jamming attacks first review
Post on 01-Nov-2014
696 Views
Preview:
DESCRIPTION
TRANSCRIPT
PACKET-HIDING METHODS FOR PREVENTING SELECTIVE
JAMMING ATTACKS
ABSTRACT
The open nature of the wireless medium leaves it vulnerable to intentional interference attacks,
typically referred to as jamming. This intentional interference with wireless transmissions can be
used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically,
jamming has been addressed under an external threat model. However, adversaries with internal
knowledge of protocol specifications and network secrets can launch low-effort jamming attacks
that are difficult to detect and counter. In this work, we address the problem of selective jamming
attacks in wireless networks. In these attacks, the adversary is active only for a short period of
time, selectively targeting messages of high importance. We illustrate the advantages of selective
jamming in terms of network performance degradation and adversary effort by presenting two
case studies; a selective attack on TCP and one on routing. We show that selective jamming
attacks can be launched by performing real-time packet classification at the physical layer. To
mitigate these attacks, we develop three schemes that prevent real-time packet classification by
combining cryptographic primitives with physical-layer attributes.
AIM
Selective jamming attacks can be launched by performing real-time packet classification at the
physical layer. To mitigate Selective jamming attacks, three schemes that prevent real-time
packet classification by combining cryptographic primitives with physical-layer attributes to be
proposed.
SCOPE
The open nature of the wireless medium leaves it vulnerable to intentional interference attacks,
typically referred to as jamming. This intentional interference with wireless transmissions can be
used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically,
jamming has been addressed under an external threat model.
OBJECTIVES
To check the feasibility of realtime packet classification for launching selective jamming attacks,
under an internal threat model. Such attacks are relatively easy to actualize by exploiting
knowledge of network protocols and cryptographic primitives extracted from compromised
nodes. To study the impact of selective jamming on critical network functions. The selective
jamming attacks may lead to DoS with very low effort on behalf of the jammer. To mitigate such
attacks, three schemes have been proposed that prevent classification of transmitted packets in
real time.
OVERVIEW
Uninterrupted availability of the wireless medium is availed to wireless networks to interconnect
participating nodes. Wireless networks are highly vulnerable to multiple security threats.
Attacker with a transceiver can eavesdrop on wireless transmissions, inject spurious messages, or
jam legitimate ones. While eavesdropping and message injection can be prevented using
cryptographic methods, jamming attacks are much harder to counter. In the proposed system, we
consider the internal threat model. Under Jamming attacks, the adversary interferes with the
reception of messages by transmitting a continuous jamming signal, or several short jamming
pulses.
EXISTING SYSTEM
Jamming attacks have been considered under an external threat model, in which the jammer is
not part of the network. Under this model, jamming strategies include the continuous or random
transmission of highpower interference signals.
Anti-jamming techniques rely extensively on spread-spectrum (SS) communications, or some
form of jamming evasion (e.g., slow frequency hopping, or spatial retreats). SS techniques
provide bit-level protection by spreading bits according to a secret pseudo-noise (PN) code,
known only to the communicating parties. These methods can only protect wireless
transmissions under the external threat model.
Always-on strategy has the continuous presence of unusually high interference levels makes this
type of attacks easy to detect
DISADVANTAGES
Jamming attacks under internal threat model is not considered.
Always-on strategy has disadvantages such as, first the adversary has to expend a
significant amount of energy to jam frequency bands of interest.
PROPOSED SYSTEM
The problem of jamming under an internal threat model has been considered. Adversary who is
aware of network secrets and the implementation details of network protocols at any layer in the
network stack has been designed.
The adversary exploits the internal knowledge for launching selective jamming attacks in which
specific messages of “high importance” are targeted.
A jammer can target route-request/route-reply messages at the routing layer to prevent route
discovery, or target TCP acknowledgments in a TCP session to severely degrade the throughput
of an end-to-end flow.
