Documente Academic
Documente Profesional
Documente Cultură
802
overhead is prohibitive because it must compare the entire
message to find the maximum correlation with every element
in the seed code set Ce . Our proposed solution reduces the
computation overhead by a factor of |Ce |.
III. P ROPOSED S CHEMES
In this section, we propose an Advanced Random Seed
DSSS (ARS-DSSS) scheme to improve the DSD-DSSS SUB-
Fig. 2. Finding the random seed in DSD-DSSS SUBSET SET scheme [4]. The DSD-DSSS scheme provides a high
level of security against reactive jamming attacks. However,
random seed to jam the wireless communications. this scheme is vulnerable to seed jamming attacks when
802.11 Family: We first describe the wireless commu- the message sizes are fixed. In addition, the performance
nication in the 802.11 networks. From 802.11 DSSS PHY overhead of finding the seed increases dramatically when the
specification, the message sizes are fixed and the DSSS PHY message sizes are variable. To address these shortcomings, we
contains the LENGTH field in the TXVECTOR [1]. It is strengthen the DSD-DSSS SUBSET scheme and propose the
in octets and the receiver can convert it to microseconds to ARS-DSSS scheme by introducing the new random location
calculate the message length. In our system model, once a seed. We will describe our ARS-DSSS scheme and its security
sophisticated jammer can synchronize the received messages analysis in the following sections.
with the sender, she can compute the starting chip of the
random seed to jam. Therefore, the wireless communications A. An Advanced Random Seed DSSS (ARS-DSSS)
in the 802.11 protocol family are vulnerable in our system The DSD-DSSS SUBSET scheme is vulnerable to the
model. seed jamming attacks for the fixed message size. Since the
None-802.11 Family: Many jamming countermeasures use seed size is relatively small compared to the message size
their own communication protocol in DSSS systems instead of and the position of the seed in messages is known to the
using the 802.11 family. In [4], the authors propose a generic public, the jammer can corrupt the seed so that the receivers
DSSS protocol for the wireless broadcast communication. The cannot despread entire messages. Moreover, the computation
protocol does not include any header information which can overhead for DSD-DSSS SUBSET of locating the seed in
contain length fields. Thus, we can consider two scenarios variable sized messages is prohibitively large. In this section,
for the message sizes. First, the messages sizes are fixed and we describe the computation overhead. In DSD-DSSS [4], the
known to the public a priori. In this scenario, the sophisticated computation time of locating the seed in messages is
jammer can know the beginning of the seed in the message
Ts = ((m lc ) + (s lc )) n
immediately after synchronization.
Figure 2 describes finding the seed in DSD-DSSS SUBSET where Ts is the computation overhead, m is the length of
[4] when the message sizes are fixed. After the synchroniza- message, lc is the length of the chips, s is the length of the
tion, the jammer can compute the position of the last bit of seed, and the n is the number of the code sequences in the
the random seed in the message. The position is seed code set Ce . The DSD-DSSS SUBSET scheme uses the
Ce code set to spread the last bit of the random seed. The n
((m lc ) + ((s 1) lc ))
code sequences in Ce are known to the public. But the seed is
where m is the message size in bits, s is the seed size, and randomly selected for each message and is not known to the
the lc is the code length. public. The total time for despreading messages is
The other scenario is that the message sizes can be vari-
T = Ts + Tg + Td
able so that the receivers are required to find the maximum
correlation of the random seed in messages using sliding where T is the total time for despreading received messages,
window techniques. The receiver buffers all the messages in Ts is the time for finding the seed, Tg is the time for
the circulation queues and moves the sliding windows with generating code sequences from the seed, and Td is the time
the size of chip duration over time. When the receiver finds for despreading messages using the code sequence.
