Upload
tamar
View
32
Download
3
Embed Size (px)
DESCRIPTION
Resilience To Jamming Attacks. Rabat Anam Mahmood Department of Electrical Engineering & Computer Science [email protected]. 14 August 2008. 1. Jamming Attacks Outline. Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks - PowerPoint PPT Presentation
Citation preview
1
© Rabat Anam MahmoodITTC
Resilience To Jamming Attacks
Rabat Anam Mahmood
Department of Electrical Engineering & Computer Science
1Jamming Attacks14 August 2008
2
© Rabat Anam MahmoodITTC
2
Jamming Attacks Outline
• Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local Area Networks
• References
Jamming Attacks14 August 2008
3
© Rabat Anam MahmoodITTC
3
• Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local Area Networks
• References
Jamming Attacks Outline
Jamming Attacks14 August 2008
4
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Definitions and Characteristics
– A jammer is an entity who is purposefully trying to interfere with the physical transmission and reception of wireless communications
– A jammer continuously emits RF signals to fill a wireless channel so that legitimate traffic will be completely blocked
– Common characteristics for all jamming attacks is that their communications are not compliant with MAC protocols
Jamming Attacks14 August 2008
5
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Packet Send Ratio– The ratio of packets that are successfully sent out by
a legitimate traffic source compared to the number of packets it intends to send out at the MAC layer
• Reason– Channel busy– Transmission delayed– New packets dropped when buffer space is full– Packets that are too long in the buffer, timeout– N packets to send; M sent successfully– PSR = M/N
Jamming Attacks14 August 2008
6
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Packet Delivery Ratio– The ratio of packets that are successfully delivered
to a destination compared to the number of packets that have been sent out by the sender
• Reason– Destination may not be able to decode a received
packet due to interference
Jamming Attacks14 August 2008
7
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Jamming Attack Models
– Constant Jammer– Deceptive Jammer– Random Jammer– Reactive Jammer
Jamming Attacks14 August 2008
8
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
Jamming Attacks14 August 2008
9
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Constant Jammer
– Continuously emits a radio signal– Sends out random bits to the channel– Does not follow any MAC layer etiquette– Does not wait for the channel to become idle
Jamming Attacks14 August 2008
10
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Deceptive Jammer
– Constantly injects regular packets to the channel– Normal nodes will be deceived by the packets– Normal nodes just check the preamble and remain
silent– Jammer can only send out preambles
Jamming Attacks14 August 2008
11
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Random Jammer– Alternates between sleeping and jamming
– After jamming for tj units of time, it turns off its radio and enters sleeping mode
– After sleeping for ts units of time, it wakes up and resumes jamming (constant or deceptive)
– tj and ts may be random or fixed intervals-energy conservation
Jamming Attacks14 August 2008
12
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Reactive Jammer
– Jammer stays quiet when the channel is idle– Jammer starts transmitting a radio signal as soon as
it senses activity on the channel– Does not conserve energy because the jammer’s
radio must be continuously on in order to sense the channel
– However, it is harder to detect
Jamming Attacks14 August 2008
13
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Level of Interference
– Distance between jammer and nodes– Relative transmission power of the jammer and
nodes– MAC protocol employed by the nodes
14 August 2008 Jamming Attacks
14
© Rabat Anam MahmoodITTC
Jamming Attacks Wireless Networks
• Detecting Jamming Attacks
– Signal Strength– Carrier Sensing Time– Packet Delivery Ratio
14Jamming Attacks14 August 2008
15
© Rabat Anam MahmoodITTC
15
• Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local Area Networks
• References
Jamming Attacks Outline
Jamming Attacks14 August 2008
16
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Coexistence– Ability of one system to perform a task in a given
shared environment where other systems may or may not be using the same set of rules.
• Solution– Multiple radio channels for the coexistence of
802.15.4 LR WPAN and 802.11b WLAN
16Jamming Attacks14 August 2008
17
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• 802.11b has a radio transmission range of 100m
• 802.15.4 has a radio transmission range of 10m
• Large area and long distance interference for 802.15.4 by 802.11b
• Performance degradation of 802.15.4 by 92% (a study shows)
17Jamming Attacks14 August 2008
18
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
18Jamming Attacks14 August 2008
19
© Rabat Anam MahmoodITTC
19
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• IEEE 802.11b has 11 channels– Each channel has a frequency range of 22 MHz
• IEEE 802.15.4 has 16 channels– Each channel is 5 MHz apart– Each channel has a frequency range of 3 MHz
• Frequencies of each 802.11 channel overlaps with frequency ranges for four different 802.15.4 channels
• Channels 25 & 26 can be used where frequent interference of 802.11b is expected
Jamming Attacks14 August 2008
20
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
20Jamming Attacks14 August 2008
21
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Packet entering interference, at A• Radio channel switched• Switching table used• Packet leaving interference, at B• Radio channel switched again
• Advantage– Small overhead for switching channels– Same routing path used
14 August 2008 Jamming Attacks
22
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
22
• Interference Detection
– Clear channel assessment or energy detection provided as RSSI (Received Signal Strength Indicator) services in 802.15.4.