ADVANTAGES
Internal threat model has been considered
DoS attack can be avoided
Three schemes such as Hiding Based On Commitments, A Strong Hiding Commitment
Scheme (Shcs) and Hiding Based On Cryptographic Puzzles has been proposed
Strong security properties
Minimal impact on the network performance
LITERATURE SUMMARY
Selective jamming attacks
Thuente studied the impact of an external selective jammer who targets various control packets
at the MAC layer. To perform packet classification, the adversary exploits inter-packet timing
information to infer eminent packet transmissions.
Law et al. proposed the estimation of the probability distribution of inter-packet transmission
times for different packet types based on network traffic analysis. Future transmissions at various
layers were predicted using estimated timing information.
Brown et al. illustrated the feasibility of selective jamming based on protocol semantics. They
considered several packet identifiers for encrypted packets such as packet size, precise timing
information of different protocols, and physical signal sensing. To prevent selectivity, the
unification of packet characteristics such as the minimum length and inter-packet timing was
proposed. Similar packet classification techniques were investigated.
Liu et al. considered a smart jammer that takes into account protocol specifics to optimize its
jamming strategy. The adversary was assumed to target control messages at different layers of
the network stack. To mitigate smart jamming, the authors proposed the SPREAD system, which
is based on the idea of stochastic selection between a collection of parallel protocols at each
layer.
Greenstein et al. presented a 802.11-like wireless protocol called Slyfi that prevents the
classification of packets by external observers. This protocol hides all explicit identifiers from
the transmitted packets, by encrypting them with keys only known to the intended receivers.
Wilhelm et al. implemented a USRP2-based jamming platform called RFReact that enables
selective and reactive jamming. RFReact was shown to be agnostic to technology standards and
readily adaptable to any desired jamming strategy.
Blapa et al. studied selective jamming attacks against the rate-adaptationmechanism of 802.11.
They showed that a selective jammer targeting specific packets in a point-topoint 802.11
communication was able to reduce the rate of the communication to the minimum value of 1
Mbps, with relatively little effort.
Several researchers have suggested channel-selective jamming attacks, in which the jammer
targets the broadcast control channel. It was shown that such attacks reduce the required power
for performing a DoS attack by several orders of magnitude. To protect control-channel traffic,
the replication of control transmission in multiple channels was suggested. The “locations” of the
control channels where cryptographically protected.
Lazos et al. proposed a randomized frequency hopping algorithm to protect the control channel
from inside jammers. Strasser et al. proposed a frequency hopping anti-jamming technique that
does not require the existence of a secret hopping sequence, shared between the communicating
parties.
Non-Selective Jamming Attacks
Conventional methods for mitigating jamming employ some form of SS communications. The
transmitted signal is spread to a larger bandwidth following a PN sequence. Without the
knowledge of this sequence, a large amount of energy is required to interfere with an ongoing
transmission. However, in the case of broadcast communications, compromise of commonly
shared PN codes neutralizes the advantages of SS.
P¨opper et al. proposed a jamming-resistant communication model for pairwise communications
that does not rely on shared secrets. Communicating nodes use a physical layer modulation
method called Uncoordinated Direct- Sequence Spread Spectrum (UDSSS). They also proposed,
a jamming-resistant broadcast method in which transmissions are spread according to PN codes
randomly selected from a public codebook. Several other schemes eliminate overall the need for
secret PN codes.
Lin et al. showed that jamming 13% of a packet is sufficient to overcome the ECC capabilities of
the receiver.
Xu et al. categorized jammers into four models: (a) a constant jammer, (b) a deceptive jammer
that broadcasts fabricated messages, (c) a random jammer, and (d) a reactive jammer that jams
only if activity is sensed. They further studied the problem of detecting the presence of jammers
by measuring performance metrics such as packet delivery ratio.
Cagalj et al. proposed wormhole-based antijamming techniques for wireless sensor networks
(WSNs). Using a wormhole link, sensors within the jammed region establish communications
with outside nodes, and notify them regarding ongoing jamming attacks.
