jamming attacks first review

PACKET-HIDING METHODS FOR PREVENTING SELECTIVE

JAMMING ATTACKS

ABSTRACT

The open nature of the wireless medium leaves it vulnerable to intentional interference attacks,

typically referred to as jamming. This intentional interference with wireless transmissions can be

used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically,

jamming has been addressed under an external threat model. However, adversaries with internal

knowledge of protocol specifications and network secrets can launch low-effort jamming attacks

that are difficult to detect and counter. In this work, we address the problem of selective jamming

attacks in wireless networks. In these attacks, the adversary is active only for a short period of

time, selectively targeting messages of high importance. We illustrate the advantages of selective

jamming in terms of network performance degradation and adversary effort by presenting two

case studies; a selective attack on TCP and one on routing. We show that selective jamming

attacks can be launched by performing real-time packet classification at the physical layer. To

mitigate these attacks, we develop three schemes that prevent real-time packet classification by

combining cryptographic primitives with physical-layer attributes.

AIM

Selective jamming attacks can be launched by performing real-time packet classification at the

physical layer. To mitigate Selective jamming attacks, three schemes that prevent real-time

packet classification by combining cryptographic primitives with physical-layer attributes to be

proposed.

SCOPE

The open nature of the wireless medium leaves it vulnerable to intentional interference attacks,

typically referred to as jamming. This intentional interference with wireless transmissions can be

used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically,

jamming has been addressed under an external threat model.

OBJECTIVES

To check the feasibility of realtime packet classification for launching selective jamming attacks,

under an internal threat model. Such attacks are relatively easy to actualize by exploiting

knowledge of network protocols and cryptographic primitives extracted from compromised

nodes. To study the impact of selective jamming on critical network functions. The selective

jamming attacks may lead to DoS with very low effort on behalf of the jammer. To mitigate such

attacks, three schemes have been proposed that prevent classification of transmitted packets in

real time.

OVERVIEW

Uninterrupted availability of the wireless medium is availed to wireless networks to interconnect

participating nodes. Wireless networks are highly vulnerable to multiple security threats.

Attacker with a transceiver can eavesdrop on wireless transmissions, inject spurious messages, or

jam legitimate ones. While eavesdropping and message injection can be prevented using

cryptographic methods, jamming attacks are much harder to counter. In the proposed system, we

consider the internal threat model. Under Jamming attacks, the adversary interferes with the

reception of messages by transmitting a continuous jamming signal, or several short jamming

pulses.

EXISTING SYSTEM

Jamming attacks have been considered under an external threat model, in which the jammer is

not part of the network. Under this model, jamming strategies include the continuous or random

transmission of highpower interference signals.

Anti-jamming techniques rely extensively on spread-spectrum (SS) communications, or some

form of jamming evasion (e.g., slow frequency hopping, or spatial retreats). SS techniques

provide bit-level protection by spreading bits according to a secret pseudo-noise (PN) code,

known only to the communicating parties. These methods can only protect wireless

transmissions under the external threat model.

Always-on strategy has the continuous presence of unusually high interference levels makes this

type of attacks easy to detect

DISADVANTAGES

Jamming attacks under internal threat model is not considered.

Always-on strategy has disadvantages such as, first the adversary has to expend a

significant amount of energy to jam frequency bands of interest.

PROPOSED SYSTEM

The problem of jamming under an internal threat model has been considered. Adversary who is

aware of network secrets and the implementation details of network protocols at any layer in the

network stack has been designed.

The adversary exploits the internal knowledge for launching selective jamming attacks in which

specific messages of “high importance” are targeted.

A jammer can target route-request/route-reply messages at the routing layer to prevent route

discovery, or target TCP acknowledgments in a TCP session to severely degrade the throughput

of an end-to-end flow.

ADVANTAGES

Internal threat model has been considered

DoS attack can be avoided

Three schemes such as Hiding Based On Commitments, A Strong Hiding Commitment

Scheme (Shcs) and Hiding Based On Cryptographic Puzzles has been proposed

Strong security properties

Minimal impact on the network performance

LITERATURE SUMMARY

Selective jamming attacks

Thuente studied the impact of an external selective jammer who targets various control packets

at the MAC layer. To perform packet classification, the adversary exploits inter-packet timing

information to infer eminent packet transmissions.

Law et al. proposed the estimation of the probability distribution of inter-packet transmission

times for different packet types based on network traffic analysis. Future transmissions at various

layers were predicted using estimated timing information.

Brown et al. illustrated the feasibility of selective jamming based on protocol semantics. They

considered several packet identifiers for encrypted packets such as packet size, precise timing

information of different protocols, and physical signal sensing. To prevent selectivity, the

unification of packet characteristics such as the minimum length and inter-packet timing was

proposed. Similar packet classification techniques were investigated.

Liu et al. considered a smart jammer that takes into account protocol specifics to optimize its

jamming strategy. The adversary was assumed to target control messages at different layers of

the network stack. To mitigate smart jamming, the authors proposed the SPREAD system, which

is based on the idea of stochastic selection between a collection of parallel protocols at each

layer.

Greenstein et al. presented a 802.11-like wireless protocol called Slyfi that prevents the

classification of packets by external observers. This protocol hides all explicit identifiers from

the transmitted packets, by encrypting them with keys only known to the intended receivers.

Wilhelm et al. implemented a USRP2-based jamming platform called RFReact that enables

selective and reactive jamming. RFReact was shown to be agnostic to technology standards and

readily adaptable to any desired jamming strategy.

Blapa et al. studied selective jamming attacks against the rate-adaptationmechanism of 802.11.

They showed that a selective jammer targeting specific packets in a point-topoint 802.11

communication was able to reduce the rate of the communication to the minimum value of 1

Mbps, with relatively little effort.

Several researchers have suggested channel-selective jamming attacks, in which the jammer

targets the broadcast control channel. It was shown that such attacks reduce the required power

for performing a DoS attack by several orders of magnitude. To protect control-channel traffic,

the replication of control transmission in multiple channels was suggested. The “locations” of the

control channels where cryptographically protected.

Lazos et al. proposed a randomized frequency hopping algorithm to protect the control channel

from inside jammers. Strasser et al. proposed a frequency hopping anti-jamming technique that

does not require the existence of a secret hopping sequence, shared between the communicating

parties.

Non-Selective Jamming Attacks

Conventional methods for mitigating jamming employ some form of SS communications. The

transmitted signal is spread to a larger bandwidth following a PN sequence. Without the

knowledge of this sequence, a large amount of energy is required to interfere with an ongoing

transmission. However, in the case of broadcast communications, compromise of commonly

shared PN codes neutralizes the advantages of SS.

P¨opper et al. proposed a jamming-resistant communication model for pairwise communications

that does not rely on shared secrets. Communicating nodes use a physical layer modulation

method called Uncoordinated Direct- Sequence Spread Spectrum (UDSSS). They also proposed,

a jamming-resistant broadcast method in which transmissions are spread according to PN codes

randomly selected from a public codebook. Several other schemes eliminate overall the need for

secret PN codes.

Lin et al. showed that jamming 13% of a packet is sufficient to overcome the ECC capabilities of

the receiver.

Xu et al. categorized jammers into four models: (a) a constant jammer, (b) a deceptive jammer

that broadcasts fabricated messages, (c) a random jammer, and (d) a reactive jammer that jams

only if activity is sensed. They further studied the problem of detecting the presence of jammers

by measuring performance metrics such as packet delivery ratio.

Cagalj et al. proposed wormhole-based antijamming techniques for wireless sensor networks

(WSNs). Using a wormhole link, sensors within the jammed region establish communications

with outside nodes, and notify them regarding ongoing jamming attacks.

LITERATURE REVIEW

Jamming and Sensing of Encrypted Wireless Ad Hoc Networks

Timothy X Brown Jesse E. James Amita Sethi, In Proceedings of MobiHoc

This paper considers the problem of an attacker disrupting an encrypted victim wireless ad hoc network through

jamming. Jamming is broken down into layers and this paper focuses on jamming at the Transport/Network layer.

Jamming at this layer exploits AODV and TCP protocols and is shown to be very effective in simulated and real

networks when it can sense victim packet types, but the encryption is assumed to mask the entire header and

contents of the packet so that only packet size, timing, and sequence is available to the attacker for sensing. A sensor

is developed that consists of four components. The first is a probabilistic model of the sizes and inter-packet timing

of different packet types. The second is a historical method for detecting known protocol sequences that is used to

develop the probabilistic models, the third is an active jamming mechanism to force the victim network to produce

known sequences for the historical analyzer, and the fourth is the online classifier that makes packet type

classification decisions. The method is tested on live data and found that for many packet types the classification is

highly reliable. The relative roles of size, timing, and sequence are discussed along with the implications for making

networks more secure.

Wormhole-Based Anti-Jamming Techniques in Sensor Networks

M. Cagalj, S. Capkun, and J.-P. Hubaux, IEEE Transactions on Mobile Computing, 6(1):100–114, 2007

Due to their very nature, wireless sensor networks are probably the most vulnerable category of wireless networks to

“radio channel jamming”-based Denial-of-Service (DoS) attacks: An adversary can easily mask the events that the

sensor network should detect by stealthily jamming an appropriate subset of the nodes; in this way, he prevents them

to report what they are sensing to the network operator. Therefore, in spite of the fact that an event is sensed by one

or several nodes (and the sensor network is otherwise fully connected), the network operator cannot be informed on

time. We show how the sensor nodes can exploit channel diversity in order to establish wormholes out of the

jammed region, through which an alarm can be transmitted to the network operator. We propose three solutions: the

first is based on wired pairs of sensors, the second relies on frequency hopping, and the third is based on a novel

concept called uncoordinated channel hopping. We develop appropriate mathematical models to study the proposed

solutions.

Energy-Efficient Link-Layer Jamming Attacks against Wireless Sensor Network MAC

Protocols

Y. W. Law, M. Palaniswami, L. V. Hoesel, J. Doumen, P. Hartel, and P. Havinga., ACM Transactions on Sensors

Networks, 5(1):1–38, 2009.

A typical wireless sensor node has little protection against radio jamming. The situation becomes worse if energy-

efficient jamming can be achieved by exploiting knowledge of the data link layer. Encrypting the packets may help

to prevent the jammer from taking actions based on the content of the packets, but the temporal arrangement of the

packets induced by the nature of the protocol might unravel patterns that the jammer can take advantage of, even

when the packets are encrypted. By looking at the packet interarrival times in three representative MAC protocols,

S-MAC, LMAC and B-MAC, we derive several jamming attacks that allow the jammer to jam S-MAC, LMAC and

B-MAC energy-efficiently. The jamming attacks are based on realistic assumptions. The algorithms are described in

detail and simulated. The effectiveness and efficiency of the attacks are examined. In addition, we validate our

simulation model by comparing its results with measurements obtained from implementation on sensor node

prototypes. We show that it takes little effort to implement such effective jammers, making them a realistic treat.

Careful analysis of other protocols belonging to the respective categories of S-MAC, LMAC and B-MAC reveals

that those protocols are, to some extent, also susceptible to our attacks. The result of this investigation provides new

insights into the security considerations of MAC protocols.

Mitigating Control-Channel Jamming Attacks in Multi-channel Ad Hoc Networks

Loukas Lazos, Sisi Liu, and Marwan Krunz Dept. of Electrical and Computer Engineering, University of Arizona,

Tucson, AZ, USA

We address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the

traditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary

who exploits knowledge of the protocol mechanics along with cryptographic quantities extracted from compromised

nodes to maximize the impact of his attack on higher-layer functions. We propose new security metrics that quantify

the ability of the adversary to deny access to the control channel, and the overall delay incurred in re-establishing the

control channel. We also propose a randomized distributed scheme that allows nodes to establish a new control

channel using frequency hopping. Our method differs from classic frequency hopping in that no two nodes share the

same hopping sequence, thus mitigating the impact of node compromise. Furthermore, a compromised node is

uniquely identified through its hop sequence, leading to its isolation from any future information regarding the

frequency location of the control channel.

The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks

Wenyuan Xu, Wade Trappe, Yanyong Zhang and Timothy Wood Wireless Information Network Laboratory (WINLAB)

Rutgers University, 73 Brett Rd., Piscataway, NJ 08854

Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style

attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not

follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless

networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine

radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference

attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming

attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable

the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability

of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for

detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably

classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are

unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery

ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether

poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for

reliably classifying the presence of a jammer is an important observation, and necessitates the development of

enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose

two enhanced detection protocols that employ consistency checking. The ¯rst scheme employs signal strength

measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs

location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and

effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

HARDWARE REQUIREMENTS

Processor : Any Processor above 500 MHz.

Ram : 128Mb.

Hard Disk : 10 GB.

Input device : Standard Keyboard and Mouse.

Output device : VGA and High Resolution Monitor.

SOFTWARE REQUIREMENTS

Operating System : Windows Family.

Programming package : JDK 1.6 or higher

IDE Tools Used : Netbeans 6.1

SYSTEM ARCHITECTURE

When a sender wants to send a data to receiver, sender hides the data and sends in secure

manner. There are four techniques used to for hiding the data, which are Strong hiding

Commitment Scheme, Cryptography puzzle based hiding scheme, All or nothing based scheme

and MD5 scheme, in MD5 scheme, apart from data hiding the sequence of packet receives also

checked at the receiver side. An attacker module is designed to show the impact of data

jamming. The message hiding technique is followed to send data by avoiding jamming attack.

Sender Select Hiding Technique

SHCS

CPHS

AONT

MD5

Encrypted message

Attacker

Decrypted message

key

Receiver

unblock

APPLICATIONS USED

Wireless networks are widely used include cellular phones which are part of everyday wireless

networks, allowing easy personal communications. Another example, Inter-continental network

systems, use radio satellites to communicate across the world. Emergency services such as the

police utilize wireless networks to communicate effectively as well. Individuals and businesses

use wireless networks to send and share data rapidly, whether it be in a small office building or

across the world.

Function requirements

USE CASE ACTORS DESCRIPTION

Sender transmits data Client Data has been chosen to send to receiver. While

sending the data, for avoiding jamming attacks

different types hiding techniques are used.

Intermediate Node Attacker Data packet sent by sender can be received by

attacker, when the attacker is in unblock mode

Sender Client Relay node is chosen to send data packets

Receiver receives data Server Server receives data from client. Server has to

give the key value to retrieve the encrypted data.

Non functional requirement

Area Codes & Standards / Realistic Constraints

Economic This project is very economical as it only depends on the software

components to be downloaded from the internet

Performance This project Performance is high when compared with other file transfer

mechanisms

Reliability This project provides reliability because of the efficient usage of TCP

protocol

Security This project focuses on applying security concepts for authenticating the

application.

Manufacturabilit

y

This project can be easily replicated. This requires complete

schematics, complete and documented code listings, JAVA SWING,

produced in a file format accessible by software available at JAVA

MODULES

Adversary Design

Packet Classification

A Strong Hiding Commitment Scheme

Cryptographic Puzzle Hiding Scheme

Hiding Based On All-Or-Nothing Transformations

Hiding Based On Md5

ADVERSARY DESIGN

Adversary is in control of the communication medium and can jam messages at any part of the

network of his choosing. The adversary can operate in full-duplex mode, thus being able to

receive and transmit simultaneously. This can be achieved, for example, with the use of multi-

radio transceivers. Adversary is equipped with directional antennas that enable the reception of a

signal from one node and jamming of the same signal at another. It is assumed that the adversary

can pro-actively jam a number of bits just below the ECC capability early in the transmission.

