1 / 26

FIJI : F ighting I mplicit J amming I n 802.11 WLANs

FIJI : F ighting I mplicit J amming I n 802.11 WLANs. Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis Srikanth V. Krishnamurthy, Leandros Tassiulas. The problem. “Performance anomaly” in 802.11.

KeelyKia
Télécharger la présentation

FIJI : F ighting I mplicit J amming I n 802.11 WLANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FIJI: Fighting Implicit Jamming In 802.11 WLANs Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis Srikanth V. Krishnamurthy, Leandros Tassiulas

  2. The problem • “Performance anomaly” in 802.11. • Under saturation conditions, 802.11 provides the same long-termthroughput to all clients of an accesspoint (AP). Low throughput

  3. The problem (ii) • An attacker can exploit this behavioral trend. • The placement of a jammer next to a client can nullify the total throughput! -- Implicitly all clients are jammed.

  4. The impact of the attack • The throughput of all clients is drastically degraded. • A measurement example from our testbed: 7 ft

  5. Our contribution • We propose FIJI, a framework for Fighting Implicit Jamming In 802.11 WLANs. • FIJI looks for anomalies in the AP load distribution toefficiently perform jammer detection. • It shapes the traffic such that: • Clients that are not explicitly jammed, stop experiencing starvation. • Jammed clients receive themaximum possible throughput under jamming. • We implement and evaluate FIJI on our testbed. • FIJI allocates the throughput in a fair and efficient way.

  6. Prior work on addressing the anomaly • Packet aggregation. • High-rate nodes transmit many packets back-to-back, separated by SIFS. • Efficient, but requires modifications on 802.11. • MAC contention window manipulation. • High-rate nodes get more frequent medium access. • Efficient, but also requires modifications on 802.11. • Use of predefined data rate classes. • Setting the data rate equal to the transmission rate for poor links. • Inadequate, since it still saturates the traffic at the MAC layer.

  7. Prior work on anti-jamming • Frequency hopping techniques. • Legitimate nodes jump to different channels in order to avoid jammers. • Inadequate in wideband jamming scenarios. • Wideband jammers cover a large numberof bands. • Other previous anti-jamming techniques do not consider implicit jammers. • FIJI is the first system to address such attackers.

  8. Attack model • Low-power deceptive jammer. • Transmits dummy packets back-to-back. • Ignores the back-off algorithm. • Challenging to detect, since transmitted packets are seemingly legitimate. • Placed right next to legitimate clients. • Use of very low power to conserve energy. • Able to operate on a wide band. • Frequency hopping rendered inappropriate.

  9. FIJI to combat the implicit jamming attack • Thegoal of FIJI is twofold: • To detect the attack and restore the throughput on clientsthat are not explicitlyjammed. • We call these clientshealthy. • To maintain connectivity and provide the highest possible throughput to clients thatare explicitly jammed. • We call these clientsjammed. • FIJI consists of a jammer detection module and a traffic shaping module.

  10. Detection module • Approach: measuring the client transmission delays: • Data unit transmission delay: • Client • Packet length • Instantaneous deliverable rate • Aggregate transmission delay Da: the sum of the delays of all clients of an AP. • A sudden, very high increase in Da typically implies that one or more clients is under jamming. • This works well, as we show through experimentation.

  11. Traffic shaping module: notations • Number of clients jammed • Number of clients of AP • Jammed client i • Data unit transmission delay of client • Packet size in benign conditions • Packet size for client • Instantaneous deliverable rate for client • Aggregate transmission delay of jammed clients

  12. Traffic shaping module: DPT • With DPT, we seek to minimize the aggregate transmission delay for the jammed clients: • Constraint: • With DPT, we make sure that the healthy clients experience a similar aggregate transmission delay as in benign conditions. --->

  13. How does DPT operate? • Let us consider 1 AP, 2 healthy clients (c1, c2) and 1 jammed client (c3). • c1, c2 and c3 have data unit delays d1, d2 and d3 respectively. • Client throughput in benign conditions: • When c3 is jammed, the throughput becomes:

  14. How does DPT operate? • DPT ensures that by setting a packet size towards the jammed client equal to • The throughput with DPT for healthy clients is: • Thus: • and hence FIJI restores the throughput at the healthy clients.

  15. How does DPT operate? • The jammed client cannot receive a higher throughput if we further decrease the packet size. • With packet size the throughput at is: • The required condition becomes: • … this is always true, hence:

  16. Implementation • We use a prototype version of theIntel ipw2200AP driver/firmware. • We measure the data unit transmission delay per client at the AP, and from this the aggregate transmission delay. • Temporary variations of these delays are handled by using weighted moving average filtering. • We implement DPT in the Click Modular Router from MIT.

  17. Intel-2915 Our testbed • 28 Soekris net4826 nodes • Intel 2915a/b/g cards • Omni antennas • Kernel v2.6 over NFS • We perform experiments late at night with 802.11a and g • Avoid external interference

  18. Constant jammer implementation • We implement a user-space utility that saturates the system with broadcast UDP packets. • Deceptive jammer; back-to-back dummy packets. • We set the CCA (Clear Channel Assessment) threshold to be 0 dBm. • The card ignores all 802.11 signals during carrier sensing • We bypass the MAC back-off procedure.

  19. Evaluating the speed of detection • Very quick detection • The client delay increases sharply in less than 700 msec • By 26 times in this experiment

  20. Evaluating the accuracy of detection • Detecting jamming on good quality links • Typically in all of our experiments: If > 9, then FIJI can effectively detect the attack.

  21. Evaluating the accuracy of detection • FIJI and poor quality links • Difficult to make a decision • But unlikely to be the case • Jammer want to harm the network as much as possible. • Selecting poor quality linksdoes not harm the network much. • A clever attacker will typically prefer high-quality AP->client links

  22. Evaluating the traffic shaping module • DPT is the most fair solution

  23. AP Jammer Jammed clients Evaluating the traffic shaping module • FIJI can easily handle scenarios with multiple jammed clients. • Here, both nodes #11 and #37 are jammed.

  24. Evaluating the traffic shaping module • Data rate shaping techniques are not as fair as DPT

  25. Conclusions • FIJI is able to efficiently detect the implicit jamming attack in most cases. • FIJI performs a fair and efficient throughput allocation. • Healthy clients are shielded from experiencing starvation. • Jammed clients receive as much as they can get under jamming. • Applicable with minor wireless driver/firmware updates.

  26. Questions? • Thank you.

More Related