Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Jamming cannot be adequately addressed by common security mechanisms such as confidentiality, authentication, and integrity, because jamming targets at the basic transmission and reception capabilities of the physical devices. Moreover, none of the cryptographic constructions such as encryption/decryption can be directly adopted to solve the problem. Thus, we have to seek new solutions to deal with this severe attack.
[Hoang Nguyen; Alibi framework for identifying reactive jamming nodes in wireless LAN 2010] [Ying Xuan; On Trigger Detection Against Reactive Jamming Attacks: A Clique-Independent Set Based Approach
IEEE 2009]
Problem: Problem of identifying compromised nodes who launch reactive jamming attacks. Reactive jamming is a very challenging problem because the attackers are assumed to know any shared secret and protocols in the network and try to stay undetected as long as possible while maximizing the damage done to the network First, many approaches are only concerned about how to build jamming-resistant communications without identifying the source of jamming. Jamming-resistant communications are necessary but not sufficient because as long as the jamming nodes are not identified, they always have effective jamming attacks on the network. Second, there are also several works on identifying mis-behaving nodes. However, because the attackers leave no identity information in the jammed packets detection systems relying on identity clues to infer nodes causing the jammed packet do not work
The jamming attack can be easily launched since it can be implemented by simply listening to the open medium and broadcasting in the same frequency band as the sensor networks. Many existing countermeasures against jamming focus on spread spectrum Traditional method (Physical Layer): 1.DSSS 2. FHSS Drawbacks: too costly for the energy and frequency constrained sensor networks To successfully communicate under jamming attack, both sender and receiver need to know the same hopping or spreading sequence beforehand and keep it secret. Uncoordinated frequency hopping (UFHSS) and direct spread spectrum (UDSSS) have been proposed to enable key establishment between a pair of nodes without a pre-shared secret under a jammer.
Disadvantage: These approaches are typically not applicable to WSNs since they are designed for one-to-one communication or require sophisticated wireless interface to support direct spread spectrum. Group-based schemes: Broadcast communication, group-based schemes have been proposed. The idea is to divide receivers into multiple broadcast groups and different groups use predefined different channels. A compromised receiver can only jam the communication in the same group. Then, a divide-and-conquer strategy is applied to remove malicious receivers. Disadvantage: Require a large number of available channels. Otherwise, the compromised nodes could coordinate to jam all channels in a group. Channel surfing algorithm: Channel surfing to deal with a narrow-band and intermittent jammer. Basic idea is to let sensor nodes switch channels in a way that the jammer cannot predict them. All nodes switch to a different channel to evade jamming after jamming is detected C(n + 1) = FK(C(n)) where K is a group key shared by all nodes, F is a pseudorandom function and C(n) is the original channel used before jamming. Problem: This technique is limited to outsider attacks and it does not work under node compromises since an insider attacker knows the group key K and the function F. Other methods: wormhole-based anti-jamming techniques[1], channel surfing [2] and timing channel [3]. Security schemes against Jamming
detection techniques, proactive countermeasures, reactive countermeasures, and mobile agent (MA)-based countermeasures.
The first strategy involves avoiding the jammer in either the spectral or spatial sense, and can be achieved by changing channel allocations or, in mobile sensor networks, by moving nodes away from the jammer. The second strategy involves competing with the jammer by adjusting the transmission power levels and employing error correction in order to have more resilience against jamming.
Definition: Jamming is defined as the act of intentionally directing electromagnetic energy towards a communication system to disrupt or prevent signal transmission. This can be achieved by the jammer by attacking at the physical layer or at the data-link layer. [Definition: In the jamming attack, an attacker injects a high level of noise into the wireless system which significantly reduces the signal to noise and interference ratio (SINR) and reducing probability of successful message receptions.] At the physical layer, the jammer can only jam the receiver by transmitting at high power at the network frequency and lowering the signal-to noise ratio below the receivers threshold; however, it cannot prevent the transmitter from transmitting, and hence it cannot jam the transmitter. At the data link layer, it can jam the receiver by corrupting legitimate packets through protocol violations, and can also jam the transmitter by preventing it to transmit by capturing the carrier through continuous transmission The main difference between jamming and RF interference (RFI) is that the former is intentional and against a specific target while the latter is unintentional, as a result of nearby transmitters that transmit in the same or very close frequencies
There are two classifications of jamming attacks [1]: _ Physical layer jamming. _ By ignoring MAC layer rules.
4. Reactive Jammer: Quiet when the channel is idle, transmits when it senses channel activity Targets
the reception of a message and harder to detect. It is most effective but not very energy-efficient as it spends considerable amount of energy in constantly listening to the network.
1. Spot Jammer: A jammer which knows the exact radio frequency of the target network, and attacks the
network on that frequency (spot frequency) only. It requires less power to jam the network, and is the most efficient and effective jammer. Disadvantage: The target network can change the frequency (channel surfing/frequency hopping) to evade jamming 2. Sweep Jammer: A jammer which does not know the target frequency, and therefore sweeps across the probable spectrum either periodically or aperiodically, thus jamming the affected networks temporarily. 3. Barrage Jammers: It cover a large bandwidth of the radio spectrum at a time, leaving very little scope for the target network to evade jamming. In barrage jamming, a range of frequencies is jammed at the same time. Its main advantage is that it is able to jam multiple frequencies at once with enough power to decrease the SNR ratio of the enemy receivers. However, as the range of the jammed frequencies grows bigger the output power of the jamming is reduced proportionally.
