Mobile Jamming Attack and its Countermeasure in Wireless Sensor Networks Hung-Min Sun, Shih-Pu Hsu, and Chien-Ming Chen Department of Computer Science National Tsing Hua University Hsinchu, Taiwan 30013 E-mail:
[email protected] Abstract Denial-of-Service (DoS) attacks are serious threats due to the resources constrained property in wireless sensor networks. Jamming attacks are the representative energy-consumption DoS attacks that can be launched easily. Hence, many countermeasures have been proposed to mitigate the damage causing by jamming attacks. In this paper, we first present a novel and powerful jamming attack called mobile jamming attack. Besides, we propose a multi-dataflow topologies scheme that can effectively defend the mobile jamming attack. The simulation results demonstrate that the mobile jamming attack is more devastating than traditional jamming attacks and the proposed defense scheme can effectively alleviate the damage.
1. Introduction Wireless Sensor Networks (WSN) receive increasing attention due to their wide application in military as well as in living life [1]. The most essential applications are monitor systems, such as military monitor system or security service system [1]. These applications can allow some normal messages lost in a short period. It cannot tolerate the lost of numerous packets or critical event messages. Since the WSN are constructed of numerous economical but resource constrained sensor nodes, this enables several kinds of attacks in WSN [2-6]. Many researchers had proposed several kinds of attacks to cause concerns in security issue [2-4][6-8]. The Denial-of-Service (DoS) attacks [6], especially the energy-consumption DoS attacks, have most devastating influence among these attacks. The reason is that the sensor node has limited power resource and it will fail to operate when energy exhausted. Besides, to carry out an energy-consumption DoS attack is quite simple [9][10]. For instance, a malicious attacker can easily
make a radio frequency noise to force the sensor nodes continuously resend messages. The Jamming attacks are the representative energyconsumption DoS attacks in WSN [6][12]. The attacker deploys the jammers randomly to jam the area. The jammers can disturb the communication between sensor nodes or launch the radios frequency to interfere open wireless environment. Although the jammers are randomly deployed, the damage on the monitor systems is still markedly. The lost of some crucial messages may destroy the entire system. Up to now, several schemes have been proposed to defense against the jamming attacks [9-13]. Therefore, the impact brought by the jamming attack becomes less severe after applying the above countermeasures. In this paper, we present a novel and powerful jamming attack called mobile jamming attack. We call a jammer with mobility as a mobile jammer. The mobile jammer can sneak in the critical path by eavesdropping the amount of traffic load and the direction of the dataflow. This attack can directly jam the critical path of the WSN. Hence, both the sensor nodes in the jammed area and the downlink sensor nodes of the jammed area cannot report messages to the base station. Besides, we demonstrate that the existing countermeasures of the jamming attacks are incapable of defending our mobile jamming attack. Furthermore, we propose a multidataflow topologies scheme that can effectively mitigate the damage caused by the mobile jammer. An advantage of our scheme is that the base station can receives messages from the affected area continuously under the mobile jamming attack.
2. Reviewing the Jamming Attacks 2.1. Jamming Attacks The jamming attack is a kind of energyconsumption DoS attacks. It can be launched in link layer or in physical layer. The link layer jamming attacks focus on disturbing the communication between
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 0-7695-2847-3/07 $20.00 © 2007 Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 22:35 from IEEE Xplore. Restrictions apply.
sensor nodes around the jammer [9][12][13]. These kinds of jamming attacks utilize the weakness of some link layer protocols. Up to now, many researches [12][13] have point out that the jamming attack can be launched on several well-known link layer energy efficient protocols [14-16]. The physical layer jamming attacks [6][10] make the radios frequency to interfere open wireless environment. Because the sensor nodes have only single channel, the jammer will dispossess the right of usage of the channel. As a result, sensor nodes cannot transmit the sensing report to the base station. Therefore, both the link layer jamming attack and the physical jamming attack can be launched easily and it is difficult to defend.
