Upload
unnikrishnan-unni-v-a
View
218
Download
0
Embed Size (px)
Citation preview
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
1/73
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
2/73
About this paper
Authors:Sudip Misra, Sanjay K. Dhurandher, Avanish Rayankula, Deepansh
Agrawal
Title:Using honeynodes for defense against jamming attacks in wireless
infrastructure-based networks,
Provenance:Computers & Electrical Engineering, Volume 36, Issue 2, March 2010,
Pages 367-382,
2010/5/11
2
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
3/73
Agenda
Introduction
Existing techniques
Proposed solution
Simulation
Conclusions
Comments
2010/5/11
3
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
4/73
Introduction
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
5/73
Introduction
New medium, new attack
Jamming Blocking of a communication channel
A subclass of the Denial-of-Service(DoS) attacks
One of the most feared forms of attacks in wireless networks
2010/5/11
5
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
6/73
Introduction(cont)
Research topic:
Mitigation
Prevention
Categories of wireless network:
Wireless infrastructure-based networks(i.e., WLANs and cellular
networks) Infrastructure-less networks(i.e., ad hoc networks).
2010/5/11
6
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
7/73
Wireless infrastructure-based networks
Components:
Base-stations(or access
points) Mobile nodes
This work is restricted to jamming
attacks in wireless infrastructure-
based networks.
2010/5/11
7
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
8/73
Objective of this work
Propose an efficient algorithm to mitigate jamming attacks in
wireless infrastructure-based networks.
Provide an efficient solution that can be easily incorporated in
the existing network architecture
Achieve better robustness than the widely used ChannelSurfing Algorithm by using honeynodes along with dynamic
channel prediction in wireless infrastructure networks
2010/5/11
8
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
9/73
Jamming-based DoS attacks Prevent networked nodes from
communicating.
Carry out with a jammer
Classifications of jamming
attacks:
Physical layer jamming By ignoring MAC layer rules
2010/5/11
9
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
10/73
Jamming methods
Constant:
Continuously sends random bits of data onto a channel.
Deceptive:Sends out valid packets at a very fast rate to the nearby nodes.
Authentic nodes are thus deceived into believing that the jammer is
also a legitimate node.
Random:
This kind of jammer alternates between sleeping and jamming the
channel of operation.
Reactive:
This kind of jammer attacks only when it hears communication over
the channel it is currently scanning.
2010/5/11
10
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
11/73
Jamming methods(cont)
2010/5/11
11
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
12/73
Parameters in attack detection
Signal-to-Noise Ratio (SNR):
SNR refers to the ratio of signal power to the power of noise present in
the received signal.
Packet Delivery Ratio (PDR):
The ratio of number of packets that were successfully delivered to their
respective destination to the total number of packets sent out by the
node.
Carrier Sense Time
2010/5/11
12
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
13/73
Parameters in attack detection(cont)
2010/5/11
13
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
14/73
Parameters in attack detection(cont)
2010/5/11
14
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
15/73
Steps of tackling jamming attacks
Attack detection:
The Physical-layer.
The MAC-layer
Attack mitigation:
Overcome the effects of the attack.
Attack prevention(seldom included):
Prevent the occurrence of an attack on the network.
2010/5/11
15
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
16/73
Existing techniques
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
17/73
Existing techniques
Channel Surfing
Spatial Retreats
Using Wormholes
Jammed region mapping
Spread Spectrum Techniques
2010/5/11
17
NTU OPLab
8
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
18/73
Channel Surfing
A spectral evasion mechanism:
Move to a different channel of operation.
On detection of an attack, the nodes:
Change the channel of operation based on a pre-defined pseudorandom
sequence.
An access point frequently sends beacons to all its associated
nodes to check if they are still with it or not.
2010/5/11
18
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
19/73
Channel Surfing(cont)
2010/5/11
19
NTU OPLab
20
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
20/73
Spatial Retreats
Based on spatial evasion:
AP are immobile components
Move from the region of their current AP which is currently beingjammedto the region of an emergency AP.
