Wenyuan Xu
ABSTRACT
Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The first scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.
- IEEE Std 802.11i/d3.0. Available at http://www.cs.umd.edu/ mhshin/doc/802.11/802.11i-D3.0.pdf.]]Google Scholar
- AusCERT. AA-2004.02 - denial of service vulnerability in IEEE 802.11 wireless devices. http://www.auscert.org.]]Google Scholar
- P. Bahl and V. Padmanabhan. RADAR: An in-building RF-based user location and tracking system. In Proceedings of IEEE Infocom 2003, pages 775--784, 2000.]]Google ScholarCross Ref
- J. Bellardo and S. Savage. 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In Proceedings of the USENIX Security Symposium, pages 15--28, 2003.]] Google ScholarDigital Library
- S. Capkun and J. Hubaux. Secure positioning in sensor networks. Technical report EPFL/IC/200444, May 2004.]]Google Scholar
- Chipcon. Chipcon cc1000 radio's datasheet. http://www.chipcon.com/files/CC1000 Data Sheet 2 1.pdf.]]Google Scholar
- P. Enge and P. Misra. Global Positioning System: Signals, Measurements and Performance. Ganga-Jamuna Pr, 2001.]]Google Scholar
- F. Fitzek and M. Reisslein. MPEG-4 and H.263 video traces for network performance evaluation. IEEE Network, 15(6):40--54, November/December 2002.]] Google ScholarDigital Library
- J. L. Hill and D. E. Culler. Mica: A wireless platform for deeply embedded networks. In IEEE Micro, pages 12--24, 2002.]] Google ScholarDigital Library
- Y. Hu, A. Perrig, and D. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. In 8th ACM International Conference on Mobile Computing and Networking, pages 12--23, September 2002.]] Google ScholarDigital Library
- Y. Hu, A. Perrig, and D. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In Proceedings of IEEE Infocom 2003, pages 1976--1986, 2003.]]Google ScholarCross Ref
- Q. Huang, H. Kobayashi, and B. Liu. Modeling of distributed denial of service attacks in wireless networks. In IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, volume 1, pages 41--44, 2003.]]Google ScholarCross Ref
- C. Karlof and D. Wagner. Secure routing in wireless sensor networks: attacks and countermeasures. In Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, pages 113--127, 2003.]]Google ScholarCross Ref
- S. Kay. Fundamentals of Statistical Signal Processing: Detection Theory. Prentice Hall, 1998.]] Google ScholarDigital Library
- B. Kedem. Time Series Analysis by Higher Order Crossings. IEEE Press, 1994.]]Google Scholar
- L. Kleinrock. Queueing Systems, Volume 2: Computer Applications. John Wiley & Sons, 1976.]]Google Scholar
- L. Kleinrock and F. Tobagi. Packet switching in radio channels: Part i-carrier sense multiple-access modes and their throughput-delay characteristics. IEEE Trans. on Communications, 23(12):1400 -- 1416, 1975.]]Google ScholarCross Ref
- P. Kyasanur and N. Vaidya. Detection and handling of mac layer misbehavior in wireless networks. In Proceedings of the 2003 IEEE International Conference on Dependable Systems and Networks, pages 173 -- 182, 2003.]]Google ScholarCross Ref
- K. Langendoen and N. Reijers. Distributed localization in wireless sensor networks: a quantitative comparison. Comput. Networks, 43(4):499--518, 2003.]] Google ScholarDigital Library
- L. Lazos and R. Poovendran. SeRLoc: Secure range-independent localization for wireless sensor networks. In Proceedings of the 2004 ACM Workshop on Wireless Security, pages 21--30, 2004.]] Google ScholarDigital Library
- Z. Li, W. Trappe, Y. Zhang, and B. Nath. Securing wireless localization: Living with bad guys. In DIMACS Workshop on Mobile and Wireless Security, 2004.]]Google Scholar
- D. Nicelescu and B. Nath. DV based positioning in ad hoc networks. Telecommunication Systems, 22(1-4):267--280, 2003.]]Google ScholarDigital Library
- G. Noubir and G. Lin. Low-power DoS attacks in data wireless lans and countermeasures. SIGMOBILE Mob. Comput. Commun. Rev., 7(3):29--30, 2003.]] Google ScholarDigital Library
- P. Papadimittratos and Z. Haas. Secure routing for mobile ad hoc networks. In SCS Communication Networks and Distributed Systems Modeling and Simulations Conference (CNDS 2002), San Antonio, 2002.]]Google Scholar
- J. Polastre, J. Hill, and D. Culler. Versatile low power media access for wireless sensor networks. In SenSys '04: Proceedings of the 2nd international conference on Embedded networked sensor systems, pages 95--107. ACM Press, 2004.]] Google ScholarDigital Library
- H. V. Poor. An Introduction to Signal Detection and Estimation. Springer Verlag, 2nd edition, 1994.]] Google ScholarDigital Library
- B. Potter. Wireless security's future. IEEE Security and Privacy Magazine, 1(4):68--72, 2003.]] Google ScholarDigital Library
- J. G. Proakis. Digital Communications. McGraw-Hill, 4th edition, 2000.]]Google Scholar
- M. Raya, J. Hubaux, and I. Aad. Domino: a system to detect greedy behavior in ieee 802.11 hotspots. In MobiSYS '04: Proceedings of the 2nd international conference on Mobile systems, applications, and services, pages 84--97. ACM Press, 2004.]] Google ScholarDigital Library
- C. Schleher. Electronic Warfare in the Information Age. MArtech House, 1999.]] Google ScholarDigital Library
- A. Wood and J. Stankovic. Denial of service in sensor networks. IEEE Computer, 35(10):54--62, October 2002.]] Google ScholarDigital Library
- A. Wood, J. Stankovic, and S. Son. JAM: A jammed-area mapping service for sensor networks. In 24th IEEE Real-Time Systems Symposium, pages 286 -- 297, 2003.]] Google ScholarDigital Library
- W. Xu, T. Wood, W. Trappe, and Y. Zhang. Channel surfing and spatial retreats: defenses against wireless denial of service. In Proceedings of the 2004 ACM workshop on Wireless security, pages 80 -- 89, 2004.]] Google ScholarDigital Library
- L. Zhou and Z. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, 1999.]] Google ScholarDigital Library
Index Terms
- The feasibility of launching and detecting jamming attacks in wireless networks
Recommendations
Mitigating control-channel jamming attacks in multi-channel ad hoc networks
WiSec '09: Proceedings of the second ACM conference on Wireless network securityWe address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the traditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary who exploits knowledge of ...
The Feasibility of Launching Reduction of Quality (RoQ) Attacks in 802.11 Wireless Networks
ICPADS '08: Proceedings of the 2008 14th IEEE International Conference on Parallel and Distributed SystemsIn this paper, we discuss wireless Reduction of Quality (RoQ) attacks against the transmission control protocol (TCP). RoQ attacks can dramatically degrade the TCP performance with a less number of wireless jamming attacking packets, which makes them ...
Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks
The advent of wireless networks has brought a new set of security issues with it. One of the most feared of these is the jamming-based attacks. In this paper, we propose a pre-emptive detection strategy using honeynodes and a response mechanism based on ...
Comments