2.2. The Countermeasures of Defending the Jamming Attacks Many researchers had proposed the countermeasures of jamming attacks [10-13]. These countermeasures can be roughly classified into two types, the active mode and the passive mode. The active mode can detect the attack occurred and than locate the jammed area [6][10][11]. When jamming attack occurs, the detection module equipped with sensor node will first detect the attack. Then the sensor nodes under the jammed area turn into sleep mode and wake up periodically. The sensor nodes outside the jammed area can calculate the jammed area and re-route transmission paths that keep away from the jammed area. However, these kind of countermeasures increase the transmission and computation overhead of sensor nodes. These additional loads will exhaust the life of the sensor nodes. The passive mode can save energy by modifying the MAC layer protocol or reducing the packet transmission frequency [12][13]. Improving the MAC layer protocol can decrease the chances for jammer to launch the jamming attack, and reducing the packet transmission frequency can cause less damage when the jamming attack comes up. To mount an effective jamming attack, the attacker must either power up the jammers or deploy more jammers into the WSN. In either, the cost for the jammer is increased and the jammers are easily to be located. Hence, impact brought by the jamming attack becomes less severe after applying the above countermeasures.
3. The Mobile Jamming Attack Jamming attacks mentioned in section 2 are the representative energy consumption DoS attacks. Expect the energy-consumption DoS attacks, network layer DoS attacks target the sensor network’s routing. These attackers may spoof the routing messages or inject numerous useless packets to block the communication channel. [3][17][18] described a series of attacks and solutions on this type of attacks. Because the countermeasures to against the network layer DoS attacks are quite distinct from the countermeasures to against the jamming attacks, the attacker may possible attacks the WSN environment by combining the properties of these two types of attacks. Hence, we present a powerful attack in WSN called the mobile jamming attack. The mobile jamming attack not only threatens the link layer or the physical layer, but also breaks the routing on WSN. Unlike the jamming attacks, a mobile jammer has the mobility. That is, the mobile jammer can sneak in the critical path according to the information by eavesdropping the mount of traffic load and the direction of the dataflow. Besides, the mobile jammer can decide when to jam an area based on the value called jamming threshold. Next, we describe the procedures of the mobile jamming attack. Figure 1 shows the dataflow and the critical path in WSN’s topology. Sensor nodes sense and report the data to the base station following the dataflow. Besides, there exist the critical paths that have more traffic load than other paths. In Figure 2, a mobile jammer is deployed into the WSN. It eavesdrops around itself and learns the delivery direction and the traffic load. If the traffic load does not reach the jamming threshold, this mobile jammer than moves to the upper link following the dataflow and eavesdrops again. Note that this mobile jammer will not be detected by WSN during this monitor phase. If the traffic load reaches the jamming threshold, the mobile jammer begins to jam the network. This mobile jammer normally arrives the critical path at this time. Because the critical path plays an important role on the WSN, the influence of jamming this area is markedly. Figure 3 shows the damage caused by the mobile jammer. The sensor nodes under the jammed area are called the jammed sensor nodes, and the downlink sensor nodes of the jammed sensor nodes are called the affected sensor nodes. Both the jammed sensor nodes and the affected sensor nodes cannot transmit the data to the base station. Besides, the mobile jamming attack also causes the energy
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 0-7695-2847-3/07 $20.00 © 2007 Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 22:35 from IEEE Xplore. Restrictions apply.
Figure 1. Dataflow in wireless sensor network.
Figure 2. The mobile jammer finds the critical path.
