한국통신학회 2015년도 추계종합학술발표회

A study on How to Find a Hopping Sequence of a Smart Jammer

in IEEE 802.11 WLANs

Clément Delattre, Yongchul Kim

Korea Military Academy

clement.delattre50@orange.fr, kyc6454@kma.ac.kr

Abstract

Securing wireless networks is one of the main objectives of Tactical Communications in every army, especially
concerning a way to avoid jamming attacks, which can be easily done by emitting a continuous radio signal. Finding
a perfect way to avoid jamming is a utopia, but scientists agree on a solution which consists in a channel hopping
scheme to mitigate jamming attacks. In this paper, we consider an existing channel-hopping scheme under smart
jammer attacks, and study a way to find the hopping sequence of a jammer, to protect users from jamming attack.

σ n and kn denote the time duration of jammed station

I. Introduction
and un-jammed station can actually use within a DT
Portable computing and smart phone devices are period respectively.
nowadays fully implemented in every society, using
the most widely used standard called IEEE 802.11
WLAN. The Army has always been involved in the
improvement of WLAN technologies, to be able to use
it on operations. However, securing such networks on
a battlefield is far from being simple. The US Army
uses secure wireless local area network (SWLAN) [1]
for their Tactical Operation Center’ s communications.
Although the SWLAN is efficient, it cannot fully avoid
a jamming attack sent by an opponent, especially if
this jammer is considered as smart, because it will be Fig. 1 Station and jammer models
able to send back-to-back packets on the detected If there is no jamming attack, the normalized
channel after scanning all of the channels. We throughput is simply expressed as:
consider a way to find the hopping sequence of a DT
Th1 = . (1)
smart jammer, in order to prevent users from jamming ST + DT
attack. Under a smart jammer, the normalized throughput
II. Channel-hopping Schemes without channel-hopping can be obtained as:
DT − E (t )
In General, channel-hopping schemes allow users to Th2 = , (2)
ST + DT
hop to the next channel after certain amount of time. where E(t) is the average jammed time during DT as
We define this time duration as a Dwell Time (DT).
described in [2]. When we consider the channel-
And a time needed to hop is called switching time hopping scheme proposed in [2], the normalized
(ST) as shown in Fig. 1. It is possible to change the
throughput of a jammed station is expressed as:
DT because it has an impact on network throughput.
DT L − N  N σn 1
We assume that a jammer is smart in this work as Th j = + ∑  . (3)
used in [2]. When a jammer scans one channel, it
ST + DT L  n =1 ST + min{σ n + β t , DT }  L
takes one finding time (FT) and one ST. To simplify
the model, we assume that ST is equal to FT and it Considering M users, the normalized throughput can
takes t seconds. As a smart jammer uses back-to- be computed by:
back packets to jam a channel, as soon as a channel Th j + (Th j + β t − γ t ) × ( M − 1)
Th3 = . (4)
is detected, the jammer transmits packets during M
jamming time( β t ). After a β t , there is a finding time
III. Finding the hopping sequence of a smart jammer
to know if the channel is still used or not. If the
channel is not used anymore, the jammer switches to The hopping sequence of a jammer is a set of
another channel and restarts its scan process. Once a numbers, and each number corresponds to a channel.
user is jammed, an AP realizes jamming attack and To avoid jamming attack, it is highly interesting to
announces to all other users. Then, they switch to find the hopping sequence of a jammer. There are two
another channel. Let γ t be a summation of jamming possible ways to describe a scanning process of a
detection, announcement, and switching time. Let also jammer. First, it is possible that the jammer restarts

- 377 -
 한국통신학회 2015년도 추계종합학술발표회

from the beginning of sequence whenever it detects a
channel or it fails within a DT. This method is weak
for the jammer because it prevents itself to scan the
whole channels with the same frequency. The other
possible process, which is highly likely, is to follow
the hopping sequence in order regardless of detecting
a channel as described in Fig. 2.
hopping sequence of a jammer, the damage from the
jamming attack is significant as shown in Fig. 4.
However, the hopping sequence of a jammer is known
by an AP after 10 DT periods, the average normalized
throughput is significantly increased as depicted in Fig.
5. If the simulation time increases, the average
normalized throughput of the scheme will be as close
as to the highest normalized throughput Th1 . Indeed, as
there is no more jamming attack once an AP finds out
the hopping sequence of a jammer, the average
normalized throughput of the scheme can be
considered as the best normalized throughput.

Fig. 2 An example of how to find the hopping

sequence of a jammer (N=L).

A smart jammer can scan N channels during DT

(i.e., N = DT/(FT+ST)), therefore when N is equal to
the total number of channels L, then the jammer will
be able to scan all the channels within a DT. Thus,
there will be one jammed channel for every DT. If an
AP is able to record the exact time when the channel
is detected, we can find the hopping sequence of the
jammer by knowing one of its elements in every DT.
For example, as shown in Fig. 2, all users are using
channel 8 in the first DT, and a jammer detects that
channel after scanning 5 channels according to its Fig. 4 Normalized throughputs before finding out the
sequence. The AP is able to use this information and hopping sequence of a jammer
found out that 5th element of the hopping sequence of
the jammer is channel 8. After L times DT periods,
the whole hopping sequence of the jammer can be
found by the AP. Then, the AP will modify the
hopping sequence of users to prevent other jamming
attack. In this case, the time needed to find the
hopping sequence of the jammer is L×(DT+ST).
This method is also applicable in case N<L. Fig. 3
shows the process of finding out the hopping sequence
of a jammer when N is smaller than L.

Fig. 5 Normalized throughputs after finding out the

hopping sequence of a jammer

Fig. 3 An example of how to find the hopping

sequence of a jammer (N<L).
For the first DT period, channel 2 is jammed at T2.
Thus, the AP knows that 4 channels have been
scanned before channel 2 is detected. Therefore,
channel 2 is the 5th element of the hopping sequence
of a jammer. To find the other elements of this
sequence, the process is the same as in Fig. 2. After
finding out the sequence of a jammer, the AP is able
to protect users from jamming attack by modifying
users hopping sequence. We run the simulation to
show the effectiveness of finding hopping sequence of
a jammer. Fig. 4 and Fig. 5 show the performance
results when L=12, M=3, t=5ms, γ t = 2t, β t = 3t. The
average normalized throughput of the proposed scheme
[2] is in between Th1 and Th2 . Before finding the
IV. Conclusion
In this paper, we combined the proposed scheme in
[2] with a method we created to find the hopping
sequence of a smart jammer, in order to prevent the
jammer from attacking users. The simulation shows
that knowing the hopping sequence of the jammer is
significantly convenient regarding the average
normalized throughput offered to users.
References
[1] S. Shanken, D. Hughes, and T. Carter, “ Secure wireless
local area network (SWLAN),” in Proc. IEEE MILCOM,
vol. 2, pp. 886-891, Nov. 2004.
[2] Y. Kim, “ Throughput and Fairness Analysis of
Channel-Hopping under Smart Jammer Attacks in IEEE
802.11 WLANs” KICS Summer Conference, Jun. 2014.

- 378 -