Jamming and Network Restoration On Multi Channel Wireless Sensor Networks
Jamming and Network Restoration On Multi Channel Wireless Sensor Networks
Jamming and Network Restoration On Multi Channel Wireless Sensor Networks
2, 2012
PG Scholar, dept. of Computer Science and Engineering Adhiyamaan College of Engineering, Hosur, India. 1 ssjustinraj@gmail.com
D. Thilagavathy 2 Professor, dept. of Computer Science and Engineering Adhiyamaan College of Engineering, Hosur,India. 2 thilagakarthick@yahoo.co.in
Abstract Wireless Sensor Networks (WSNs) are used in a wide range of areas from military application, environmental monitoring, medical care, smart buildings and other industries. Built upon a shared wireless medium, these networks are particularly vulnerable to jamming attacks. These attacks can easily be accomplished by an adversary by either bypassing MAC-layer protocols or emitting a radio signal targeted at jamming a particular channel. This paper considers a scenario where a sophisticated jammer jams an area in a multi-channel wireless sensor network. The jammer controls the probability of jamming and transmission range to cause maximal damage to the network in terms of corrupted communication links. The jammer action ceases when it is detected by a monitoring node in the network, and a notification message is transferred out of the jamming region. The jammer is detected at a monitor node by employing an optimal detection test based on the percentage of incurred collisions. By considering multichannel networks some interesting issues arise. In that case defense strategy space has an additional dimension, that of channel switching. On the other hand jammer should find the optimal trade-off between jamming costs when jamming more channels and jamming reward in terms of higher chances to corrupt ongoing communication. The ability to recover from attacks and maintain an acceptable level of service degradation is a crucial aspect in the design of a wireless network. This paper also investigates the network restoration solutions in the event of jamming attacks via optimal channel re-assignment and by using honeypot techniques. Keywords- Jamming; security; Jamming detection; wireless sensor network
with the primary goal to obtain performance benefits itself, the attack is referred to as misbehavior. If the attacker does not directly manipulate protocol parameters but exploits protocol semantics and aims at indirect benefits by unconditionally disrupting network operation, the attack is termed jamming or Denial-of-Service (DoS), depending on whether one looks at the cause or the consequences of it. Misbehavior in wireless networks stems from the selfish inclination of wireless network entities to improve their own derived utility at the expense of other nodes performance deterioration, by deviating from legitimate protocol operation at various layers. The utility is expressed in terms of consumed energy or achievable throughput on a per link or end-to-end basis. Wireless Sensor Networks (WSN) receives increasing attention due to their wide application in military as well as in living life [2]. The most essential applications are monitor systems, such as military monitor system or security service system. These applications can allow some normal messages lost in a short period. It cannot tolerate the lost of numerous packets or critical event messages. The attacker deploys the jammers randomly to jam the area. The jammers can disturb the communication between sensor nodes or launch the radios frequency to interfere open wireless environment. Although the jammers are randomly deployed, the damage on the monitor systems is still markedly. The lost of some crucial messages may destroy the entire system. Conventional cryptographic security mechanisms are being translated to the sensor domain in order to defend against attacks like packet injection and spoofing network level control information. However, in spite of the progress being made to apply network security in the sensor realm, sensor networks will remain vulnerable to attacks that target their use of the wireless medium. IEEE 802.11 is based on a carrier sensing approach to multiple accesses. Because of their use of carrier sensing for medium access control (MAC), these systems are susceptible to a simple and severe jamming problem: an adversary can simply disregard the medium access protocol and continually transmit on a wireless channel. By doing so, it prevents users from being able to commence
I.
