layer model for reducing malware jamming attacks
DESCRIPTION
Wireless connectivity huge range results itexposed to selective interference attacks, well known asjamming. The thought of interrupting with wirelesstransmissions will form as a platform and increases ofDenial-of-Service attacks on wireless connectivity. As acritical situation, jamming has been known under anexternal threat model. Moreover, antagonist of perfect skillsof protocol requirements and network confidential thingsmakes invisible jamming attacks that won’t come undernotice. In this paper, we identify crisis of selective jammingattacks in wireless connectivity. Such attacks, the attackerwork on these attacks very less time only, gives mostpreference to the information which was passed throughmessages. Explanation of benefits of choosen jammingbased on network performance was presented in two realtime applications or case studies. A chosen attack on TCPand another is on routing.TRANSCRIPT
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3450
Layer Model For Reducing Malware Jamming Attacks S.Ramesh, (M.Tech)
Student, CSE Dept, VBIT
Abstract — Wireless connectivity huge range results it
exposed to selective interference attacks, well known as
jamming. The thought of interrupting with wireless
transmissions will form as a platform and increases of
Denial-of-Service attacks on wireless connectivity. As a
critical situation, jamming has been known under an
external threat model. Moreover, antagonist of perfect skills
of protocol requirements and network confidential things
makes invisible jamming attacks that won’t come under
notice. In this paper, we identify crisis of selective jamming
attacks in wireless connectivity. Such attacks, the attacker
work on these attacks very less time only, gives most
preference to the information which was passed through
messages. Explanation of benefits of choosen jamming
based on network performance was presented in two real
time applications or case studies. A chosen attack on TCP
and another is on routing. We explore that selecting
jamming attacks are cause of doing packets which of real-
time were declared at physical layer. To make cautious
about the attacks, we created three schemes that restrict
packet in reality classification by attaching cryptographic
primitives with physical-layer attributes. We guess the
security of our approaches and calculate their
computational and communication in future.
I. IN TRO DU C TI ON
In Wireless networks nodes have to interconnect with
each other in wireless connectivity to process continuously
without any interruptions. Moreover, the open nature of this
security threats. Attackers with a transceiver can easily
create some interruptions on wireless transmissions, like
adding some un wanted messages, or jamming. While
monitoring and message injection we are capable of
preventing those attacks with the help of cryptographic
Prof. Ch. Anil Carie, M.Tech Asst. Professor, VBIT
methods, jamming attacks are critical to prevent. Those create
most Denial-of-Service (DoS) attacks opposite wireless
networks. They create it as normal jamming, that we think but
they usually send uninterrupted jamming signal and they used
to send unwanted messages continuously. If jammer is not a
part of the jammer then it is treated as external threat. Cause of
this model, jamming makes uninterrupted or random
transmission of exotic interference signals. The concept of
“always-on” results many problems. First thing it has to
transmit continuous transmission signals to the nodes
continuously which they are in need. And next one is due to
continuous high transmission there will be problem of
attacking. The purpose of anti-jamming method based on
spread-spectrum communications, or may be like jamming
evasion. SS techniques works on by providing bit-level
protection by exploring bits based upon a secret pseudo-noise
code, well known in the communicating parties only. These
types of techniques can only protect wireless transmissions case
of external threat model. Hiding of secrets due to node
adjusting neutralizes the advantages of SS. Broadcast
communications are have to be aware of all secret bits to
prevent the internal jamming threats. As per technique
adjustments a single receiver is capable to reveal relevant
cryptographic data. In this paper, we mention the crisis of
jamming under an internal threat model. We under taken a
sophisticated adversary who is aware of network secrets and
taking into process or reality details of network protocols not
only in physical layer at any one in the stack of network. The
method adversary was developed based on internal knowledge
is only for launching chosen jamming attacks in which
particular messages of “high Importance” are triggered. Those
situations in reality are be like as, a jammer can target route-
request or reply messages at the routing layer to block route
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3451
discovery, or target TCP updates in a TCP session to
critically degrade the result of an end-to-end flow. To
create chosen jamming attacks, the adversary must be
efficient of developing a “classify-then-jam” position
before the finishing of a wireless transmission. Those
situations can be declared by two ways one is classifying
transmitted packets using protocol semantics and another
way is by decoding packets. In last method, the jammers
have chances by decode the initial few bits
of a packet for backup and useful packet identifiers such as
packet type, source and receiver address. After declaring,
the adversary must induce a perfect number of bit errors so
that the packet is not able to backup at the receiver. Chosen
jamming needs acknowledgement knowledge of not only
physical (PHY) layer at the same time of upper layers in
network stack.