While moving away:
The nodes tries to connect to its jammed AP.
2010/5/11
20
NTU OPLab
21
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
21/73
Using Wormholes
Two or more attackers act as a single attacker through a
coordinated attack mechanism.
With the help of a special communication link(worm hole).
A similar mechanism, when there are some nodes are jammed
in a network, they: Communicates through an un-jammed medium
Afterward, an attack mitigation followed.
2010/5/11
21
NTU OPLab
22
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
22/73
Jammed region mapping
Mapping out the jammed region with a protocol.
Based on the responses received by the nodes which lie on theboundary of the jammed region.
Mitigate the impact of a jammer by identifying and isolatingthe
jammed region, and then trying to determine alternate routing pathsfor the data packets.
2010/5/11
22
NTU OPLab
23
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
23/73
Spread Spectrum Techniques
Traditional techniques:
Push maximum traffic into the minimum amount of bandwidth
Spread Spectrum:
Spreads the signal over a range of bandwidth in the widest
possible manner.
Makes the communication very hard to be detected and jammed.
2010/5/11
23
NTU OPLab
24
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
24/73
Limitations of the existing techniques
Attack detection.
Most of the jamming attacks detected arefalse alarms
Some of the solutions allows a portion of the network to
become inoperable.
These are not very popular, as they affect the connectivity of the jammed nodes
2010/5/11
24
NTU OPLab
25
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
25/73
Limitations of the existing techniques(cont)
Spatial Retreats
Involvesphysically moving
Restricts the mobility of the nodes.
Wormholes
Requires an additional secure channel between all node pairs
Spread spectrum
Extra costs for small quantity of information
High complexity
2010/5/11
25
NTU OPLab
26
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
26/73
Limitations of the existing techniques(cont)
A missing aspect:
No prevention mechanisms.
2010/5/11
26
NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
27/73
Proposed solution
28
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
28/73
Proposed solution
Providing a mechanism for attack prevention
Can be easily integrated into the existing network architecture
2010/5/11
28
NTU OPLab
29
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
29/73
Network Architecture Involve following components:
Base-station
Mobile nodes
Honeynodes
Honeynode is the only new
component added to the existing
infrastructure.
2010/5/11
29
NTU OPLab
30
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
30/73
Honeynodes Secondary interfaces on base-
stations
Guard the frequency of
operation by:
Send out fake signals on a nearby
frequency
Prevent the attacks by deceivingthe attacking entity to attack the
honeynode.
2010/5/11
30
2405MHzBase Station
2400 MHzHoneynode
Jammer scansthe channel
NTU OPLab
31
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
31/73
Algorithm for proposed mechanism
If the mobile nodes or base-stations detects an attack, it:
changes its frequency of operation based on a pseudorandom
sequence.
If the honeynode detects an attack, it:
Continues to send signals on that channel
Informs the base-station of the impending attack Then the base-station issues afrequency change commandto
all its associated nodes.
Later on, the honeynode switches its frequency of operation to
the new guard frequency.
2010/5/11
31
NTU OPLab
32
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
32/73
Algorithm for proposed mechanism(cont)
2010/5/11
32
NTU OPLab
33
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
33/73
Algorithm for proposed mechanism(cont)
2010/5/11
33
NTU OPLab
34
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
34/73
Contributions
Introduced honeynodes into
the network architecture
Eliminates the possibility
of base station jamming
Base station jamming canoccur only when:
base stations move from
one frequency of operation
to another.
2010/5/11
34
NTU OPLab
2405MHzBase Station
2400 MHzHoneynode
Jammer 1
2430 MHzBase Station
Hop
Run
Jamming
Jammer 2
35
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
35/73
Contributions(cont) Secondly, they have used a hybridproactive and reactive
frequency selection algorithm for frequency selection.
Proactive mechanisms:
Based on a pre-defined pseudorandom sequence
Reactive mechanisms:
Determine the next frequency of operation dynamically
Whileproactive mechanisms arefast, reactive mechanisms
give better performance.
