Beruflich Dokumente
Kultur Dokumente
LAUNCHING AND
DETECTING JAMMING
ATTACKS IN WIRELESS
NETWORKS
ASHUTOSH TEWARI
RA1811028010067
OUTLINE
1. Introduction
2. Jamming Attack Models
3. Statistics for detecting jamming attacks
4. Jamming Detection with consistency checks
5. Related Work
6. Conclusion
INTRODUCTION
Wireless networks have gained great popularity. Is providing
security is a critical issue??
Need to
Need to
send m
send m
Is
Is No
No channel Backoff
channel Backoff idle?
idle?
Yes
Yes
start to
start to send m
send m
CONSTANT JAMMER
-60
CBR
-80
-60
-100 CBR
-80
-60
-100 MaxTraffic
-80
-60
-100 MaxTraffic
-80
-60
-100 Constant Jammer
-80
-60
Constant Jammer
(dBm)
-100
-80
-60
(dBm)
-80
-60
Deceptive Jammer
• Constant
RSSI
-80
-100
-60
-100
-60 Deceptive Jammer
-80
Constant Jammer
-80
-100
-60
RSSI (dBm)
RSSI (dBm)
-100
-60
-60 Deceptive Jammer
-80 CBR
-80
-100
-100
-60
-60 Reactive Jammer
-80 MaxT raffic
-80
-100
-100
-60
-60
Random
ConstantJammer
Jammer
-80
-80
RSSI (dBm)
-100
-100
0
-60 200 400 600 800 1000 1200 1400 1600
-80
sample sequence number Deceptive Jammer
• Random
-100
-60 Jammer- alternates between sleeping and jamming. Can
act as-80
constant or deceptive when jamming. Reactive
Takes Jammer
energy
conservation
-100
-60
into consideration.
Random Jammer
-80
-100
0 200 400 600 800 1000 1200 1400 1600
sample sequence number
-100
REACTIVE JAMMER
-60
MaxTraffic
-80
-100
-60
-60
Constant Jammer
CBR
-80
-80
RSSI (dBm)
-100
-100
-60
-60
MaxTraffic
Deceptive Jammer
-80
-80
-100
-100
-60
-60 Constant Jammer
-80 Reactive Jammer
RSSI (dBm)
-80
-100
-100
-60
-60
-80
Deceptive Jammer
Random Jammer
-80
-100
Reactive Jammer- other three are active this is not. It stays quiet
-60
-100
until-80there
0 is activity
200 400 on
600the 800
channel.
1000 This targets
Reactive
1200 1400 the
1600reception of
Jammer
sample sequence number
a message.
-100
-60
This style does not conserve energy however it may
be harder
-80
to detect. Random Jammer
-100
0 200 400 600 800 1000 1200 1400 1600
sample sequence number
HOW DO WE MEASURE
COMMUNICATION?
Packet Sent Ratio (PSR)-the ratio of packets successfully sent by a
legitimate sender
- MAC protocols, Carrier-Sensing and signal strength comparison
causing buffered and dropped packets
Packet Delivery Ratio (PDR)- ratio of packets successfully delivered
compared to sent(packets may be corrupt even if received)
- measured by receiver with pass CRC and preamble
- measured by sender with packets sent and ACK
EXPERIMENT SETUP Receiver B
• Normal nodes:
• Sender A
• Receiver B
• Jammer X
• Parameters
dAB
• Four jammers model dXB
• Distance
• Let dXB = dXA
• Fix dAB at 30 inches dXA
• Power
• PA = PB = P X = -4dBm
• MAC
• Fix MAC threshold Jammer X
• Adaptive MAC threshold (BMAC)
EXPERIMENT RESULTS
Constant Jammer
BMAC FixMAC
dxa (inch)
PSR(%) PDR(%) PSR(%) PDR(%)
Reactive Jammer
BMAC FixMAC
dxa (inch)
PSR(%) PDR(%) PSR(%) PDR(%)
• Signal Strength
Each device should gather its own statistics to make its own
decisions on the possibility of jamming
•We can not distinguish the reactive or random jammer from normal traffic
•A reactive or random jammer will alternate between busy and idle in the same way as normal traffic
behaves
•HOC will work for some jammer scenarios but are not powerful enough to detect all jammer scenarios
CARRIER SENSING TIME
802.11 uses CSMA and RTS/CTS so if the channel is occupied either
a time out or stuck in channel sensing
Establish an average sensing time during normal traffic to allow
you to compare when you may be jammed.
Only works with fixed signal strength not adaptive thresholds such
as BMAC.
Determine when large sensing times are results of jamming by
setting a threshold
Threshold set conservatively to reduce false positive (significance
testing)
CARRIER SENSING TIME ANALYSIS
Observations:
•It detects the Constant and Deceptive Jammer
Assumptions
Each node detects whether it is jammed
Each node maintains a neighbor list from routing layer
Network deployment is dense so each node has several neighbors
All legitimate nodes participate by sending heartbeat beacons( allows
for reliable estimate of PDR over time)
22
PRD/SIGNAL STRENGTH
CONSISTENCY
PDR< Threshold
No
Yes
Sample Signal
Strength Not Jammed
Yes
PDR
consistent
with SS
No
Jammed
4.1 Signal Strength Consistency Checks
Observed Normal relationships PDR VS. SS
SS(dBm)
•The Jammed region has above 99%
signal strength confidence intervals and
whose PDR is below 65%
PDR %
PDR VS
DISTANCE
Observations:
•Neighbors that are close should have
high PDR values, if they have low PDR
values they are Jammed