the highest correlation with the code sequence of the seed, it Thus, the total time T in DSD-DSSS SUBSET scheme
can then find the entire seed and then the beginning of the mainly depends on the time Ts for finding the seed. If the
messages from that position using backward computation. message sizes are fixed, the receivers can skip the time for
As discussed above, if the message sizes are fixed, the finding the seed. On the other hand, if the message sizes
receiver can easily compute the beginning and the end of the are variable, the receiver is required to compare the entire
seed but then it is vulnerable to seed jamming attacks. On the message, one chip at a time, to the code set Ce to find the
other hand, if the message sizes are variable and change each maximum correlation with the last seed bit. Please see Figure
time, it is difficult or impossible for the sophisticated jammer 2 in [4] for the diagram of the required sliding window
to find the beginning of the seed in the message until the scheme. To address this problem, we extend the DSD-DSSS
seed is complete. Moreover, for the receiver, the computation SUBSET scheme and propose ARS-DSSS by introducing the
803
Fig. 3. Finding the seed in ARS-DSSS Fig. 4. The seed jamming attacks in ARS-DSSS
new random location seed. The seed is one bit (e.g., 0 or 1) and For most cases, Ce is minimally larger than the appropriate
it is spreaded and despreaded by one random code sequence subset of Cp but may not be as well. This does occur for each
in Cx which replaces the finding the last seed bit algorithm of bogus location seed transmitted. Therefore, our scheme is as
the DSD-DSSS SUBSET scheme. Figure 3 describes the new DoS resistant as the DSD-DSSS SUBSET scheme with little
location seed of our scheme. In ARS-DSSS, the total time for or no increase in computation overhead.
despreading the message is In addition, the DoS attack against ARS-DSSS can be
largely mitigated by increasing the size of Cx . The fundamen-
T = Tx + Tg + Td tal idea here is that each receiver chooses a random member
where Tx is the new time for finding the location seed in of Cx on which it will synchronize while the sender, after
messages. The computation time Tx is sending the last seed bit of the message, transmits a bit using
every member of Cx chosen in random order. The set Cx may
Tx = ((m lc ) + (s lc ) + (1 lc )) 1. be taken as a subset of Ce and |Cx | is given by m. Thus the
That is, our ARS-DSSS can reduce the time for finding the probability that a transmitted DoS bogus position seed will
random seed from the cardinality |Ce | to 1. As the security be recognized and have to be handled in the above fashion is
1
demands increase, the number of code sequences (n) in Ce now m . This decreases the cost of the bogus seed attacks by
must increase. Therefore, our ARS-DSSS is more scalable as a factor of m over the singleton Cx . It can be shown that the
the size of Ce increases. bogus code attack from Ce for DSD-DSSS SUBSET scheme
for the fixed message size has a cost that is the cardinality of a
B. Security Analysis subset of Cp times |Ce | more costly than ARS-DSSS scheme.
In this paper, we improve the DSD-DSSS SUBSET If the code set Cx is a singleton and if the sophisticated
scheme [4] so our ARS-DSSS scheme provides the same jammer is able to jam continuously with the Cx code, then
level of security against the reactive jamming attacks and the it may be possible that our ARS-DSSS scheme will miss the
same effectiveness against DoS attacks. We now describe the bit sent using Cx which immediately follows the final seed
DoS attacks against the new location seed Cx and present a bit. Fortunately, increasing the size of Cx largely mitigates
solution. this attack too. Now the sender transmits m bits using every
Figure 4 indicates how a sophisticated jammer can transmit member of Cx chosen in random order and it repeats this four
bogus location seeds Cx . As long as these bogus location times. Each receiver chooses a random member of Cx and
seeds satisfy for the following condition, the receivers cannot attempts to synchronize using it for 2m bits. Then it chooses
filter them immediately. The condition is that the phase offset another random member of Cx and synchronizes with it for
between the carriers of the seed jammer and the legitimate 2m bits. It continues to repeat this until it synchronizes with a
sender must be within a fraction of the chip period [8]. code from Cx . It can be shown that in the absence of a jammer
Otherwise, the receivers can easily differentiate between the this generates at least two synchronizations with members of
jamming signals and the legitimate senders signals using Cx . Since the jammer can jam any code in Cx , there cannot
DSSS techniques. be a guarantee of synchronization.