LITERATURE REVIEW
Jamming and Sensing of Encrypted Wireless Ad Hoc Networks
Timothy X Brown Jesse E. James Amita Sethi, In Proceedings of MobiHoc
This paper considers the problem of an attacker disrupting an encrypted victim wireless ad hoc network through
jamming. Jamming is broken down into layers and this paper focuses on jamming at the Transport/Network layer.
Jamming at this layer exploits AODV and TCP protocols and is shown to be very effective in simulated and real
networks when it can sense victim packet types, but the encryption is assumed to mask the entire header and
contents of the packet so that only packet size, timing, and sequence is available to the attacker for sensing. A sensor
is developed that consists of four components. The first is a probabilistic model of the sizes and inter-packet timing
of different packet types. The second is a historical method for detecting known protocol sequences that is used to
develop the probabilistic models, the third is an active jamming mechanism to force the victim network to produce
known sequences for the historical analyzer, and the fourth is the online classifier that makes packet type
classification decisions. The method is tested on live data and found that for many packet types the classification is
highly reliable. The relative roles of size, timing, and sequence are discussed along with the implications for making
networks more secure.
Wormhole-Based Anti-Jamming Techniques in Sensor Networks
M. Cagalj, S. Capkun, and J.-P. Hubaux, IEEE Transactions on Mobile Computing, 6(1):100–114, 2007
Due to their very nature, wireless sensor networks are probably the most vulnerable category of wireless networks to
“radio channel jamming”-based Denial-of-Service (DoS) attacks: An adversary can easily mask the events that the
sensor network should detect by stealthily jamming an appropriate subset of the nodes; in this way, he prevents them
to report what they are sensing to the network operator. Therefore, in spite of the fact that an event is sensed by one
or several nodes (and the sensor network is otherwise fully connected), the network operator cannot be informed on
time. We show how the sensor nodes can exploit channel diversity in order to establish wormholes out of the
jammed region, through which an alarm can be transmitted to the network operator. We propose three solutions: the
first is based on wired pairs of sensors, the second relies on frequency hopping, and the third is based on a novel
concept called uncoordinated channel hopping. We develop appropriate mathematical models to study the proposed
solutions.
Energy-Efficient Link-Layer Jamming Attacks against Wireless Sensor Network MAC
Protocols
Y. W. Law, M. Palaniswami, L. V. Hoesel, J. Doumen, P. Hartel, and P. Havinga., ACM Transactions on Sensors
Networks, 5(1):1–38, 2009.
A typical wireless sensor node has little protection against radio jamming. The situation becomes worse if energy-
efficient jamming can be achieved by exploiting knowledge of the data link layer. Encrypting the packets may help
to prevent the jammer from taking actions based on the content of the packets, but the temporal arrangement of the
packets induced by the nature of the protocol might unravel patterns that the jammer can take advantage of, even
when the packets are encrypted. By looking at the packet interarrival times in three representative MAC protocols,
S-MAC, LMAC and B-MAC, we derive several jamming attacks that allow the jammer to jam S-MAC, LMAC and
B-MAC energy-efficiently. The jamming attacks are based on realistic assumptions. The algorithms are described in
detail and simulated. The effectiveness and efficiency of the attacks are examined. In addition, we validate our
simulation model by comparing its results with measurements obtained from implementation on sensor node
prototypes. We show that it takes little effort to implement such effective jammers, making them a realistic treat.
Careful analysis of other protocols belonging to the respective categories of S-MAC, LMAC and B-MAC reveals
that those protocols are, to some extent, also susceptible to our attacks. The result of this investigation provides new
insights into the security considerations of MAC protocols.