INTRODUCTION
The fundamental characteristic of wireless networks that renders them vulnerable to attacks is the broadcast nature of their medium. This exposes them to passive and active attacks, which are different in their nature and objectives [1]. In the former ones, the malicious entity does not take any action apart from passively observing the ongoing communication that is, eavesdropping with the intention to intervene with the privacy of network entities involved in the transaction. On the other hand, in active attacks the attacker is involved in transmission as well. Depending on attacker objectives, different terminology is used. If the attacker abuses a protocol
February Issue
Page 15 of 62
with legitimate MAC operations, or introduces packet collisions that force repeated backoffs,or even jam transmissions. There are many different attack strategies an adversary can use to jam wireless communications. A. Constant jammer The constant jammer continually emits a radio signal, and can be implemented using either a wave form generator that continuously sends a radio signal [3] or a normal wireless device that continuously sends out random bits to the channel without following any MAC-layer etiquette [4]. Normally, the underlying MAC protocol allows legitimate nodes to send out packets only if the channel is idle. Thus, a constant jammer can effectively prevent legitimate traffic sources from getting hold of a channel and sending packets. B. Deceptive jammer Instead of sending out random bits, the deceptive jammer constantly injects regular packets to the channel without any gap between subsequent packet transmissions. As a result, a normal communicator will be deceived into believing there is a legitimate packet and be duped to remain in the receive state. For example, in TinyOS, if a preamble is detected, a node remains in the receive mode, regardless of whether that node has a packet to send or not. Even if a node has packets to send, it cannot switch to the send state because a constant stream of incoming packets will be detected. C. Random jammer Instead of continuously sending out a radio signal, a random jammer alternates between sleeping and jamming. Specifically, after jamming for a while, it turns off its radio and enters a sleeping mode. It will resume jamming after sleeping for some time. During its jamming phase, it can behave like either a constant jammer or a deceptive jammer. This jammer model tries to take energy conservation into consideration, which is especially important for those jammers that do not have unlimited power supply. D. Reactive jammer The three models discussed above are active jammers in the sense that they try to block the channel irrespective of the traffic pattern on the channel. Active jammers are usually effective because they keep the channel busy all the time. An alternative approach to jamming wireless communication is to employ a reactive strategy. The reactive jammer stays quiet when the channel is idle, but starts transmitting a radio signal as soon as it senses activity on the channel. One advantage of a reactive jammer is that it is harder to detect. II. RELATED WORK
International Journal of Computer Information Systems, Vol. 4, No. 2, 2012 in the network and a notification message is transferred out of the jamming region. The jammer is detected at a monitor node by employing an optimal detection test based on the percentage of incurred collisions. The work of [5] studies the jamming defense strategy over a single-radio multi-channel network and presents two channel surfing strategies, where the wireless channels are re-assigned or dynamically switched under jamming attacks. The work of [6] designs a jammingresistant MAC protocol for single hop wireless networks and the work of [7] evaluates the throughput performance degradation of the IEEE 802.11 MAC protocol under various jamming models, including periodic or memory less jammers, and channel oblivious or channel-aware jammers. The work in [8] focuses on optimal detection of access layer misbehaviour in terms of number of required observation samples to derive a decision. The worst-case attack is found out of the class of most significant attacks in terms of incurred performance losses. The framework captures uncertainty of attacks and the case of intelligent attacker that can adapt its policy to delay its detection. Jamming can disrupt wireless transmission and occur either unintentionally in the form of interference, noise, or collision at the receiver, or in the context of an attack. A jamming attack is particularly effective from the attackers point of view since, the adversary does not need special hardware to launch it, the attack can be implemented by simply listening to the open medium and