Download presentation
Presentation is loading. Please wait.
Published byTodd Ellis Modified over 9 years ago
1
Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang
2
Outline Previous Comments Problem Description 2010/11/18 2 NTU OPLab
3
Previous Comments
4
Exploit Nodes’ Hearing Ranges Multiple jammers Topology planning Budget allocation 2010/11/18 4 NTU OPLab
5
Exploit Nodes’ Hearing Ranges Can we exploit nodes’ hearing ranges by adjusting transmission power? ▫ : the minimum SNR(the threshold value required to decode a signal successfully. ▫ 2010/11/18 5 NTU OPLab
6
Exploit Nodes’ Hearing Ranges(cont’) 2010/11/18 6 NTU OPLab
7
Exploit Nodes’ Hearing Ranges(cont’) Algorithm description 2010/11/18 7 NTU OPLab Distance between A and J Suppose we know: 1.A’s coordinates 2.A’s hearing range(distance between A and B)
8
Exploit Nodes’ Hearing Ranges(cont’) Estimating the hearing range ▫ Average of: The location of the furthest remaining neighbor(lower bound) The location of the nearest lost neighbor(upper bound) Estimation error between: 2010/11/18 8 NTU OPLab
9
Exploit Nodes’ Hearing Ranges(cont’) It’s possible to exploit nodes’ hearing ranges by adjusting transmission power. Suppose B is a ▫ Fully jammed neighbor of A Inform B to increase its transmission power until the SNR received by A meets the threshold. ▫ Partially jammed neighbor of A Inform B to decrease its transmission power until the SNR received by A meets the threshold. 2010/11/18 9 NTU OPLab
10
Multiple jammers Assumption When jamming ranges overlapped, 1.the edge of the ranges will not become fuzzy( 邊界不會模糊 化 ) 2.the signal strength received by the nodes which are located in the overlapped area is dominated by the stronger one. 2010/11/18 10 NTU OPLab JAJA JBJB Node A Jammer JB’s signal strength is stronger in this case
11
Multiple jammers(cont) Challenges 1.The shape of overlapped jamming range 的 is irregular. 2010/11/18 11 NTU OPLab 1.The defender is not able to see the detailed jamming range figure. 2.The defender only know the nodes which are being jammed. 3.Thus, the defender can only sequentially make suggestions about the number of jammers in the network.
12
Multiple jammers(cont) Challenges 2.How to localize multiple jammer’s position? 2010/11/18 12 NTU OPLab 1.Some nodes are suitable to be used to localize jammers. 2.But the others are not, they are located in overlapped jamming area. 3.The question is, how do they know if they are located in the same jamming range? Node C Node A Node B JAJA JBJB
13
Multiple jammers(cont) Challenges 3.Heterogeneous jammers. 2010/11/18 13 NTU OPLab 1.Some times the jamming area seems like there is only one jammer in the network. 2.And the nodes are able to estimate the location of the jammer. 3.Yes, the jammer is removed, but the network is still jammed. 4.Because there are actually multiple jammers in the network. JAJA JBJB JDJD JEJE JFJF JCJC Node C Node B Node A Node D Node E Node F ?
14
Multiple jammers(cont) Jammer number estimation ▫ Consider the effect on the jammed node’s ability to communicate 2010/11/18 14 NTU OPLab JAJA JBJB JDJD JCJC Node C Node B Node A Node D Node E Node F Some nodes may not be able to be recognized.