When the bogus location seed is within this fraction, the However, the probability for the continuous jammer to
receiver is required to compare the maximum correlation with successfully jam the codes from Cx or equivalently the loca-
the Cx code sequence first. Then, the receiver computes the tion seeds is approximately m12 or 1% when |Cx | = 10.We
correlation using Ce code set of the previous bit (thinking it could further improve this efficiently if we configure this
is the last bit of the random seed). This is exactly the same as synchronization with the codes from Cx as a rendezvous
for the DSD-DSSS SUBSET scheme. Our ARS-DSSS scheme problem and apply techniques from that domain. The cost for
provides the same level of the security against the DoS attacks increasing the size of Cx is that we have to transmits 4m
as if the jammer had transmitted bits using Ce instead of Cx . additional bits and then use the codes in Cx to back into the
However, there may be a trivial increase in the computation last seed bit. In the same fashion as given above, a continuous
overhead. Let Cp be the code set for the messages and the jammer using codes from Ce can jam the last seed bit for the
subset of seeds in the DSD-DSSS SUBSET scheme. It can be DSD-DSSS SUBSET scheme. This bit can be jammed with
shown that the increased computation is just the decoding of a probability of |C1e | which is likely to be a little larger than
1
one bit by Ce for our ARS-DSSS scheme versus decoding of m2 (the jamming probability for the ARS-DSSS scheme). Our
one bit by a subset of Cp for the DSD-DSSS SUBSET scheme. approach above may not be optimal but it is still much more
804
Fig. 5. Implemented decoding time for the fixed message size scenario Fig. 6. Implemented decoding time for the variable message size scenario.
The DSD-DSSS receivers could not decode 512 bits or longer messages.
efficient and effective than the DSD-DSSS SUBSET scheme.
The actual implementation can keep the size of Cx small (10 time of the ARS-DSSS scheme is almost the same as the DSD-
or so) but still provide effective and efficient DoS and jamming DSS SUBSET. Since our ARS-DSSS scheme introduces only
protection with the cost being the additional bits transmitted. one code sequence of Cx , the additional computation overhead
We have not tried to optimize on the size of Cx . The results for comparing one code sequence for one bit is trivial.
in this paper stand by themselves and enlarging Cx is just one The other scenario is that the receiver has no information
additional feature. This feature make our ARS-DSSS scheme about the starting chip of the last bit of the random seeds.
even more efficient and resilient to DoS and jamming attacks Thus, the receiver is required to find the maximum correlation
than the DSD-DSSS SUBSET scheme. from the beginning bit to the last bit of the message for
every code in Ce . Recall the sliding window diagram. For
IV. E XPERIMENTAL E VALUATION DSD-DSSS SUBSET, the computation time for finding the
We implemented our ARS-DSSS scheme on GNU Ra- beginning of the last random seed bit in messages (Ts ) is
dios [6], [12] in the same environment as the DSD-DSSS
Ts = ((m lc ) + ((s 1) lc ) + (1 lc )) |Ce |
SUBSET scheme [4]. We used two USRPs with XCVR2450
daughter boards for one sender and one receiver, respectively. where m is the message size, s is the length of the seed, |Ce |
Each USRP was connected to a desktop computer (Intel (R) is the number of code sequences in Ce , and lc is the code
Core (TM) Quad CPU Q6600 @ 2.40 GHz), both through 480 length (chip length). In our experiments, the number of code
Mbps USB 2.0 links. The operating system is Ubuntu 9.04 sequence Ce is 56 (i.e., d (N N )+N
2
+3
e, where N=10), the seed
and Gnuradio 3.2 softwares for both systems. The code base size is 64, and the chip length is 32. Thus, the time for finding
of the DSD-DSSS SUBSET scheme was used to implement the seed in the DSD-DSSS SUBSET is Ts (DSD DSSS) =
our ARS-DSSS scheme. (m 32 + 64 32) 56 with different message sizes. For ARS-
In our implementation, we consider two scenarios for the DSSS, the time is Ts (ARS DSSS) = (m 32 + 64 32) 1,
receivers based on fixed and variable message sizes. Since where the cardinality of the code sequence of Cx is 1.
