optimal jamming attacks and network defense policies in wireless sensor networks mingyan li,...
TRANSCRIPT
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks
Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran
(InfoComm ’07)
Presented by Choi, Chang-Beom
Introductions (1/2)
•Characteristic of jamming attacks (DoS)▫No special hardware is needed in order to
be launched
▫It can be implemented by simply listening to the open medium and broadcasting in the same frequency band as the network
▫If launched wisely, it can lead to significant benefits with small incurred cost for the attacker
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 2/$
Introductions (2/2)
•Vulnerabilities of Sensor Network▫Sensor networks rely on deployed miniature
energy constrained devices to perform a certain task without a central powerful monitoring point
•Controllable Jamming Attacks▫Easy to launch and difficult to detect and
confront▫Jammer controls probability of jamming and
transmission range in order to cause maximal damage to the network
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 3/$
Modeling Assumptions(1/4)
•Sensor network model▫Each node cannot transmit and receive
simultaneously▫There are always packets in each node’s
buffer in each slot▫Sensor nodes are uniformly distributed in a
region with spatial density ρ nodes per unit area
▫Sensor network topology is static
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 4/$
Modeling Assumptions(2/4)• Multiple access protocols are characterized by
a common channel access probability γ for all nodes in a slot▫Probability that a packet is transmitted to j is γ/ni
• Case of collision▫Receiver node j experiences collision if at least
two nodes in its neighborhood transmit packet simultaneously
▫Probability of collision 1 – Pr{only one or no neighbor transmits}
=
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 5/$
Modeling Assumptions(3/4)
•Attacker model▫The objective of the jammer is to corrupt
transmissions of legitimate nodes by causing packet collisions at receivers
▫Jammer controls the probability q of jamming the area within its transmission range in a slot to control the aggressiveness of the attack
▫Probability of collision
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 6/$
Modeling Assumptions(4/4)• Attack detection model
▫The monitoring mechanism Determination of a subset of nodes that will act as
network monitors Employment of a detection algorithm at each
monitor node▫Detection
During normal network operation, and in the absence of a jammer, it give a large enough training period (percentage of collisions)
Fix attention to a time window and check whether the percentage of collisions over this time window exceeds the learned long-term average or not
Wald’s Sequential Probability Ratio Test(SPRT) A. Wald, Sequential Analysis, Wiley 1947
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 7/$
Attacker Payoff(1/5)• Instantaneous Payoff of the attacker UmI
▫ It depends on jamming probability q and network access probability γ
▫Transmitters are uniformly distributed with density ργ
▫Total number of transmitters in the jammed area A is Poisson distributed with spatial density λ = ργ which is Aργ
▫The number of potential receivers is Aρ(1-γ)▫The probability of success of an attempted
transmission is
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 8/$
Attacker Payoff(2/5)• Instantaneous Payoff of the attacker UmI
▫ The number of successful transmission links Y follows the binomial distribution
▫ Payoff for the jammer
▫ Instantaneous pay off for the attacker that jams with probability q
▫ The instantaneous payoff for the network in the absence of jammer
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 9/$
Attacker Payoff(3/5)• Cumulative Payoff
▫The number of jammed links until the jammer is detected and the notification message is transferred out of the jammed area
▫The probability of successful channel access for a node on the route of the notification message in the presence of jamming
▫Average waiting time for node before successful transmission
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 10/$
Attacker Payoff(4/5) Cumulative Payoff
• Let average number of hops needed to deliver the alarm out of area be H▫The Average time needed for the alarm to
propagate out of the jamming area is
where is the average number of neighbors of a node along the path
• The total time until the jamming activity stops is
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 11/$
Where D(q,r) is detection time
Attacker Payoff(5/5) Cumulative Payoff
• Cumulative payoff
• Cumulative payoff for the network
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 12/$
•Constant Jamming Power and one monitor node▫The objective function is the total delay▫An adversary tries to maximize total delay
by controlling q▫The network tries to minimize total delay by
selecting γ
Problem Formulation
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 13/$
Attacker Problem Network Problem
Problem Formulation• Constant Jamming Power and one monitor node
▫With perfect knowledge Solution is determined by the energy and payoff
constraints
▫Without perfect knowledge Approximate the solution of the max-min(min-max)
problem
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 14/$
Attacker Problem Network Problem
Numerical Result For Lack of Knowledge Case
• Sensor node transmission range R = 20m
• Node density ρ =0.0025
• Energy constraint E/P = 500
• Payoff threshold U0 = 500 transmission
• Attacker transmission range Rm = 200m
• Energy constraint Em/Pm = 1000
• Target payoff U0m =
500• pFA = 0.02, pD =
0.98Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 15/$
Problem Formulation• Constant Jamming Power and several monitor
nodes▫Nodes can be classified in different classes C1,
… Ck such that nodes in class Cn have n neighbors
▫Assign the role of monitor to nodes of a class with n* neighbors to minimize detection time
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 16/$
Detection delay balancing problem
Since detection time is decreasing in q regardless of number of neighbors, the smallest feasible q imposed by the energy constraint is the solution for the attacker
Problem Formulation• Controllable Jamming Power and several
monitor nodes▫ Jammer can choose transmission power level with
probability qj such that ▫With probability q0 = 1 – q the jammer remains
silent▫Different jamming power levels lead to different
jamming area▫Monitor nodes located in outer zones
Perceive lower jamming probability, pass notification message faster
▫Monitor nodes located in inner zones Detect faster, delay in passing the message out of
the jamming areaOptimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 17/$
Problem Formulation
•Controllable Jamming Power and several monitor nodes▫Detection plus notification time for inner
zone
▫Detection plus notification time for outer zone
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 18/$
From numerical solutions for different , Optimal solution without knowledge of monitor neighborhood is to jam the inner region
The theoretical proof or disproof of this observation is deferred for future study
Conclusion• Controllable jamming attacks
▫ Easy to launch ▫ Difficult to detect and confront
▫ Comparisons between Perfect knowledge of the attacker and network strategy Lack of knowledge of the attacker and network strategy
• Further research▫ Consider about multi-channel networks▫ Find alternatives for modeling lack of knowledge for the
attacker and the network▫ Considering multiple potentially co operating attackers
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks 19/$