Channel Surfing, Spatial Retreats, Temporal retreats: Avoiding jammer in wireless network

Muhammad Faisal Research seminar series, School of Engineering Design and Technology, University of Bradford
M.F.Ismail@bradford.ac.uk

ABSTRACT
Wireless network consists of several nodes and communicates through a shared medium making it vulnerable to attacks like Denial of Service (DoS). DoS attacks are not easy to prevent due to lack of resources at the network nodes. Attackers can easily attack the network by either bypassing MAC-layer protocol, or jamming the channel through radio signal. This paper addresses the three techniques to prevent the network from DoS attacks. The first technique, Channel Surfing, uses frequency hopping at the physical layer to escape from the channel on which the network nodes are communicating. The second technique, Spatial Retreats, involves isolating the network nodes physically out of the DoS emitted area, and the only success to this technique is to decide where the node should move and how to coordinate their movements. The third technique, jammed area mapping, works on the strategy of copying, which finds and maps the jammed area. These techniques help the nodes to communicate well in the particular network and to protect the network from the DoS attacks. This paper will put to test all these techniques in different scenarios and based on their performance filters out the best.

security issue is the main technical barrier before launching a new wireless network. The availability of the wireless devices makes the security issues more complicated. As these devices are cheaply available and are compatible with the other technologies, the attackers can easily interfere with the wireless devices by purchasing their own device. They can perform a variety of attacks like launching false data into a wireless network, denial of service and even disturb the routing of the data. There are a lot of mechanisms through which the wireless network can be prevented from the attackers. Some mechanisms are basically traditional techniques but in case of denial of service attacks traditional mechanisms doesnt works. This paper basically focuses on the techniques, talking in the wireless domain there are three techniques channel surfing, spatial retreats and temporal retreats. Each technique has its own scenario to explain how to prevent DoS and what are the measurements taken to secure the network.

Related Work
M Strasser [1] et al proposes in his work uncoordinated Frequency Hopping (UFH) scheme that breaks this dependency and develops major in the presence of a communication jammer. . He discusses some problems about the jamming resistant key establishment. This can be resolved by using some anti jamming techniques like Frequency Hopping or Direct-Sequence Spread Spectrum. It should support device communication during key organization and require that the device share a secret spreading key or code earlier to the start of communication. This requirement creates a circular dependency between anti-jamming spreadspectrum communication and key establishment, which has not been so far acknowledged. Mishra[2] et al spotlight on the equality problem

Key words Denial of Service (DoS), JAM, Mapping

Introduction:
With the evolution of technology, the world is now entered in to a wireless way of communication. In the traditional wired networks there is less security and jamming issues. As wireless network devices are made cheap and affordable for everyone, due to which the security issues are increased. The

for the uncoordinated deployments in his study Distributed Channel Management in Uncoordinated Wireless Environments. This problem is discussed from channel assignment outlook. His solution is based on the concept of channel-hopping technique temporal retreats, and meets all vital design considerations for control methods in uncoordinated deployments. i.e is disturbed in nature, nominal to zero coordination among APs belonging to various hotspots, easy to put into operation, and interoperable with existing standards. In particular, we propose a specific algorithm called MAXchop, which functions resourcefully when using only non over-lapping wireless channels, but is particularly effective in exploiting semi-overlapped channels. He also analyzes how this approach appreciates the previously planned carrier sensing technique in providing future improved services. By wide spread simulations on real hotspot topologies and evaluation for a complete implementation of this technique, illustration of the efficiency of this technique not only for equality but also for collective through put, metrics. Xu [3] et al explains escape strategy in her paper which is channel surfing. When radio device communicates they work on one channel. When the opponent comes in range and blocks the use of a certain channel it is natural to move The idea of channel surfing is motivated by a common physical layer technique known as frequency hopping to another channel. Throughout this paper it is supposed that the opponent blasts a single channel at one time and the opponent cannot play to be a valid member of the network (i.e opponent does not hold any right to use the keys used by the network device) Alnifie [4] et al in his study presents a filtration protocol named MULEPRO (multi-channel Exfiltration Protocol) a fully distributed network based protocol designed to quickly ex-filtrate data from jammed area. MULEPRO aims at sensor network applications that require a fast response to jamming denial of service (DoS) attacks. It works automatically and at a fast pace assigning nodes to different channels in the jammed area in order to beat an attacker. MULEPRO is studied under various configurations and has the results that using channel hopping strategy, MULEPRO can exfiltrate data. To increase the shortage of spectrum resources and boost the anti-jamming performance a cognitive frequency hopping mechanism is a solution of antijamming for multi jammers. Adaptive Frequency hopping is not a good option because it cannot distinguish between self-interference and interference from other wireless communication system. Dynamic radio frequency interference is expected to occur in the situations related to cognitive radio, where the networks and the devices

