A software framework for alleviating the effects of MAC-aware jamming attacks in wireless access networks

The IEEE 802.11 protocol inherently provides the same long-term throughput to all the clients associated with a given access point (AP). In this paper, we first identify a clever, low-power jamming attack that can take advantage of this behavioral trait: the placement of a lowpower jammer in a way that it affects a single legitimate client can cause starvation to all the other clients. In other words, the total throughput provided by the corresponding AP is drastically degraded. To fight against this attack, we design FIJI, a cross-layer anti-jamming system that detects such intelligent jammers and mitigates their impact on network performance. FIJI looks for anomalies in the AP load distribution to efficiently perform jammer detection. It then makes decisions with regards to optimally shaping the traffic such that: (a) the clients that are not explicitly jammed are shielded from experiencing starvation and, (b) the jammed clients receive the maximum possible throughput under the given conditions. We implement FIJI in real hardware; we evaluate its efficacy through experiments on two wireless testbeds, under different traffic scenarios, network densities and jammer locations. We perform experiments both indoors and outdoors, and we consider both WLAN and mesh deployments. Our measurements suggest that FIJI detects such jammers in realtime and alleviates their impact by allocating the available bandwidth in a fair and efficient way. © Springer Science+Business Media

A novel cheater and jammer detection scheme for IEEE 802.11-based wireless LANs

The proliferation of IEEE 802.11 networks has made them an easy and attractive target for malicious devices/adversaries which intend to misuse the available network. In this paper, we introduce a novel malicious entity detection method for IEEE 802.11 networks. We propose a new metric, the Beacon Access Time (BAT), which is employed in the detection process and inherits its characteristics from the fact that beacon frames are always given preference in IEEE 802.11 networks. An analytical model to define the aforementioned metric is presented and evaluated with experiments and simulations. Furthermore, we evaluate the adversary detection capabilities of our scheme by means of simulations and experiments over a real testbed. The simulation and experimental results indicate consistency and both are found to follow the trends indicated in the analytical model. Measurement results indicate that our scheme is able to correctly detect a malicious entity at a distance of, at least, 120 m. Analytical, simulation and experimental results signify the validity of our scheme and highlight the fact that our scheme is both efficient and successful in detecting an adversary (either a jammer or a cheating device). As a proof of concept, we developed an application that when deployed at the IEEE 802.11 Access Point, is able to effectively detect an adversary. (C) 2015 Elsevier B.V. All rights reserved.Postprint (author's final draft

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Wireless security for secure facilities

This thesis presents methods for securing a facility that has wireless connectivity. The goal of this research is to develop a solution to securing a facility that utilizes wireless communications. The research will introduce methods to track and locate the position of attackers. This research also introduces the idea of using a Honeynet system for added security. This research uses what is called Defense-In-Depth. Defense-in-depth is when multiple layers of security are used. The first of the layers is the Zone of Interference. This Zone is an area where jammer transmitters and directive antennas are set up to take advantage of the near-far-effect. The idea is to use the near-far-effect to give a stronger signal on the perimeter of the secure area, to mask any signals escaping from the secure area. This Zone uses directive Yagi antenna arrays to direct the radiation. There are multiple jamming methods that are utilized within this Zone. The next layer of security is the Honeynet Zone. The idea is to make an attacker believe that they are seeing real network traffic. This is done at the Honeynet Zone once a device has been determined to be unfriendly. Decoy mobile devices are first placed within the Honeynet Zone. Spoofed traffic is then created between the Honeynet base stations and the decoy mobile devices zone; using adaptive antennas incorporated within the design to face the signals away from the inside secure area. The third defense is position location and tracking. The idea is to have constant tracking of all devices in the area. There are several methods available to locate and track a device that is giving off an RF signal. This thesis looks at combining all these methods into an integrated, and more robust, facility security system

Experimenting with commodity 802.11 hardware: overview and future directions

The huge adoption of 802.11 technologies has triggered a vast amount of experimentally-driven research works. These works range from performance analysis to protocol enhancements, including the proposal of novel applications and services. Due to the affordability of the technology, this experimental research is typically based on commercial off-the-shelf (COTS) devices, and, given the rate at which 802.11 releases new standards (which are adopted into new, affordable devices), the field is likely to continue to produce results. In this paper, we review and categorise the most prevalent works carried out with 802.11 COTS devices over the past 15 years, to present a timely snapshot of the areas that have attracted the most attention so far, through a taxonomy that distinguishes between performance studies, enhancements, services, and methodology. In this way, we provide a quick overview of the results achieved by the research community that enables prospective authors to identify potential areas of new research, some of which are discussed after the presentation of the survey.This work has been partly supported by the European Community through the CROWD project (FP7-ICT-318115) and by the Madrid Regional Government through the TIGRE5-CM program (S2013/ICE-2919).Publicad

