PACKET-HIDING METHODS FOR PREVENTING SELECTIVE JAMMING ATTACKS

ABSTRACT

The open nature of the wireless medium leaves it vulnerable to intentional interference attacks, typically referred to as jamming. This intentional interference with wireless transmissions can be used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been addressed under an external threat model. However, adversaries with internal knowledge of protocol specifications and network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we address the problem of selective jamming attacks in wireless networks. In these attacks, the adversary is active only for a short period of time, selectively targeting messages of high importance. We illustrate the advantages of selective jamming in terms of network performance degradation and adversary effort by presenting two case studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be launched by performing real-time packet classification at the physical layer. To mitigate these attacks, we develop three schemes that prevent real-time packet classification by combining cryptographic primitives with physical-layer attributes.

AIM Selective jamming attacks can be launched by performing real-time packet classification at the physical layer. To mitigate Selective jamming attacks, three schemes that prevent real-time packet classification by combining cryptographic primitives with physical-layer attributes to be proposed.

SCOPE The open nature of the wireless medium leaves it vulnerable to intentional interference attacks, typically referred to as jamming. This intentional interference with wireless transmissions can be used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been addressed under an external threat model.

OBJECTIVES To check the feasibility of realtime packet classification for launching selective jamming attacks, under an internal threat model. Such attacks are relatively easy to actualize by exploiting knowledge of network protocols and cryptographic primitives extracted from compromised nodes. To study the impact of selective jamming on critical network functions. The selective jamming attacks may lead to DoS with very low effort on behalf of the jammer. To mitigate such attacks, three schemes have been proposed that prevent classification of transmitted packets in real time.

OVERVIEW

Uninterrupted availability of the wireless medium is availed to wireless networks to interconnect participating nodes. Wireless networks are highly vulnerable to multiple security threats. Attacker with a transceiver can eavesdrop on wireless transmissions, inject spurious messages, or jam legitimate ones. While eavesdropping and message injection can be prevented using cryptographic methods, jamming attacks are much harder to counter. In the proposed system, we consider the internal threat model. Under Jamming attacks, the adversary interferes with the reception of messages by transmitting a continuous jamming signal, or several short jamming pulses.

EXISTING SYSTEM Jamming attacks have been considered under an external threat model, in which the jammer is not part of the network. Under this model, jamming strategies include the continuous or random transmission of highpower interference signals.

Anti-jamming techniques rely extensively on spread-spectrum (SS) communications, or some form of jamming evasion (e.g., slow frequency hopping, or spatial retreats). SS techniques provide bit-level protection by spreading bits according to a secret pseudo-noise (PN) code, known only to the communicating parties. These methods can only protect wireless transmissions under the external threat model. Always-on strategy has the continuous presence of unusually high interference levels makes this type of attacks easy to detect

DISADVANTAGES
Jamming attacks under internal threat model is not considered. Always-on strategy has disadvantages such as, first the adversary has to expend a

significant amount of energy to jam frequency bands of interest.

PROPOSED SYSTEM The problem of jamming under an internal threat model has been considered. Adversary who is aware of network secrets and the implementation details of network protocols at any layer in the network stack has been designed. The adversary exploits the internal knowledge for launching selective jamming attacks in which specific messages of high importance are targeted. A jammer can target route-request/route-reply messages at the routing layer to prevent route discovery, or target TCP acknowledgments in a TCP session to severely degrade the throughput of an end-to-end flow.

ADVANTAGES
Internal threat model has been considered DoS attack can be avoided Three schemes such as Hiding Based On Commitments, A Strong Hiding Commitment

Scheme (Shcs) and Hiding Based On Cryptographic Puzzles has been proposed
Strong security properties Minimal impact on the network performance