15
Multiple jammers(cont) Jammer number estimation ▫ Chart with graphical information 2010/11/18 15 NTU OPLab Node C Relatively high(compare to other observation points with similar distance)
16
Other Previous Comments Topology planning Budget allocation 2010/11/18 16 NTU OPLab
17
Problem Description
18
Problem ▫ Topology information gathering ▫ Jamming attack Environment ▫ Infrastructure/Backbone WMNs Role ▫ Attacker ▫ Defender 2010/11/18 18 NTU OPLab
19
Defender Attributes ▫ Nodes Base Station Mesh router(with 2 NICs) Mesh client Honeynode(with 3 NICs) Guard Node 2010/11/18 19 NTU OPLab
20
Defender(cont’) Attributes ▫ Budget Planning phase Topology planning Non-deception based Deception based Defending phase Localization ▫ Approximate ▫ Precise 2010/11/18 20 NTU OPLab
21
Defender(cont’) Strategies ▫ Planning phase Protect core nodes Protect BS Nodes with high population Protect valuable information(ex. routing table, traffic) Ensure QoS Protect Traffic 2010/11/18 21 NTU OPLab
22
Defender(cont’) Strategies ▫ Defending phase Real-time reaction Priority of jammer removing ▫ Minimize the total effectiveness of jamming ▫ Retrieve QoS Methods of jammer removing(precise or approximate) ▫ Determined by its possibility of being approximated. 2010/11/18 22 NTU OPLab
23
Attacker Attributes ▫ Budget Preparing phase Node compromising Jammer choosing ▫ High quality jammers ▫ Normal jammers ▫ Capability Capability of compromising nodes Capability of recognizing fake info. 2010/11/18 23 NTU OPLab
24
Attacker(cont’) Strategies ▫ Preparing phase Node compromising Compromise core nodes Be stealthy Reduce QoS Topology extending Random 2010/11/18 24 NTU OPLab
25
Attacker(cont’) Strategies ▫ Attacking phase Attacker’s Objective Maximize attack effectiveness QoS Maximize number of jammed mesh routers Random 2010/11/18 25 NTU OPLab
26
Scenario 2010/11/18 26 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource
27
Scenario(cont’) For attacker ▫ Objective: Maximize the effect to the network (Metrics of time and user numbers) ▫ Incomplete information of the network ▫ Budget limited For defender ▫ Objective: Minimize the maximized negative effect cased by the attacker. Maximize the budget ▫ Budget limited 2010/11/18 27 NTU OPLab
28
Scenario(cont’) Assumptions: 1.The communications between mesh routers and between mesh routers and mesh clients use different communication protocol. 2.All the packets are encrypted. Thus, the attacker can’t directly obtain information in the communication channels. 3.The defender has complete information of the network which is attacked by a single attacker with different strategies. 4.The attacker is not aware of the topology of the network. Namely, it doesn’t know that there are honeynodes in the network and which nodes are important, i.e., the attacker only has incomplete information of the network. 2010/11/18 28 NTU OPLab
29
Scenario(cont’) Assumptions: 5.There are two kinds of defense resources, the non-deception based resources and the deception based resources. 6.There are multiple jammers in the network, and their jamming ranges might be overlapped. 7.When multiple jammers attack the same channel, the received signal strength at a jammed mesh router is dominated by the larger one. 8. 在 jammer 的電波之間沒有任何的疊加、抵消等作用, jamming range 重 疊後邊緣不會有任何改變。 2010/11/18 29 NTU OPLab
30
Scenario – Network Architecture 2010/11/18 30 NTU OPLab Base Station Mesh router
31
I must protect Core Nodes Scenario – Defender’s Planning Phase 2010/11/18 31 NTU OPLab BS Node with high population Base Station Mesh router
32
Scenario – Defender’s Planning Phase(cont’) 2010/11/18 32 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes A B C D E F G Why didn’t the defender protect all the nodes with high population? 1.Budget limited. 2.The effectiveness of doing so may not be the best. 3.There are other ways to deploy resources.
33
Scenario – Defender’s Planning Phase(cont’) 2010/11/18 33 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes Effect of the defense resource may be: 1.Reduce the probability of being compromised
34
Scenario – Defender’s Planning Phase(cont’) 2010/11/18 34 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes Effect of the defense resource may be: 2.Prevent the attacker from getting close to the important nodes.
35
Scenario – Defender’s Planning Phase(cont’) 2010/11/18 35 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes Effect of the defense resource may be: 3.Attract attacks to prevent it from getting close to the important nodes.
36
Scenario – Defender’s Planning Phase(cont’) 2010/11/18 36 NTU OPLab Base Station Mesh router Honeynode Attacker Nodes with more defense resource I must protect Core Nodes A B C D E F G Effect of the defense resource may be: 4.Avoid attacks to prevent it from getting close to the important nodes.
37
Scenario – Attacker’s Preparing Phase 2010/11/18 37 NTU OPLab Signal Strength 20 902090 Initially, the attacker has following info: 1.Number of channels. 2.Signal power of each channel. 3.Traffic amount of each channel. 4.Defense strength of each mesh node. 20 90 A B C D E F G
38
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 38 NTU OPLab Signal Strength 20 902090 The honeynode: Which channel is being attacked does not matter. 20 90 A B C D E F G
39
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 39 NTU OPLab Signal Strength 90 20 The attacker’s objective: Maximize attack effectiveness. Compromise core nodes. The initial node might be.. The node with the strongest signal power 90 A B C 20 D E F G
40
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 40 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G H I J K L
41
