730 likes | 838 Views
Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh Agrawal. Advisor: Professor Frank Y.S. Lin Present by J.W. Wang. About this paper. Authors:
E N D
Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh Agrawal Advisor: Professor Frank Y.S. Lin Present by J.W. Wang
NTU OPLab About this paper • Authors: Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh Agrawal • Title: Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks, • Provenance: Computers & Electrical Engineering, Volume 36, Issue 2, March 2010, Pages 367-382,
NTU OPLab Agenda • Introduction • Existing techniques • Proposed solution • Simulation • Conclusions • Comments
NTU OPLab Introduction • New medium, new attack • Jamming • Blocking of a communication channel • A subclass of the Denial-of-Service(DoS) attacks • One of the most feared forms of attacks in wireless networks
NTU OPLab Introduction(cont’) • Research topic: • Mitigation • Prevention • Categories of wireless network: • Wireless infrastructure-based networks(i.e., WLANs and cellular networks) • Infrastructure-less networks(i.e., ad hoc networks).
NTU OPLab Wireless infrastructure-based networks • Components: • Base-stations(or access points) • Mobile nodes • This work is restricted to jamming attacks in wireless infrastructure-based networks.
NTU OPLab Objective of this work • Propose an efficient algorithm to mitigate jamming attacks in wireless infrastructure-based networks. • Provide an efficient solution that can be easily incorporated in the existing network architecture • Achieve better robustness than the widely used Channel Surfing Algorithm by using honeynodes along with dynamic channel prediction in wireless infrastructure networks
NTU OPLab Jamming-based DoS attacks • Prevent networked nodes from communicating. • Carry out with a “jammer” • Classifications of jamming attacks: • Physical layer jamming • By ignoring MAC layer rules
NTU OPLab Jamming methods • Constant: Continuously sends random bits of data onto a channel. • Deceptive: Sends out valid packets at a very fast rate to the nearby nodes. Authentic nodes are thus deceived into believing that the jammer is also a legitimate node. • Random: This kind of jammer alternates between sleeping and jamming the channel of operation. • Reactive: This kind of jammer attacks only when it hears communication over the channel it is currently scanning.
NTU OPLab Jamming methods(cont’)
NTU OPLab Parameters in attack detection • Signal-to-Noise Ratio (SNR): • SNR refers to the ratio of signal power to the power of noise present in the received signal. • Packet Delivery Ratio (PDR): • The ratio of number of packets that were successfully delivered to their respective destination to the total number of packets sent out by the node. • Carrier Sense Time
NTU OPLab Parameters in attack detection(cont’)
NTU OPLab Parameters in attack detection(cont’)
NTU OPLab Steps of tackling jamming attacks • Attack detection: • The Physical-layer. • The MAC-layer • Attack mitigation: • Overcome the effects of the attack. • Attack prevention(seldom included): • Prevent the occurrence of an attack on the network.
NTU OPLab Existing techniques • Channel Surfing • Spatial Retreats • Using Wormholes • Jammed region mapping • Spread Spectrum Techniques
NTU OPLab Channel Surfing • A spectral evasion mechanism: • Move to a different channel of operation. • On detection of an attack, the nodes: • Change the channel of operation based on a pre-defined pseudorandom sequence. • An access point frequently sends beacons to all its associated nodes to check if they are still with it or not.
NTU OPLab Channel Surfing(cont’)
NTU OPLab Spatial Retreats • Based on spatial evasion: • AP are immobile components • Move from the region of their current AP which is currently being jammed to the region of an emergency AP. • While moving away: • The nodes tries to connect to its jammed AP.
NTU OPLab Using Wormholes • Two or more attackers act as a single attacker through a coordinated attack mechanism. • With the help of a special communication link(worm hole). • A similar mechanism, when there are some nodes are jammed in a network, they: • Communicates through an un-jammed medium • Afterward, an attack mitigation followed.
NTU OPLab Jammed region mapping • Mapping out the jammed region with a protocol. • Based on the responses received by the nodes which lie on the boundary of the jammed region. • Mitigate the impact of a jammer by identifying and isolatingthe jammed region, and then trying to determine alternate routing paths for the data packets.
NTU OPLab Spread Spectrum Techniques • Traditional techniques: • Push maximum traffic into the minimum amount of bandwidth • Spread Spectrum: • Spreads the signal over a range of bandwidth in the widest possible manner. • Makes the communication very hard to be detected and jammed.
