Run Away If You Can: - Persistent Jamming Attacks against Channel Hopping Wi-Fi Devices in Dense Networks

Wireless local area networks (WLANs) can adopt channel hopping technologies in order to avoid unintentional interferences such as radars or microwaves, which function as proactive jamming signals. Even though channel hopping technologies are effective against proactive types of jamming, it has been reported that reactive jammers could attack the targets through scanning busy channels. In this paper, we demonstrate that reactive jamming is only effective against channel hopping Wi-Fi devices in non-dense networks and that it is not effective in dense networks. Then, we propose a new jamming attack called “persistent jamming”, which is a modified reactive jamming that is effective in dense networks. The proposed persistent jamming attack can track a device that switches channels using the following two features, and it can attack the specific target or a target group of devices. The first feature is that the proposed attack can use the partial association ID (PAID), which is included for power saving in the IEEE 802.11ac/af/ah frame headers, to track and jam the targets. The second feature is that it is possible to attack persistently based on device fingerprints in IEEE 802.11a/b/g/n legacy devices. Our evaluation results demonstrate that the proposed persistent jamming can improve the attack efficiency by approximately 80% in dense networks compared with the reactive jamming scheme, and it can also shut down the communication link of the target nodes using 20 dBm of jamming power and a 125 ms response time.

[1]  Xiang Yu,et al.  A Two-Stage Fingerprint Filtering Approach for Wi-Fi RSS-Based Location Matching , 2013, J. Comput..

[2]  Wenyuan Xu,et al.  Securing Emerging Wireless Systems - Lower-layer Approaches , 2008 .

[3]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[4]  Shih-Hau Fang,et al.  A Novel Algorithm for Multipath Fingerprinting in Indoor WLAN Environments , 2008, IEEE Transactions on Wireless Communications.

[5]  Greg Goth,et al.  Mobile Security Issues Come to the Forefront , 2012, IEEE Internet Computing.

[6]  Mohammed Bouhorma,et al.  Analysis of Jamming Effects on IEEE 802.11 Wireless Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[7]  Larry J. Greenstein,et al.  Using the physical layer for wireless authentication in time-variant channels , 2008, IEEE Transactions on Wireless Communications.

[8]  Wenyuan Xu,et al.  Channel Surfing: Defending Wireless Sensor Networks from Interference , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[9]  Dan Rubenstein,et al.  Using Channel Hopping to Increase 802.11 Resilience to Jamming Attacks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[10]  Sok-Kyu Lee,et al.  High accuracy and low complexity timing offset estimation for MIMO-OFDM receivers , 2006, IEEE Wireless Communications and Networking Conference, 2006. WCNC 2006..

[11]  Arafet Ben Makhlouf,et al.  Practical Rate Adaptation for Very High Throughput WLANs , 2013, IEEE Transactions on Wireless Communications.

[12]  Jaesung Lim,et al.  Adaptive rapid channel-hopping scheme mitigating smart jammer attacks in secure WLAN , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[13]  Haitao Wu,et al.  A Practical SNR-Guided Rate Adaptation , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[14]  Srinivasan Seshan,et al.  Understanding and mitigating the impact of RF interference on 802.11 networks , 2007, SIGCOMM 2007.

[15]  Xi Zhang,et al.  Time-domain preamble-based SNR estimation for OFDM systems in doubly selective channels , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[16]  Torben Larsen,et al.  Robust Computation of Error Vector Magnitude for Wireless Standards , 2013, IEEE Transactions on Communications.

[17]  Mark Ryan,et al.  Privacy through Pseudonymity in Mobile Telephony Systems , 2014, NDSS.

[18]  Robert W. Heath IEEE P802 , 2003 .

[19]  Shih-Hau Fang,et al.  Dynamic Fingerprinting Combination for Improved Mobile Localization , 2011, IEEE Transactions on Wireless Communications.

[20]  Srdjan Capkun,et al.  On Limitations of Friendly Jamming for Confidentiality , 2013, 2013 IEEE Symposium on Security and Privacy.

[21]  N. Golmie,et al.  Bluetooth adaptive frequency hopping and scheduling , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[22]  Greg Goth Next-Generation Wi-Fi: As Fast as We'll Need? , 2012, IEEE Internet Computing.

[23]  Hüseyin Arslan,et al.  Error vector magnitude to SNR conversion for nondata-aided receivers , 2009, IEEE Transactions on Wireless Communications.

[24]  Srikanth V. Krishnamurthy,et al.  A Measurement-Driven Anti-Jamming System for 802.11 Networks , 2011, IEEE/ACM Transactions on Networking.

[25]  Ilkka Harjula,et al.  Performance of IEEE 802.11 based WLAN devices under various jamming signals , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[26]  Ivan Martinovic,et al.  Short paper: reactive jamming in wireless networks: how realistic is the threat? , 2011, WiSec '11.