should reflect frequency agile operation. Sherif [5] et al explains the two defence strategies of jamming mitigation in the context of single and multi-radio wireless devices. They are proactive and reactive channel hopping. In particular proactive or periodic channel hopping has been studied more extensively than reactive hopping. In the singleradio context, he created some theoretical models to examine the blocking probability for combinations of defence and assault strategies. In multi-radio setting they devise jamming problem as max-min game and demonstrate by replication that the game result depend upon the payoff function. Reactive defence provides better jamming tolerance than proactive when considering communication availability. Although when the energy efficiency is measured both are almost equal. M.Li [6] et al adds by contemplating the energy efficiency by taking the idealized case of accurate knowledge by both the jammer and the network about the strategy of one another, and the case where the jammer or the network lacks this knowledge. The latent energy constraints of the jammer and the network were also taken into consideration. It is extended over the problem of multiple observers and adaptable jamming transmission range and proposes an spontaneous heuristic jamming strategy for that case. Woods et al [7] also consider energy efficiency in his study DEEJAM: Defeating energy-efficient jamming in IEEE 802.15. 4-based wireless Networks. An interrupt jamming attack is simple to perpetrate in software using a MICAZ mote, is energy efficient and stealthy for the jammer, and totally disorder the communication. Sheriff [8] et al In his study Honeybees: Combining Replication and Evasion for Mitigating Base-station jamming in Sensor Network recommend Honey bees; an energy aware defence structure against base-station jamming attack in WSNs. Honeybees efficiently combines imitation and avoidance to allow WSNs to continue delivering data for a long time during a jamming attack.

Channel Surfing
The first technique that this paper presents is channel surfing. As there is one common channel through which radio devices communicates the attacker can easily block their communication, but to prevent the blockage another channel is use for communication and is on the physical layer and is known as frequency hopping. Our assumption is that the attacker can only attack a single channel at a time, and attacker cannot pretend to be a valid member of the network (i.e. the adversary does not hold any authentication keys used by the network devices). [3, 11]

Ad Hoc Network
In the Ad hoc network, when attacker applies DoS, as a result the part of the network to stop communicating and can cause network partitioning. Channel surfing then performs a special role and will switch the network or a region of network to the new clear channel and establish the connectivity again. In order to use channel surfing to address DoS for ad hoc networks, we assume that each network device keeps a neighbour list. As we are working in Ad hoc mode there is no assumption that the device will going to inform its neighbour. Also, during unhindered network operation, we assume that no network partitions arise due to network mobility. Figure 2 illustrates a spatial retreat scenario in an ad hoc network)[3]
A B C

Figure 1: wireless Communication scenarios. (a) Two party communication. (b) Infrastructured wireless networks and (3) Ad hoc wireless networks. [3]

Two-Party Radio Communication

Taking in account the figure 1 (a) it is observed that the opponents X1or X2 have broken the communication between the parties A and B. Requirement is that A and B adopt a new channel for communication in order to avoid the intrusion of X. For the sake of understanding the interference or intrusion amid many channels so that A and B can have a fresh channel. If the opponent is using radio technology as the A and B then we need to know how many orthogonal channels are there to switch from. Another thing could be that the opponent might not be using the same channel so then there a need to find how the other is generating the jamming signals and then produce fitting set of secure channel [3].
H I J