NTU OPLab Limitations of the existing techniques • Attack detection. • Most of the jamming attacks detected are false alarms • Some of the solutions allows a portion of the network to become inoperable. • These are not very popular, • as they affect the connectivity of the jammed nodes
NTU OPLab Limitations of the existing techniques(cont’) • Spatial Retreats • Involves physically moving • Restricts the mobility of the nodes. • Wormholes • Requires an additional secure channel between all node pairs • Spread spectrum • Extra costs for small quantity of information • High complexity
NTU OPLab Limitations of the existing techniques(cont’) • A missing aspect: • No prevention mechanisms.
NTU OPLab Proposed solution • Providing a mechanism for attack prevention • Can be easily integrated into the existing network architecture
NTU OPLab Network Architecture • Involve following components: • Base-station • Mobile nodes • Honeynodes • Honeynode is the only new component added to the existing infrastructure.
NTU OPLab Honeynodes Jammer scans the channel • Secondary interfaces on base-stations • Guard the frequency of operation by: • Send out fake signals on a nearby frequency • Prevent the attacks by deceiving the attacking entity to attack the honeynode. 2400 MHz Honeynode 2405MHz Base Station
NTU OPLab Algorithm for proposed mechanism • If the mobile nodes or base-stations detects an attack, it: • changes its frequency of operation based on a pseudorandom sequence. • If the honeynode detects an attack, it: • Continues to send signals on that channel • Informs the base-station of the impending attack • Then the base-station issues a frequency change command to all its associated nodes. • Later on, the honeynode switches its frequency of operation to the new guard frequency.
NTU OPLab Algorithm for proposed mechanism(cont’)
NTU OPLab Algorithm for proposed mechanism(cont’)
NTU OPLab Contributions Jammer 1 • Introduced honeynodes into the network architecture • Eliminates the possibility of base station jamming • Base station jamming can occur only when: • base stations move from one frequency of operation to another. 2400 MHz Honeynode Run 2405MHz Base Station Hop Jammer 2 Jamming 2430 MHz Base Station
NTU OPLab Contributions(cont’) • Secondly, they have used a hybrid proactive and reactive frequency selection algorithm for frequency selection. • Proactive mechanisms: • Based on a pre-defined pseudorandom sequence • Reactive mechanisms: • Determine the next frequency of operation dynamically • While proactive mechanisms are fast, reactive mechanisms give better performance.
NTU OPLab Contributions(cont’) • A major constraint on a reactive mechanism: • requires an un-jammed communication link between all participating nodes • We employ a hybrid technique which follows the • proactive approach when mobile nodes or base stations are jammed • reactive mechanism in case the honeynode detects an attack.
NTU OPLab Attacker’s behavior
NTU OPLab Hybrid frequency selection algorithm • When normal nodes, i.e., mobile nodes and base-stations, detect an attack, • They use a pre-defined pseudorandom sequence for the selection of the next frequency. • This sequence is known to every ‘‘legal” node that is present on the network. • A reactive approach cannot be used in such a case because the regular communication channel would be under attack.
NTU OPLab Hybrid frequency selection algorithm(cont’) • When a honeynode detects an attack, • it alerts the base-station it is attached to about the imminent attack. • The base station • Maintains a ‘‘blacklist” of all frequencies recently jammed. • On receiving an alert from the honeynode, it selects a frequency that is farthest away from any blacklisted frequency amongst the list of available frequencies.
NTU OPLab Hybrid frequency selection algorithm(cont’) • When an attack is detected on a frequency • It is added to the ‘‘blacklist” of jammed frequencies • For time equal to risk_time.
NTU OPLab Hybrid frequency selection algorithm(cont’)
NTU OPLab Hybrid frequency selection algorithm(cont’)
NTU OPLab Hybrid frequency selection algorithm(cont’)
NTU OPLab Attack scenarios and respective defence strategies • Scenario 1: Only communicating mobile nodes are jammed. • Scenario 2: Mobile nodes and base-station are jammed. • Scenario 3: Honeynode is jammed.
NTU OPLab Only communicating mobile nodes are jammed
NTU OPLab Both mobile nodes and base-station are jammed
NTU OPLab Honeynode is jammed
NTU OPLab Simulation • In order to determine how effective our proposed algorithm is, this work simulated the proposed algorithm along with the Channel Surfing Algorithm, to compare their respective performance under similar conditions.
NTU OPLab Simulation topology • Four BSs • Each BS having seven associated nodes. • The BSs connected to each other through a wired distribution system. • During the simulations, communications had been set up randomly between various nodes. • Introduce jammers into the scene and measure the performance metrics for various attack intensities.