Figure 3. WSN under the mobile jamming attack
Figure 4. Using the active mode to re-route the path
Figure 5. Mobile jammer Figure 6. Using the passive crosses among critical paths mode to defend against the constantly mobile jammer consumption to the jammed sensor nodes and the afHence, no sensing reports can successfully deliver to fected sensor nodes. That is, the mobile jamming atthe base station. tack can break the routing on WSN and exhaust the In addition, Figure 6 shows that the WSN attempt to power resource of the sensor nodes simultaneously. defend the mobile jamming attack using the passive The WSN should begin the defense countermeamode countermeasures. These countermeasures atsures to defend the jamming attack when under the tempt to save energy and survive until the jamming attack. In section 2, we had classified the existing determinated. Unlike the traditional jammer, the mobile fense countermeasures into two types, the active mode jammer can affect great part of the WSN. However, the and the passive mode. Here we evaluate these counmonitor WSN environment cannot tolerate the lost of termeasures in sequence. Figure 4 indicates the WSN numerous packets. If the affected sensor nodes turn to attempt to defend the mobile jamming attacks using the sleep mode, the physical intruders may have chance to active mode countermeasures. The active mode counattack the monitoring environment without being distermeasures can map the jammed area and re-route the covered. Therefore, the passive mode countermeasure path just beside the affected area. However, the mobile is incapable to against the mobile jamming attack. jammer also has a strategy mount the attack. If the moAs we have shown, the mobile jamming attack is bile jammer detects that the traffic loads decrease rapmore powerful than the jamming attack. The traditional idly, it stops jamming and begins eavesdropping again. defense countermeasures cannot effectively defend the The mobile jammer can discover another critical path mobile jamming attack, especially in security monitorin a short time. As shown in Figure 5, while the mobile ing WSN environment. Hence, we require a new counjammer crosses among critical paths constantly, the termeasure to defend against the mobile jamming atsensor nodes will busy re-routing the path repeatedly. tack.
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 0-7695-2847-3/07 $20.00 © 2007 Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 22:35 from IEEE Xplore. Restrictions apply.
Figure 7. The base station obtain the sensing reports through the topology B and C
4. Proposed Scheme In this section, we propose a multi-dataflow topologies defense scheme that can successfully withstand the mobile jamming attack. We focus on the WSN application environment such as military monitor system or security service system. Some common characteristics exist in these environments. First, sensor nodes sense around and send the sensing results back to the base station. The sensing reports contain the normal sensing data or the alarm event messages. Second, the application can allow some normal messages lost in a short period. Nevertheless, it cannot tolerate the lost of numerous packets or critical event messages. Third, once the mobile jamming attack occurs, the base station will lose a great part of messages from the affected area (see section 3). The proposed multi-dataflow topologies scheme (multi-topologies scheme for short) that can effectively defend the mobile jamming attack has the following properties. First, the proposed scheme is lightweight and simple. Sensor nodes do not take much effort to defend the mobile jamming attack. In other words, each sensor node tries its best to save energy when it is suffering attack. Second, the base station can receives the report messages from the affected area continuously under the mobile jamming attack. Third, when the mobile jamming attack occurs, the affected sensor nodes do not need to re-route. Now we describe our multi-topologies in detail. During the deployment phase, each sensor node carries some secrets and routing information. After deploying, sensor nodes build multi-topologies. Dividing the sensor nodes into different dataflow topologies can be done before the deployment phase or let each sensor node randomly choose the topology number after deploying. Each node only belongs to one dataflow topology and can communicate with the node that belongs to the same topology. After building multi-
topologies, sensor nodes begin to sense data and send the reports back to the base station. Assume that a mobile jammer has sneaked in the critical path and begin to jam the network. We first consider the case that this mobile jammer only breaks a critical path of one topology. The jammed sensor nodes and the affected sensor nodes will turn to energy saving mode and reduce the transmission frequency. Besides, the jammed sensor nodes will detects the environment periodically to check if the mobile jammer stops jamming. Now the base station will lose the report data sensed from the jammed sensor nodes and the affected sensor nodes. However, the base station can recover the lost part though other dataflow topologies, because the sensing area is overlapped. We take Figure 7 as an example of three-dataflow topologies. The mobile jammer has sneaked in the critical path of topology A and began jamming. The base station cannot obtain the sensing reports of the affected area through the topology A. Because the sensing area of topology A, B, and C are overlapped and the mobile jammer only breaks the critical path of topology A, the base station still can obtain the sensing reports of the affected area through the topology B and C. The result shows that our scheme can successfully mitigate the damage caused by mobile jammer. Unfortunately, we find that the routing algorithms on WSN are often greedy and optimal. Different routing topologies’ critical path may be very close to each other as shown in Figure 8. Figure 9 shows that the mobile jammer can break two or more topologies’ critical path at the same time. Hence, we extend our scheme to solve this problem. In the extended scheme, we additionally utilize another routing algorithm to divide the original sensor nodes into multi-topologies. The original routing algorithm divides all sensor nodes into multi-topologies follows the greedy or optimal policy, we call these topologies the primary topologies. Similarly, the additional algorithm does not follow the greedy or optimal policy, we call these topologies the secondary topologies. In other words, entire WSN exist two types of topologies simultaneously. All sensor nodes utilize the primary topologies initially. Once the mobile jammer successfully breaks two or more topologies’ critical path at the same time, the base station floods the re-report command through the secondary topologies. Because the secondary topologies do not follow the greedy or optimal policy, the mobile jammer cannot jam both primary topologies and secondary topologies simultaneously. As shown in Figure 10, the base station can obtain the sensing reports from the affected area through the secondary topologies.
