Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jamming Wireless Networks: Attack and Defense Strategies Wenyuan Xu, Ke Ma, Wade Trappe, Yanyong Zhang, WINLAB, Rutgers University Network/Computer Security.

Published byDarcy West Modified over 8 years ago

Similar presentations

Presentation on theme: "Jamming Wireless Networks: Attack and Defense Strategies Wenyuan Xu, Ke Ma, Wade Trappe, Yanyong Zhang, WINLAB, Rutgers University Network/Computer Security."— Presentation transcript:

1 Jamming Wireless Networks: Attack and Defense Strategies Wenyuan Xu, Ke Ma, Wade Trappe, Yanyong Zhang, WINLAB, Rutgers University Network/Computer Security Workshop May 16 th, 2006

2 2 Roadmap  Introduction and Motivation  Jammer Models –Four models –Their effectiveness  Detecting Jamming attacks –Basic statistic + Consistency check  Defenses strategy –Channel surfing –Spatial retreat  Conclusions

3 3 Jammers  Jamming style DoS Attack: –Behavior that prevents other nodes from using the channel to communicate by occupying the channel that they are communicating on  A jammer –An entity who is purposefully trying to interfere with the physical transmission and reception of wireless communications.  Is it hard to build a jammer? Mr. X No! Haha… Bob Alice Hello … Hi … @#$%$ #@&… Mr. X

4 4 Jammers – Hardware  Cell phone jammer unit: –Intended for blocking all mobile phone types within designated indoor areas –'plug and play' unit Waveform Generator Tune frequency to what ever you want MAC-layer Jammer (our focus) Mica2 Motes (UC Berkeley) 8-bit CPU at 4MHz, 128KB flash, 4KB RAM 916.7MHz radio OS: TinyOS Disable the CSMA Keep sending out the preamble

5 5 Jammers – Hardware  Cell phone jammer unit: –Intended for blocking all mobile phone types within designated indoor areas –'plug and play' unit  Waveform Generator –Tune frequency to what ever you want MAC-layer Jammer (our focus) Mica2 Motes (UC Berkeley) 8-bit CPU at 4MHz, 128KB flash, 4KB RAM 916.7MHz radio OS: TinyOS Disable the CSMA Keep sending out the preamble

6 6 Jammers – Hardware  Cell phone jammer unit: –Intended for blocking all mobile phone types within designated indoor areas –'plug and play' unit  Waveform Generator –Tune frequency to what ever you want  MAC-layer Jammer –802.11 laptop –Mica2 Motes (UC Berkeley)  8-bit CPU at 4MHz,  128KB flash, 4KB RAM  916.7MHz radio  OS: TinyOS –Disable the CSMA –Keep sending out the preamble

7 The Jammer Models and Their Effectiveness

8 8 Jammer Attack Models  Constant jammer: –Continuously emits a radio signal  Deceptive jammer: –Constantly injects regular packets to the channel without any gap between consecutive packet transmissions –A normal communicator will be deceived into the receive state &F*(SDJFFD(*MC*(^%&^*&(%*)(*)_*^&*FS……. Payload… PreambleCRC Payload

9 9 Jammer Attack Models  Random jammer: –Alternates between sleeping and jamming  Sleeping period: turn off the radio  Jamming period: either a constant jammer or deceptive jammer  Reactive jammer: –Stays quiet when the channel is idle, starts transmitting a radio signal as soon as it senses activity on the channel. –Targets the reception of a message &F*(SDJF^F&*D( D*KC*I^… … Underling normal traffic &F*(SDJ Payload ^%^*& Payload CD*(&FG Payload

10 Detecting Jamming Attacks: Basic Statistics plus Consistency Checks

11 11 Basic Statistics P.1  Idea: –Many measurement will be affected by the presence of a jammer –Network devices can gather measurements during a time period prior to jamming and build a statistical model describing basic measurement in the network  Measurement –Signal strength  Moving average  Spectral discrimination –Carrier sensing time –Packet delivery ratio  Experiment platform: –Mica2 Motes –Use RSSI ADC to measure the signal strength

