Download presentation
Presentation is loading. Please wait.
Published byGertrude Webster Modified over 6 years ago
1
Jamming for good: a fresh approach to authentic communication in WSNs
I.Martinovic, P.Pichota, J.B.Schmitt WiSec’09
2
Outline 0. Wireless Sensor Network 1. Motivation
2. Wireless Security Primitives 3. Jam Where It Hurts 4. Wireless Security Design 5. Overall Network Analysis 6. Conclusion 7. Comment
3
0. Wireless Sensor Network
Definition Consists of spatially distributed autonomous sensors Capability to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants
4
1. Motivation Completely abandoned cryptographic methods
Instead of conventional message authentication by receiving, verifying, and then discarding fake data Sensor nodes are prevented from receiving fake data at all Novel security design relying merely on physical properties of wireless communications – by frequency jamming (although usually used as adversarial tools)
5
2. Wireless Security Primitives
Some experimental results that demonstrate the unpredictable nature of the signal propagation
6
2. Wireless Security Primitives
2.1 Radio signal propagation
7
2. Wireless Security Primitives
2.2 Transmission control By setting only frames with RSS ∈ [RSSmin,RSSmax] are accepted & processed This simple countermeasure forces an adversary to chose between two attack vectors: (i) Impersonate: inject fake frame on receivers by adapting its transmission power (ii) Jamming: launching a frequency jamming attack by producing RSS >RSSmax However, in this case, its frames are not accepted by the receivers, (i.e., this attack can only serve for jamming and not for impersonation)
8
2. Wireless Security Primitives
2.3 Jamming for Good Low-cost WSN devices are, in general, not capable of sending and receiving frames at the same time To jam or not? Therefore, to support jamming of the fake data frames, the idea is to integrate jamming into the communication protocol (in Section 4.4)
9
2. Wireless Security Primitives
2.3 Jamming for Good This is done by separating the data exchange into two frames DFN: a small Data Follows Notification frame DATA: a Data Content frame Inter-Frame Time Gap (between DFN & DATA) First, frames will be rejected if arrived too soon or too late Second, other sensors are provided with enough time to analyze the authenticity of the DFN frame, and decide whether to jam
10
3. Jam Where It Hurts SHR: synchronization header (for symbol synchronization and frequency offset at potential receivers) SFD: start of frame delimiter (for byte synchronization and to indicate the end of this phase) PHR: physical header PSDU: Physical-layer Service Data Unit
11
3. Jam Where It Hurts 3.2 Timing and Jam Duration Factors of delay
Transceiver recalibration In-system processing Hence, the mean delay itself is not that crucial More important is the variance and granularity of available timers
12
3. Jam Where It Hurts 3.2 Timing and Jam Duration
13
3. Jam Where It Hurts 3.2 Timing and Jam Duration [t0−80 , t0+80]
Initial acceptance interval; t0 denotes the exact point in time [t0−112 , t0+80] With respect to transmission delay of 32µs [t0−192 , t0+80] The transmission commences 80µs before or after t0 Since the jammer itself is subject to limited accuracy (every WSN node can be a potential jammer) [t0−272 , t0+80] Scheduled to eliminate all uncertainties Total duration: 352µs
14
3. Jam Where It Hurts 3.2 Timing and Jam Duration
15
3. Jam Where It Hurts 3.3 How Many Concurrent Jammers?
The number of jammers should be active during a fake transmission Also, since acceptance intervals limit an adversary’s RSS to RSSmax during an injection attack, legitimate nodes are able to transmit at least equally strong signal as an adversary
16
4. Wireless Security Design
The main objective: data authentication A WSN should be able to verify whether sensor data originated from legitimate sensors. Using two mechanisms (1) attack detection: Fake transmissions are identified (detected) (2) attack cancellation: Utilize jamming to prevent sensors from receiving the fake data (jamming)
17
4. Wireless Security Design
4.2 Attack Detection During this phase all sensors periodically change their transmission frequencies and power levels Attack 1: Offline attack (brute-force) Fail; for the adversary must find a configuration of transmission properties that fulfill the acceptance intervals on the receivers Attack 2: Active probing attack To probe the acceptance intervals; and it’s also the reason why dynamically changes the frequency Can introduce further methods to detect & countermeasure
18
4. Wireless Security Design
4.2 Attack Detection
19
4. Wireless Security Design
4.3 Attack Cancellation After detecting not in the acceptance interval Assumption of the attack The adversary should not be able to exactly predict the jammers of the next fake transmission (that is, the adversary cannot selectively attack the legitimate nodes for battery-exhaustion attack) To reduce the jamming redundancy by controlling the ratio of jams per fake transmission (as discussed in Section 3.3) so having large number of potential jammers (nodes that detect the injected frame) but keep the number of active jammer low.
20
4. Wireless Security Design
4.4 Adaptive Jamming Each node bears an Individual probability p for jamming a detected impersonation attack To keep the adversary from guessing the next jammer, and To avoid permanent jamming from a single node Jamming functions increase: f1 : p ← p · (1 − log10 p) decrease: f2 : p ← p · (1 − log10 p)−1
21
4. Wireless Security Design
4.4 Adaptive Jamming Three cases during their monitoring of the channel 1. DFN impersonated ∧ DATA received No jamming activity; the attack was successful Hence, the node increases its jamming probability p by applying some function f1(p) 2. DFN impersonated ∧ JAM received Detected and received other nodes’ JAM frame Applies f2(p) to decrease p 3. DFN impersonated ∧ JAM sent Detected; decrease p by f2(p)
22
4. Wireless Security Design
4.4 Adaptive Jamming
23
5. Overall Network Analysis
5.2 Threat Model The attacker’s goal: to maximize the number of messages sent on behalf of I which are correctly received and accepted by T for each frequency f by adjusting the parameters p and p∗ Tuple (f , p, p∗) In order to determine the impersonation success he repeatedly emits 100 messages addressed to T for each wireless configuration represented by a tuple (f , p, p∗) ( I: intermediary sensor; T: corresponding sensor; f: frequency p: applied power level; p∗: pretended power level )
24
5. Overall Network Analysis
5.4 Evaluation Results The results and discussion focus on the maximum success rate a virtual attacker can achieve the number of sensors able to overhear malicious transmissions how many of them eventually take countermeasures
25
5. Overall Network Analysis
5.4 Evaluation Results
26
6. Conclusion Take advantage of jamming to provide new authentication mechanisms Rather than spending battery power to receive, verify, and then discard the data, a wireless device can Impersonation attacks can be easily detected and avoided By using jamming with other properties of wireless communications such as the unpredictable nature of radio propagation, this work demonstrated that without relying on any secrets
27
7. Comment Countermeasure to active probing?
By periodically, dynamically changing acceptance interval? How to build a strong “acceptance interval” generator?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.