26-09-2013, 12:59 PM
The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks
Launching and Detecting .pdf (Size: 435.5 KB / Downloads: 19)
ABSTRACT
Wireless networks are built upon a shared medium that
makes it easy for adversaries to launch jamming-style at-
tacks. These attacks can be easily accomplished by an ad-
versary emitting radio frequency signals that do not follow
an underlying MAC protocol. Jamming attacks can severely
interfere with the normal operation of wireless networks and,
consequently, mechanisms are needed that can cope with
jamming attacks. In this paper, we examine radio interfer-
ence attacks from both sides of the issue: first, we study the
problem of conducting radio interference attacks on wireless
networks, and second we examine the critical issue of di-
agnosing the presence of jamming attacks. Specifically, we
propose four different jamming attack models that can be
used by an adversary to disable the operation of a wireless
network, and evaluate their effectiveness in terms of how
each method affects the ability of a wireless node to send
and receive packets. We then discuss different measurements
that serve as the basis for detecting a jamming attack, and
explore scenarios where each measurement by itself is not
enough to reliably classify the presence of a jamming at-
tack. In particular, we observe that signal strength and
carrier sensing time are unable to conclusively detect the
presence of a jammer.
INTRODUCTION
Wireless networks are progressively becoming more afford-
able, and consequently are being deployed in a variety of dif-
ferent modalities, ranging from wireless local area networks
to mesh and sensor networks. As these networks gain popu-
larity, providing security and trustworthiness will become an
issue of critical importance. Many wireless security threats
may be addressed through appropriately designed network
security architectures [1, 10, 11, 13, 24, 27, 34], which are es-
sentially modifications of traditional security services, such
as confidentiality, authentication, and integrity to the wire-
less domain. Wireless networks, however, are susceptible
to threats that are not able to be adequately addressed via
cryptographic methods. One serious class of such threats
are attacks of radio interference.
JAMMING ATTACK MODELS AND
THEIR EFFECTIVENESS
In this section, we introduce radio interference attacks
that may be launched against wireless networks. The ad-
versary (or the malicious wireless device) that launches such
attacks is referred to as the jammer in this paper. We first
define the characteristics of a jammer’s behavior, and then
enumerate metrics that can be used to measure the effective-
ness of a jamming attack. These metrics are closely related
to the ability of a radio device to either send or receive pack-
ets. We then introduce four typical jammer attack models,
though by no means all-inclusive, which represent a broad
range of attack strategies, and will serve as the basis for our
discussion throughout the remainder of the paper. Through-
out this paper, we will use the Berkeley MICA2 Mote plat-
form for conducting our experiments with jammers. The
observed characteristics of the jammers and the detection
schemes presented later should hold for different wireless
platforms, such as 802.11.
Jamming Characteristics and Metrics
Although several studies [23,31–33] have targeted jamming-
style attacks, the definition of this type of attack remains un-
clear. A common assumption is that a jammer continuously
emits RF signals to fill a wireless channel, so that legitimate
traffic will be completely blocked [32, 33]. We believe, how-
ever, that a broader range of behaviors can be adopted by
a jammer. For example, a jammer may remain quiet when
there is no activity on the channel, and start interference as
soon as it detects a transmission. The common characteris-
tic for all jamming attacks is that their communications are
not compliant with MAC protocols. Therefore, we define a
jammer to be an entity who is purposefully trying to inter-
fere with the physical transmission and reception of wireless
communications.