– RSSI services called periodically or on demand when a sudden degradation of user throughput below a threshold is detected
– If RSSI confirms that the energy level on a current channel is above the threshold, channel interference is recognized
Jamming Attacks14 August 2008
23
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Group Formation
– Nodes broadcast Group Formation messages to the immediate neighbors
– Due to interference nodes may or may not receive GF message
– Nodes change the current radio channel– Border nodes provide channel conversion for the
group.
23Jamming Attacks14 August 2008
24
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Tear Down
– Nodes in a group periodically check if the previous channel is clear of interference.
– If so, a tear down message is sent to all the nodes in a group and the group is torn down.
24Jamming Attacks14 August 2008
25
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
Jamming Attacks14 August 2008
26
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Interference size represents the number of nodes in interference
• Success rate is percentage value relative to without interference
Jamming Attacks14 August 2008
27
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
Jamming Attacks14 August 2008
28
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• The percentage value is the delay increase relative to the delay without interference
• Since packets are routed through the interference area, the delay is not increased much
Jamming Attacks14 August 2008
29
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
Jamming Attacks14 August 2008
30
© Rabat Anam MahmoodITTC
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Comparison between packet delays of AODV and AODV plus (adaptive scheme)
• Due to adaptive scheme, lower packet delay is attained
Jamming Attacks14 August 2008
31
© Rabat Anam MahmoodITTC
31
Radio Channel Allocation Coexistence of 802.15.4 and 802.11b
• Conclusion
– Performance degradation by interference is mainly caused from changing routing path.
– The overhead for switching radio channels is very small
– Hence, by employing the adaptive scheme, routing does not need to find a new path when it hits into an interference area.
Jamming Attacks14 August 2008
32
© Rabat Anam MahmoodITTC
32
• Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local Area Networks
• References
Jamming Attacks Outline
Jamming Attacks14 August 2008
33
© Rabat Anam MahmoodITTC
33
Defend Against Jamming Attacks Wireless Local Area Networks
• Wireless Jamming Attacks– RTS Jamming– CTS Jamming
• Solution– Cumulative-Sum-based (CUSUM) Detection Method
Jamming Attacks14 August 2008
34
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
• RTS Jamming
– Jammer occupies channel by continuously sending RTS frames with large NAV to AP
– AP replies with CTS which can be heard by nearby nodes
– Neighbor nodes will keep silent for a period of time indicated by NAV
– Neighbor nodes can hardly occupy the channel
34Jamming Attacks14 August 2008
35
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
Jamming Attacks14 August 2008
36
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
• CTS Jamming
– Jammer sends CTS frames with spoofed ID which is as same as AP
– AP unaware of this behavior • Jammer uses directional antenna• Jammer remains far away from the AP
– Neighbor nodes assume AP is busy (hidden node problem) and will remain silent
– Neighbor nodes never get a chance to occupy the channel
36Jamming Attacks14 August 2008
37
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
37Jamming Attacks14 August 2008
38
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
• Defending against RTS/CTS attacks
– Two separate data windows for RTS & CTS– Size of the window is fixed– Source ID information of the frame is recorded– Source ID of the CTS frame is checked in the CTS
window– Source ID also checked in the RTS window– Different score given to each frame using a function– Smallest index gains the highest score
38Jamming Attacks14 August 2008
39
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
• CUSUM Method
– Sequential Detection Change Point methodMean value of some variable under surveillance will change from negative to positive whenever a change occurs.
39Jamming Attacks14 August 2008
40
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
• Channel is nearly fairly shared among nodes• Source ID distribution of CTS / RTS frames is
uniform• If a node constantly occupies the channel,
uniform distribution will change• CUSUM is applied to detect changes in CTS
window• When a change point is detected,
corresponding CTS frames are suspicious
40Jamming Attacks14 August 2008
41
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
Jamming Attacks14 August 2008
42
© Rabat Anam MahmoodITTC
Defend Against Jamming Attacks Wireless Local Area Networks
• Conclusion– CUSUM can accurately detect RTS/CTS jamming
attacks with little computation and storage cost– Although these attacks cannot totally prevent other
nodes from communication, they can seriously degrade the network throughput
– These attacks have lower traffic rates than normal jamming attack and are more difficult to detect
42Jamming Attacks14 August 2008
43
© Rabat Anam MahmoodITTC
43
• Feasibility of Launching & Detecting Jamming Attacks in Wireless Networks
• Adaptive Radio Channel Allocation for Supporting Coexistence of 802.15.4 & 802.11b
• Defending Against Jamming Attacks in Wireless Local Area Networks
• References
Jamming Attacks Outline
Jamming Attacks14 August 2008
44
© Rabat Anam MahmoodITTC
Jamming Attacks References
• http://www.winlab.rutgers.edu/~trappe/Papers/JamDetect_Mobihoc.pdf
• http://ieeexplore.ieee.org/iel5/10422/33099/01559004.pdf?arnumber=1559004
• http://www.springerlink.com/content/l2qp0215r1268p4t/fulltext.pdf
44Jamming Attacks14 August 2008