Abstract
Wireless local area networks (WLANs) can adopt channel hopping technologies in order to avoid unintentional interferences such as radars or microwaves, which function as proactive jamming signals. Even though channel hopping technologies are effective against proactive types of jamming, it has been reported that reactive jammers could attack the targets through scanning busy channels. In this paper, we demonstrate that reactive jamming is only effective against channel hopping Wi-Fi devices in non-dense networks and that it is not effective in dense networks. Then, we propose a new jamming attack called “persistent jamming”, which is a modified reactive jamming that is effective in dense networks. The proposed persistent jamming attack can track a device that switches channels using the following two features, and it can attack the specific target or a target group of devices. The first feature is that the proposed attack can use the partial association ID (PAID), which is included for power saving in the IEEE 802.11ac/af/ah frame headers, to track and jam the targets. The second feature is that it is possible to attack persistently based on device fingerprints in IEEE 802.11a/b/g/n legacy devices. Our evaluation results demonstrate that the proposed persistent jamming can improve the attack efficiency by approximately 80% in dense networks compared with the reactive jamming scheme, and it can also shut down the communication link of the target nodes using 20 dBm of jamming power and a 125 ms response time.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
IEEE Standard 802.11h (2003)
IEEE Standard 802.11n (2009)
Cisco wireless lan controller configuration guide (2010), http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70.html
IEEE P802.11ac, Draft 7.0 (2013)
IEEE P802.11af, Draft 4.0 (2013)
IEEE P802.11ah, Draft 1.0 (2013)
Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Privacy through pseudonymity in mobile telephony systems. In: Network and Distributed System Security Symposium, NDSS (2014)
Benslimane, A., Bouhorma, M., et al.: Analysis of jamming effects on IEEE 802.11 wireless networks. In: International Conference on Communications (ICC), pp. 1–5. IEEE (2011)
Carious, L.: High-efficiency WLAN. IEEE 802.11-13/033lr5 (2013)
Chen, Y., Xu, W., Zhang, Y., Trappe, W.: Securing Emerging Wireless Systems. Springer (2008)
Fang, S.H., Hsu, Y.T., Kuo, W.H.: Dynamic fingerprinting combination for improved mobile localization. IEEE Transactions on Wireless Communications 10(12), 4018–4022 (2011)
Fang, S.H., Lin, T.N., Lee, K.C.: A novel algorithm for multipath fingerprinting in indoor WLAN environments. IEEE Transactions on Wireless Communications 7(9), 3579–3588 (2008)
Gaikwad, R.V., Moorti, R.T.: Apparatus and method for sampling frequency offset estimation and correction in a wireless communication system (2007), US Patent 7,177,374
Golmie, N., Rebala, O., Chevrollier, N.: Bluetooth adaptive frequency hopping and scheduling. In: Military Communications Conference (MILCOM), vol. 2, pp. 1138–1142. IEEE (2003)
Goth, G.: Next-generation Wi-Fi: As fast as we’ll need? IEEE Internet Computing 16(6), 7–9 (2012)
Gummadi, R., Wetherall, D., Greenstein, B., Seshan, S.: Understanding and mitigating the impact of RF interference on 802.11 networks. In: Special Interest Group on Data Communication (SIGCOMM), pp. 385–396. ACM (2007)
Harjula, I., Pinola, J., Prokkola, J.: Performance of IEEE 802.11 based WLAN devices under various jamming signals. In: Military Communications Conference (MILCOM), pp. 2129–2135. IEEE (2011)
Jensen, T.L., Larsen, T.: Robust computation of error vector magnitude for wireless standards. IEEE Transactions on Communications 61(2), 648–657 (2013)
Jeung, J., Jeong, S., Lim, J.: Adaptive rapid channel-hopping scheme mitigating smart jammer attacks in secure WLAN. In: Military Communications Conference (MILCOM), pp. 1231–1236. IEEE (2011)
Lee, I.G., Choi, E., Lee, S.K., Jeon, T.: High accuracy and low complexity timing offset estimation for MIMO-OFDM receivers. In: Wireless Communications and Networking Conference (WCNC), vol. 3, pp. 1439–1443. IEEE (2006)
Mahmoud, H.A., Arslan, H.: Error vector magnitude to SNR conversion for nondata-aided receivers. IEEE Transactions on Wireless Communications 8(5), 2694–2704 (2009)
Makhlouf, A., Hamdi, M.: Practical rate adaptation for very high throughput WLANs. IEEE Transactions on Wireless Communications 12(2), 908–916 (2013)
Navda, V., Bohra, A., Ganguly, S., Rubenstein, D.: Using channel hopping to increase 802.11 resilience to jamming attacks. In: International Conference on Computer Communications (INFOCOM), pp. 2526–2530. IEEE (2007)
Pelechrinis, K., Broustis, I., Krishnamurthy, S.V., Gkantsidis, C.: A measurement-driven anti-jamming system for 802.11 networks. IEEE/ACM Transactions on Networking 19(4), 1208–1222 (2011)
Tippenhauer, N.O., Malisa, L., Ranganathan, A., Capkun, S.: On limitations of friendly jamming for confidentiality. In: Symposium on Security and Privacy (SSP), pp. 160–173. IEEE (2013)
Wilhelm, M., Martinovic, I., Schmitt, J.B., Lenders, V.: Short paper: Reactive jamming in wireless networks: How realistic is the threat? In: Proceedings on Wireless Network Security (WiSec), pp. 47–52. ACM (2011)
Xiao, L., Greenstein, L.J., Mandayam, N.B., Trappe, W.: Using the physical layer for wireless authentication in time-variant channels. IEEE Transactions on Wireless Communications 7(7), 2571–2579 (2008)
Xu, W., Trappe, W., Zhang, Y.: Channel surfing: Defending wireless sensor networks from interference. In: Proceedings on Information Processing in Sensor Networks (IPSN), pp. 499–508. ACM (2007)
Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: Proceedings on Mobile Ad Hoc Networking and Computing (MobiHoc), pp. 46–57. ACM (2005)
Yang, F., Zhang, X., Zhang, Z.P.: Time-domain preamble-based SNR estimation for OFDM systems in doubly selective channels. In: Military Communications Conference (MILCOM), pp. 1–5. IEEE (2012)
Zhang, J., Tan, K., Zhao, J., Wu, H., Zhang, Y.: A practical SNR-guided rate adaptation. In: International Conference on Computer Communications (INFOCOM). IEEE (2008)
Zhou, M., Tian, Z., Yu, X., Tang, X., Hong, X.: A two-stage fingerprint filtering approach for Wi-Fi RSS-based location matching. Journal of Computers 8(9) (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Lee, IG., Choi, H., Kim, Y., Shin, S., Kim, M. (2014). Run Away If You Can: Persistent Jamming Attacks against Channel Hopping Wi-Fi Devices in Dense Networks. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-11379-1_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11378-4
Online ISBN: 978-3-319-11379-1
eBook Packages: Computer ScienceComputer Science (R0)