Channel 1 Channel 2

Figure 2: Channel surfing for an ad hoc network consisting of dual radio devices

Spatial retreat:
The second technique is spatial retreat, how it works is basically physically avoid the affected area. What happens, when any network device experiences interference it simply moves to the clean area and is called spatial retreats. The main principle behind the spatial retreats is that when ever any wireless devices are interfered with, they must move to a clear and fresh area. As most of the wireless networks have the mobile users such as mobile phones and laptops, spatial retreat is a good technique to avoid interference. But the main thing is that the users should know where to move and how will they communicate with their movement.[3]

Infrastructured Network
Now contemplate infrastructure wireless network as shown in the Figure 1 (b). In this case we have an access point APO with four wireless devices A, B, C and D connected with it. Two major situations for the turning down of the service against the access points corresponding to opponents X1 and X0 are as follows: In the first case opponent Xo interferes with APO, A, B and C leaving the D due to the fact it is outside the Xos radio range. In the second case opponent X1 interferes with the A and B leaving aside APO or any other nodes. The major difference between the two cases one has blocked the access point from the opponents while the other does not. [3]

Infrastructured Network
Let discuss about infrastructure wireless networks. Consider there are many access points AP0, AP1..... APN and they are connected through each other. Wireless device A is connected to the access point and communicates with other devices and uses internet using the APs. As discussed before that the Attacker can block the communication of the access point or can prevent the nodes to communicate with the access point or can do both at a time. Spatial retreat is basically a technique through which the mentioned three situations can be solved. What the nodes have to do, if they faces any interference from the attacker they should move away from that region and reconnect with the other access point of the safe region. As we already know that the access points have the fixed architecture so they do not participate in the spatial retreat mechanism only nodes will move and connect. All of these three situations can only be solved by an appropriate DoS technique, what should be done is to assign each node with emergency access point list and the nodes should know where to move to get its emergency access point. [3]

Figure 3: The spatial retreat strategy for a two-party Communication scenario. The region depicted by the dotted line is the interference range of the attacker. [3]

Two-Party Radio Communication

Consider the two party radio communications for the case of spatial retreats. The Figure 3 describes that the attacker X interfere with both A and B so they cannot communicate. What spatial retreat is basically when the nodes A and B detects the interference they will simply try to move away from the attacker. As A and B cannot communicate with each other so far they are in attackers range, so it is difficult to decide where to move and how far they should move. Both parties must agree on the direction of retreat and how far they should retreat. Even if they leave the attackers region, it is not a surety that the node A and B are within each others range because of the synchronization error and the irregularity of interference region. [3]

Ad Hoc Network
When discussing about the Ad hoc network in the context of spatial retreats its not easy. If we apply special retreat technique on the Ad hoc network its very difficult to maintain the connectivity between the nodes as they are not involved in initiating communication but also involved in data forwarding. In case of DoS attacks the nodes should move away and go to the safe and clear region and during this it is very difficult to maintain the network connectivity as it become more week as the node move away. Figure 4 illustrates a spatial retreat scenario in an ad hoc network. [3,11]
B A

J M H K

Figure 4: Scenarios for spatial retreat strategies in an ad hoc network setting. The adversary is marked by X.

Temporal retreat:
Temporal retreat is a mechanism in which it is rationally changing the jamming area by changing the channel order on which a node communicates. It gives an impression to the opponent that the node is no more present on the same channel and hence moves back without any physical movement. MULEPRO[4] short for Multi-channel Exfiltration Protocol, a technique that gives an effective and healthy to a jamming based DoS attack. MULEPRO is designed to swiftly ex-filtrate sense or data from an attacked area to the areas or regions that are not under assault. This type of response is suitable for many sense or network applications, such as perimeter and infrastructure defence systems, battlefield sensing systems, or homeland security systems. MULEPROs starting point is to guess that network nodes are operating in a standard mode. During regular operation each node does its customary application unambiguous tasks, such as sensing the environment, relaying multi-hop packets and supervising sleep cycles. Each node can separately determine that it is being subjected to a jamming attack. Upon decisive that a jamming assault is in progress, the node switches from regular operation to exfiltration mode. The function of each boundary node is to pass along data from the exfiltration region. Data Ex-filtration Framework: The MULEPRO scheduling problem can be stated as follows: Let J shows the set of jammed nodes (a finite subset of the set of network nodes N) and represents the number of jammed channels, the development problem is then to find an assignment A: J (( + 1) ) which maximizes the use of instantaneous channels for the reason data ex-filtration from a jammed area. To avoid intolerable interference from hidden or exposed terminal problems channels assigned to each couple of nodes must be different over a two-hop distance. The crisis constraints and needs can be represented by the interference matrix and the channel assignment matrix. These main parameters of the problem are discussed in more detail below. The Interference Matrix, In It is defined as the Interference Matrix In as an N N binary matrix, which keeps a close check of all probable intrusion between nodes. The values in this matrix are considered constant with time since we presume a stagnant network model. In deciding