12 12 Basic Statistics P.2  Can basic statistics differentiate between jamming scenario from a normal scenario including congestion?  Differentiate jamming scenario from all network dynamics, e.g. congestion, hardware failure –PDR is a relative good statistic, but cannot do hardware failure –Consistency checks --- using Signal strength  Normal scenarios: –High signal strength  a high PDR –Low signal strength  a low PDR  Low PDR: –Hardware failure or poor link quality  low signal strength –Jamming attack  high signal strength Signal strengthCarrier sensing time Packet delivery ratio AverageSpectral Discrimination Constant Jammer Deceptive Jammer Random Jammer Reactive Jammer        

13 13 Jammed Region PDR % PDR VS. SS SS(dBm) Jamming Detection with Consistency Checks Measure PDR(N) {N Є Neighbors} PDR(N) < PDRThresh ? Not Jammed Jammed! No Yes PDR(N) consistent with signal strength? Yes No Build a (PDR,SS) look-up table empirically –Measure (PDR, SS) during a guaranteed time of non-interfered network. –Divide the data into PDR bins, calculate the mean and variance for the data within each bin. –Get the upper bound for the maximum SS that world have produced a particular PDR value during a normal case. –Partition the (PDR, SS) plane into a jammed- region and a non-jammed region.

14 Defenses against Jamming Attacks: Channel Surfing and Spatial Retreat

15 15 Handling Jamming: Strategies  What can you do when your channel is occupied? –In wired network you can cut the link that causes the problem, but in wireless… –Make the building as resistant as possible to incoming radio signals? –Find the jamming source and shoot it down? –Battery drain defenses/attacks are not realistic!  Protecting networks is a constant battle between the security expert and the clever adversary.  Therefore, we take motivation from “The Art of War” by Sun Tze: –He who cannot defeat his enemy should retreat.  Retreat Strategies: –Channel Surfing –Spatial retreat

16 16 Channel Surfing  Idea: –If we are blocked at a particular channel, we can resume our communication by switching to a “safe” channel –Inspired by frequency hopping techniques, but operates at the link layer in an on-demand fashion.  Challenge –Distributed computing, scheduling –Asynchrony, latency and scalability Jammer Node working in channel 1 Node working in channel 2 channel 1 channel 2

17 17 Channel Surfing  Coordinated Channel Switching –The entire network changes its channel to a new channel  Spectral Multiplexing –Jammed node switch channel –Nodes on the boundary of a jammed region serve as relay nodes between different spectral zones Jammer Coordinated channel surfing Jammer Spectral Multiplexing Node working in channel 1 Node working in channel 2 Node working in both channel 1 & 2 channel 1 channel 2

18 18 Channel Surfing  Coordinated Channel Switching –The entire network changes its channel to a new channel  Spectral Multiplexing –Jammed node switch channel –Nodes on the boundary of a jammed region serve as relay nodes between different spectral zones Jammer Coordinated channel surfing Jammer Spectral Multiplexing Node working in channel 1 Node working in channel 2 Node working in both channel 1 & 2 channel 1 channel 2

19 19 Channel Surfing – Experiment Verification  Setup: –30 Mica2 motes (916MHz) –Indoor environment –Data rate: 1 packet/10sec –Routing: shortest path routing –Jammer: Constant jammer  Metrics: –Ability to repair network => latency required to restore connectivity –Protocol overhead => # of channel switch

20 20 Channel Surfing- results  Coordinated channel switching –Broadcast-assistant switching –Switching latency: 232.9 seconds –Maximum number of channel switches among all nodes: 3  Spectral Multiplexing –Synchronous & asynchronous spectral multiplexing –The network work can resume its connectivity within comparable amount of time

21 21 X Spatial Retreat  Targeted Networks—Nodes in the network should have –Mobility –GPS or similar localization  Idea: –Nodes that are located within the jammed area move to “safe” regions.  Escaping: –Choose a random direction to evacuate from jammed area –If no nodes are within its radio range, it moves along the boundary of the jammed area until it reconnects to the rest of the network. A E C D I G H F B