broadcasting in the same frequency band as the network uses, and If launched wisely, it can lead to significant benefits with small incurred cost for the attacker. With regard to the machinery and impact of jamming attacks, they usually aim at the physical layer in the sense that they are realized by means of a high transmission power signal that corrupts a communication link or an entire area. Conventional defense techniques against physical layer jamming rely on spread spectrum which can be too energy consuming for resource-constrained sensors [9]. Jamming attacks also occur at the access layer, whereby an adversary either corrupts control packets or reserves the channel for the maximum allowable number of slots, so that other nodes experience lower throughput by not being able to access the channel [10]. The work in [11] studies the problem of a legitimate node and a jammer transmitting to a common receiver in an on-off mode in a game-theoretic framework. Other jamming instances can have impact on the network layer by malicious packet injection along certain routes or at the transport layer by SYN message flooding for instance. The work in [12] presents attack detection in computer networks based on observing the IP port scanning profile prior to an attack and using sequential detection techniques. The work [13] uses controlled authentication to detect spam message attacks in wireless sensor networks launched by a set of malicious nodes and addresses the trade-off between resilience to attacks and computational cost. The work in [14] considers passing attack notification messages out of a jammed region by creation of wormhole links between sensors, one of which resides out of the jammed area. The
The work of [1] considers a scenario where a sophisticated jammer jams an area in a single channel wireless sensor network. The jammer controls the probability of jamming and transmission range to cause maximal damage to the network in terms of corrupted communication links. The jammer action ceases when it is detected by a monitoring node
February Issue
Page 16 of 62
links are created through frequency hopping over a channel set either in a predetermined or in an ad hoc fashion. In [15], a physical layer jammer termed constant jammer, and three types of link layer jammer termed deceptive, random, and reactive jammer are studied. The reactive jammer is the most sophisticated one as it launches its attack after sensing ongoing transmission. The authors propose empirical methods based on signal strength and packet delivery ratio measurements to detect jamming. In [16], Channel surfing involves on-demand frequency hopping as a countermeasure against jamming is studied. The case of an attacker that corrupts broadcasts from a base station (BS) to a sensor network is considered in [17]. The interaction between the attacker and the BS is modelled as a zero-sum game with a long-term payoff for the attacker. The attacker selects the number of sensors it will jam and the BS chooses the probability with which it will sample sensor status with regard to message reception. This paper investigates the jamming defense strategies via optimal channel switching. III. SYSTEM MODEL
International Journal of Computer Information Systems, Vol. 4, No. 2, 2012 C. Attack Detection Model The network employs a mechanism for monitoring network status and detecting potential malicious activity. The monitoring mechanism consists of: 1) determination of a subset of nodes M that act as monitors, and 2) employment of a detection algorithm at each monitor node. The assignment of the role of monitor to a node is affected by potential existing energy consumption and node computational complexity limitations, and by detection performance specifications. This paper fixes attention to a specific monitor node and the detection scheme that it employs. First, it need to define the quantity to be observed at each monitor. In this case, the readily available metric is the probability of collision that a monitor node experiences, namely the percentage of packets that are erroneously received. During normal network operation and in the absence of a jammer, it consider a large enough training period in which the monitor node learns the percentage of collisions it experiences as the long-term limit of the ratio of number of slots where there was collision over total number of slots of the training period. Now let the network operate in the open after the training period has elapsed and fix attention to a time window much smaller than the training period. An increased percentage of collisions in the time window compared to the learned long-term ratio may be an indication of an ongoing jamming attack that causes additional collisions. However, it may happen