the feasibility of launching and detecting jamming attacks

8/14/2019 The Feasibility of Launching and Detecting Jamming Attacks

1/34

The Feasibility of Launching and

Detecting Jamming Attacks in

Wireless Networks

Wenyuan Xu, Wade Trappe, Yanyong Zhang, TimothyWood,

WINLAB, Rutgers University

Presented by

Neel Saraiya

10304581


2/34

Contents

Introduction

Jamming characteristics and Metrics

Jamming attack models

Statistics for detecting the jamming attacks Jamming detection with consistency check

Conclusion


3/34

Introduction

Wireless networks:-

Low cost Availability and Popularity

Varieties of application

Threats:- Stealing information, corrupting data

Objective:- Providing security and trustworthiness

Attacks:- Radio interference


4/34

Jammers What?

An entity who is purposefully trying to interfere withthe physical transmission and reception of wireless

communications.

How? (2 styles) MAC-layer DoS

Bypass the MAC protocol, repeatedly send out packets

Introduces packet collision

PHY-layer DoS

Jam transmission channel by emitting energy in the

frequency band corresponding to the channel


5/34

Jammers Hardware

Cell phone jammer unit:

intended for blocking all mobile phone typeswithin designated indoor areas

'plug and play' unit

Waveform Generator

Tune frequency to what ever you want

MAC-layer Jammer (our focus) Mica2 Motes (UC Berkeley)

8-bit CPU at 4MHz,

128KB flash, 4KBRAM

916.7MHz radio

OS:TinyOS Disable the CSMA

Keep sending out the preamble


6/34

Communication w/oJammer Communication interrupted by

Jammer

Jamming characteristics and Metrics


7/34

Contd Goal of jammer:

Interfere with legitimate wireless communications

Prevent a sender from sending out packets

Prevent a receiver from receiving a legitimate packets

Packet Send Ratio (PSR)

The ratio of packets that are successfully sent out by a

legitimate traffic source compared to the number of

packets it intends to send out at the MAC layer

Packet Delivery Ratio (PDR)

The ratio of packets that are successfully deliveredto a

destination compared to the number of packets that havebeen sent out by the sender


8/34

Jamming attack models

Constant jammer

Deceptive Jammer

Random jammer

Reactive jammer


9/34

Constant jammerBasically it uses

Waveform generatorNormal wireless devices

Keeps the channel busy by sending randombits.

Prevents legitimate traffic source


10/34

Deceptive Jammer

Constantly injects regular packets to the

channel without any gap between subsequentpacket transmissions

A normal communicator will be deceived into

the receive state


11/34

Random jammer

Use two different modes

Jamming mode for tj time

Sleeping mode for ts time

tj and ts are fixed or random value

Why use two different modes?


12/34

Reactive jammer

Use the reactive strategy

Less effective

No energy conservation

Harder to detect


13/34

Consider example

Involving three parties:

Normal nodes: Sender A receiver B

Jammer X

Parameters Distance

Let dXB = dXA Fix dAB at 30 inches

Power PA = PB = P X = -4dBm

MAC Fix MAC threshold Adaptive MAC threshold


14/34

Contd


15/34

Experiment result


16/34

Experiment Observation

Constant jammer: A constant jammer can completely block A from sending out

packets, if it is close enough to A.

When A use BMAC, although A can send out some packets, most of

them are corrupted by the jammer. Thus, PDR is low.

Deceptive jammer:

A deceptive jammer continuously sends out packets, both A and B

are forced to receive packets no matter which MAC protocol there

use.

Random jammer

The longer a random jammer sleeps, the less impact it has on the

normal traffic.

The PSR measured in BMAC and 1.1.1MAC scenarios dont differ

much, because the on state of random jammer is not long enough

for the threshold to increase. Reactive jammer

The sender is able to reliably send out its packet in all cases,

however, most of the packets are corrupted with the presence of a

jammer nearby.

Even for short packets, the reactive jammer can effectively disrupt

network communication.


17/34

Need a secure and dependable network

Need to differentiate between different

scenario

For ex:- exceeds network capacity

Statistics for detecting jamming

attacks


18/34

Statistics for detecting jamming

attacks contd

There are three methods.

Signal strength

Carrier sensing time

Packet delivery ratio


19/34

Signal strength Idea:

The signal strength distribution may be affectedby the presence of a jammer

Assume:

Network devices can gather enough noise level

measurements during a time period prior to jammingand build a statistical model describing normal energylevels in the network.

Two strategies:

Basic average and energy detection

Signal strength spectral discrimination


20/34

Basic average and energy

detection Uses either the average signal value or the

total signal energy over a window ofN signal

strength measurements.

when the jammer emits a constant amplitudesignal the detection statistic is

when the jammer emits a powerful noise-likesignal the detection statistic is


21/34

Basic average and energy detection

ExperimentConsider Six experimentsFor first two experiments

consider

Sender Receiver

A B

Exp 1

Packets = 20Rate=5.28kbps

Exp 2

Packets= Max trafficRate= 6.46kbps

For next four exp.consider

Sender Receiver JammerA B X


22/34

Spectral discrimination experiment

Figure 3: Plot of the first two higher order crossings, D1 vs. D2, fordifferent jammer

andcommunication scenarios.


23/34

Carrier Sensing Time


24/34

Contd


25/34

Packet Delivery Ratio


26/34

Packet Delivery RatioThe PDRs are low in thepresence of jammers

PDR is effective indiscriminating jammingfrom congested networkscenario.

Low PDR can be caused bynetwork dynamics:

Sender Battery failure Sender moving out of the

communication range PDR cannot differentiatejamming attacks fromother scenarios such as poor

link quality.


27/34

Jamming detection with consistency

check Two methods:-

1. Signal strength consistency check

2. Location consistency check

Signal strength consistency check

Goal to discriminate jamming attacks from,

normal congested scenarios

other cases caused by poor link quality, sudden failures of nodes Observation:

PDR is a relative good statistic, we can build some strategies upon

PDR to achieve enhanced jammer detection.

Normal scenarios:

high signal strength => a high PDRLow signal strength => a low PDR

Low PDR:

Hardware failure or poor link quality, low signal strength

Jamming attack, high signal strength


28/34

Signal strength consistency check


29/34

Signal strength consistency check Build a (PDR,SS) look-up table empirically

Measure (PDR, SS) during a guaranteed time of non-interfered network.

Divide the data into PDR bins, calculate the mean and variance for the data

within each bin.

Get the upper bound for the maximum SS that world have produced a particular

PDR value during a normal case.

Partition the (PDR, SS) plane into a jammed-region and a non jammed region.

Experiment setup:

The sender power: - 5dBm

Data rate: 20packets/sec

Packets are 33 bytes

Average PDR over 200 packets

SS were sampled every 1msec for 200msec

PDR bins: (0,40) (40,90)(90, 100)

PDR threshold 65%

99% confidence bar


30/34

Location consistency check Goal:-Detect presence of radio interference attack

Uses GPS or other localization techniques

Idea:-

Check the jamming status using PDR

ofneighbors

Keeps the records of PDR and location of

neighboring nodes


31/34

Location consistency check


32/34

ConclusionDue to the shared nature of the wireless medium, it

is an easy feat for adversaries to perform a jamming-

style denial of service against wireless networks.

We presented four different jammer attack models.

We have studies the effectiveness of them by

constructing prototypes using the MICA2 Mote

platform and measured the PSR and PDR.

We showed that a single measurement statistic is not

enough to definitively conclude the presence of a

jammer.


33/34

ContdWe introduced the notion of consistency checking,

where the PDR is used to classify a poor link quality,and then a consistency check is performed todetermine whether the poor link quality is due tojamming.

We presented two enhanced detection algorithms:

1)Employing signal strength as a consistency

check

2)Employing location information as a

consistency check


34/34

Thank You

the feasibility of launching and detecting jamming attacks

Documents