II. SY S TEM EV A LU A TI O N
Network module We identifies the crisis of blocking interruptive jamming
node from allocating m in real time, thus moderating J’s
performance to do work on jamming. The network
contains a collection of nodes attached through wireless
communications. Nodes is of free to interact directly in the
case of they are within communication premises, or
indirectly through number of hops. Nodes interaction will
be done in uncast mode and also in another broadcast
mode. Communications are in two ways those are
unencrypted and encrypted by nodes. For encrypted
broadcast communications, symmetric keys are spreader
range of receivers. These keys are created using preshared
pair wise keys or asymmetric cryptography.
Real Time Packet declaration/Classification
As a point of view generic communication system
characterized in Fig. In Physical layer, a packet m is gone
be encoded, interleaved, and modified before it is converted
over the wireless channel. At the destination node which is
nothing but receives, the signal is demodulated, deinterleaved,
and decoded, to backup the original packet m.
Even in the case of key has to be remained as a secret; the
static portions of a sent packet could capable to packet
classification. All of this is cause for computationally-efficient
encryption techniques like block encryption; the encryption of a
prefix plaintext with the same key yields a static cipher text
prefix. After all, an adversary who is known of the underlying
protocol declares that can use the static cipher text portions of
a transmitted packet to classify it.
a) Selective/chosen Jamming Module
We explored the impact of selective jamming attacks on the
network capability. Develop selective jamming attacks in two
multi-hop wireless network ways. In the first way, the attacker
pointed a TCP connection created over a multi-hop wireless
route. In another way, the jammer pointed network-layer
control messages passing during the route creating process
selective jamming would be the encryption of transmitted
packets with help of static key. Anyway, for broadcast data
transactions, this static decryption key must aware to all
receivers which are in need and hence, is affected to adjust. An
adversary in possession of the decryption key can start
decrypting as fast as the reception of the first cipher text block. Strong Hiding Commitment Scheme (SHCS)
We explored a high definition one that is strong hiding
commitment scheme (SHCS), which works on symmetric
cryptography. Our key motto is to fulfill the strong hiding
property while making computational and transmission
efficiently. The computations have to done of SHCS is one
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3452
symmetric encryption at source and one symmetric
decryption at destination. Reason cause is the header
information is permuted as a trailer and encrypted, all
receivers in the vicinity of a sender have to gain the
complete packet and decrypt it, before the packet type and
destination can be determined. However, in wireless
protocols such as 802.11, the whole packet is received at
the MAC layer before it is fixed if the packet must be
terminated or be used for further applications. If some parts
of the MAC header are deemed not to be useful information
to the jammer, they kept constant unencrypted in the header
of the packet, thus avoiding the decryption operation at the
receiver.
Cryptographic Puzzle Hiding Scheme (CPHS)
We present a packet hiding scheme based on
cryptographic puzzles. The main idea behind such puzzles
is to force the recipient of a puzzle execute a pre-defined
set of computations before he is able to extract a secret of
interest. The time required for obtaining the solution of a
puzzle depends on its hardness and the computational
ability of the solver. The advantage of the puzzle based
scheme is that its security does not rely on the PHY layer
parameters. However, it has higher computation and
communication overhead. We consider several puzzle
schemes as the basis for CPHS. For each scheme, we
analyze the implementation details which impact security
and performance. Cryptographic puzzles are primitives
originally suggested by Merkle as a method for
establishing a secret over an insecure channel. They find a
wide range of applications from preventing DoS attacks to
providing broadcast authentication and key escrow
schemes.