Mitigating Control-Channel Jamming Attacks in Multi-channel Ad Hoc Networks
Loukas Lazos, Sisi Liu, and Marwan Krunz Dept. of Electrical and Computer Engineering, University of Arizona,
Tucson, AZ, USA
We address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the
traditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary
who exploits knowledge of the protocol mechanics along with cryptographic quantities extracted from compromised
nodes to maximize the impact of his attack on higher-layer functions. We propose new security metrics that quantify
the ability of the adversary to deny access to the control channel, and the overall delay incurred in re-establishing the
control channel. We also propose a randomized distributed scheme that allows nodes to establish a new control
channel using frequency hopping. Our method differs from classic frequency hopping in that no two nodes share the
same hopping sequence, thus mitigating the impact of node compromise. Furthermore, a compromised node is
uniquely identified through its hop sequence, leading to its isolation from any future information regarding the
frequency location of the control channel.
The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks
Wenyuan Xu, Wade Trappe, Yanyong Zhang and Timothy Wood Wireless Information Network Laboratory (WINLAB)
Rutgers University, 73 Brett Rd., Piscataway, NJ 08854
Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style
attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not
follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless
networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine
radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference
attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming
attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable
the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability
of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for
detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably
classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are
unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery
ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether
poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for
reliably classifying the presence of a jammer is an important observation, and necessitates the development of
enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose
two enhanced detection protocols that employ consistency checking. The ¯rst scheme employs signal strength
measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs
location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and
effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.
HARDWARE REQUIREMENTS
Processor : Any Processor above 500 MHz.
Ram : 128Mb.
Hard Disk : 10 GB.
Input device : Standard Keyboard and Mouse.
Output device : VGA and High Resolution Monitor.
SOFTWARE REQUIREMENTS
Operating System : Windows Family.
Programming package : JDK 1.6 or higher
IDE Tools Used : Netbeans 6.1
SYSTEM ARCHITECTURE
When a sender wants to send a data to receiver, sender hides the data and sends in secure
manner. There are four techniques used to for hiding the data, which are Strong hiding
Commitment Scheme, Cryptography puzzle based hiding scheme, All or nothing based scheme
and MD5 scheme, in MD5 scheme, apart from data hiding the sequence of packet receives also
checked at the receiver side. An attacker module is designed to show the impact of data
jamming. The message hiding technique is followed to send data by avoiding jamming attack.
Sender Select Hiding Technique
SHCS
CPHS
AONT
MD5
Encrypted message
Attacker
Decrypted message
key
Receiver
unblock
APPLICATIONS USED
Wireless networks are widely used include cellular phones which are part of everyday wireless
networks, allowing easy personal communications. Another example, Inter-continental network
systems, use radio satellites to communicate across the world. Emergency services such as the
police utilize wireless networks to communicate effectively as well. Individuals and businesses
use wireless networks to send and share data rapidly, whether it be in a small office building or
across the world.
Function requirements
USE CASE ACTORS DESCRIPTION
Sender transmits data Client Data has been chosen to send to receiver. While
sending the data, for avoiding jamming attacks
different types hiding techniques are used.
Intermediate Node Attacker Data packet sent by sender can be received by
attacker, when the attacker is in unblock mode
Sender Client Relay node is chosen to send data packets
Receiver receives data Server Server receives data from client. Server has to
give the key value to retrieve the encrypted data.
Non functional requirement
Area Codes & Standards / Realistic Constraints
Economic This project is very economical as it only depends on the software
components to be downloaded from the internet
Performance This project Performance is high when compared with other file transfer
mechanisms
Reliability This project provides reliability because of the efficient usage of TCP
protocol
Security This project focuses on applying security concepts for authenticating the
application.
Manufacturabilit
y
This project can be easily replicated. This requires complete
schematics, complete and documented code listings, JAVA SWING,
produced in a file format accessible by software available at JAVA
MODULES
Adversary Design
Packet Classification
A Strong Hiding Commitment Scheme
Cryptographic Puzzle Hiding Scheme
Hiding Based On All-Or-Nothing Transformations
Hiding Based On Md5
ADVERSARY DESIGN
Adversary is in control of the communication medium and can jam messages at any part of the
network of his choosing. The adversary can operate in full-duplex mode, thus being able to
receive and transmit simultaneously. This can be achieved, for example, with the use of multi-
radio transceivers. Adversary is equipped with directional antennas that enable the reception of a
signal from one node and jamming of the same signal at another. It is assumed that the adversary
can pro-actively jam a number of bits just below the ECC capability early in the transmission.
