editors

ZigBee Propagation Testing

Wireless Broadband Solutions for Autonomous Ground Vehicles

olsr.org 'Optimized Link State Routing' and beyond December 28th, 2005 Elektra

Secret Key Extraction in MIMO like Sensor Networks Using Wireless Signal Strength

Mitigation of Periodic Jamming in a Spread Spectrum System by Adaptive Filter Selection

Zippy: On-Demand Network Flooding

Politecnico di Milano Advanced Network Technologies Laboratory. Beyond Standard MAC Sublayer

Multiple Access Schemes

By Ryan Winfield Woodings and Mark Gerrior, Cypress Semiconductor

WOLF - Wireless robust Link for urban Forces operations

Study of RSS-based Localisation Methods in Wireless Sensor Networks

Planning of LTE Radio Networks in WinProp

WIRELESS NETWORK USER MANUAL MHz RFT-868-REL Remotely Controlled Relay Switch

SCPL: Indoor Device-Free Multi-Subject Counting and Localization Using Radio Signal Strength

Wormhole-Based Anti-Jamming Techniques in Sensor. Networks

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols

VC7300-Series Product Brief

Free space loss: transmitting antenna: signal power P snd receiving antenna: signal power P rcv distance: d frequency: f.

TRANSMIT ONLY FOR DENSE WIRELESS NETWORKS

Optimal Clock Synchronization in Networks. Christoph Lenzen Philipp Sommer Roger Wattenhofer

FPGA-BASED DESIGN AND IMPLEMENTATION OF THREE-PRIORITY PERSISTENT CSMA PROTOCOL

UWB for Sensor Networks:

Understanding and Mitigating the Impact of Interference on Networks. By Gulzar Ahmad Sanjay Bhatt Morteza Kheirkhah Adam Kral Jannik Sundø

A Novel Error Minimizing Framework Better Location Estimation in Wireless Networks

WisperNet: Anti-Jamming for Wireless Sensor Networks

Long Term Evolution (LTE) and 5th Generation Mobile Networks (5G) CS-539 Mobile Networks and Computing

AIR FORCE INSTITUTE OF TECHNOLOGY

IFH SS CDMA Implantation. 6.0 Introduction

MIMO-Assisted Channel-Based Authentication in Wireless Networks

Impact of Radio Irregularity on Wireless Sensor Networks

Denial of Service Attacks in Wireless Networks: The case of Jammers

Transcription:

Jamming Wireless Networks: Attack and Defense Strategies Wenyuan Xu, Ke Ma, Wade Trappe, Yanyong Zhang, WINLAB, Rutgers University IAB, Dec. 6 th, 2005

Roadmap Introduction and Motivation Jammer Models Four models Their effectiveness Detecting Jamming attacks Basic statistic + Consistency check Defenses strategy Channel surfing Spatial retreat Conclusions 2

Jammers Bob @#$%%$# Hello @& Hi Alice Mr. X Jamming style DoS Attack: Behavior that prevents other nodes from using the channel to communicate by occupying the channel that they are communicating on A jammer An entity who is purposefully trying to interfere with the physical transmission and reception of wireless communications. Is it hard to build a jammer? No! Haha Mr. X 3

Jammers Hardware Cell phone jammer unit: Intended for blocking all mobile phone types within designated indoor areas 'plug and play' unit Waveform Generator Tune frequency to what ever you want MAC-layer Jammer (our focus) Mica2 Motes (UC Berkeley) 8-bit CPU at 4MHz, 128KB flash, 4KB RAM 916.7MHz radio OS: TinyOS Disable the CSMA Keep sending out the preamble 4

Jammers Hardware Cell phone jammer unit: Intended for blocking all mobile phone types within designated indoor areas 'plug and play' unit Waveform Generator Tune frequency to what ever you want MAC-layer Jammer (our focus) Mica2 Motes (UC Berkeley) 8-bit CPU at 4MHz, 128KB flash, 4KB RAM 916.7MHz radio OS: TinyOS Disable the CSMA Keep sending out the preamble 5

Jammers Hardware Cell phone jammer unit: Intended for blocking all mobile phone types within designated indoor areas 'plug and play' unit Waveform Generator Tune frequency to what ever you want MAC-layer Jammer 802.11 laptop Mica2 Motes (UC Berkeley) 8-bit CPU at 4MHz, 128KB flash, 4KB RAM 916.7MHz radio OS: TinyOS Disable the CSMA Keep sending out the preamble 6

The Jammer Models and Their Effectiveness

Jammer Attack Models &F*(SDJFFD(*MC*(^%&^*&(%*)(*)_*^&*FS. Constant jammer: Continuously emits a radio signal Preamble CRC Payload Payload Payload Payload Payload Deceptive jammer: Constantly injects regular packets to the channel without any gap between consecutive packet transmissions A normal communicator will be deceived into the receive state 8

Jammer Attack Models &F*(SDJF ^F&*D( D*KC*I^ Random jammer: Alternates between sleeping and jamming Sleeping period: turn off the radio Jamming period: either a constant jammer or deceptive jammer Underling normal traffic Payload &F*(SDJ Payload ^%^*& Payload CD*(&FG Reactive jammer: Stays quiet when the channel is idle, starts transmitting a radio signal as soon as it senses activity on the channel. Targets the reception of a message 9