III. RELA TED WO R K
Selective jamming attacks The open nature of the wireless medium leaves it
vulnerable to jamming attacks. Jamming in wireless
networks has been primarily analyzed under an external
adversarial model, as a severe form of denial of service (DoS)
against the PHY layer. Existing anti-jamming strategies
employ some form of spread spectrum (SS) communication, in
which the signal is spread across a large bandwidth according
to a pseudo-noise (PN) code. However, SS can protect wireless
communications only to the extent that the PN codes remain
secret. Insiders with knowledge of the commonly shared PN
codes can still launch jamming attacks. Using their knowledge
of the protocols specifics, they can selectively target particular
channels/layers/protocols/packets. We describe two types of
selective jamming attacks against WMNs, which employ
channel and data selectivity.
Channel-Selective Jamming
In a typical WMN, one or more channels are reserved for
broadcasting control information. These channels, referred
to as control channels, facilitate operations such as network
discovery, time synchronization, coordination of shared
medium access, routing path discovery and others, without
interfering with the communications of STAs with MAPs. An
adversary who selectively targets the control channels can
efficiently launch a DoS attack with a fairly limited amount of
resources (control traffic is low-rate compared to data traffic).
To launch a channel selective jamming attack, the adversary
must be aware of the location of the targeted channel, whether
defined by a separate frequency band, time slot, or PN code.
Note that control channels are inherently broadcast and hence,
every intended receiver must be aware of the secrets used to
protect the transmission of control packets. The compromise of
a single receiver, be it a MAP or an MP, reveals those secrets
to the adversary. Example: We illustrate the impact of channel
selective jamming on CSMA/CA-based medium access control
(MAC) protocols for multi-channel WMNs. A multi-channel
MAC (MMAC) protocol is employed to coordinate access of
multiple nodes residing in the same collision domain to the
common set of channels. A class of MMAC protocols
proposed for ad hoc networks such as WMNs follows a split-
phase design (e.g., [5]). In this design, time is split into
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3453
alternating control and data transmission phases.
Fig The cryptographic puzzle-based hiding scheme.
Countering Channel-Selective Attacks
Several anti-jamming methods have been proposed to
address channel-selective attacks from insider nodes. All
methods trade communication efficiency for stronger
resilience to jamming. We give a brief description of such
anti-jamming approaches.
Assignment of unique PN codes: An alternative method
for neutralizing channel-selective attacks is to dynamically
vary the location of the broadcast channel, based on the
physical location of the communicating nodes. The main
motivation for this architecture is that any broadcast is
inherently confined to the communication range of the
broadcaster. Hence, for broadcasts intended for receivers in
different collision domains, there is no particular advantage
in using the same broadcast channel, other than the design
simplicity. The assignment of different broadcast channels
to different network regions leads to an inherent
partitioning of the network into clusters. Information
regarding the location of the control channel in one cluster
cannot be exploited at another.
Data-Selective Jamming
To further improve the energy efficiency of selective
jamming and reduce the risk of detection, an inside
attacker can exercise a greater degree of selectivity by
targeting specific packets of high importance. One way of
launching a data-selective jamming attack, is by classifying
packets before their transmission is completed. MPA
transmits a packet to MPB. Inside attacker MAPJ classifies the
transmitted packet after overhearing its first few bytes. MAPJ
then interferes with the reception of the rest of the packet at
MPB: Referring to the generic packet format. A packet can be
classified based on the headers of various layers.
Countering Data-Selective Jamming Attacks
An intuitive solution for preventing packet classification is to
encrypt transmitted packets with a secret key. In this case, the
entire packet, including its headers, has to be encrypted. While
a shared key suffices to protect point-to-point-
communications, for broadcast packets, this key must be
shared by all intended receivers. Thus, this key is also known
to an inside jammer. In symmetric encryption schemes based
on block encryption, reception of one cipher text block is
sufficient to obtain the corresponding plaintext block, if the
decryption key is known. Hence, encryption alone does not
prevent insiders from classifying broadcasted packets. To
prevent classification, a packet must remain hidden until it is
transmitted in its entirety. One possible way for temporarily
hiding the transmitted packet is to employ commitment
schemes. In a commitment scheme, the transmitting node hides
the packet by broadcasting a committed version of it.