When the adversary is introduced, the data packets from the node cannot be reached at receiver.

PACKET CLASSIFICATION

At the Physical layer, a packet m is encoded, interleaved, and modulated before it is transmitted

over the wireless channel. At the receiver, the signal is demodulated, deinterleaved and decoded

to recover the original packet m. Nodes A and B communicate via a wireless link. Within the

communication range of both A and B there is a jamming node J. When A transmits a packet m

to B, node J classifies m by receiving only the first few bytes of m. J then corrupts m beyond

recovery by interfering with its reception at B.

A STRONG HIDING COMMITMENT SCHEME

A strong hiding commitment scheme (SHCS), which is based on symmetric cryptography.

Assume that the sender has a packet for Receiver. First, S (Sender) constructs commit( message )

the commitment function is an off-the-shelf symmetric encryption algorithm is a publicly known

permutation, and k is a randomly selected key of some desired key length s (the length of k is a

security parameter). The role of the committer is assumed by the transmitting node S. The role of

the verifier is assumed by any receiver R, including the jammer J. The committed value m is the

packet that S wants to communicate to R. To transmit m, the sender computes the corresponding

commitment/decommitment pair (C, d), and broadcasts C. The hiding property ensures that m is

not revealed during the transmission of C. To reveal m, the sender releases the decommitment

value d, in which case m is obtained by all receivers, including J.

CRYPTOGRAPHIC PUZZLE HIDING SCHEME

A sender S have a packet m for transmission. The sender selects a random key k , of a desired

length. S generates a puzzle (key, time), where puzzle() denotes the puzzle generator function,

and tp denotes the time required for the solution of the puzzle. Parameter is measured in units of

time, and it is directly dependent on the assumed computational capability of the adversary,

denoted by N and measured in computational operations per second. After generating the puzzle

P, the sender broadcasts (C, P). At the receiver side, any receiver R solves the received puzzle to

recover key and then computes the packet. Server to solve the puzzle in time tp and solved

puzzle should be correct get the data packet at server.

HIDING BASED ON ALL-OR-NOTHING TRANSFORMATIONS

The packets are pre-processed by an AONT before transmission but remain unencrypted. The

jammer cannot perform packet classification until all pseudo-messages corresponding to the

original packet have been received and the inverse transformation has been applied. Packet m is

partitioned to a set of x input blocks m = {m1, m2,m3….}, which serve as an input to an The set

of pseudo-messages m = {m1, m2,m3,…..} is transmitted over the wireless medium.

HIDING BASED ON MD5

A sender S have a packet m for transmission. The sender selects a random key k , of a desired

length. The message m is split into number blocks {m1,m2,…mn}and the message blocks are

encrypted using md5. The role of the Receiver R is to receive the multiple blocks of data packets

and decrypt them. The pre-computed MD5 checksum for the files, so that a user can compare the

checksum of the downloaded file to it. The receiver also perform the packet sequence checking

while receiving the data packet.

MODULE DIAGRAM –Packet Classification

Message Hiding technique

Encrypted Content

ReceiverDecrypted Message

key

unblockIntermediate

jammer

MODULE DIAGRAM -Strong Hiding Commitment Scheme

MODULE DIAGRAM - Cryptographic Puzzle Hiding Scheme

Sender Message SHCS

Encrypted Content


key

Sender Message CPHS

Encrypted Content

puzzle

Generate random key

Generate puzzle & time line

Receiver

In time

Decrypted Message

Discarded

else

MODULE DIAGRAM - An AONT-based Hiding Scheme

MODULE DIAGRAM – MD5 Algorithm

Sender Message AONT

Encrypted Content

key

Generate key


Message blocks

Sender Message MD5

key

Generate key


Message blocks

Check packet sequence

Round trips

Encrypted blocks

USE CASE DIAGRAM

Normal node chooses data to send and the data is encrypted using SHCS/ CPHS/AONT/MD5

and send to receiver, sender shares the decrypt key to decrypt the data. Intruder is considered as

one of the other user, who tries blocking the data content while sending normally.

