Documente Academic
Documente Profesional
Documente Cultură
2
NTU OPLab 2010/5/11
Title:
Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks,
Provenance:
Computers & Electrical Engineering, Volume 36, Issue 2, March 2010, Pages 367-382,
3
NTU OPLab 2010/5/11
Agenda
Introduction Existing techniques Proposed solution Simulation Conclusions Comments
Introduction
5
NTU OPLab 2010/5/11
Introduction
New medium, new attack Jamming
Blocking of a communication channel A subclass of the Denial-of-Service(DoS) attacks
6
NTU OPLab 2010/5/11
Introduction(cont)
Research topic:
Mitigation Prevention
7
NTU OPLab 2010/5/11
8
NTU OPLab 2010/5/11
Provide an efficient solution that can be easily incorporated in the existing network architecture
Achieve better robustness than the widely used Channel Surfing Algorithm by using honeynodes along with dynamic channel prediction in wireless infrastructure networks
9
NTU OPLab 2010/5/11
10
NTU OPLab 2010/5/11
Jamming methods
Constant:
Continuously sends random bits of data onto a channel.
Deceptive:
Sends out valid packets at a very fast rate to the nearby nodes. Authentic nodes are thus deceived into believing that the jammer is also a legitimate node.
Random:
This kind of jammer alternates between sleeping and jamming the channel of operation.
Reactive:
This kind of jammer attacks only when it hears communication over the channel it is currently scanning.
11
NTU OPLab 2010/5/11
Jamming methods(cont)
12
NTU OPLab 2010/5/11
13
NTU OPLab 2010/5/11
14
NTU OPLab 2010/5/11
15
NTU OPLab 2010/5/11
Attack mitigation:
Overcome the effects of the attack.
Existing techniques
17
NTU OPLab 2010/5/11
Existing techniques
Channel Surfing Spatial Retreats Using Wormholes Jammed region mapping Spread Spectrum Techniques
18
NTU OPLab 2010/5/11
Channel Surfing
A spectral evasion mechanism:
Move to a different channel of operation.
An access point frequently sends beacons to all its associated nodes to check if they are still with it or not.
19
NTU OPLab 2010/5/11
Channel Surfing(cont)
20
NTU OPLab 2010/5/11
Spatial Retreats
Based on spatial evasion:
AP are immobile components Move from the region of their current AP which is currently being jammed to the region of an emergency AP.
21
NTU OPLab 2010/5/11
Using Wormholes
Two or more attackers act as a single attacker through a coordinated attack mechanism.
22
NTU OPLab 2010/5/11
23
NTU OPLab 2010/5/11
Spread Spectrum:
Spreads the signal over a range of bandwidth in the widest possible manner. Makes the communication very hard to be detected and jammed.
24
NTU OPLab 2010/5/11
25
NTU OPLab 2010/5/11
Wormholes
Requires an additional secure channel between all node pairs
Spread spectrum
Extra costs for small quantity of information High complexity
26
NTU OPLab 2010/5/11
Proposed solution
28
NTU OPLab 2010/5/11
Proposed solution
Providing a mechanism for attack prevention Can be easily integrated into the existing network architecture
29
NTU OPLab 2010/5/11
Network Architecture
Involve following components:
Base-station Mobile nodes Honeynodes
30
NTU OPLab 2010/5/11
Honeynodes
Secondary interfaces on basestations
31
NTU OPLab 2010/5/11
Then the base-station issues a frequency change command to all its associated nodes. Later on, the honeynode switches its frequency of operation to the new guard frequency.
32
NTU OPLab 2010/5/11
33
NTU OPLab 2010/5/11
34
NTU OPLab 2010/5/11
Contributions
Introduced honeynodes into the network architecture
Jammer 1 2400 MHz Honeynode 2405MHz Base Station
Run
Jammer 2
Hop
35
NTU OPLab 2010/5/11
Contributions(cont)
Secondly, they have used a hybrid proactive and reactive frequency selection algorithm for frequency selection.
Proactive mechanisms:
Based on a pre-defined pseudorandom sequence
Reactive mechanisms:
Determine the next frequency of operation dynamically
While proactive mechanisms are fast, reactive mechanisms give better performance.
