wireless dos attacks
TRANSCRIPT
-
7/25/2019 Wireless DOS Attacks
1/24
Wireless Denial of ServiceAttacks
NIS586 Final ProjectSpring 2013 Websection
Steve Kaleta04/10/2013
1
-
7/25/2019 Wireless DOS Attacks
2/24
Wireless Systems Wireless LANs
Mobility, easy setup, high bandwidth, industry standards, lowcost, installed everywhere
Security
Integrity- Data is reliably delivered with no corruption Authentication- User is verified
Accounting- history of user logins, what was modified by who
2
-
7/25/2019 Wireless DOS Attacks
3/24
Security Issues Wireless systems are meant for high availability and
easy access Well known standards, cheap equipment make it easy to
attack.
-attacks since they are easy to implement
Wireless systems open to man in the middle attacks
Rogue wireless nodes- people plugging nodes where
they should not be located to access the wiredinfrastructure or gain access to other networks
3
-
7/25/2019 Wireless DOS Attacks
4/24
DOS Terms Jamming Efficiency
Energy
Jamming measurements
Packet Send ratio- packets transmitted vs packets tried to deliveredbut lost or jammed
ac e e very ra o- pac e s w goo vs pac e s rece ve Jamming to SNR-
4
-
7/25/2019 Wireless DOS Attacks
5/24
Packet send ratio Packet send ratio- the efficiency of the jammer to block
transmission of the data at the transmitter end of the linksentbetoIntendedPackets
sentPackets
n
mPSR
____
_==
5
-
7/25/2019 Wireless DOS Attacks
6/24
Packet Delivery Ratio
receivedPackets
CRCpassThatPackets
m
q
PDR _
___==
Packet Delivery ratio- The ratio of uncorrupted traffic at the
receiver end of the wireless link that is usable
6
-
7/25/2019 Wireless DOS Attacks
7/24
Jamming to SNR
BLRGGP 2
Jamming to SNR- The energy of the jammer to the receiving device.This equation basically tells you the factors that would decrease the
effectiveness of a jamming attack. For instance Increasing thetransmitted power, increasing the gain of the antenna, anddecreasing the distance from transmitter to receiver.
7
JJJRrttrt
rrr
BLRGGPR 2
==
-
7/25/2019 Wireless DOS Attacks
8/24
Layer 1 Jamming models Constant jammer- Continuous sending randomly
generated bits to corrupt data Deceptive jammer- Jams only when between traffic to
make it seem that the channel is in continuous use
-probability of finding the jammer
Reactive jammer- Jams only when it senses traffic at thedestination receiver
8
-
7/25/2019 Wireless DOS Attacks
9/24
Intelligent jamming models Intelligent Jamming- Focus on the upper layers of the protocols
beyond the physical layer. For instance network, transport, orapplication layers and requires more knowledge of how theprotocol works.
Jamming gain- ratio of specific jammer algorithm versus constant
9
Targeted jamming- using a jammer to target specific accessnodes
Low probability of detection- using a sensing strategy to attackthe data instead of constantly transmitting
-
7/25/2019 Wireless DOS Attacks
10/24
Intelligent 802.11 Jammers CTS corruption- destroying the CTS packet
Ack corruption- corrupting the ack frame at the MAC level Data corruption- jams after counting down the DIFS time
Narrowband
DIFS- waits till DIFS time then ams communication channel
Identity- dissociates user from a node or disauthenticates user froma node
Greedy behavior- transmitting at shorter interval than other users
Wireless Adhoc- attacking the routing of data traffic
10
-
7/25/2019 Wireless DOS Attacks
11/24
Intrusion detection1. Signal strength- monitoring average received signal strength
2. Carrier sensing- MAC layer monitoring of the channel beforetransmitting
3. Measuring PDR- This gives a rough indication that data is corrupted atthe receiver
. ons s ency c ec s- use s gna cons s ency c ec an oca onconsistency checks
11
-
7/25/2019 Wireless DOS Attacks
12/24
Wireless Intrusion detection system
The wireless network share the following among
neighbors Corrupted traffic data
Good traffic data
Event list of the above
12
A communications channel failure will have random datapackets lost. A jamming attack will cause sequentialpacket losses.