LITERATURE SUMMARY Selective jamming attacks Thuente studied the impact of an external selective jammer who targets various control packets at the MAC layer. To perform packet classification, the adversary exploits inter-packet timing information to infer eminent packet transmissions. Law et al. proposed the estimation of the probability distribution of inter-packet transmission times for different packet types based on network traffic analysis. Future transmissions at various layers were predicted using estimated timing information. Brown et al. illustrated the feasibility of selective jamming based on protocol semantics. They considered several packet identifiers for encrypted packets such as packet size, precise timing information of different protocols, and physical signal sensing. To prevent selectivity, the unification of packet characteristics such as the minimum length and inter-packet timing was proposed. Similar packet classification techniques were investigated. Liu et al. considered a smart jammer that takes into account protocol specifics to optimize its jamming strategy. The adversary was assumed to target control messages at different layers of the network stack. To mitigate smart jamming, the authors proposed the SPREAD system, which is based on the idea of stochastic selection between a collection of parallel protocols at each layer. Greenstein et al. presented a 802.11-like wireless protocol called Slyfi that prevents the classification of packets by external observers. This protocol hides all explicit identifiers from the transmitted packets, by encrypting them with keys only known to the intended receivers. Wilhelm et al. implemented a USRP2-based jamming platform called RFReact that enables selective and reactive jamming. RFReact was shown to be agnostic to technology standards and readily adaptable to any desired jamming strategy. Blapa et al. studied selective jamming attacks against the rate-adaptationmechanism of 802.11. They showed that a selective jammer targeting specific packets in a point-topoint 802.11

communication was able to reduce the rate of the communication to the minimum value of 1 Mbps, with relatively little effort. Several researchers have suggested channel-selective jamming attacks, in which the jammer targets the broadcast control channel. It was shown that such attacks reduce the required power for performing a DoS attack by several orders of magnitude. To protect control-channel traffic, the replication of control transmission in multiple channels was suggested. The locations of the control channels where cryptographically protected. Lazos et al. proposed a randomized frequency hopping algorithm to protect the control channel from inside jammers. Strasser et al. proposed a frequency hopping anti-jamming technique that does not require the existence of a secret hopping sequence, shared between the communicating parties.

Non-Selective Jamming Attacks Conventional methods for mitigating jamming employ some form of SS communications. The transmitted signal is spread to a larger bandwidth following a PN sequence. Without the knowledge of this sequence, a large amount of energy is required to interfere with an ongoing transmission. However, in the case of broadcast communications, compromise of commonly shared PN codes neutralizes the advantages of SS. Popper et al. proposed a jamming-resistant communication model for pairwise communications that does not rely on shared secrets. Communicating nodes use a physical layer modulation method called Uncoordinated Direct- Sequence Spread Spectrum (UDSSS). They also proposed, a jamming-resistant broadcast method in which transmissions are spread according to PN codes randomly selected from a public codebook. Several other schemes eliminate overall the need for secret PN codes. Lin et al. showed that jamming 13% of a packet is sufficient to overcome the ECC capabilities of the receiver.

Xu et al. categorized jammers into four models: (a) a constant jammer, (b) a deceptive jammer that broadcasts fabricated messages, (c) a random jammer, and (d) a reactive jammer that jams only if activity is sensed. They further studied the problem of detecting the presence of jammers by measuring performance metrics such as packet delivery ratio. Cagalj et al. proposed wormhole-based antijamming techniques for wireless sensor networks (WSNs). Using a wormhole link, sensors within the jammed region establish communications with outside nodes, and notify them regarding ongoing jamming attacks.

LITERATURE REVIEW Jamming and Sensing of Encrypted Wireless Ad Hoc Networks

Timothy X Brown Jesse E. James Amita Sethi, In Proceedings of MobiHoc

This paper considers the problem of an attacker disrupting an encrypted victim wireless ad hoc network through jamming. Jamming is broken down into layers and this paper focuses on jamming at the Transport/Network layer. Jamming at this layer exploits AODV and TCP protocols and is shown to be very effective in simulated and real networks when it can sense victim packet types, but the encryption is assumed to mask the entire header and contents of the packet so that only packet size, timing, and sequence is available to the attacker for sensing. A sensor is developed that consists of four components. The first is a probabilistic model of the sizes and inter-packet timing of different packet types. The second is a historical method for detecting known protocol sequences that is used to develop the probabilistic models, the third is an active jamming mechanism to force the victim network to produce known sequences for the historical analyzer, and the fourth is the online classifier that makes packet type classification decisions. The method is tested on live data and found that for many packet types the classification is highly reliable. The relative roles of size, timing, and sequence are discussed along with the implications for making networks more secure.