36
NTU OPLab 2010/5/11
Contributions(cont)
A major constraint on a reactive mechanism:
requires an un-jammed communication link between all participating nodes
37
NTU OPLab 2010/5/11
Attackers behavior
38
NTU OPLab 2010/5/11
A reactive approach cannot be used in such a case because the regular communication channel would be under attack.
39
NTU OPLab 2010/5/11
40
NTU OPLab 2010/5/11
41
NTU OPLab 2010/5/11
42
NTU OPLab 2010/5/11
43
NTU OPLab 2010/5/11
44
NTU OPLab 2010/5/11
45
NTU OPLab 2010/5/11
46
NTU OPLab 2010/5/11
47
NTU OPLab 2010/5/11
Honeynode is jammed
Simulation
49
NTU OPLab 2010/5/11
Simulation
In order to determine how effective our proposed algorithm is, this work simulated the proposed algorithm along with the Channel Surfing Algorithm, to compare their respective performance under similar conditions.
50
NTU OPLab 2010/5/11
Simulation topology
Four BSs Each BS having seven associated nodes. The BSs connected to each other through a wired distribution system. During the simulations, communications had been set up randomly between various nodes. Introduce jammers into the scene and measure the performance metrics for various attack intensities.
51
NTU OPLab 2010/5/11
Simulation topology(cont)
52
NTU OPLab 2010/5/11
Simulation topology(cont)
Simulations were performed with 1 to 3 jammers. To achieved the purpose of varying attack intensities,
they position jammers around one of the base-stations (basestation 1 in the figure).
Performance of the algorithm was tested on how effectively the nodes could communicate(e.g. PDR).
53
NTU OPLab 2010/5/11
Simulation topology(cont)
54
NTU OPLab 2010/5/11
Assumptions
The following assumptions were made about the Jammer:
Jamming was carried out by sending large packets at a very fast rate. When a jammer transmits the signal on a given frequency channel, no other communication can take place on that channel till the attack ceases to exist. Jammer scans frequencies in a linear fashion. Mobility of a jammer is restricted to the region of the first base station (the one shown to be jammed in Fig. 14)
55
NTU OPLab 2010/5/11
Assumptions(cont)
The following assumptions were made about honeynodes, mobile nodes and base station:
The honeynode interface is assumed to be capable of communicating with the associated base-station, irrespective of the jam status of either (both of them are interfaces of the same node). All channel hops are assumed to be made instantaneously. Mobile nodes were kept stationary, in order to prevent packet loss due to disassociation of nodes from the access point (due to the node moving out of range of the access point) affecting the performance analysis of the jamming attack mitigation algorithm.
56
NTU OPLab 2010/5/11
System Parameters
Description Simulation area(m2) Transmission range(m) Packet rate(kbps) Packet size(bytes) Frequency hop time(ms) Physical dimensions of the network topology Of BSs Of MNs Of MNs Time taken to change the channel of operation
57
NTU OPLab 2010/5/11
58
NTU OPLab 2010/5/11
59
NTU OPLab 2010/5/11
Proposed algorithm:
Consistently better and nearly constant performance
60
NTU OPLab 2010/5/11
61
NTU OPLab 2010/5/11
Proposed algorithm:
Independent of simulation time
62
NTU OPLab 2010/5/11
63
NTU OPLab 2010/5/11
Proposed algorithm:
64
NTU OPLab 2010/5/11
65
NTU OPLab 2010/5/11
Proposed algorithm:
Less overhead
66
NTU OPLab 2010/5/11
67
NTU OPLab 2010/5/11
Proposed algorithm:
Less frequency hops
Conclusions
69
NTU OPLab 2010/5/11
Conclusions
Proposed algorithm performed consistently better than the Channel Surfing Algorithm, with the worst case performance being same as that of Channel Surfing. However, as the attack intensity increases, the performance of the proposed strategy declines gradually till it converges to the same performance level as that of Channel Surfing. They explored the feasibility of implementing pre-emptive channel hopping within 802.11 to protect legitimate communication from jamming.
Comments
71
NTU OPLab 2010/5/11
Attack approach:
Reactive method Keep jamming till there are no communications on the channel. Linear channel search
72
NTU OPLab 2010/5/11
Jammer
Jammer Jamming
73
NTU OPLab 2010/5/11
The End
Thanks for your attention.