-
7/25/2019 Wireless DOS Attacks
13/24
Wireless Adhoc IDS
Adhoc networks share limited bandwidth,route data, have changing network topologies,and limited ener
Wireless adhoc IDS uses SNMP with MIBagents at nodes to send back data
An application uses a database to look for
unusual data events that might be a jammer
13
-
7/25/2019 Wireless DOS Attacks
14/24
Intrusion Prevention Frequency hopping spread spectrum- assumption that
jammer cant jam all frequencies or follow a random hoppattern. Nodes move to a nonjammed band.
Limitations: limited bands available, well knownsequence, possibly narrowband for jammer to cover
14
-
7/25/2019 Wireless DOS Attacks
15/24
Intrusion prevention Spatial retreats- move away from jamming devices
A mobile node could follow the boundaries of the
jammer to keep communication channel open toneighboring nodes
15
-
7/25/2019 Wireless DOS Attacks
16/24
Intrusion Prevention Reservation based- reserve transmission medium for M
slots, nodes senses if channel is occupied every k slots,if not the access node cancels the CTS request bysending a CTSR packet.
When K
-
7/25/2019 Wireless DOS Attacks
17/24
Intrusion Prevention Defense against layered attacks
Jammer look for packet sequences, interframe spaces,protocol and packet size relationships
One defense against network layered attacks is to pad the, .
padding would disguise it from just regular traffic.
Another method is to use packet aggregation. Basicallymultiplexing multiple frames into one frame to hide the
information from the jammer
17
-
7/25/2019 Wireless DOS Attacks
18/24
Intrusion Prevention-Physical layer defense against jamming
-Simple, directional antennas, cybermines,covert channels, wormholes, protocolmechanism hopping
18
-
7/25/2019 Wireless DOS Attacks
19/24
Intrusion PreventionWormholes- channel diversityWired pair sensors- using wired nodes to bypass thejammed areaFrequency hopping pairs- using another pair of nonjammed frequencies
19
Uncoordinated channel hopping-communicating onepacket at a time across very wide bands
-
7/25/2019 Wireless DOS Attacks
20/24
Summary of DOS attacks
20
-
7/25/2019 Wireless DOS Attacks
21/24
Potential applications or issues Current applications would use the signal to jamming
equation to provide quick methods to employ againstjammers such as shorter distances, increasing gain ofantennas,
from being near WLANs such as secure areas or cardaccess to buildings
Use methods to trick the jammer into using up its energy
source so it can no longer attack the WLAN accessnodes
21
-
7/25/2019 Wireless DOS Attacks
22/24
Future directions Cooperative jamming- using cooperative noise to reduce
jammers effectiveness Wireless link signatures to authenticate base stations
and nodes
-
harder for a jammer to know when it would be mosteffective time to maximize the attack
Using encryption to make it harder to employ jamming
Better error correcting codes to compensate for randombit error attacks
22
-
7/25/2019 Wireless DOS Attacks
23/24
-
7/25/2019 Wireless DOS Attacks
24/24
Reference1. Pelechrinis, K.; Iliofotou, M.; Krishnamurthy, S.V., "Denial of Service Attacks in
Wireless Networks: The Case of Jammers,"Communications Surveys & Tutorials,
IEEE, vol.13, no.2, pp.245,257, Second Quarter 2011doi: 10.1109/SURV.2011.041110.00022URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5473884&isnumber=5764312
2. Calvert, Kenneth L. "802.11 WiFi."Http://protocols.netlab.uky.edu/~calvert/classes/571/. N.p., n.d. Web. 12 Apr.
2013.
3. Scarfone, Karen. "Intrusion Detection System."Wikipedia. Wikimedia Foundation, 13Apr. 2013. Web. 14 Apr. 2013.
24