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 0-7695-2847-3/07 $20.00 © 2007 Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 22:35 from IEEE Xplore. Restrictions apply.
Figure 8. Critical path in dataflow A and B are close to each other
Figure 9. Mobile jammer break Figure 10. Use the secondary two topologies’ critical path at topologies to recover the affected the same time area In simulation 3, we evaluate the overhead of our scheme. Obviously, using equal number of sensor 5. Simulation and Analysis nodes to construct more than one topology will increase the total communication distance. Figure 13 In this section, we demonstrate our result by evalushows this simulation result. Using 2 topologies has ating three simulations. Before demonstrating, we first only 1.4 times and using 3 topologies has only 1.7 explain our simulation environment. Our simulation times communication distance in average. To defend randomly deployed 1000 nodes and one jammer into a the mobile jamming attack, we consider that this simu1000 by 1000 meter field. The transmission range of lation result is acceptable. Furthermore, the overhead each sensor node is 150 meter and the sensing covered can be reduced by improving the routing mechanism or range of each sensor node is 100 meter. The range of deploying additional sensor nodes. the jammer is 150 meter. Moreover, the jamming Based on the above simulation results, we can conthreshold is set that if there are 50 sensor nodes in the clude the following facts. First, the mobile jamming jamming range or the relay hop is more than 20. To attack is more powerful than the traditional jamming avoid being detected by the base station, the jammer attack. Second, our proposed multi-topologies scheme should far from the base station at least 300 meter. We can recover the affected area when suffering the moexperiment 10 times for each simulation. bile jamming attack. We can speculate that using more In simulation 1, we confirm the damage caused by topologies can have better recovery ability. However, the traditional jammer and the mobile jammer. As using more topologies will cause more overhead and shown in Figure 11, the average of covered area under lower connectivity in WSN. Third, the overhead of our the mobile jamming attack is less then under the jamscheme is reasonable and acceptable. ming attack. In other words, the mobile jammer can jam a great part of WSN in very high frequency and 6. Conclusion and Future Work the traditional jammer has less possibility to jam large part of WSN. In this paper, we presented a mobile jamming atIn simulation 2, we demonstrate our proposed tack. The attack not only causes the energy consumpscheme can successfully mitigate the damage caused tion but also breaks the routing on WSN. We also by the mobile jammer. As shown in Figure 12, using 3showed that existing defense mechanism is incapable topologies can cover 96% area of WSN in average to withstand this attack. Hence, we propose a multiwhen the mobile jamming attack occurs. In other dataflow topologies scheme to reduce the affected area words, the mobile jammer cannot affect more than 5% caused by the mobile jamming attack. The simulation of the total area. Similarly, using 2-topologies can result indicated that the mobile jamming attack is actucover 92% area of WSN in average. Compared with ally more powerful than the jamming attack. The simuthe result of using one topology (81% area of WSN in lation results also indicated that the proposed scheme average), our proposed scheme can effectively decan cover 96% area of WSN in average using 3crease the affected area. topologies
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 0-7695-2847-3/07 $20.00 © 2007 Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 22:35 from IEEE Xplore. Restrictions apply.