[Rajani, M.; Jamming attack detection and countermeasures in wireless sensor network using ant system. 2006] Single-Tone Jammer attacks one channel at a time (akin to Spot Jammer) Multi-Tone Jammer can attack some or all the channels of a multi-channel receiver Pulsed-Noise Jammer is a wide band jammer, sending pulsed jamming signals by turning on and off periodically at a slow or fast rate. Electronic Intelligence (ELINT): as they describe, is typically a passive system that tries to break down or analyze radar or communication TCF signals, and thus, strictly speaking, is not a jamming attack model.
[Sudip Misra; using honeynodes for defense against jamming attacks in wireless infrastructure-based networks ELSIVIER 2010]
Existing techniques A thorough study was carried out to determine the various existing techniques used to mitigate jamming attacks in wireless networks. _ _ _ _ _ Channel Surfing Spatial Retreats Using Wormholes Mapping jammed regions Spread Spectrum Techniques
Channel Surfing: Channel Surfing is based on a spectral evasion mechanism in which a node under jamming attack follows the mitigation strategy of moving away to a different channel of operation. On detection of an attack, the nodes change their channel of operation on the basis of a pre-defined pseudorandom sequence communicated to them during association. An access point frequently sends beacons to all its associated nodes to check if they are still with it or not. If any of them does not respond to its beacon, it issues a channel change command telling all the remaining nodes to jump to a new channel of operation decided as per the pre-defined pseudorandom sequence. Spatial Retreats: Spatial Retreats algorithm is based on spatial evasion. Access points are immobile components of the network and remain stationary, but normal associated nodes move from the region of their current access point (which is currently being jammed) to the region of an emergency access point based on the emergency access point list given to them by their access point during association. The node while moving away from its access point towards the emergency access point tries to connect to its jammed access point. If a connection is found, the node stops moving, else, it moves into the zone of the emergency access point and gets associated with it through a proper handoff mechanism. Using Wormholes: In wormhole attacks, two or more attackers act as a single attacker through a coordinated attack mechanism. A similar mechanism in which a jammed node communicates with an un-jammed node through an un-jammed medium is followed for attack mitigation. The un-jammed shared medium is referred to as wormhole. Jammed region mapping: Rather than focussing on counter measures of any sort, this technique concentrates on mapping out the jammed region by defining a mapping protocol. This is based on the responses received by the nodes which lie on the boundary of the jammed region. The aim is to mitigate the impact of a jammer by identifying and isolating the jammed region, and then trying to determine alternate routing paths for the data packets. Spread spectrum techniques: The traditional systems try hard to forcibly push-in maximum amount of information into the minimum amount of available bandwidth. High-power jamming frequency covering the frequency band of the particular system can easily jam the system. In spread spectrum systems, the signal is spread over a range of bandwidth in the widest possible manner, thereby making the communication very hard to be detected and jammed. There are two different types of spread spectrum techniques that can be used. These are direct sequence spread spectrum (DSSS) [7,16,18] and frequency
Drawbacks: too costly for the energy and frequency constrained sensor networks To successfully communicate under jamming attack, both sender and receiver need to know the same hopping or spreading sequence beforehand and keep it secret.
Channel Surfing, Spatial Retreats and Wormholes-based mechanisms do not suffer from the aforementioned problem, but they do have their own drawbacks. Spatial Retreats has a serious drawback that it involves physically moving mobile nodes from the range of the jammed access point to the range of an emergency access point. This restricts the mobility of the nodes. A better solution is using Wormholes, but it requires providing an additional secure channel between all node pairs. Another aspect that is missing in all of the techniques discussed so far is that they only provide attack mitigation mechanisms, but not attack prevention mechanisms. We believe that the presence of an attack prevention mechanism would reduce the network downtime considerably. Spread spectrum techniques are very effective in coping with jamming attacks, but the amount of bandwidth that they consume for transferring small quantity of information, in addition to the complexity of transmitters and receivers required for their operation renders them impractical for everyday communication. However, where security is of utmost importance, they are considered to be amongst the best defense mechanisms currently available. Channel Surfing provides a continuous service with minimal resource consumption and additional infrastructure requirement. Hence, it provides a solution which can be easily integrated into the existing network architecture.
A. Basic statistical methods Signal Strength: Using low transmitted power decreases the discovery probability from an attacker (an attacker must locate rst the target before transmitting jamming signal).Higher transmitted power implies higher resistance against jamming because a stronger jamming signal is needed to overcome the original signal. Carrier Sensing Time: Packet Delivery Ratio: The ratio of the number of packets successfully sent out by the node (i.e., the number of packets for which the node has got the acknowledgement from the destination) to the total number of packets sent out by the node. The PDR is calculated by keeping counts of the acknowledgements of the successfully delivered packets and the total number of packets sent by the node and then by finding their ratio as a percentage. Packet send ratio: PSR of a node as the ratio of the number of packets actually sent by the node during a given time period to the number of packets intended to be sent by the node during that given period.