Selective dropping attacks
If selective jamming is not successful due to anti jamming
measures, an insider can selectively drop packets post-
reception. Once a packet has been received, the compromised
node can inspect the packet headers, classify the packet, and
decide whether to forward it or not. Such an action is often
termed as misbehavior. Post-reception dropping is less flexible
than selective jamming because the adversary is restricted to
dropping only the packets routed through it. Nonetheless, the
impact on the WMN performance can be significant.
Examples: Consider a compromised MP targeting the routing
functionality in WMNs. By selectively dropping route request
and route reply packets employed by the routing protocol, as
defined in the of the 802.11s standard, the compromised MP
can prevent the discovery of any route that passes through it,
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3454
delay the route discovery process, and force alternative,
possibly inefficient paths. Alternatively, the compromised
MP can allow the establishment of a route via itself, but
throttle the rate of the end-to-end connection at the
transport layer. This attack can be actualized by selective
dropping of critical control packets that regulate the end-
to-end transmission rate and effective throughput. For
example, the dropping of cumulative TCP
acknowledgments results in the end to end retransmission
of the entire batch of pending data packets.
A Layered Model for Jamming
Together jamming and sensing can be broken down into a
layered model similar to the OSI stack. We break it down
into three levels for convenience as shown. The
Link/Physical layer directly interacts with the media. If a
higher layer requests a packet to be jammed, then this
lower layer generates the physical signal and ensures that a
packet and each of its link layer retries are jammed. This
layer also provides the basic sensing capability of packet
duration and timing.
If sophisticated enough it could shield the upper layer from
Link, MAC, and Physical layer control packets such as
RTS/CTS and only report the higher OSI layer packets to
the higher layer sensing and jamming. The
Transport/Network Layer interacts with the corresponding
Ad Hoc, IP, TCP, and UDP protocols.
This layer senses packet types and traffic flows which can
then be targeted by jamming. The Application layer senses
HTTP sessions, VoIP set up and the like and targets
specific user activities for jamming.
Size: The physical layer could measure the transmission start
and stop times or use other signal processing techniques to
estimate the packet size in bytes.
Timing: Similarly the packet start time can be estimated.
Source Token: While the actual address of the transmitter
source may not be known. Analysis of the transmitter signal
(signal strength, angle of arrival, etc.) could distinguish
different transmitters so that each transmitter could be assigned
a unique token.
Destination Token: As noted before, receiver ACKs can be
identified in many protocols by the unique timing. Similarly by
analysis of which node ACKs a transmission, the destination
might also be identified.
Unicast vs. Broadcast: In many MAC and Link protocols,
broadcast packets are not acknowledged while unicast packets
are acknowledged. This could be used to identify whether a
packet is unicast or broadcast. While all of these are possible,
only the first two Size and Timing are assumed available in
this paper since these make the fewest assumptions about the
underlying network.
Sensing & Jamming in Ad Hoc Networks In network protocols, certain critical packets are necessary for
operation. Jamming TCP-SYN or TCP-SYN-ACK packets will
prevent a TCP connection from being established. Jamming
ARP-REQUEST or ARP-RESPONSE packets will prevent IP
from associating IP and MAC addresses. Jamming a few
protocol control packets can prevent or delay connections;
preventing the connection when the goal is to shut the
connection down and delaying the connection when the goal is
to inhibit communication without being detected. As suggested
from the above, knowing which packet to jam is the key to
getting significant jamming gains. A sensor needs to identify
the key control packets from different protocols.
Sensing can be online or offline. In online sensing packets are
identified as they are received. This can be difficult since in
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3455
some cases a packet is identified within a protocol
sequence that has not yet completed. Offline sensing is
allowed to classify packets received in the past based on
packets received both before and after the packet in
question. Offline sensing is not directly useful for
jamming. However, it can provide data that allows the
attacker to better characterize the victim network and
improve its online sensing. Ad hoc networks add another
protocol that can be attacked. Jamming AODV-RREQ or
AODV-RREP packets will prevent ad hoc routes from ever
being established. Ad hoc network protocols add additional
packet types that can be detected.
