Scribd
Upload
216 views34 pages

The Feasibility of Launching and Detecting Jamming Attacks

The document discusses jamming attacks in wireless networks and methods to detect them. It introduces four jamming attack models: constant, deceptive, random, and reactive jammers. It then evaluates these models through experiments measuring packet send and delivery ratios under different jamming scenarios. Finally, it proposes two methods for jamming detection - signal strength consistency checking and location consistency checking - which use additional context like signal levels or node locations to differentiate jamming from normal poor link quality situations.

Uploaded by

neel_saraiya1986
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
216 views34 pages

The Feasibility of Launching and Detecting Jamming Attacks

The document discusses jamming attacks in wireless networks and methods to detect them. It introduces four jamming attack models: constant, deceptive, random, and reactive jammers. It then evaluates these models through experiments measuring packet send and delivery ratios under different jamming scenarios. Finally, it proposes two methods for jamming detection - signal strength consistency checking and location consistency checking - which use additional context like signal levels or node locations to differentiate jamming from normal poor link quality situations.

Uploaded by

neel_saraiya1986
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 34

The Feasibility of Launching and

Detecting Jamming Attacks in


Wireless Networks

Wenyuan Xu, Wade Trappe, Yanyong Zhang, Timothy


Wood,
WINLAB, Rutgers University

Presented by
Neel Saraiya
10304581
Contents
• Introduction
• Jamming characteristics and Metrics
• Jamming attack models
• Statistics for detecting the jamming attacks
• Jamming detection with consistency check
• Conclusion
Introduction
 Wireless networks:-
– Low cost
– Availability and Popularity
– Varieties of application
 Threats:-
– Stealing information, corrupting data
 Objective:-
– Providing security and trustworthiness
 Attacks:-
– Radio interference
Jammers
• What?
– An entity who is purposefully trying to interfere with
the physical transmission and reception of wireless
communications.

• How? (2 styles)
– MAC-layer DoS
Bypass the MAC protocol, repeatedly send out packets
Introduces packet collision
– PHY-layer DoS
Jam transmission channel by emitting energy in the
frequency band corresponding to the channel
Jammers – Hardware

• Cell phone jammer unit:


– intended for blocking all mobile phone types
within designated indoor areas
– 'plug and play' unit
• Waveform Generator
– Tune frequency to what ever you want
• MAC-layer Jammer (our focus)
– Mica2 Motes (UC Berkeley)
8-bit CPU at 4MHz,
128KB flash, 4KB RAM
916.7MHz radio
OS: TinyOS
– Disable the CSMA
– Keep sending out the preamble
Jamming characteristics and Metrics

Communication w/o Jammer Communication interrupted by Jammer


Cont’d
• Goal of jammer:
– Interfere with legitimate wireless communications
– Prevent a sender from sending out packets
– Prevent a receiver from receiving a legitimate packets
• Packet Send Ratio (PSR)
– The ratio of packets that are successfully sent out by a
legitimate traffic source compared to the number of
packets it intends to send out at the MAC layer
• Packet Delivery Ratio (PDR)
– The ratio of packets that are successfully delivered to a
destination compared to the number of packets that have
been sent out by the sender
Jamming attack models
• Constant jammer

• Deceptive Jammer

• Random jammer

• Reactive jammer
Constant jammer
Basically it uses
•Waveform generator
•Normal wireless devices

Keeps the channel busy by sending random bits.

Prevents legitimate traffic source


Deceptive Jammer
 Constantly injects regular packets to the
channel without any gap between subsequent
packet transmissions

 A normal communicator will be deceived into


the receive state
Random jammer
 Use two different modes
• Jamming mode for tj time
• Sleeping mode for ts time

 tj and ts are fixed or random value

 Why use two different modes?


Reactive jammer
 Use the reactive strategy

 Less effective

 No energy conservation

 Harder to detect
Consider example

Involving three parties:


 Normal nodes:
• Sender A
• receiver B
 Jammer X

Parameters
 Distance
• Let dXB = dXA
• Fix dAB at 30 inches
 Power
• PA = PB = P X = -4dBm
 MAC
• Fix MAC threshold
• Adaptive MAC threshold
Cont’d
Experiment result
Experiment Observation
• Constant jammer:
– A constant jammer can completely block A from sending out
packets, if it is close enough to A.
– When A use BMAC, although A can send out some packets, most of
them are corrupted by the jammer. Thus, PDR is low.
• Deceptive jammer:
– A deceptive jammer continuously sends out packets, both A and B
are forced to receive packets no matter which MAC protocol there
use.
• Random jammer
– The longer a random jammer sleeps, the less impact it has on the
normal traffic.
– The PSR measured in BMAC and 1.1.1MAC scenarios don’t differ
much, because the on state of random jammer is not long enough
for the threshold to increase.
• Reactive jammer
– The sender is able to reliably send out its packet in all cases,
however, most of the packets are corrupted with the presence of a
jammer nearby.
– Even for short packets, the reactive jammer can effectively disrupt
network communication.
Statistics for detecting jamming attacks