When the adversary is introduced, the data packets from the node cannot be reached at receiver.
PACKET CLASSIFICATION
At the Physical layer, a packet m is encoded, interleaved, and modulated before it is transmitted
over the wireless channel. At the receiver, the signal is demodulated, deinterleaved and decoded
to recover the original packet m. Nodes A and B communicate via a wireless link. Within the
communication range of both A and B there is a jamming node J. When A transmits a packet m
to B, node J classifies m by receiving only the first few bytes of m. J then corrupts m beyond
recovery by interfering with its reception at B.
A STRONG HIDING COMMITMENT SCHEME
A strong hiding commitment scheme (SHCS), which is based on symmetric cryptography.
Assume that the sender has a packet for Receiver. First, S (Sender) constructs commit( message )
the commitment function is an off-the-shelf symmetric encryption algorithm is a publicly known
permutation, and k is a randomly selected key of some desired key length s (the length of k is a
security parameter). The role of the committer is assumed by the transmitting node S. The role of
the verifier is assumed by any receiver R, including the jammer J. The committed value m is the
packet that S wants to communicate to R. To transmit m, the sender computes the corresponding
commitment/decommitment pair (C, d), and broadcasts C. The hiding property ensures that m is
not revealed during the transmission of C. To reveal m, the sender releases the decommitment
value d, in which case m is obtained by all receivers, including J.
CRYPTOGRAPHIC PUZZLE HIDING SCHEME
A sender S have a packet m for transmission. The sender selects a random key k , of a desired
length. S generates a puzzle (key, time), where puzzle() denotes the puzzle generator function,
and tp denotes the time required for the solution of the puzzle. Parameter is measured in units of
time, and it is directly dependent on the assumed computational capability of the adversary,
denoted by N and measured in computational operations per second. After generating the puzzle
P, the sender broadcasts (C, P). At the receiver side, any receiver R solves the received puzzle to
recover key and then computes the packet. Server to solve the puzzle in time tp and solved
puzzle should be correct get the data packet at server.
HIDING BASED ON ALL-OR-NOTHING TRANSFORMATIONS
The packets are pre-processed by an AONT before transmission but remain unencrypted. The
jammer cannot perform packet classification until all pseudo-messages corresponding to the
original packet have been received and the inverse transformation has been applied. Packet m is
partitioned to a set of x input blocks m = {m1, m2,m3….}, which serve as an input to an The set
of pseudo-messages m = {m1, m2,m3,…..} is transmitted over the wireless medium.
HIDING BASED ON MD5
A sender S have a packet m for transmission. The sender selects a random key k , of a desired
length. The message m is split into number blocks {m1,m2,…mn}and the message blocks are
encrypted using md5. The role of the Receiver R is to receive the multiple blocks of data packets
and decrypt them. The pre-computed MD5 checksum for the files, so that a user can compare the
checksum of the downloaded file to it. The receiver also perform the packet sequence checking
while receiving the data packet.
MODULE DIAGRAM –Packet Classification
Message Hiding technique
Encrypted Content
ReceiverDecrypted Message
key
unblockIntermediate
jammer
MODULE DIAGRAM -Strong Hiding Commitment Scheme
MODULE DIAGRAM - Cryptographic Puzzle Hiding Scheme
Sender Message SHCS
Encrypted Content
ReceiverDecrypted Message
key
Sender Message CPHS
Encrypted Content
puzzle
Generate random key
Generate puzzle & time line
Receiver
In time
Decrypted Message
Discarded
else
MODULE DIAGRAM - An AONT-based Hiding Scheme
MODULE DIAGRAM – MD5 Algorithm
Sender Message AONT
Encrypted Content
key
Generate key
ReceiverDecrypted Message
Message blocks
Sender Message MD5
key
Generate key
ReceiverDecrypted Message
Message blocks
Check packet sequence
Round trips
Encrypted blocks
USE CASE DIAGRAM
Normal node chooses data to send and the data is encrypted using SHCS/ CPHS/AONT/MD5
and send to receiver, sender shares the decrypt key to decrypt the data. Intruder is considered as
one of the other user, who tries blocking the data content while sending normally.