V. CON C LUSI O N
We identified the crisis of selective jamming attacks in
wireless networks. We under took an internal adversary
model. The advantage of this model is that the jammer is
part of a network. Which is a better part then the making
the progress about protocol specifications and public
network confidential matters. Here in our application
transmitted packets in real time were classified by jammers
only in the way by decoding the initial few symbols of
processing transmission. We explored the result of selective
jamming attacks on TCP and routing protocols. Our
researches explained that a selective jammer have impact
on efficiency with less effort. We created three schemes
that converts a selective jammer to a random one. This is
gone work in the way by blocking real-time packet
classification. The schemes which we define in this paper
attaches cryptographic primitives such as commitment
schemes, cryptographic puzzles, and all-or-nothing
transformations (AONTs) with physical layer features. We
estimated the security of our schemes and computed the
performance which benefits future works a lot.
REF ER EN C E S
[1] Alejandro Proa˜no and Loukas Lazos “Packet-Hiding
Methods for Preventing Selective Jamming Attacks” Dept.
of Electrical and Computer Engineering, University of
Arizona, Tucson, AZ, USA
[2] M. Cagalj, S. Capkun, and J.-P. Hubaux. Wormhole-based
anti jamming techniques in sensor networks. IEEE
Transactions on Mobile Computing, 6(1):100–114, 2007.
[3] A. Chan, X. Liu, G. Noubir, and B. Thapa. Control channel
jamming: Resilience and identification of traitors. In
Proceedings of ISIT, 2007.
[4] T. Dempsey, G. Sahin, Y. Morton, and C. Hopper.
Intelligent sensing and classification in ad hoc networks: a case
study. Aerospace and Electronic Systems Magazine, IEEE,
24(8):23–30, August 2009.
[5] Y. Desmedt. Broadcast anti-jamming systems. Computer
Networks, 35(2-3):223–236, February 2001.
[6] K. Gaj and P. Chodowiec. FPGA and ASIC
implementations of AES. Cryptographic Engineering, pages
235–294, 2009.
[7] O. Goldreich. Foundations of cryptography: Basic
applications. Cambridge University Press, 2004.
[8] B. Greenstein, D. Mccoy, J. Pang, T. Kohno, S. Seshan,
and D. Wetherall. Improving wireless privacy with an
identifier-free link layer protocol. In Proceedings of MobiSys,
2008.
[9] IEEE 802.11 standard. http://standards.ieee.org/getieee802/
download/802.11-2007.pdf, 2007.
[10] A. Juels and J. Brainard. Client puzzles: A cryptographic
countermeasure against connection depletion attacks. In
Proceedings of NDSS, pages 151–165, 1999.
[11] Y. W. Law, M. Palaniswami, L. V. Hoesel, J. Doumen, P.
Hartel, and P. Havinga. Energy-efficient link-layer jamming
attacks against WSN MAC protocols. ACMTransactions on
Sensors Networks, 5(1):1–38, 2009.
[12] L. Lazos, S. Liu, and M. Krunz. Mitigating control-
channel jamming attacks in multi-channel ad hoc networks. In
Proceedings of the 2nd ACM conference on wireless network
security, pages 169–180, 2009.
International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue10 – Oct 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page3456
[13] G. Lin and G. Noubir. On link layer denial of service
in data wireless LANs. Wireless Communications and
Mobile Computing, 5(3):273–284, May 2004.
[14] X. Liu, G. Noubir, and R. Sundaram. Spread:
Foiling smart jammers using multi-layer agility. In
Proceedings of INFOCOM, pages 2536–2540, 2007.
First A. Author: M. Vijay Kumar have done B.Tech
From Sri Sai Jyothi Engineering college, from JNTUH
Kukatpally, passed out in 2009, from two years he has
been working as a lab programmer in VBIT, Currently he
is student of M.Tech from VIDHYA BHARTHI
INSTITUTE OF TECHNOLOGY, NEAR JANGOAN. His
Research interests are in the areas of Wireless and Network
Security, with current focus on pocket security system.
Second B. Author: M. MADHAVI Associate Professor
received his B.Tech degree in Information Technology
from Ramappa Engineering College Warangal in
year2006. He received his M.Tech degree from Karunya
university Coimbatore in year 2010. He is currently
working as assistant professor in Vidya barathi institute of
technology in Warangal AP. He is having 4 year of
teaching experience. His areas of interest include tcp/ip,
routing protocols.