Figure 11. Simulation 1: the Figure 12. Simulation 2: the Figure 13. Simulation: the damage caused by the tradi- covered area by using 1, 2, or overhead caused by using tional jammer and the mo- 3 topologies multi-topologies bile jammer Proc. 2nd international conference on Embedded networked when suffering attack. Besides, the overhead of our sensor systems, 2004, pp. 162–175. scheme is reasonable and acceptable. In the future, we [9] Y. W. Law, L. V. Hoesel, J. Doumen, P. Hartel, and P. will study other routing mechanisms of WSN. We beHavinga, “Energy efficient linkLayer jamming attacks lieve the additional communication distance can be against wireless sensor network MAC protocols”, Proc. 3rd decreased by improving the routing mechanism. Acknowledgements The authors wish to acknowledge the anonymous reviewers for valuable comments. This research was supported in part by the MOEA research project under grant no. 95-EC-17-A-04-S1-044.
7. References [1] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A survey on sensor networks”, Communications Magazine IEEE, Vol. 40, issue. 8, Aug. 2002, pp. 102–114. [2] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar, “SPINS: Security protocols for sensor networks”, Proc. 7th Annual ACM International Conference on Mobile Computing and Networks, July 2001. [3] C. Karlof and D. Wagner, “Secure routing in wireless sensor networks: Attacks and countermeasures”, Ad Hoc Networks, 1(2-3), Sept. 2003. [4] J. Newsome, E. Shi, D. Song, and A. Perrig, “The sybil attack in sensor networks: analysis & defenses”, Proc. 3rd international symposium on Information processing in sensor networks, 2004, pp. 259–268. [5] Y. C. Hu, A. Perrig, and D. B. Johnson, “Rushing attacks and defense in wireless ad hoc network routing protocols”, Proc. 2003 ACM workshop on Wireless security, 2003, pp. 30–40. [6] A. Wood and J. Stankovic, “Denial of service in sensor networks”, IEEE Computer, Oct. 2002, pp. 54–62. [7] J. Deng, R. Han, and S. Mishra, “INSENS: Intrusiontolerant routing for wireless sensor networks”, Computer Communications, Vol. 29, issue. 2, July 2005, pp. 216–230. [8] C. Karlof, N. Sastry, and D. Wagner, “TinySec: a link layer security architecture for wireless sensor networks”,
ACM workshop on Security of ad hoc and sensor networks, 2005, pp. 76–88. [10] W. Xu, W. Trappe, and Y. Zhang, “The feasibility of launching and detecting jamming attacks in wireless networks”, Proc. 6th ACM International Symposium on Mobile Ad-hoc Networking and Computing, 2005. [11] A. D. Wood, J. A. Stankovic, and S. H. Son, “Jam: A jammed-area mapping service for sensor networks”, Proc. 24th IEEE Symposium on Real-time Systems, Dec. 2003. [12] Y. W. Law, P. Hartel, J. D. Hartog, and P. Havinga, “Link-layer jamming attacks on S-MAC”, Technical Paper, Univ. of Twente, NL, 2005. [13] M. Brownfield, Y. Gupta, and N. Davis, “Wireless sensor network denial of sleep attack”, Proc. IEEE Workshop on Systems Man and Cybernetics, June 2005, pp. 356–364. [14] W. Ye, J. Heidemann, and D. Estrin, “An energyefficient MAC protocol for wireless sensor networks”, Proc. 21st IEEE Conference on Computer and Communications Soc, June 2002, pp. 1567–1576. [15] J. Polstre, J. Hill, and D. Culler, “Versatile low power media access for wireless sensor networks”, Proc. ACM SENSYS, November 2004. [16] T. V. Dam and K. Langendoen, "An adaptive energyefficient MAC protocol for wireless sensor networks", Proc. 1st international conference on Embedded networked Sensor Systems, 2003, pp. 171–180. [17] J. M. McCune, E. Shi, A. Perrig, and M. K. Reiter, “Detection of denial-of-message attacks on sensor network broadcast”, Proc. IEEE Symposium on Security and Privacy, May 2005, pp. 64–78. [18] J. Deng, R. Han, and S. Mishra, “Defending against path-based DoS attacks in wireless sensor network”, Proc. 3rd ACM workshop on Security of ad hoc and sensor networks, 2005, pp. 89–96.
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 0-7695-2847-3/07 $20.00 © 2007 Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 22:35 from IEEE Xplore. Restrictions apply.