1 / 16

The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks

The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks. Wenyuan Xu, Wade Trappe, Yanyong Zhang and Timothy Wood MobiHoc 2005. DK presents Division of Computer Science, KAIST. Jamming Attack. Jammer? An entity who is purposefully trying to interfere with the

quito
Download Presentation

The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks Wenyuan Xu, Wade Trappe, Yanyong Zhang and Timothy Wood MobiHoc 2005 DK presents Division of Computer Science, KAIST CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  2. Jamming Attack • Jammer? An entity who is purposefully trying to interfere with the physical transmission and reception of wireless communications. How are you? (/-_-)/ ~!@#$#$% I am fine, thank you. Alice Bob Jammer X continuously emit a signal on the channel. Jammer prevents a real traffic source from sending out a packet, And prevents the reception of legitimate packets. CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  3. Outline • Motivation: MAC-layer weaknesses in 802.11 [2] Australian CERT, AA-2004.02 - “Denial of service vulnerability in IEEE 802.11 devices.” • Is it feasible? Jamming metrics: (1) packet send, (2) delivery ratio Jamming attack models • Detecting jamming attacks Basic statistics Jamming detection with consistency checks • Concluding remarks CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  4. Jamming Metrics • PSR, packet send ratio • PDR, packet delivery ratio m only m of them go through = = Intends to send out n messages n Never senses the channel as idle drop ~ buffer full drop ~ timeout MAC buffer 0, if no packets are received. = Number of packets pass the CRC check Number of packets received CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  5. Jamming Attack Models • Constant jammer Continually sends out random bits without following any MAC etiquette. • Deceptive jammer Send a continuous stream of preamble bits (0xAA in Tiny OS.) • Random jammer After jamming for tj time, enters a “sleeping” mode for ts time. • Reactive jammer Stays quiet, starts jamming as soon as it senses activity on the channel. Alice Jammer Berkeley MICA2 Mote platform Bob CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  6. PSR and PDR Results • PSR and PDR Results (%) for different jammer models. Constant Jammer Deceptive Jammer Reactive Jammer CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  7. PSR and PDR Results ∴ Jamming is effective So then, how to detect? CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  8. Basic Statistics for Detecting Jam (1) Received signal strength CBR 5.28kbps Normal scenario MaxTraffic 6.46kbps Constant Jammer dBm Deceptive Jammer Jammer Reactive Jammer Random Jammer CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  9. Basic Statistics for Detecting Jam (2) Signal strength spectral discrimination [15] Time Series Analysis by High order crossings (HOC) Cosntant and Deceptive Jammer Normal, Reactive, and Random Jammer D2 D2 Normal scenario D1 D1 CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  10. Basic Statistics for Detecting Jam (3) Carrier sensing time Keep track of time it spends waiting for the channel to become idle. Cumulative Distribution of Carrier Sensing Time MaxTraffic Constant and Deceptive Jammer MaxTraffic Reactive and Random Jammer Sensing Time (ms) Sensing Time (ms) CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  11. Basic Statistics for Detecting Jam (4) Packet delivery ratio (PDR) • PDR can be used to differentiate jamming from congestion: Under network congestion, PDR is still around 78%. • PDR is not effective for other network dynamics: sender battery failure, or sender moving out of the receiver’s communication range. 0, if no packets are received. = Number of packets pass the CRC check Number of packets received CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  12. Basic Statistics for Detecting Jam ∴ Statistics built upon individual measurements may lead to false conclusions. CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  13. PDR with Consistency Check – (1) • PDR with “signal strength consistency” check Jammed region (PDR, SS) above the 99% SS confidence intervals. SS (dBm) Conduct a simple regression to build a relationship (PDR, SS) PDR % CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  14. PDR with Consistency Check – (2) • PDR with location consistency check • Requires the support of GPS [7] or other localization techniques. [3, 19] • Let every node periodically advertise its current location, and keep track of both the PDR and the location of neighbors. Jammed region (PDR, d) neighbor is in short distance, but corresponding PDR is low. Distance (inch) PDR % CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  15. Concluding Remarks • Shared nature of wireless medium allows non-cryptographic security threats likes “radio interference attacks” • Shows effectiveness of four jamming strategies using PSR and PDR • Detecting the presence of jamming attacks PDR and Signal strength consistency checks and Location consistency checks. CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

  16. Thank You! • Any question? • For more discussion: DK, Rm4423, dklee@an.kaist.ac.kr CS710 (Fall, 2006) -- DK (dklee@an.kaist.ac.kr)

More Related