Detecting Jamming Attacks: Basic Statistics plus Consistency Checks

Basic Statistics P.1 Idea: Many measurement will be affected by the presence of a jammer Network devices can gather measurements during a time period prior to jamming and build a statistical model describing basic measurement in the network Measurement Signal strength Moving average Spectral discrimination Carrier sensing time Packet delivery ratio Experiment platform: Mica2 Motes Use RSSI ADC to measure the signal strength RSSI (dbm) -60-80 -100-60 -80-100 -60-80 -100-60 -80-100 -60-80 -100-60 -80 CBR MaxTraffic Constant Jammer Deceptive Jammer Reactive Jammer Random Jammer -100 0 200 400 600 800 1000 1200 1400 1600 sample sequence number 11

Basic Statistics P.2 Can basic statistics differentiate between jamming scenario from a normal scenario including congestion? Average Signal strength Spectral Discrimination Carrier sensing time Packet delivery ratio Constant Jammer Deceptive Jammer Random Jammer Reactive Jammer Differentiate jamming scenario from all network dynamics, e.g. congestion, hardware failure PDR is a relative good statistic, but cannot do hardware failure Consistency checks --- using Signal strength Normal scenarios: High signal strength a high PDR Low signal strength a low PDR Low PDR: Hardware failure or poor link quality low signal strength Jamming attack high signal strength 12

Jamming Detection with Consistency Checks Measure PDR(N) {N Є Neighbors} PDR(N) < PDRThresh? No Build a (PDR,SS) look-up table empirically Measure (PDR, SS) during a guaranteed time of non-interfered network. Divide the data into PDR bins, calculate the mean and variance for the data within each bin. Get the upper bound for the maximum SS that world have produced a particular PDR value during a normal case. Partition the (PDR, SS) plane into a jammedregion and a non-jammed region. Not Jammed PDR VS. SS Yes PDR(N) consistent with signal strength? Yes Jammed Region No SS(dBm) Jammed! PDR % 13

Defenses against Jamming Attacks: Channel Surfing and Spatial Retreat

Handling Jamming: Strategies What can you do when your channel is occupied? In wired network you can cut the link that causes the problem, but in wireless Make the building as resistant as possible to incoming radio signals? Find the jamming source and shoot it down? Battery drain defenses/attacks are not realistic! Protecting networks is a constant battle between the security expert and the clever adversary. Therefore, we take motivation from The Art of War by Sun Tze: He who cannot defeat his enemy should retreat. Retreat Strategies: Channel Surfing Spatial retreat 15

Channel Surfing Idea: If we are blocked at a particular channel, we can resume our communication by switching to a safe channel Inspired by frequency hopping techniques, but operates at the link layer in an on-demand fashion. Challenge Distributed computing Asynchrony, latency and scalability Jammer Jammer Node working in channel 1 Node working in channel 2 channel 1 channel 2 16

Channel Surfing Coordinated Channel Switching The entire network changes its channel to a new channel Spectral Multiplexing Jammed node switch channel Nodes on the boundary of a jammed region serve as relay nodes between different spectral zones Jammer Jammer Coordinated channel surfing Spectral Multiplexing Node working in channel 1 Node working in channel 2 Node working in both channel 1 & 2 channel 1 channel 2 17

Channel Surfing Coordinated Channel Switching The entire network changes its channel to a new channel Spectral Multiplexing Jammed node switch channel Nodes on the boundary of a jammed region serve as relay nodes between different spectral zones Jammer Jammer Coordinated channel surfing Spectral Multiplexing Node working in channel 1 Node working in channel 2 Node working in both channel 1 & 2 channel 1 channel 2 18

Spatial Retreat Targeted Networks Nodes in the network should have Mobility GPS or similar localization Idea: Nodes that are located within the jammed area move to safe regions. B A C X I E D H G F Escaping: Choose a random direction to evacuate from jammed area If no nodes are within its radio range, it moves along the boundary of the jammed area until it reconnects to the rest of the network. 19

Spatial Retreat Issues: A mobile adversary can move through the network The network can be partitioned After Escape Phase we need Reconstruction phase to repair the network Reconstruction phase Virtual force Model Forces only exist between neighboring sensors Forces are either repulsive or attractive Forces represent a need for sensors to move in order to improve system behavior virtual force is calculated based on its distance to all its neighboring sensors Direct its movement according to its force When all sensors stop moving, the spatial coverage of the whole network is maximized Borrowed from Ke Ma 20

Case Study : Spatial Retreats Borrowed from Ke Ma 21

Conclusion Due to the shared nature of the wireless medium, it is an easy feat for adversaries to perform a jamming-style denial of service against wireless networks We proposed to use consistency check based on PDR to detect jammers We have presented two different strategies to defend against the jamming style of DoS attacks Channel-surfing: changing the transmission frequency to a range where there is no interference from the adversary Spatial retreat: moving to a new location where there is no interference 22

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback