-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
1/34
The Feasibility of Launching and
Detecting Jamming Attacks in
Wireless Networks
Wenyuan Xu, Wade Trappe, Yanyong Zhang, TimothyWood,
WINLAB, Rutgers University
Presented by
Neel Saraiya
10304581
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
2/34
Contents
Introduction
Jamming characteristics and Metrics
Jamming attack models
Statistics for detecting the jamming attacks Jamming detection with consistency check
Conclusion
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
3/34
Introduction
Wireless networks:-
Low cost Availability and Popularity
Varieties of application
Threats:- Stealing information, corrupting data
Objective:- Providing security and trustworthiness
Attacks:- Radio interference
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
4/34
Jammers What?
An entity who is purposefully trying to interfere withthe physical transmission and reception of wireless
communications.
How? (2 styles) MAC-layer DoS
Bypass the MAC protocol, repeatedly send out packets
Introduces packet collision
PHY-layer DoS
Jam transmission channel by emitting energy in the
frequency band corresponding to the channel
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
5/34
Jammers Hardware
Cell phone jammer unit:
intended for blocking all mobile phone typeswithin designated indoor areas
'plug and play' unit
Waveform Generator
Tune frequency to what ever you want
MAC-layer Jammer (our focus) Mica2 Motes (UC Berkeley)
8-bit CPU at 4MHz,
128KB flash, 4KBRAM
916.7MHz radio
OS:TinyOS Disable the CSMA
Keep sending out the preamble
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
6/34
Communication w/oJammer Communication interrupted by
Jammer
Jamming characteristics and Metrics
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
7/34
Contd Goal of jammer:
Interfere with legitimate wireless communications
Prevent a sender from sending out packets
Prevent a receiver from receiving a legitimate packets
Packet Send Ratio (PSR)
The ratio of packets that are successfully sent out by a
legitimate traffic source compared to the number of
packets it intends to send out at the MAC layer
Packet Delivery Ratio (PDR)
The ratio of packets that are successfully deliveredto a
destination compared to the number of packets that havebeen sent out by the sender
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
8/34
Jamming attack models
Constant jammer
Deceptive Jammer
Random jammer
Reactive jammer
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
9/34
Constant jammerBasically it uses
Waveform generatorNormal wireless devices
Keeps the channel busy by sending randombits.
Prevents legitimate traffic source
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
10/34
Deceptive Jammer
Constantly injects regular packets to the
channel without any gap between subsequentpacket transmissions
A normal communicator will be deceived into
the receive state
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
11/34
Random jammer
Use two different modes
Jamming mode for tj time
Sleeping mode for ts time
tj and ts are fixed or random value
Why use two different modes?
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
12/34
Reactive jammer
Use the reactive strategy
Less effective
No energy conservation
Harder to detect
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
13/34
Consider example
Involving three parties:
Normal nodes: Sender A receiver B
Jammer X
Parameters Distance
Let dXB = dXA Fix dAB at 30 inches
Power PA = PB = P X = -4dBm
MAC Fix MAC threshold Adaptive MAC threshold
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
14/34
Contd
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
15/34
Experiment result
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
16/34
Experiment Observation
Constant jammer: A constant jammer can completely block A from sending out
packets, if it is close enough to A.
When A use BMAC, although A can send out some packets, most of
them are corrupted by the jammer. Thus, PDR is low.
Deceptive jammer:
A deceptive jammer continuously sends out packets, both A and B
are forced to receive packets no matter which MAC protocol there
use.
Random jammer
The longer a random jammer sleeps, the less impact it has on the
normal traffic.
The PSR measured in BMAC and 1.1.1MAC scenarios dont differ
much, because the on state of random jammer is not long enough
for the threshold to increase. Reactive jammer
The sender is able to reliably send out its packet in all cases,
however, most of the packets are corrupted with the presence of a
jammer nearby.
Even for short packets, the reactive jammer can effectively disrupt
network communication.
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
17/34
Need a secure and dependable network
Need to differentiate between different
scenario
For ex:- exceeds network capacity
Statistics for detecting jamming
attacks
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
18/34
Statistics for detecting jamming
attacks contd
There are three methods.
Signal strength
Carrier sensing time
Packet delivery ratio
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
19/34
Signal strength Idea:
The signal strength distribution may be affectedby the presence of a jammer
Assume:
Network devices can gather enough noise level
measurements during a time period prior to jammingand build a statistical model describing normal energylevels in the network.
Two strategies:
Basic average and energy detection
Signal strength spectral discrimination
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
20/34
Basic average and energy
detection Uses either the average signal value or the
total signal energy over a window ofN signal
strength measurements.
when the jammer emits a constant amplitudesignal the detection statistic is
when the jammer emits a powerful noise-likesignal the detection statistic is
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
21/34
Basic average and energy detection
ExperimentConsider Six experimentsFor first two experiments
consider
Sender Receiver
A B
Exp 1
Packets = 20Rate=5.28kbps
Exp 2
Packets= Max trafficRate= 6.46kbps
For next four exp.consider
Sender Receiver JammerA B X
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
22/34
Spectral discrimination experiment
Figure 3: Plot of the first two higher order crossings, D1 vs. D2, fordifferent jammer
andcommunication scenarios.
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
23/34
Carrier Sensing Time
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
24/34
Contd
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
25/34
Packet Delivery Ratio
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
26/34
Packet Delivery RatioThe PDRs are low in thepresence of jammers
PDR is effective indiscriminating jammingfrom congested networkscenario.
Low PDR can be caused bynetwork dynamics:
Sender Battery failure Sender moving out of the
communication range PDR cannot differentiatejamming attacks fromother scenarios such as poor
link quality.
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
27/34
Jamming detection with consistency
check Two methods:-
1. Signal strength consistency check
2. Location consistency check
Signal strength consistency check
Goal to discriminate jamming attacks from,
normal congested scenarios
other cases caused by poor link quality, sudden failures of nodes Observation:
PDR is a relative good statistic, we can build some strategies upon
PDR to achieve enhanced jammer detection.
Normal scenarios:
high signal strength => a high PDRLow signal strength => a low PDR
Low PDR:
Hardware failure or poor link quality, low signal strength
Jamming attack, high signal strength
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
28/34
Signal strength consistency check
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
29/34
Signal strength consistency check Build a (PDR,SS) look-up table empirically
Measure (PDR, SS) during a guaranteed time of non-interfered network.
Divide the data into PDR bins, calculate the mean and variance for the data
within each bin.
Get the upper bound for the maximum SS that world have produced a particular
PDR value during a normal case.
Partition the (PDR, SS) plane into a jammed-region and a non jammed region.
Experiment setup:
The sender power: - 5dBm
Data rate: 20packets/sec
Packets are 33 bytes
Average PDR over 200 packets
SS were sampled every 1msec for 200msec
PDR bins: (0,40) (40,90)(90, 100)
PDR threshold 65%
99% confidence bar
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
30/34
Location consistency check Goal:-Detect presence of radio interference attack
Uses GPS or other localization techniques
Idea:-
Check the jamming status using PDR
ofneighbors
Keeps the records of PDR and location of
neighboring nodes
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
31/34
Location consistency check
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
32/34
ConclusionDue to the shared nature of the wireless medium, it
is an easy feat for adversaries to perform a jamming-
style denial of service against wireless networks.
We presented four different jammer attack models.
We have studies the effectiveness of them by
constructing prototypes using the MICA2 Mote
platform and measured the PSR and PDR.
We showed that a single measurement statistic is not
enough to definitively conclude the presence of a
jammer.
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
33/34
ContdWe introduced the notion of consistency checking,
where the PDR is used to classify a poor link quality,and then a consistency check is performed todetermine whether the poor link quality is due tojamming.
We presented two enhanced detection algorithms:
1)Employing signal strength as a consistency
check
2)Employing location information as a
consistency check
-
8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks
34/34
Thank You