as well that the network operates normally and there is just a temporary irregular increase in the percentage of collisions compared to the learned ratio for that specific interval. A detection algorithm is part of the detection module at a monitor node; it takes as input observation samples obtained by the monitor node (i.e., collision/not collision) and decides whether there is an attack or not. On one hand, the observation window should be small enough, such that the attack is detected in a timely manner and appropriate countermeasures are initiated. On the other hand, this window should be sufficiently large, such that the chance of a false alarm notification is reduced. The sequential nature of observations at consecutive time slots motivates the use of sequential detection techniques. A sequential decision rule consists of: 1) a stopping time, indicating when to stop taking observations, and 2) a final decision rule that decides between the two hypotheses (i.e., occurrence or not of jamming). A sequential decision rule is efficient if it can provide reliable decision as fast as possible. The probability of false alarm PFA and probability of missed detection PM constitute inherent trade-offs in a detection scheme in the sense that a faster decision unavoidably leads to higher values of these probabilities while lower values are attained at the expense of detection delay. For given values of PFA and PM, the detection test that minimizes the average number of required observations (and thus average delay) to reach a decision among all sequential and non sequential tests for which PFA and PM do not exceed the predefined values above is Walds Sequential Probability Ratio Test (SPRT) [18]. When SPRT is used for sequential testing between two
A. Network Model This paper models a multi-hop multi-channel wireless network as a directed graph G= (V,E,C). The network could use a set of orthogonal wireless channels denoted by C. For example, in the IEEE 802.11b standard, |C| = 3. Each node v is equipped with (v) radios. All nodes are assumed to be continuously backlogged, so that there are always packets in each nodes buffer in each slot. Packets can be generated by higher layers of a node, or they may come from other nodes and need to be forwarded or they may be previously sent and collided packets to be retransmitted. Here the term collision an event of multiple simultaneous transmissions received by (not necessarily intended to) a node and no transmission attempt by that node. B. Jamming Model Consider a multi-hop wireless network under jamming attacks. It has a constant traffic generating rate and a jamming range. Assume that they are smart jammers that can totally occupy the channels when sending jamming traffic. Each network node is equipped with multiple radios and each jamming node is equipped with one radio, which can transmit jamming data at any of these n channels. The jammer may use its sensing ability in order to sense ongoing activity in the network. Clearly, sensing ongoing network activity prior to jamming is beneficial for the attacker in the sense that its energy resources are not aimlessly consumed and the jammer is not needlessly exposed to the network. The jammer transmits a small packet which collides with legitimate transmitted packets at their intended receivers. The goal of this paper is to investigate the network restoration schemes that can minimize the performance degradation in the event of jamming attacks.
February Issue
Page 17 of 62
hypotheses concerning two probability distributions, SPRT is optimal in that sense as well [19]. SPRT collects observations until significant evidence in favor of one of the two hypotheses is accumulated. After each observation at the kth stage, choose between the following options: accept one or the other hypothesis and stop observing, or defer decision for the moment and obtain another observation k + 1. In SPRT, there exist two thresholds a and b that aid the decision. The computed figure of merit at each step is the logarithm of the likelihood ratio of the accumulated sample vector until that step. In this case, the test is between hypotheses H0 and H1 that involve Bernoulli with probability mass functions (p.m.fs.) f0 and f1 defined by Pr(c=1) = i=1 Pr(C=0) where c = 1 denotes the event of collision in a slot. That is, H0 concerns the hypothesis about absence of jamming with Bernoulli p.m.f. f0 with parameter 0, while H1 corresponds to the hypothesis of jamming with a Bernoulli p.m.f. f1 with parameter 1. Thus, the logarithm of likelihood ratio at stage k (1) with accumulated samples x1,..,xk is:
