Alibi Framework for Identifying Insider Jamming Attacks in Half-Duplex Wireless Local Area Networks
Recent advances in wireless communications and digital electronics have enabled rapid development of a variety of wireless network technologies, such as wireless LANs, home networks, multi-hop ad hoc networks, and sensor networks. Wireless networks, unfortunately, are vulnerable to radio jamming attacks (in short, ``jamming attacks'') due to the open and shared nature of wireless medium. In a jamming attack, an attacker injects a high level of noise into the wireless system which significantly reduces the signal-to-noise ratio (SINR) and reducing the probability of successful message receptions. Even though the spread spectrum technologies have raised the bar for the jamming defenses, they cannot deal with insider jammers who launch the stealthy and intelligent jamming attacks from compromised nodes. To cope with such dangerous insider jammers, the first and most important step is to identify them. In this dissertation, we consider the problem of identifying the insider jammers. Our approach to this problem is unique: we exploit the half-duplex nature of the attackers. Specifically, a half-duplex jammer has the following characteristics: - It cannot send on two different channels simultaneously due to a non-negligible channel switching time. - It cannot receive on two different channels simultaneously due to a non-negligible channel switching time. - It cannot send and receive on a channel simultaneously due to a non-negligible transmit-to-receive switching time. Therefore, when a compromised node jams, it cannot either send or receive any other packets. More importantly, if an honest node is observed doing a send or receive action at the same time of the jammed packet, it can arguably prove that it cannot be the cause of the jammed packet. In other words, the honest node obtains an "alibi". Alibi is "a form of defense whereby a defendant attempts to prove that he or she was elsewhere when the crime in question was committed". In the context of jamming attacks, an alibi for a node is a proof showing that an honest node could not commit a jamming action at a specific time because it was witnessed doing a legitimate action at the same time. We focus on exploring the alibi framework in dealing with insider jammers. We study various properties of the framework including detection accuracy, detection time, network availability and necessary conditions for the alibi framework to work. We also investigate different designs of the alibi framework such as sending-based alibis and receiving-based alibis and study their strengths and weaknesses. We evaluate the alibi framework by the analysis, simulations and MICAz experiments. To the best of our knowledge, the alibi framework is the first framework exploiting the half-duplex nature of the nodes to identify insider attackers.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
- The following copyright notice applies to all of the above items that appear in IEEE publications: "Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE."
- The following copyright notice applies to all of the above items that appear in ACM publications: "© ACM, effective the year of publication shown in the bibliographic information. This file is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the journal or proceedings indicated in the bibliographic data for each item."
- The following copyright notice applies to all of the above items that appear in IFAC publications: "Document is being reproduced under permission of the Copyright Holder. Use or reproduction of the Document is for informational or personal use only."