2010/5/11
35
NTU OPLab
36
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
36/73
Contributions(cont) A major constraint on a reactive mechanism:
requires an un-jammed communication linkbetween all
participating nodes
We employ a hybrid technique which follows the
proactive approach when mobile nodes or base stations are
jammed
reactive mechanism in case the honeynode detects an attack.
2010/5/11
3
NTU OPLab
37
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
37/73
Attackers behavior
2010/5/11
37
NTU OPLab
38
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
38/73
Hybrid frequency selection algorithm When normal nodes, i.e., mobile nodes and base-stations,
detect an attack,
They use a pre-defined pseudorandom sequence for the selectionof the next frequency.
This sequence is known to every legal node that is present on
the network.
A reactive approach cannot be used in such a case because
the regular communication channel would be under attack.
2010/5/11
3
NTU OPLab
39
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
39/73
Hybrid frequency selection algorithm(cont)
2010/5/11NTU OPLab
When a honeynode detects an attack,
it alerts the base-station it is attached to about the imminent
attack.
The base station
Maintains a blacklist of all frequencies recently jammed.
On receiving an alert from the honeynode, it selects a frequency
that isfarthest away from any blacklisted frequency amongst the
list of available frequencies.
40
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
40/73
Hybrid frequency selection algorithm(cont)
When an attack is detected on a frequency
It is added to the blacklist of jammed frequencies
For time equal to risk_time.
2010/5/11NTU OPLab
41
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
41/73
Hybrid frequency selection algorithm(cont)
2010/5/11NTU OPLab
42
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
42/73
Hybrid frequency selection algorithm(cont)
2010/5/11NTU OPLab
43
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
43/73
Hybrid frequency selection algorithm(cont)
2010/5/11NTU OPLab
44
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
44/73
Attack scenarios and respective defence
strategies Scenario 1: Only communicating mobile nodes are jammed.
Scenario 2: Mobile nodes and base-station are jammed.
Scenario 3: Honeynode is jammed.
2010/5/11NTU OPLab
45
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
45/73
Only communicating mobile nodes are
jammed
2010/5/11NTU OPLab
46
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
46/73
Both mobile nodes and base-station are
jammed
2010/5/11NTU OPLab
47
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
47/73
Honeynode is jammed
2010/5/11NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
48/73
Simulation
49
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
49/73
Simulation In order to determine how effective our proposed algorithm is,
this work simulated the proposed algorithm along with the
Channel Surfing Algorithm, to compare their respectiveperformance under similar conditions.
2010/5/11NTU OPLab
50
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
50/73
Simulation topology Four BSs
Each BS having seven associated nodes.
The BSs connected to each other through a wired distributionsystem.
During the simulations, communications had been set up
randomly between various nodes.
Introduce jammers into the scene and measure theperformance metrics for various attack intensities.
2010/5/11NTU OPLab
51
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
51/73
Simulation topology(cont)
2010/5/11NTU OPLab
52
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
52/73
Simulation topology(cont) Simulations were performed with 1 to 3 jammers.
To achieved the purpose ofvarying attack intensities, they position jammers around one of the base-stations (base-
station 1 in the figure).
Performance of the algorithm was tested on how effectivelythe nodes could communicate(e.g. PDR).
2010/5/11NTU OPLab
53
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
53/73
Simulation topology(cont)
2010/5/11NTU OPLab
54
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
54/73
Assumptions The following assumptions were made about the Jammer:
Jamming was carried out by sending large packets at a very fast
rate. When a jammer transmits the signal on a given frequency channel,
no other communication can take place on that channel till the
attack ceases to exist.
Jammer scans frequencies in a linear fashion.
Mobility of a jammer is restricted to the region of the first base
station (the one shown to be jammed in Fig. 14)
2010/5/11NTU OPLab
55
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
55/73
Assumptions(cont) The following assumptions were made about honeynodes,
mobile nodes and base station:
The honeynode interface is assumed to be capable ofcommunicating with the associated base-station, irrespective of
the jam status of either (both of them are interfaces of the same
node).
All channel hops are assumed to be made instantaneously.