Wormhole-Based Anti-Jamming Techniques in Sensor Networks

M. Cagalj, S. Capkun, and J.-P. Hubaux, IEEE Transactions on Mobile Computing, 6(1):100114, 2007 Due to their very nature, wireless sensor networks are probably the most vulnerable category of wireless networks to radio channel jamming-based Denial-of-Service (DoS) attacks: An adversary can easily mask the events that the sensor network should detect by stealthily jamming an appropriate subset of the nodes; in this way, he prevents them to report what they are sensing to the network operator. Therefore, in spite of the fact that an event is sensed by one or several nodes (and the sensor network is otherwise fully connected), the network operator cannot be informed on time. We show how the sensor nodes can exploit channel diversity in order to establish wormholes out of the jammed region, through which an alarm can be transmitted to the network operator. We propose three solutions: the first is based on wired pairs of sensors, the second relies on frequency hopping, and the third is based on a novel concept called uncoordinated channel hopping. We develop appropriate mathematical models to study the proposed solutions.

Energy-Efficient Link-Layer Jamming Attacks against Wireless Sensor Network MAC Protocols
Y. W. Law, M. Palaniswami, L. V. Hoesel, J. Doumen, P. Hartel, and P. Havinga., ACM Transactions on Sensors Networks, 5(1):138, 2009.

A typical wireless sensor node has little protection against radio jamming. The situation becomes worse if energyefficient jamming can be achieved by exploiting knowledge of the data link layer. Encrypting the packets may help to prevent the jammer from taking actions based on the content of the packets, but the temporal arrangement of the packets induced by the nature of the protocol might unravel patterns that the jammer can take advantage of, even when the packets are encrypted. By looking at the packet interarrival times in three representative MAC protocols, S-MAC, LMAC and B-MAC, we derive several jamming attacks that allow the jammer to jam S-MAC, LMAC and B-MAC energy-efficiently. The jamming attacks are based on realistic assumptions. The algorithms are described in detail and simulated. The effectiveness and efficiency of the attacks are examined. In addition, we validate our simulation model by comparing its results with measurements obtained from implementation on sensor node prototypes. We show that it takes little effort to implement such effective jammers, making them a realistic treat. Careful analysis of other protocols belonging to the respective categories of S-MAC, LMAC and B-MAC reveals that those protocols are, to some extent, also susceptible to our attacks. The result of this investigation provides new insights into the security considerations of MAC protocols.

Mitigating Control-Channel Jamming Attacks in Multi-channel Ad Hoc Networks

Loukas Lazos, Sisi Liu, and Marwan Krunz Dept. of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USA

We address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the traditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary who exploits knowledge of the protocol mechanics along with cryptographic quantities extracted from compromised nodes to maximize the impact of his attack on higher-layer functions. We propose new security metrics that quantify the ability of the adversary to deny access to the control channel, and the overall delay incurred in re-establishing the control channel. We also propose a randomized distributed scheme that allows nodes to establish a new control channel using frequency hopping. Our method differs from classic frequency hopping in that no two nodes share the same hopping sequence, thus mitigating the impact of node compromise. Furthermore, a compromised node is uniquely identified through its hop sequence, leading to its isolation from any future information regarding the frequency location of the control channel.

The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks

Wenyuan Xu, Wade Trappe, Yanyong Zhang and Timothy Wood Wireless Information Network Laboratory (WINLAB) Rutgers University, 73 Brett Rd., Piscataway, NJ 08854

Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The rst scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

HARDWARE REQUIREMENTS Processor Ram Hard Disk Input device Output device : Any Processor above 500 MHz. : 128Mb. : 10 GB. : Standard Keyboard and Mouse. : VGA and High Resolution Monitor.

SOFTWARE REQUIREMENTS Operating System Programming package IDE Tools Used : Windows Family. : JDK 1.6 or higher : Netbeans 6.1

SYSTEM ARCHITECTURE

SHCS

Sender

Select Hiding Technique

CPHS

AONT

MD5

Encrypted message Attacker unblock

Decrypte d message

Receiver ke y

When a sender wants to send a data to receiver, sender hides the data and sends in secure manner. There are four techniques used to for hiding the data, which are Strong hiding Commitment Scheme, Cryptography puzzle based hiding scheme, All or nothing based scheme and MD5 scheme, in MD5 scheme, apart from data hiding the sequence of packet receives also checked at the receiver side. An attacker module is designed to show the impact of data jamming. The message hiding technique is followed to send data by avoiding jamming attack.

APPLICATIONS USED Wireless networks are widely used include cellular phones which are part of everyday wireless networks, allowing easy personal communications. Another example, Inter-continental network systems, use radio satellites to communicate across the world. Emergency services such as the police utilize wireless networks to communicate effectively as well. Individuals and businesses use wireless networks to send and share data rapidly, whether it be in a small office building or across the world.

