wireless dos attacks

7/25/2019 Wireless DOS Attacks

1/24

Wireless Denial of ServiceAttacks

NIS586 Final ProjectSpring 2013 Websection

Steve Kaleta04/10/2013

1


2/24

Wireless Systems Wireless LANs

Mobility, easy setup, high bandwidth, industry standards, lowcost, installed everywhere

Security

Integrity- Data is reliably delivered with no corruption Authentication- User is verified

Accounting- history of user logins, what was modified by who

2


3/24

Security Issues Wireless systems are meant for high availability and

easy access Well known standards, cheap equipment make it easy to

attack.

-attacks since they are easy to implement

Wireless systems open to man in the middle attacks

Rogue wireless nodes- people plugging nodes where

they should not be located to access the wiredinfrastructure or gain access to other networks

3


4/24

DOS Terms Jamming Efficiency

Energy

Jamming measurements

Packet Send ratio- packets transmitted vs packets tried to deliveredbut lost or jammed

ac e e very ra o- pac e s w goo vs pac e s rece ve Jamming to SNR-

4


5/24

Packet send ratio Packet send ratio- the efficiency of the jammer to block

transmission of the data at the transmitter end of the linksentbetoIntendedPackets

sentPackets

n

mPSR

____

_==

5


6/24

Packet Delivery Ratio

receivedPackets

CRCpassThatPackets

m

q

PDR _

___==

Packet Delivery ratio- The ratio of uncorrupted traffic at the

receiver end of the wireless link that is usable

6


7/24

Jamming to SNR

BLRGGP 2

Jamming to SNR- The energy of the jammer to the receiving device.This equation basically tells you the factors that would decrease the

effectiveness of a jamming attack. For instance Increasing thetransmitted power, increasing the gain of the antenna, anddecreasing the distance from transmitter to receiver.

7

JJJRrttrt

rrr

BLRGGPR 2

==


8/24

Layer 1 Jamming models Constant jammer- Continuous sending randomly

generated bits to corrupt data Deceptive jammer- Jams only when between traffic to

make it seem that the channel is in continuous use

-probability of finding the jammer

Reactive jammer- Jams only when it senses traffic at thedestination receiver

8


9/24

Intelligent jamming models Intelligent Jamming- Focus on the upper layers of the protocols

beyond the physical layer. For instance network, transport, orapplication layers and requires more knowledge of how theprotocol works.

Jamming gain- ratio of specific jammer algorithm versus constant

9

Targeted jamming- using a jammer to target specific accessnodes

Low probability of detection- using a sensing strategy to attackthe data instead of constantly transmitting


10/24

Intelligent 802.11 Jammers CTS corruption- destroying the CTS packet

Ack corruption- corrupting the ack frame at the MAC level Data corruption- jams after counting down the DIFS time

Narrowband

DIFS- waits till DIFS time then ams communication channel

Identity- dissociates user from a node or disauthenticates user froma node

Greedy behavior- transmitting at shorter interval than other users

Wireless Adhoc- attacking the routing of data traffic

10


11/24

Intrusion detection1. Signal strength- monitoring average received signal strength

2. Carrier sensing- MAC layer monitoring of the channel beforetransmitting

3. Measuring PDR- This gives a rough indication that data is corrupted atthe receiver

. ons s ency c ec s- use s gna cons s ency c ec an oca onconsistency checks

11


12/24

Wireless Intrusion detection system

The wireless network share the following among

neighbors Corrupted traffic data

Good traffic data

Event list of the above

12

A communications channel failure will have random datapackets lost. A jamming attack will cause sequentialpacket losses.


13/24

Wireless Adhoc IDS

Adhoc networks share limited bandwidth,route data, have changing network topologies,and limited ener

Wireless adhoc IDS uses SNMP with MIBagents at nodes to send back data

An application uses a database to look for

unusual data events that might be a jammer

13


14/24

Intrusion Prevention Frequency hopping spread spectrum- assumption that

jammer cant jam all frequencies or follow a random hoppattern. Nodes move to a nonjammed band.

Limitations: limited bands available, well knownsequence, possibly narrowband for jammer to cover

14


15/24

Intrusion prevention Spatial retreats- move away from jamming devices

A mobile node could follow the boundaries of the

jammer to keep communication channel open toneighboring nodes

15


16/24

Intrusion Prevention Reservation based- reserve transmission medium for M

slots, nodes senses if channel is occupied every k slots,if not the access node cancels the CTS request bysending a CTSR packet.

When K


17/24

Intrusion Prevention Defense against layered attacks

Jammer look for packet sequences, interframe spaces,protocol and packet size relationships

One defense against network layered attacks is to pad the, .

padding would disguise it from just regular traffic.

Another method is to use packet aggregation. Basicallymultiplexing multiple frames into one frame to hide the

information from the jammer

17


18/24

Intrusion Prevention-Physical layer defense against jamming

-Simple, directional antennas, cybermines,covert channels, wormholes, protocolmechanism hopping

18


19/24

Intrusion PreventionWormholes- channel diversityWired pair sensors- using wired nodes to bypass thejammed areaFrequency hopping pairs- using another pair of nonjammed frequencies

19

Uncoordinated channel hopping-communicating onepacket at a time across very wide bands


20/24

Summary of DOS attacks

20


21/24

Potential applications or issues Current applications would use the signal to jamming

equation to provide quick methods to employ againstjammers such as shorter distances, increasing gain ofantennas,

from being near WLANs such as secure areas or cardaccess to buildings

Use methods to trick the jammer into using up its energy

source so it can no longer attack the WLAN accessnodes

21


22/24

Future directions Cooperative jamming- using cooperative noise to reduce

jammers effectiveness Wireless link signatures to authenticate base stations

and nodes

-

harder for a jammer to know when it would be mosteffective time to maximize the attack

Using encryption to make it harder to employ jamming

Better error correcting codes to compensate for randombit error attacks

22


23/24


24/24

Reference1. Pelechrinis, K.; Iliofotou, M.; Krishnamurthy, S.V., "Denial of Service Attacks in

Wireless Networks: The Case of Jammers,"Communications Surveys & Tutorials,

IEEE, vol.13, no.2, pp.245,257, Second Quarter 2011doi: 10.1109/SURV.2011.041110.00022URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5473884&isnumber=5764312

2. Calvert, Kenneth L. "802.11 WiFi."Http://protocols.netlab.uky.edu/~calvert/classes/571/. N.p., n.d. Web. 12 Apr.

2013.

3. Scarfone, Karen. "Intrusion Detection System."Wikipedia. Wikimedia Foundation, 13Apr. 2013. Web. 14 Apr. 2013.

24

wireless dos attacks

Documents