we extend the DSD-DSSS SUBSET, we evaluate DSD-DSSS Figure 6 shows the average time (implemented) for de-
SUBSET for the computation overhead of despreading mes- spreading messages for both the DSD-DSSS SUBSET and
sages and compare it with our ARS-DSSS scheme for both ARS-DSSS schemes when the receiver has no information
scenarios. For both scenarios, we assume there are already about the starting chip of the last bit of the random seed.
synchronization methods between the sender and receivers. Without loss of generality, we use fixed message sizes but
That is, the receivers know the beginning of the message receivers compare the correlation of the seed from the starting
during the synchronization even for the variable message size of the messages to the end of the messages. For the DSD-
scenario. However, they cannot estimate the end of messages DSSS SUBSET scheme, the receiver can despread an average
during the synchronization for the variable message size. We of only 70 messages out of 790 messages for the 256-bit
will not discuss the synchronization techniques which are not message size. The average time for despreading a message
in the scope of this paper. is around 0.2 ms. However, the receiver cannot despread any
For the fixed message size scenario, the receiver takes the 512-bit and 1024-bit messages due to the dramatic increase
advantage of the known position information of the random of computation overhead for finding the starting chip of the
seed in messages. After the synchronization, the receivers seed. On the other hand, our ARS-DSSS scheme can despread
know the position of the last bit of the random seed so that they messages for all three message sizes without a significant
can directly compare the last bit with the code sequences of the computational increase compared to the fixed message size
code set Ce . Figure 5 shows the average time of despreading case. The time for despreading a message is around 0.005 ms
messages for DSD-DSSS SUBSET and ARS-DSSS schemes for 256-bit messages. Therefore, our ARS-DSSS scheme is a
when using different message sizes. The average despreading practical solution against the seed jamming attack.
805
V. R ELATED W ORK and random seed. Therefore, the sophisticated jammer cannot
compute the position of the random seed in messages during
The traditional DSSS techniques are vulnerable to reactive the synchronization.
jamming attacks due to the requirement of pre-shared keys
between the sender and receivers in wireless broadcast com- VI. C ONCLUSION
munications. Many researchers have been proposed schemes In this paper, we presented a new type of jamming attack
to eliminate the pre-shared keys by using random code se- called seed jamming attack and particularly chose the DSD-
quences [4], [5], [11]. DSSS SUBSET scheme [4] to demonstrate the effectiveness
These approaches provide methods for both the sender to of the attacks. In the scheme, if the message size is fixed, the
randomly generate codes sequences for each message and sophisticated jammer can simply jam the last bit of the random
the receivers to regenerate the same code sequences without seed in messages to disable the wireless communication. To
sharing the secret keys a priori. In [11], the authors propose the address these attacks, we proposed the ARS-DSSS scheme by
Uncoordinated DSSS scheme (UDSSS) in which the sender introducing the new random location seed to the DSD-DSSS
and receivers have a set of codes sequences, known to the SUBSET scheme. Using the new location scheme seed, the
public, used for spreading and despreading messages, respec- receivers can find the position of the random seed in messages
tively. The key idea is that the communication is the same even for the variable message sizes without incurring a huge
as the traditional DSSS but the requirement of shared secret performance overhead as required in DSD-DSSS SUBSET.
keys are randomly released. Then, the sender repeatedly sends However, it is infeasible for the jammer to find the location
the same message with randomly selected codes sequences so seed and then jam the communication in real time. We
that the receivers can decode the message if any unjammed evaluate the effectiveness of our scheme through our security
messages arrived. In [5], the sender and receivers also share analysis and its implementation. Our implementation results
the spreading code but the authors use the correlation between demonstrate that the ARS-DSSS scheme is effective against
two codes to find the transmit bit (i.e., high correlation is 1 and the seed jamming attacks and also reduces the computation
low correlation is 0). Moreover, they proposed a set of pre- overhead from |Ce | for the DSD-DSSS SUBSET scheme to 1
defined spreading code sequences and its indices to reduce for ARS-DSSS in the variable message size scenario.