ESWORD: Implementation of Wireless Jamming Attacks in a Real-World Emulated Network

Wireless jamming attacks have plagued wireless communication systems and will continue to do so going forward with technological advances. These attacks fall under the category of Electronic Warfare (EW), a continuously growing area in both attack and defense of the electromagnetic spectrum, with one subcategory being electronic attacks. Jamming attacks fall under this specific subcategory of EW as they comprise adversarial signals that attempt to disrupt, deny, degrade, destroy, or deceive legitimate signals in the electromagnetic spectrum. While jamming is not going away, recent research advances have started to get the upper hand against these attacks by leveraging new methods and techniques, such as machine learning. However, testing such jamming solutions on a wide and realistic scale is a daunting task due to strict regulations on spectrum emissions. In this paper, we introduce eSWORD, the first large-scale framework that allows users to safely conduct real-time and controlled jamming experiments with hardware-in-the-loop. This is done by integrating eSWORD into the Colosseum wireless network emulator that enables large-scale experiments with up to 50 software-defined radio nodes. We compare the performance of eSWORD with that of real-world jamming systems by using an over-the-air wireless testbed (ensuring safe measures were taken when conducting experiments). Our experimental results demonstrate that eSWORD follows similar patterns in throughput, signal-to-noise ratio, and link status to real-world jamming experiments, testifying to the high accuracy of the emulated eSWORD setup.Comment: 6 pages, 7 figures, 1 table. IEEE Wireless Communications and Networking Conference (WCNC), Glasgow, Scotland, March 202

Wireless communication, sensing, and REM: A security perspective

The diverse requirements of next-generation communication systems necessitate awareness, flexibility, and intelligence as essential building blocks of future wireless networks. The awareness can be obtained from the radio signals in the environment using wireless sensing and radio environment mapping (REM) methods. This is, however, accompanied by threats such as eavesdropping, manipulation, and disruption posed by malicious attackers. To this end, this work analyzes the wireless sensing and radio environment awareness mechanisms, highlighting their vulnerabilities and provides solutions for mitigating them. As an example, the different threats to REM and its consequences in a vehicular communication scenario are described. Furthermore, the use of REM for securing communications is discussed and future directions regarding sensing/REM security are highlighted

Intrusion Detection for Smart Grid Communication Systems

Transformation of the traditional power grid into a smart grid hosts an array of vulnerabilities associated with communication networks. Furthermore, wireless mediums used throughout the smart grid promote an environment where Denial of Service (DoS) attacks are very effective. In wireless mediums, jamming and spoofing attack techniques diminish system operations thus affecting smart grid stability and posing an immediate threat to Confidentiality, Integrity, and Availability (CIA) of the smart grid. Intrusion detection systems (IDS) serve as a primary defense in mitigating network vulnerabilities. In IDS, signatures created from historical data are compared to incoming network traffic to identify abnormalities. In this thesis, intrusion detection algorithms are proposed for attack detection in smart grid networks by means of physical, data link, network, and session layer analysis. Irregularities in these layers provide insight to whether the network is experiencing genuine or malicious activity

Jamming Detection and Classification in OFDM-based UAVs via Feature- and Spectrogram-tailored Machine Learning

In this paper, a machine learning (ML) approach is proposed to detect and classify jamming attacks against orthogonal frequency division multiplexing (OFDM) receivers with applications to unmanned aerial vehicles (UAVs). Using software-defined radio (SDR), four types of jamming attacks; namely, barrage, protocol-aware, single-tone, and successive-pulse are launched and investigated. Each type is qualitatively evaluated considering jamming range, launch complexity, and attack severity. Then, a systematic testing procedure is established by placing an SDR in the vicinity of a UAV (i.e., drone) to extract radiometric features before and after a jamming attack is launched. Numeric features that include signal-to-noise ratio (SNR), energy threshold, and key OFDM parameters are used to develop a feature-based classification model via conventional ML algorithms. Furthermore, spectrogram images collected following the same testing procedure are exploited to build a spectrogram-based classification model via state-of-the-art deep learning algorithms (i.e., convolutional neural networks). The performance of both types of algorithms is analyzed quantitatively with metrics including detection and false alarm rates. Results show that the spectrogram-based model classifies jamming with an accuracy of 99.79% and a false-alarm of 0.03%, in comparison to 92.20% and 1.35%, respectively, with the feature-based counterpart