09-02-2013, 12:11 PM
Denial of Service Attacks in Wireless Networks: The Case of Jammers
Denial of Service .pdf (Size: 952.34 KB / Downloads: 122)
Abstract
The shared nature of the medium in wireless networks
makes it easy for an adversary to launch a Wireless
Denial of Service (WDoS) attack. Recent studies, demonstrate
that such attacks can be very easily accomplished using off-theshelf
equipment. To give a simple example, a malicious node
can continually transmit a radio signal in order to block any
legitimate access to the medium and/or interfere with reception.
This act is called jamming and the malicious nodes are referred to
as jammers. Jamming techniques vary from simple ones based
on the continual transmission of interference signals, to more
sophisticated attacks that aim at exploiting vulnerabilities of the
particular protocol used. In this survey, we present a detailed
up-to-date discussion on the jamming attacks recorded in the
literature. We also describe various techniques proposed for
detecting the presence of jammers. Finally, we survey numerous
mechanisms which attempt to protect the network from jamming
attacks. We conclude with a summary and by suggesting future
directions.
INTRODUCTION
SECURITY is one of the critical attributes of any communication
network. Various attacks have been reported
over the last many years. Most of them, however, target
wired networks. Wireless networks have only recently been
gaining widespread deployment. At the present time, with
the advances in technology, wireless networks are becoming
more affordable and easier to build. Many metropolitan areas
deploy public WMANs for people to use freely. Moreover,
the prevalence of WLANs as the basic edge access solution to
the Internet is rapidly becoming the reality. However, wireless
networks are accompanied with an important security flaw;
they are much easier to attack than any wired network.
The shared and easy to access medium is undoubtedly the
biggest advantage of wireless networks, while at the same time
is its Achilles’ heel. In particular, it makes it extremely easy
for an adversary to launch an attack. The goal of traditional
DoS attacks is to overflow user and kernel domain buffers [1].
PHY AND MAC LAYER JAMMING MODELS
In this section, we present four basic jamming models [10]
[14] [15] [16]; a jamming model captures the strategy followed
by the malicious attacker. The key attributes of these models
lies in their simplicity and effectiveness.
A constant jammer [10] continually emits radio signals on
the wireless medium. The signals can consist of a completely
random sequence of bits; electromagnetic energy transmissions
do not have to follow the rules of any MAC protocol. The
goal of this type of jammer is twofold: (a) to pose interference
on any transmitting node in order to corrupt its packets at the
receiver (lower PDR) and (b) to make a legitimate transmitter
(employing carrier sensing) sense the channel busy, thereby
preventing it from gaining access to the channel (lower PSR).
Similar to the constant jammer is the deceptive jammer
[10]. Their similarity is due to the fact that both constantly
transmit bits. The main difference is that with the
deceptive jammer, the transmitted bits are not random. The
deceptive jammer continually injects regular packets on the
channel without any gaps between the transmissions.
INTELLIGENT JAMMING MODELS
The jamming strategies presented in the previous section,
can be thought as naive (or very basic) jamming attacks.
These jamming models try to break down the communication
between two nodes. While they can achieve a high degree
of denial of service, they exhibit (in general) low energy
efficiency and high probability of detection. However, orthogonal
to physical layer jamming, several WDoS attacks can
be launched by exploiting higher protocol layers’ semantics.
For example with IEEE 802.11, a saboteur can manipulate
the back-off functionality to gain continuous access to the
medium. This, in turn, would force the rest of the nodes to
defer their transmissions resulting in a significant throughput
drop. As another example with the MAC layer protocol
used with Bluetooth technology, an adversary can selectively
destroy specific control packets disrupting ongoing communications.
CONCLUSIONS
Jamming is still an open and important research problem.
In this paper, we tried to gather together the majority of the
research on this area. We present:
• a plurality of jamming models that have been considered
in the literature,
• various jammer detection strategies that have been proposed
and,
• anti-jamming schemes.
Table I summarizes the characteristics of the various jamming
models examined in this paper. Every solutionthat has been
proposed exhibits limitations and there are more things that
need to be done in order for the problem to be solved satisfactorily.
For example, frequency hopping techniques assume
that rapid hopping between channels is possible. However this
might depend on the hardware used. A prior work [68] has
reported that switching from one channel to another and the
subsequent restoration of a data session may take from 600
to 1000 msec