the communication overhead. In [4], the authors proposed the R EFERENCES
DSD-DSSS SUBSET scheme where they used random seeds [1] IEEE Standards Association. Lan/man wireless lansieee 802.11-2007
for each message to generate code sequences and seeds are ieee standard for information technology. http://standards.ieee.org/
disclosed at the end of each message. Thus, it is essentially getieee802/802.11.html.
infeasible for a reactive jammer to generate the same codes [2] R.H. Barker. Group synchronization of binary digital systems. In
Communication Theory, pages 6478, 1953.
sequences before the receivers receive entire messages. [3] A. Goldsmith. Wireless Communications. Cambridge University Press,
However, all these approaches are vulnerable to the seed New York, NY, USA, 2005.
[4] An Liu, Peng Ning, Huaiyu Dai, Yao Liu, and Cliff Wang. Defending
jamming attacks. Since all the information is known to the dsss-based broadcast communication against insider jammers via de-
public, a sophisticated jammer can find the position informa- layed seed-disclosure. In Proceedings of 26th Annual Computer Security
tion of seeds or indexes during the synchronization. During Applications Conference (ACSAC 2010), 2010.
[5] Yao Liu, Peng Ning, Huaiyu Dai, and An Liu. Randomized differ-
the synchronization between the sender and receivers, the ential dsss: jamming-resistant wireless broadcast communication. In
sophisticated jammer can also synchronize with them. For INFOCOM10: Proceedings of the 29th conference on Information
example, UDSSS can be optimized by using UDSSS to communications, pages 695703. IEEE Press, 2010.
[6] Ettus Research LLC. The usrp product family products and daughter
transmit the spreading key only [10]. RD-DSSS also uses boards. https://www.ettus.com/product, Accessed in March 2012.
the small number of random code sequences to reduce the [7] Vicisano L. Gemmell J. Rizzo L. Handley M. Luby, M. and J. Crowcroft.
communication overhead. The size of the random seeds is Forward error correction (fec) building block. RFC 3452, 2002.
[8] L. Ma and C.-C. Shen. Security-enhanced virtual channel rendezvous
small and their positions are known for the fixed message algorithm for dynamic spectrum access wireless networks. In IEEE
size in DSD-DSSS. Therefore, a sophisticated jammer can IEEE DySPAN. IEEE, 2008.
take advantage of this information and jam even one bit or [9] R. Poisel. Modern Communications Jamming Principles and Techniques.
Artech House Publishers, 2006.
small number of the spreading keys, indices, or seeds for these
[10] Christina Popper, Mario Strasser, and Srdjan Capkun. Jamming-resistant
algorithms. broadcast communication without shared keys (slides). http://www.
In particular, the point of maximum vulnerability of these usenix.org/events/sec09/tech/slides/popper.pdf.
[11] Christina Popper, Mario Strasser, and Srdjan Capkun. Jamming-resistant
techniques is the seed itself since the receivers cannot despread broadcast communication without shared keys. In Proceedings of the
arrived messages correctly from the jammed seeds. Moreover, USENIX Security Symposium, 2009.
no error correction techniques can be used to recover the seed [12] GNU Radio. The gnu software radio. http://gnuradio.org/redmine/
projects/gnuradio/wiki, Accessed in March 2012.
or the message in this case. FEC [7] can be used to recover [13] Marvin K. Simon, Jim K. Omura, Robert A. Scholtz, and Barry K.
from jamming messages directly. To address these issues, we Levitt. Spread spectrum communications handbook (revised ed.).
particularly investigated the DSD-DSSS SUBSET scheme [4] McGraw-Hill, Inc., New York, NY, USA, 1994.
[14] Mario Strasser, Christina Popper, Srdjan Capkun, and Mario Cagalj.
and proposed the ARS-DSS scheme by using an additional Jamming-resistant key establishment using uncoordinated frequency
location seed. Using this location seed, the sender can hide hopping. In SP 08: Proceedings of the 2008 IEEE Symposium on
information to the unknown receivers such as the message size Security and Privacy, pages 6478. IEEE Computer Society, 2008.
806