Jamming Attack Models
There are many different attack strategies that a jam-
mer can perform in order to interfere with other wireless
communications. As a consequence of their different attack
philosophies, these various attack models will have differ-
ent levels of effectiveness, and may also require different de-
tection strategies. While it is impractical to cover all the
possible attack models that might exist, in this study, we
discuss a wide range of attacks that have proven to be effec-
tive in disrupting wireless communication. Specifically, we
have designed and built the following jammers
BASIC STATISTICS FOR DETECTING
JAMMING ATTACKS
Detecting jamming attacks is important because it is the
first step towards building a secure and dependable wire-
less network. It is challenging because jammers can employ
different models, and it is often difficult to differentiate a
jamming scenario from legitimate scenarios. Specifically, we
need to differentiate a jamming scenario from various net-
work conditions: congestions that occur when the aggre-
gated traffic load exceeds the network capacity so that the
packet send ratio and delivery ratio are affected; the inter-
rupt of the communication due to failures at the sender side,
etc.
In this section, we present several measurements that may
be employed by wireless devices for the purpose of detect-
ing jamming attacks. We explore these measurements in
detail and present scenarios where they may not be effec-
tive in detecting a jamming attack, and in fact could cause
false detections. For each of these measurements, we de-
velop statistics upon which to make decisions. Since statis-
tics built upon individual measurements may lead to false
conclusions, in Section 4 we develop two improved detection
strategies. These two detection strategies are both built
upon the fundamental assumption that communicating par-
ties should have some basis for knowing what their charac-
teristics should be if they are not jammed, and consequently
can use this as a basis for differentiating jammed scenarios
from mere poor link conditions.
Location Consistency Checks
We now discuss a second consistency checking algorithm
for detecting the presence of a radio interference attack.
Whereas PDRSS_Detect_Jam employs signal strength to vali-
date PDR measurements, the LOC_Detect_Jam algorithm em-
ploys location information. In addition to the assumptions
listed earlier, for LOC_Detect_Jam we also assume that all le-
gitimate neighbor nodes transmit with a fixed power level,
such as the default settings when the sensor or ad hoc net-
work was originally deployed. While this assumption holds
for many real network settings, we would like to point out
that scenarios where nodes have varying transmission pow-
ers can be addressed by easy extensions to our algorithm.
In PDRSS_Detect_Jam, the sampling granularity and the win-
dow length for measuring signal strength are two parameters
that must be carefully set based upon the assumed jammer
models as well as the underlying network traffic conditions.
As noted earlier, it may not be practical to sample the signal
strength with a fine granularity over a long window of time,
and for this reason PDRSS_Detect_Jam employs a reactive con-
sistency checking strategy in the sense that signal strength
measurements are performed after PDR measurements fall
below a threshold.
RELATED WORK
Radio interference attacks are a serious threat to the op-
eration of a wireless network, regardless of the type of wire-
less network. In order to cope with the threat of jamming
attacks, it is important to understand the different threat
models that may be employed by adversaries, the methods
that are needed to diagnose these threats, and the counter-
measures that may be employed to defend against jamming
attacks.
The traditional literature on jamming primarily focuses on
the design of physical layer technologies, such as spread spec-
trum, that are resistant to RF jamming [28,30]. It should be
realized that the physical layer technologies needed to reli-
ably resist jamming have not found widespread deployment
in commodity wireless devices, such as wireless LANs and
sensor networks. Our work takes the viewpoint that rather
than replace existing systems with more complicated radio
platforms, it is instead desirable to understand the modes
of attacks that may be launched against existing platforms,
and be able to detect them. Following detection, appropri-
ate countermeasures may be employed
CONCLUSIONS
Wireless networks are being deployed in a variety of forms,
ranging from ad hoc networks to wireless LANs to sensor
networks. The shared nature of the wireless medium will al-
low adversaries to pose non-cryptographic security threats
by conducting radio interference attacks. Therefore, under-
standing the nature of jamming attacks is critical to assuring
the operation of wireless networks. This paper has sought
to focus on both sides of the issue by presenting four differ-
ent jammer attack models that may be employed against a
wireless network, as well as exploring techniques for detect-
ing the presence of a jamming attack. We have studied the
effectiveness of our four jammer strategies by constructing
prototypes using the MICA2 Mote platform and measuring
how each of the jammers fared in terms of their effect on the
packet send ratio and packet delivery ratio.