Function requirements USE CASE Sender transmits data ACTORS Client DESCRIPTION Data has been chosen to send to receiver. While sending the data, for avoiding jamming attacks different types hiding techniques are used. Intermediate Node Attacker Data packet sent by sender can be received by attacker, when the attacker is in unblock mode Sender Receiver receives data Client Server Relay node is chosen to send data packets Server receives data from client. Server has to give the key value to retrieve the encrypted data.

Non functional requirement Area Economic Codes & Standards / Realistic Constraints This project is very economical as it only depends on the software components to be downloaded from the internet Performance This project Performance is high when compared with other file transfer mechanisms Reliability This project provides reliability because of the efficient usage of TCP protocol Security This project focuses on applying security concepts for authenticating the application. Manufacturability This project can be easily replicated. This requires complete schematics, complete and documented code listings, JAVA SWING,

produced in a file format accessible by software available at JAVA

MODULES
Adversary Design Packet Classification A Strong Hiding Commitment Scheme Cryptographic Puzzle Hiding Scheme Hiding Based On All-Or-Nothing Transformations Hiding Based On Md5

ADVERSARY DESIGN Adversary is in control of the communication medium and can jam messages at any part of the network of his choosing. The adversary can operate in full-duplex mode, thus being able to receive and transmit simultaneously. This can be achieved, for example, with the use of multiradio transceivers. Adversary is equipped with directional antennas that enable the reception of a signal from one node and jamming of the same signal at another. It is assumed that the adversary can pro-actively jam a number of bits just below the ECC capability early in the transmission. When the adversary is introduced, the data packets from the node cannot be reached at receiver.

PACKET CLASSIFICATION At the Physical layer, a packet m is encoded, interleaved, and modulated before it is transmitted over the wireless channel. At the receiver, the signal is demodulated, deinterleaved and decoded to recover the original packet m. Nodes A and B communicate via a wireless link. Within the communication range of both A and B there is a jamming node J. When A transmits a packet m to B, node J classifies m by receiving only the first few bytes of m. J then corrupts m beyond recovery by interfering with its reception at B.

A STRONG HIDING COMMITMENT SCHEME A strong hiding commitment scheme (SHCS), which is based on symmetric cryptography. Assume that the sender has a packet for Receiver. First, S (Sender) constructs commit( message ) the commitment function is an off-the-shelf symmetric encryption algorithm is a publicly known permutation, and k is a randomly selected key of some desired key length s (the length of k is a security parameter). The role of the committer is assumed by the transmitting node S. The role of the verifier is assumed by any receiver R, including the jammer J. The committed value m is the packet that S wants to communicate to R. To transmit m, the sender computes the corresponding commitment/decommitment pair (C, d), and broadcasts C. The hiding property ensures that m is not revealed during the transmission of C. To reveal m, the sender releases the decommitment value d, in which case m is obtained by all receivers, including J.

CRYPTOGRAPHIC PUZZLE HIDING SCHEME A sender S have a packet m for transmission. The sender selects a random key k , of a desired length. S generates a puzzle (key, time), where puzzle() denotes the puzzle generator function, and tp denotes the time required for the solution of the puzzle. Parameter is measured in units of time, and it is directly dependent on the assumed computational capability of the adversary, denoted by N and measured in computational operations per second. After generating the puzzle P, the sender broadcasts (C, P). At the receiver side, any receiver R solves the received puzzle to recover key and then computes the packet. Server to solve the puzzle in time tp and solved puzzle should be correct get the data packet at server.

HIDING BASED ON ALL-OR-NOTHING TRANSFORMATIONS The packets are pre-processed by an AONT before transmission but remain unencrypted. The jammer cannot perform packet classification until all pseudo-messages corresponding to the original packet have been received and the inverse transformation has been applied. Packet m is

partitioned to a set of x input blocks m = {m1, m2,m3.}, which serve as an input to an The set of pseudo-messages m = {m1, m2,m3,..} is transmitted over the wireless medium.

HIDING BASED ON MD5 A sender S have a packet m for transmission. The sender selects a random key k , of a desired length. The message m is split into number blocks {m1,m2,mn}and the message blocks are encrypted using md5. The role of the Receiver R is to receive the multiple blocks of data packets and decrypt them. The pre-computed MD5 checksum for the files, so that a user can compare the checksum of the downloaded file to it. The receiver also perform the packet sequence checking while receiving the data packet.