the interference range, we follow the two-hop distance as explained in [9]. According to [9], the two-hop distance is a good rough calculation of the carrier sensing range in ad hoc networks, and node activation scheduling usually requires all neighbours of a node within two hops to be silent when the node transmits. Therefore, in construction, assign an element in ij the value 1 only if the two nodes i and node j are within twohop distance from each other. The problem of creating is now equivalent to a distance-2 vertex colouring problem [10]. The Exfiltration Matrix, Ex This matrix contains the exfiltration protocol channel assignment and is dynamically created when the network switches to exfiltration mode. In a network with J jammed nodes and accessible channels, the exfiltration matrix Ex is the J binary matrix which includes the existing channel assignments to be used by a jammed node in exfiltrating data to the un-jammed section. The elements Exij of Ex are binary values according to the rule: Exti j = 1, if channel i is assigned to node j in the current time slot t Exti j = 0, if channel i is not assigned node j in the current time slot t Note: how it is representing the scheduling problems constraint and therefore will be used as an input parameter in the paper suggested solution in the next section. Ex, on the other hand, represents the problems obligation and therefore will be the resulted output of the proposed scheduling algorithm.

Conclusion
The communication between the radio devices is through the shared medium so it is very easy for the attackers to get in to their communication region and block communication. This paper basically described the three affective techniques to avoid jamming attacks. The main reason for describing these techniques is to aware wireless users to avoid interference as much as they can because there is no cure for attackers. As the first technique describes how to get rid of the attackers by changing your channel, where as the second technique tell how to change your location out of the attackers range without disturbing their connectivity. Finally the last strategy is basically about the changing of the channel order on which

the devices communicate that is a good trick as the attacker thinks that device is no longer on that channel. In every technique there are special scenarios with special kind of network architecture. Where as in the case of temporal retreats there is a special algorithm to avoid interference.

Management Environment

in

Uncoordinated

Wireless

[3] W. Xu, T. Wood, W. Trappe, and Y. Zhang, Channel surfing and spatial retreats: defenses against wireless denial of service, in Proc. of WiSe, 2004, [4] G. Alnifie, R.Simon,A multi-channel defence against jamming attacks in wireless sensor networks [5] S.Khattab, D Mosse, R Melhem,Jamming mitigation in multi-radio wireless networks: reactive or proactive?, 2008

References:
[1] M.Strasser Jamming-Resistant key Establishment Using Uncoordinated Frequency Hopping,2008 [2] A Mishra,V.Shrivastava, D Agarwal, S Banerjee, S Ganguly.Distributed Channel [6] M.Li, I. Koutsopoulos, and R.Pooverdran Opical Jamming Attacks and Network Defence [7] A.D.Wood, JA.Stankovic, and G.Zhou,DEEJAM:Defeating Energy-Efficient Jamming in IEEE 802.15 [8] S.Khattab,D. Mosse, and R Melhem.I Loneybees: Combining Relication and Evasion for Mitigating Base-station Jamming in sensor networks,2006 [9] K.W Reese and A.Salem,A Survey on jamming avoidance in adhoc sensory networks [10] K.Mahadevan, S.Hong, and J DullumAntiJamming A Study,2005 [11] W. Xu, W. Trappe, and Y. Zhang , Channel Surfing: Defending Wireless Sensor Networks from Interference