• Need a secure and dependable network

• Need to differentiate between different


scenario

• For ex:- exceeds network capacity


Statistics for detecting jamming attacks
cont’d
 There are three methods.

• Signal strength

• Carrier sensing time

• Packet delivery ratio


Signal strength
• Idea:
– The signal strength distribution may be affected by
the presence of a jammer
• Assume:
– Network devices can gather enough noise level
measurements during a time period prior to jamming and
build a statistical model describing normal energy levels in
the network.
• Two strategies:
– Basic average and energy detection
– Signal strength spectral discrimination
Basic average and energy detection
• Uses either the average signal value or the total
signal energy over a window of N signal strength
measurements.
• when the jammer emits a constant amplitude
signal the detection statistic is

• when the jammer emits a powerful noise-like signal


the detection statistic is
Basic average and energy detection
Experiment

Consider Six experiments


For first two experiments
consider

Sender Receiver
A B


Exp 1


Packets = 20

Rate=5.28kbps


Exp 2


Packets= Max traffic

Rate= 6.46kbps


For next four exp.
consider

Sender Receiver Jammer


A B X
Spectral discrimination experiment

Figure 3: Plot of the first two higher order crossings, D1 vs. D2, for different jammer
and communication scenarios.
Carrier Sensing Time
Cont’d
Packet Delivery Ratio
Packet Delivery Ratio
•The PDRs are low in the
presence of jammers

•PDR is effective in
discriminating jamming
from congested network
scenario.

•Low PDR can be caused by


network dynamics:
– Sender Battery failure
– Sender moving out of the
communication range

• PDR cannot differentiate


jamming attacks from
other scenarios such as poor
link quality.
Jamming detection with consistency check
• Two methods:-
1. Signal strength consistency check
2. Location consistency check

 Signal strength consistency check


• Goal — to discriminate jamming attacks from,
– normal congested scenarios
– other cases caused by poor link quality, sudden failures of nodes
• Observation:
– PDR is a relative good statistic, we can build some strategies upon
PDR to achieve enhanced jammer detection.
• – Normal scenarios:
high signal strength => a high PDR
Low signal strength => a low PDR
– Low PDR:
Hardware failure or poor link quality, low signal strength
Jamming attack, high signal strength
Signal strength consistency check
Signal strength consistency check

• Build a (PDR,SS) look-up table empirically


– Measure (PDR, SS) during a guaranteed time of non-interfered network.
– Divide the data into PDR bins, calculate the mean and variance for the data
within each bin.
– Get the upper bound for the maximum SS that world have produced a particular
PDR value during a normal case.
– Partition the (PDR, SS) plane into a jammed-region and a non jammed region.

• Experiment setup:
– The sender power: - 5dBm
– Data rate: 20packets/sec
Packets are 33 bytes
– Average PDR over 200 packets
– SS were sampled every 1msec for 200msec
– PDR bins: (0,40) (40,90)(90, 100)
– PDR threshold 65%
– 99% confidence bar
Location consistency check
• Goal:-Detect presence of radio interference attack
• Uses GPS or other localization techniques
• Idea:-
• Check the jamming status using PDR of
neighbors
• Keeps the records of PDR and location of
neighboring nodes
Location consistency check
Conclusion
 Due to the shared nature of the wireless medium, it
is an easy feat for adversaries to perform a jamming-
style denial of service against wireless networks.
 We presented four different jammer attack models.
We have studies the effectiveness of them by
constructing prototypes using the MICA2 Mote
platform and measured the PSR and PDR.
 We showed that a single measurement statistic is not
enough to definitively conclude the presence of a
jammer.
Cont’d
 We introduced the notion of consistency checking,
where the PDR is used to classify a poor link quality, and
then a consistency check is performed to determine
whether the poor link quality is due to jamming.

 We presented two enhanced detection algorithms:


1)Employing signal strength as a consistency
check
2)Employing location information as a
consistency check
Thank You

You might also like