Mobile nodes were kept stationary, in order to prevent packet lossdue to disassociation of nodes from the access point (due to the
node moving out of range of the access point) affecting the
performance analysis of the jamming attack mitigation algorithm.
2010/5/11NTU OPLab
56
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
56/73
System ParametersDescription
Simulation area(m2) Physical dimensions of the network topology
Transmission range(m) Of BSs
Packet rate(kbps) Of MNs
Packet size(bytes) Of MNs
Frequency hop time(ms) Time taken to change the channel of operation
Number of base stations More BSs, more honeynodes
Number of attackers To achieve different attack intensities
Jammer configuration Including jam packet rate, jam packet size, transmission
power
Channel sense time(ms) The time jammer takes to listen to the current channel
Number of available channel
Over all simulation time
2010/5/11NTU OPLab
57
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
57/73
Results and discussion The following metrics were considered for analyzing the
performance of the proposed scheme:
Packet delivery ratio. Jammed duration versus the simulation time.
Jammed duration versus the number of jammers.
Control message overhead.
Number of channel reconfigurations.
2010/5/11NTU OPLab
58
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
58/73
Packet delivery ratio
2010/5/11NTU OPLab
59
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
59/73
Packet delivery ratio(cont) Channel Surfing algorithm:
A decrease in the packet delivery ratio up to a certain point at the
beginning, after which it was nearly constant.
Proposed algorithm:
Consistently better and nearly constant performance
2010/5/11NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
60/73
61
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
61/73
Jammed duration vs. the simulation
time(cont) Channel Surfing algorithm:
Jammed duration grows with simulation time
Proposed algorithm:
Independent of simulation time
2010/5/11NTU OPLab
62
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
62/73
Jammed duration vs. the number of
jammers
2010/5/11NTU OPLab
63
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
63/73
Jammed duration vs. the number of
jammers(cont) Note: Simulation time: 100s
Channel Surfing algorithm:
Performance decreases, till the point where it is nearly the same as thatof Channel Surfing algorithm, as the number of jammers increased.
Proposed algorithm:
2010/5/11NTU OPLab
64
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
64/73
Control message overhead
2010/5/11NTU OPLab
65
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
65/73
Control message overhead(cont) Channel Surfing algorithm:
reduces network performance marginally, over Channel Surfing
Algorithm, as simulation time is increased.
Proposed algorithm:
Less overhead
2010/5/11NTU OPLab
66
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
66/73
Number of channel reconfigurations
2010/5/11NTU OPLab
67
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
67/73
Number of channel reconfigurations(cont)
Channel Surfing algorithm:
A marginal increase can be observed in the number of frequency as
simulation time increased.
Proposed algorithm:
Less frequency hops
2010/5/11NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
68/73
Conclusions
69
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
69/73
Conclusions Proposed algorithm performed consistently better than the Channel
Surfing Algorithm, with the worst case performance being same as
that of Channel Surfing.
However, as the attack intensity increases, the performance of the
proposed strategy declines gradually till it converges to the same
performance level as that of Channel Surfing.
They explored thefeasibility of implementingpre-emptive channel
hopping within 802.11 to protect legitimate communication fromjamming.
2010/5/11NTU OPLab
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
70/73
Comments
71
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
71/73
Limited attacker-defender scenario Position of BSs
Number of normal nodes
Number of Jammers(intensity)
Mobility:
Attackers mobility is limited to the range of the 1st BS
Mobile nodes is stationary
Attack approach: Reactive method
Keep jamming till there are no communications on the channel.
Linear channel search
2010/5/11NTU OPLab
72
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
72/73
Limited attacker-defender scenario(cont)
2010/5/11NTU OPLab
2405 MHzBase Station
2400 MHzHoneynode
Jammer
Jamming
2425 MHzBase Station
2420 MHzHoneynode
Jammer
Jamming
Random
Scan
73
7/30/2019 20100511_Using Honeynodes for Defense Against Jamming Attacks in Wireless Infrastructure-based Networks
73/73
The End Thanks for your attention.
2010/5/11NTU OPLab