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 41 NTU OPLab Signal Strength After compromise a mesh router, the attacker has following info: 1.Number of channels. 2.Signal power of each channel. 3.Traffic amount of each channel. 4.Defense strength of each mesh node. And… 90 209020 9020 90 20 G L B I D E A H K F J Being compromised, and obtained: 1.routing table info 2.Location info of the mesh router. 3.Traffic info 4.Number of users
42
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 42 NTU OPLab Signal Strength After compromise a mesh router, the attacker has following info: 1.Number of channels. 2.Signal power of each channel. 3.Traffic amount of each channel. 4.Defense strength of each mesh node. 5.Number of traffic sources 90 21 20 35 90 31 20 35 20 28 90 28 20 6 Number of users 90 95 90 21 90 88 20 G L B I D E A H K F J
43
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 43 NTU OPLab Signal Strength The attacker selects next hop with obtained info from compromised mesh routers if available. The node with the highest number of traffic sources 20 6 G 90 21 L 90 95 B I 20 D 28 E 90 21 A 90 28 H 90 31 K 20 35 F 20 35 J 90 88
44
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 44 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource The action of compromising a honeynode will has following results: 1.Succeed 2.Failed Simply failed, or Had been deceived. A B C D E F G HI J K L M N
45
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 45 NTU OPLab Signal Strength The attacker selects next hop with obtained info from compromised mesh routers if available. 90 30 B 90 21 A 20 6 G 90 112 C 20 28 E 20 90 D 27 K 90 24 L 90 25 M 90 18 N
46
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 46 NTU OPLab Signal Strength 90 30 B 90 21 A 20 6 G 28 E 90 27 K 90 24 L 90 25 M 90 18 N However, the attacker was deceived by honeynode B. Thus, it obtained following fake info: 1.Population of the honeynode. 2.Traffic of the neighbors of the honeynode. The defender will lead the attacker to: 1.Unimportant area 2.Nodes with greater defense strength. 90 112 C 20 90 D
47
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 47 NTU OPLab Signal Strength 90 30 B 90 21 A 20 6 G 28 E 90 27 K 90 24 L 90 25 M 90 18 N Relatively low traffic sources on important nodes. High traffic sources on unimportant nodes. 90 112 C 20 90 D Select node C as next hop
48
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 48 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G HI J K L M N Failed to compromise
49
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 49 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource Compromised 2 nd choice node D A B C D E F G HI J K L M N O PQ R
50
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 50 NTU OPLab Signal Strength 90 30 B 90 21 A 20 6 G 28 E 20 29 O 20 22 R 90 98 Q 90 32 C 20 8 D 90 35 P Select node N as next hop. But what will the attacker do if he compromised a honeynode? When the attacker compromised a honeynode, he may obtain: 1.Only fake info 2.Mixture of fake and true info. What should I do ? Just ignore it? Or attack the node they try to protect? Attackers with high capacity have greater probability to distinguish between true and fake.
51
Scenario – Attacker’s Preparing Phase(cont’) 2010/11/18 51 NTU OPLab Base Station Mesh router Honeynode Compromised mesh router Attacker Nodes with more defense resource A B C D E F G HI J K L M N O PQ R S TU V W X
52
Scenario – Attacker’s Attacking Phase 2010/11/18 52 NTU OPLab A B C D E F G HI J K L M N O PQ R S TU V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource Jammed honeynode B Jammed node V with high population Jammed node P(not fake channel) Jammed normal node F Jammed honeynode U
53
Scenario – Attacker’s Attacking Phase(cont’) 2010/11/18 53 NTU OPLab A B C D E F G HI J K L M N O PQ R S TU V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource Range overlapped, the fake channel jammed. Although they seems overlapped, but the jammers attacked two different channel
54
Scenario – Defender’s Defending Phase 2010/11/18 54 NTU OPLab A B C D E F G HI J K L M N O PQ R S TU V W X Base Station Mesh router Honeynode Compromised mesh router Jammed mesh router Jammer Attacker Nodes with more defense resource To minimize the total effectiveness of jamming, the defender will tend to remove these nodes first: 1.High population 2.Not fake channel Their sequence will be… 1)Jammed node V with high population 2)Jammed normal node F 3)Jammed node P(not fake channel) 5)Jammed honeynode U 4)Jammed honeynode B
55
The End Thanks for your attention. 2010/11/18 55 NTU OPLab
56
References [1]D. J. Thuente and M. Acharya, "Intelligent Jamming in Wireless Networks with Applications to 802.11b and Other Networks " in Proc. of IEEE MILCOM, 2006. [2]S. Misra, et al., "Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks," Computers & Electrical Engineering, vol. 36, pp. 367-382, 2010. [3]I. F. Akyildiz, et al., "Wireless mesh networks: a survey," Computer Networks, vol. 47, pp. 445-487, 2005. [4]W. Xu, et al., "Jamming sensor networks: attack and defense strategies," Network, IEEE, vol. 20, pp. 41-47, 2006. [5]K. Pelechrinis, et al., "Lightweight Jammer Localization in Wireless Networks: System Design and Implementation," in Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE, 2009, pp. 1-6. [6]H. Liu, et al., "Localizing jammers in wireless networks," in Pervasive Computing and Communications, 2009. PerCom 2009. IEEE International Conference on, 2009, pp. 1-6. [7]Z. Liu, et al., "Wireless Jamming Localization by Exploiting Nodes’ Hearing Ranges," in Distributed Computing in Sensor Systems. vol. 6131, R. Rajaraman, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 348-361. 2010/11/18 56 NTU OPLab
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.