International Journal of Computer Information Systems, Vol. 4, No. 2, 2012 controls the probability of jamming and transmission range to cause maximal damage to the network in terms of corrupted communication links. The jammer action ceases when it is detected by a monitoring node in the network, and a notification message is transferred out of the jamming region. The jammer is detected at a monitor node by employing an optimal detection test based on the percentage of incurred collisions. In this paper, multiple channels are used in Sensor network. This system Considers a scenario, where a Jammer trying to jam a Multi channel Wireless Sensor network. Monitor node Senses the ongoing network activity to detect initial phase of jamming. When Jamming is detected the monitoring node will send notification message to its neighbours as well as to the base station. The Monitoring node decides the channel it has to switch and the network is informed by creating wormholes. It should first detect whether the channel is jammed before it starts working on that channel. Upon receiving the notification the nodes will switch to new operating Frequency. By switching to new operating frequency the WSN wont be affected by the current jamming activity. Multiple channels will provide defense strategy space with additional dimensions. By considering multichannel networks here, some interesting issues arise. Defense strategy space has an additional dimension, that of channel switching. On the other hand jammer should find the optimal trade-off between jamming costs when jamming more channels and jamming reward in terms of higher chances to corrupt ongoing communication. This paper introduces Honeypot technique to fool the jammer and decrease the rate of jamming is also proposed. A. Honeypot technique In optimal channel switching, the entire network must coordinate its evasion of jamming by switching to the new channel and resuming network operation there. The strategy involves a transition phase during which actual data transmission switches to a new channel without disturbing the channel that is jammed. The idea is to make the jammer to keep on jamming without knowing the establishment of new channel. Following the transition, the entire network resumes stable operation on the new channel. The scheme begins with the detection of jamming by the monitoring node. The Monitoring node decides the channel it has to switch and sends a notification messages along with the new operating frequency for the network nodes by creating wormhole link. By keeping the jammed channel the jammer will try to keep on jamming the particular channel. Thus the new operating channel can be masked from the adversary. Challenges: The major challenge facing by this scheme is that unreliable links can cause some nodes to miss a channel switch notice. However, the switch command is typically broadcasted independently by monitoring nodes. Thus a node is very likely to receive at least one notice. Another challenge is to efficiently synchronize node schedules, instead of synchronizing the physical clock of each network node, each
(1) where f1(x1,.xk) is the joint probability mass function of sequence (x1,.xk) based on hypothesis Hi, for I = 0,1. The decision is taken based on the following criteria: Sk > a : accept H1, Sk < b : accept H0, b Sk < a : take another observation. The objective of the detection rule is to minimize the number of required observation samples to derive a decision about existence or not of jamming. The detection performance is quantified by the average sample number (ASN), needed until a decision is reached, where the expectation is with respect to the distribution of the observations. IV. PROPOSED SYSTEM
Radio interference attacks are not addressable through conventional security mechanisms. An adversary can simply disregard the medium access protocol and continually transmit on a wireless channel. The objective of a jammer is to interfere with legitimate wireless communications. A jammer can achieve this goal by either preventing a real traffic source from sending out a packet, or by preventing the reception of legitimate packets. Detecting jamming attacks is important because it is the first step towards building a secure and dependable wireless network. It is challenging because jammers can employ different models, and it is often difficult to differentiate a jamming scenario from legitimate scenarios. Several methods for detecting and defending jamming attacks have been discussed in the related work. Existing system considers a scenario where a sophisticated jammer jams an area in a single channel wireless sensor network. The jammer
February Issue
Page 18 of 62