Normal node
Intruder
Receiver
Select data to transmit
Encrypted data
Decrypted data
SHCS
AONT
MD5
Block contentCPHS
Normal mode
SEQUENCE DIAGRAM
Node are initialized and chooses data to send and the data is encrypted using SHCS/
CPHS/AONT/MD5 and send to receiver, sender shares the decrypt key to decrypt the data.
Intruder is considered as one of the other user, who tries blocking the data content while sending
normally.
Node Algorithm Selection
Intruder Server
Select data to send
SHCS/CPHS/AONT/ MD5
Send data without hiding scheme
Encrypted data
Share key to decrypt
COLALBORATION DIAGRAM
First step that nodes are initialized and data selected to send to the receiver is the second step.
Selecting the hiding technique is the third step and then encrypted data send to server is the fifth
step.
Node initialization
Data selection
Algorithm Selection
Send data normal mode
Receiver
1:select data
2:no encryption3:select type
4:encryption
5:send
Encrypted data
ACTIVITY DIAGRAM
When the node selects data to send, the data is encrypted via any of the hiding techniques such as
SHCS/CPSH/AONT/MD5. When the data is sent via normal mode without using any of the
hiding technique, then it can be blocked by intruder.
Node
Select data
Encrypted data
Normal data
Yes
No
Select Hiding type
ReceiverIntruder
CONCLUSION
Selective jamming attacks in wireless networks have been studied. We considered an internal
adversary model in which the jammer is part of the network under attack, thus being aware of the
protocol specifications and shared network secrets. Jammer can classify transmitted packets in
real time by decoding the first few symbols of an ongoing transmission. The impact of selective
jamming attacks is evaluated on network protocols such as TCP and routing. Three schemes
have been proposed that transform a selective jammer to a random one by preventing real-time
packet classification. The schemes combine cryptographic primitives such as commitment
schemes, cryptographic puzzles, and all-or-nothing transformations (AONTs) with physical layer
characteristics.
REFERENCES
[1] T. X. Brown, J. E. James, and A. Sethi. Jamming and sensing of encrypted wireless ad hoc
networks. In Proceedings of MobiHoc, pages 120–130, 2006.
[2] M. Cagalj, S. Capkun, and J.-P. Hubaux. Wormhole-based antijamming techniques in sensor
networks. IEEE Transactions on Mobile Computing, 6(1):100–114, 2007.
[3] A. Chan, X. Liu, G. Noubir, and B. Thapa. Control channel jamming: Resilience and
identification of traitors. In Proceedings of ISIT, 2007.
[4] T. Dempsey, G. Sahin, Y. Morton, and C. Hopper. Intelligent sensing and classification in ad
hoc networks: a case study. Aerospace and Electronic Systems Magazine, IEEE, 24(8):23–30,
August 2009.
[5] Y. Desmedt. Broadcast anti-jamming systems. Computer Networks, 35(2-3):223–236,
February 2001.
[6] K. Gaj and P. Chodowiec. FPGA and ASIC implementations of AES. Cryptographic
Engineering, pages 235–294, 2009.
[7] O. Goldreich. Foundations of cryptography: Basic applications. Cambridge University Press,
2004.
[8] B. Greenstein, D. Mccoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving
wireless privacy with an identifier-free link layer protocol. In Proceedings of MobiSys, 2008.
[9] A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection
depletion attacks. In Proceedings of NDSS, pages 151–165, 1999.
top related