MODULE DIAGRAM Packet Classification

Message

Hiding technique

Encrypted Content unbloc k Intermediat e jammer Decrypted Message Receiver ke

MODULE DIAGRAM -Strong Hiding Commitment Scheme

Sender

Message

SHCS

Generate random key

Encrypted Content

Decrypted Message

Receiver ke

MODULE DIAGRAM - Cryptographic Puzzle Hiding Scheme

Sender

Message

CPHS

Generate puzzle & time line

Discarded els

Encrypted Content

Decrypted Message In time

Receiver puzzl

MODULE DIAGRAM - An AONT-based Hiding Scheme

Sende r

Messag

Message blocks

AONT

Generate key

Encrypted Content

Decrypted Message key

Receiver

MODULE DIAGRAM MD5 Algorithm

Sende r

Messag

Message blocks Roun d

MD5

Generate key

Encrypted blocks

Decrypted Message

Check packet sequence

Receiver key

USE CASE DIAGRAM

Select data to transmit

Normal mode

Encrypted data

SHCS Normal CPHS

Block content

AONT Receive MD5

Intrud

Decrypted data

Normal node chooses data to send and the data is encrypted using SHCS/ CPHS/AONT/MD5 and send to receiver, sender shares the decrypt key to decrypt the data. Intruder is considered as one of the other user, who tries blocking the data content while sending normally.

SEQUENCE DIAGRAM

Node

Algorith m

Intrude r

Server

Select data to send SHCS/CPHS/AONT/ MD5

Encrypted data Share key to decrypt

Send data without hiding scheme

Node are initialized and chooses data to send and the data is encrypted using SHCS/ CPHS/AONT/MD5 and send to receiver, sender shares the decrypt key to decrypt the data. Intruder is considered as one of the other user, who tries blocking the data content while sending normally.

COLALBORATION DIAGRAM

Node initializatio n
1:select data

Data selection
3:select type 2:no encryption

Send data normal mode

Algorithm Selection
4:encrypt ion

Encrypted data
5:sen d

Receiver

First step that nodes are initialized and data selected to send to the receiver is the second step. Selecting the hiding technique is the third step and then encrypted data send to server is the fifth step.

ACTIVITY DIAGRAM

Node

Select data

No

Encrypted data

Yes Select Hiding type

Normal data

Intruder

Receiver

When the node selects data to send, the data is encrypted via any of the hiding techniques such as SHCS/CPSH/AONT/MD5. When the data is sent via normal mode without using any of the hiding technique, then it can be blocked by intruder.

CONCLUSION Selective jamming attacks in wireless networks have been studied. We considered an internal adversary model in which the jammer is part of the network under attack, thus being aware of the protocol specifications and shared network secrets. Jammer can classify transmitted packets in real time by decoding the first few symbols of an ongoing transmission. The impact of selective jamming attacks is evaluated on network protocols such as TCP and routing. Three schemes have been proposed that transform a selective jammer to a random one by preventing real-time packet classification. The schemes combine cryptographic primitives such as commitment schemes, cryptographic puzzles, and all-or-nothing transformations (AONTs) with physical layer characteristics.

REFERENCES [1] T. X. Brown, J. E. James, and A. Sethi. Jamming and sensing of encrypted wireless ad hoc networks. In Proceedings of MobiHoc, pages 120130, 2006. [2] M. Cagalj, S. Capkun, and J.-P. Hubaux. Wormhole-based antijamming techniques in sensor networks. IEEE Transactions on Mobile Computing, 6(1):100114, 2007. [3] A. Chan, X. Liu, G. Noubir, and B. Thapa. Control channel jamming: Resilience and identification of traitors. In Proceedings of ISIT, 2007. [4] T. Dempsey, G. Sahin, Y. Morton, and C. Hopper. Intelligent sensing and classification in ad hoc networks: a case study. Aerospace and Electronic Systems Magazine, IEEE, 24(8):2330, August 2009. [5] Y. Desmedt. Broadcast anti-jamming systems. Computer Networks, 35(2-3):223236, February 2001. [6] K. Gaj and P. Chodowiec. FPGA and ASIC implementations of AES. Cryptographic Engineering, pages 235294, 2009. [7] O. Goldreich. Foundations of cryptography: Basic applications. Cambridge University Press, 2004. [8] B. Greenstein, D. Mccoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving wireless privacy with an identifier-free link layer protocol. In Proceedings of MobiSys, 2008. [9] A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of NDSS, pages 151165, 1999.