International Journal of Computer Information Systems, Vol. 4, No. 2, 2012 node to adopt a timer to demarcate slots and synchronize these timers. V. CONCLUSION Many commercial wireless sensor networks are susceptible to radio jamming. To ensure the availability of sensor communications, jamming defense mechanisms must be developed that are distributed, easy to scale, and have low false positives. This paper presents optimal channel switching that can restore connectivity in the presence of jamming. In proposed system monitor node senses the ongoing network activity to detect initial phase of jamming. The Monitoring node decides the channel to switch and inform network by sending notification messages along the network nodes by creating wormhole link. The jammed channel will be maintained as such, so that the jammer will try to keep on jamming the same channel. Thus the new operating channel can be masked from the adversary and the actual data transmission is done through the newly created channel. REFERENCES
[1] Optimal Jamming Attack Strategies and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Member, IEEE, Iordanis Koutsopoulos, Member, IEEE, and Radha Poovendran, Senior Member, IEEE.. IEEE transactions on mobile computing, vol. 9, no. 8, August 2010. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, A survey on sensor networks, Communications Magazine IEEE, Vol. 40, issue. 8, Aug. 2002, pp. 102114. W. Xu et al., Channel Surfing and Spatial Retreats: Defenses Against Wireless Denial of Service, Proc. 2004 ACM Wksp. Wireless Security, 2004, pp. 8089. W. Xu et al., The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks, MobiHoc 05: Proc. 6th ACM Intl. Symp. Mobile Ad Hoc Net. and Comp., 2005, pp. 4657. W. Xu, W. Trappe, and Y. Zhang, Channel Surfing: Defending Wireless Sensor Networks from Interference, in Proc. Of Information Processing in Sensor Networks, 2007. B. Awerbuch, A. Richa, and C. Scheideler, A Jamming-Resistant MAC Protocol for Single-Hop Wireless Networks, in Proc. Of Principles of Distributed Computing, 2008. Bayraktaroglu, C. King, X. Liu, G. Noubir, R. Rajaraman, and B. Thapa, On the Performance of IEEE 802.11 under Jamming, in Proc. of IEEE INFOCOM, 2008. S. Radosavac, I. Koutsopoulos, and J.S. Baras, A Framework for MAC Protocol Misbehavior Detection in Wireless Networks, Proc. ACM Workshop Wireless Security (WiSe), 2005. A.D. Wood and J.A. Stankovic, Denial of Service in Sensor Networks, Computer, vol. 35, no. 10, pp. 54-62, Oct 2002. [10] R. Negi and A. Perrig, Jamming Analysis of MAC Protocols, Carnegie Mellon Technical Memo, 2003. [11] R. Mallik, R. Scholtz, and G. Papavassilopoulos, Analysis of an OnOff Jamming Situation as a Dynamic Game, IEEE Trans. Comm., vol. 48, no. 8, pp. 1360-1373, Aug. 2000. [12] Jung, V. Paxson, A.W. Berger, and H. Balakrishnan, Fast Portscan Detection Using Sequential Hypothesis Testing, Proc. IEEE Symp Security and Privacy, 2004. [13] Coskun, E. Cayirci, A. Levi, and S. Sancak, Quarantine Region Scheme to Mitigate Spam Attacks in Wireless Sensor Networks, IEEE Trans. Mobile Computing, vol. 5, pp. 1074-1086, Aug 2006. [14] M. Cagalj, S. Capkun, and J.-P. Hubaux, Wormhole-Based AntiJamming Techniques in Sensor Networks, IEEE Trans. Mobile Computing, vol. 6, no. 1, pp. 1-15, Jan. 2007. [15] W. Xu, W. Trappe, Y. Zhang, and T. Wood, The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks, Proc. ACM MobiHoc, 2005. [16] W. Xu, T. Wood, W. Trappe, and Y. Zhang, Channel Surfing:Defending Wireless Sensor Networks from Interference, Proc. IEEE Intl Conf. Information Processing in Sensor Networks (IPSN), [17] J.M. McCune, E. Shi, A. Perrig, and M.K. Reiter, Detection of Denial-of-Message Attacks on Sensor Network Broadcasts, Proc. IEEE Symp. Security and Privacy, 2005. [18] Wald, Sequential Analysis. Wiley, 1947. [19] V.P. Dragalin, AG. Tartakovsky, and V.V. Veeravalli, Multihypothesis Sequential Probability Ratio TestsPart I: Asymptotic Optimality, IEEE Trans. Information Theory, vol. 45, no. 7, pp. 24482461, Nov. 1999. AUTHORS PROFILE Justin Raj S.S. received his B.Tech degree in Information Technology from M.G. College of Engineering, Kerala in the year 2009. He is currently a post graduate student in the Computer Science and Engineering Department of Adhiyamaan College of Engineering, Hosur, Tamil Nadu. His area of interest is Mobile Computing and Artificial Intelligence.
[2]
[3]
[4]
[5]
[6]
[7]
[8]
D.Thilagavathy M.E., is working as Professor in the Department of Computer Science and Engineering in Adhiyamaan college of Engineering, Housr, Tamil Nadu, India. She obtained her P.G Degree from Sona College of Tech Salem in the year 2004 . She is presently doing her Ph.D in Anna University, Chennai India. She is having about 12 years of teaching experience. Her area of interest includes Key Agreement, Key Distribution in Network Security, Information Security & Mobile Security. She is a Life member of IE (I), ISTE, CSI etc.
[9]
February Issue
Page 19 of 62