Normal node

Intruder

Receiver

Select data to transmit

Encrypted data

Decrypted data

SHCS

AONT

MD5

Block contentCPHS

Normal mode

SEQUENCE DIAGRAM

Node are initialized and chooses data to send and the data is encrypted using SHCS/

CPHS/AONT/MD5 and send to receiver, sender shares the decrypt key to decrypt the data.

Intruder is considered as one of the other user, who tries blocking the data content while sending

normally.

Node Algorithm Selection

Intruder Server

Select data to send

SHCS/CPHS/AONT/ MD5

Send data without hiding scheme

Encrypted data

Share key to decrypt

COLALBORATION DIAGRAM

First step that nodes are initialized and data selected to send to the receiver is the second step.

Selecting the hiding technique is the third step and then encrypted data send to server is the fifth

step.

Node initialization

Data selection

Algorithm Selection

Send data normal mode

Receiver

1:select data

2:no encryption3:select type

4:encryption

5:send

Encrypted data

ACTIVITY DIAGRAM

When the node selects data to send, the data is encrypted via any of the hiding techniques such as

SHCS/CPSH/AONT/MD5. When the data is sent via normal mode without using any of the

hiding technique, then it can be blocked by intruder.

Node

Select data

Encrypted data

Normal data

Yes

No

Select Hiding type

ReceiverIntruder

CONCLUSION

Selective jamming attacks in wireless networks have been studied. We considered an internal

adversary model in which the jammer is part of the network under attack, thus being aware of the

protocol specifications and shared network secrets. Jammer can classify transmitted packets in

real time by decoding the first few symbols of an ongoing transmission. The impact of selective

jamming attacks is evaluated on network protocols such as TCP and routing. Three schemes

have been proposed that transform a selective jammer to a random one by preventing real-time

packet classification. The schemes combine cryptographic primitives such as commitment

schemes, cryptographic puzzles, and all-or-nothing transformations (AONTs) with physical layer

characteristics.

REFERENCES

[1] T. X. Brown, J. E. James, and A. Sethi. Jamming and sensing of encrypted wireless ad hoc

networks. In Proceedings of MobiHoc, pages 120–130, 2006.

[2] M. Cagalj, S. Capkun, and J.-P. Hubaux. Wormhole-based antijamming techniques in sensor

networks. IEEE Transactions on Mobile Computing, 6(1):100–114, 2007.

[3] A. Chan, X. Liu, G. Noubir, and B. Thapa. Control channel jamming: Resilience and

identification of traitors. In Proceedings of ISIT, 2007.

[4] T. Dempsey, G. Sahin, Y. Morton, and C. Hopper. Intelligent sensing and classification in ad

hoc networks: a case study. Aerospace and Electronic Systems Magazine, IEEE, 24(8):23–30,

August 2009.

[5] Y. Desmedt. Broadcast anti-jamming systems. Computer Networks, 35(2-3):223–236,

February 2001.

[6] K. Gaj and P. Chodowiec. FPGA and ASIC implementations of AES. Cryptographic

Engineering, pages 235–294, 2009.

[7] O. Goldreich. Foundations of cryptography: Basic applications. Cambridge University Press,

2004.

[8] B. Greenstein, D. Mccoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving

wireless privacy with an identifier-free link layer protocol. In Proceedings of MobiSys, 2008.

[9] A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection

depletion attacks. In Proceedings of NDSS, pages 151–165, 1999.