22 22 Spatial Retreat  Issues: –A mobile adversary can move through the network –The network can be partitioned –After Escape Phase we need Reconstruction phase to repair the network  Reconstruction phase—Virtual force Model –“Forces” only exist between neighboring sensors –Forces are either repulsive or attractive –Forces represent a need for sensors to move in order to improve system behavior –virtual force is calculated based on its distance to all its neighboring sensors –Direct its movement according to its force –When all sensors stop moving, the spatial coverage of the whole network is maximized Borrowed from Ke Ma

23 23 Case Study : Spatial Retreats Borrowed from Ke Ma

24 24 Conclusion  Due to the shared nature of the wireless medium, it is an easy feat for adversaries to perform a jamming-style denial of service against wireless networks  We proposed to use consistency check based on PDR to detect jammers  We have presented two different strategies to defend against the jamming style of DoS attacks –Channel-surfing: changing the transmission frequency to a range where there is no interference from the adversary –Spatial retreat: moving to a new location where there is no interference

Download ppt "Jamming Wireless Networks: Attack and Defense Strategies Wenyuan Xu, Ke Ma, Wade Trappe, Yanyong Zhang, WINLAB, Rutgers University Network/Computer Security."

Similar presentations

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.
Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.

Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.

Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
PERFORMANCE MEASUREMENTS OF WIRELESS SENSOR NETWORKS Gizem ERDOĞAN.

PERFORMANCE MEASUREMENTS OF WIRELESS SENSOR NETWORKS Gizem ERDOĞAN.
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
Investigating Mac Power Consumption in Wireless Sensor Network

Investigating Mac Power Consumption in Wireless Sensor Network
Receiver Based Forwarding for Wireless Sensor Networks Rodrigo Fonseca OASIS Retreat January 2005 Joint work with Ana Sanz Merino, Ion Stoica.

Receiver Based Forwarding for Wireless Sensor Networks Rodrigo Fonseca OASIS Retreat January 2005 Joint work with Ana Sanz Merino, Ion Stoica.
Securing Future Wireless Networks: Challenges and Strategies Pandurang Kamat Wade Trappe.

Securing Future Wireless Networks: Challenges and Strategies Pandurang Kamat Wade Trappe.
PEDS September 18, 2006 Power Efficient System for Sensor Networks1 S. Coleri, A. Puri and P. Varaiya UC Berkeley Eighth IEEE International Symposium on.

PEDS September 18, 2006 Power Efficient System for Sensor Networks1 S. Coleri, A. Puri and P. Varaiya UC Berkeley Eighth IEEE International Symposium on.
Mica: A Wireless Platform for Deeply Embedded Networks Jason Hill and David Culler Presented by Arsalan Tavakoli.

Mica: A Wireless Platform for Deeply Embedded Networks Jason Hill and David Culler Presented by Arsalan Tavakoli.
A Survey of Energy efficient Network Protocols for Wireless Networks Presentation by – Sanjay Acharya Course – CS 898T Instructor – Dr. Chin-Chih Chang.

A Survey of Energy efficient Network Protocols for Wireless Networks Presentation by – Sanjay Acharya Course – CS 898T Instructor – Dr. Chin-Chih Chang.
Resilience To Jamming Attacks

Resilience To Jamming Attacks
Energy-Efficient Design Some design issues in each protocol layer Design options for each layer in the protocol stack.

Energy-Efficient Design Some design issues in each protocol layer Design options for each layer in the protocol stack.
1 Ultra-Low Duty Cycle MAC with Scheduled Channel Polling Wei Ye Fabio Silva John Heidemann Presented by: Ronak Bhuta Date: 4 th December 2007.

1 Ultra-Low Duty Cycle MAC with Scheduled Channel Polling Wei Ye Fabio Silva John Heidemann Presented by: Ronak Bhuta Date: 4 th December 2007.

Similar presentations

Ads by Google