Wenyuan Xu,Ke Ma,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1109/mnet.2006.1637931

IF: 10.294

2006-01-01

IEEE Network

Abstract:Wireless sensor networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming, attacks that effectively cause a denial of service of either transmission or reception functionalities. These attacks can easily be accomplished by an adversary by either bypassing MAC-layer protocols or emitting a radio signal targeted at jamming a particular channel. In this article we survey different jamming attacks that may be employed against a sensor network. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. We highlight the challenges associated with detecting jamming. To cope with jamming, we propose two different but complementary approaches. One approach is to simply retreat from the interferer which may be accomplished by either spectral evasion (channel surfing) or spatial evasion (spatial retreats). The second approach aims to compete more actively with the interferer by adjusting resources, such as power levels and communication coding, to achieve communication in the presence of the jammer.

Wenyuan Xu,Wade Trappe,Yanyong Zhang,Timothy Wood

DOI: https://doi.org/10.1145/1062689.1062697

2005-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The first scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

Wenyuan Xu,Zhenhua Liu

2012-01-01

Abstract:The open nature of wireless communication makes it easy for adversaries to either inject random signals to wireless channels harming the network availability, or eavesdrop on the communication breaching the location privacy. Those threats are challenging to cope with, because most of them cannot be addressed by traditional cryptographic methods. One of the attacks that can easily imperil the availability of networks is jamming attacks. An adversary can launch a jamming attack either by bypassing MAC-layer protocols and keeping sending packets, or by emitting radio signals to a particular channel. To cope with jamming attacks, in this dissertation, we focus on developing mechanisms to localize jammers. We examine how jammers affect networks in terms of signal strength, nodes' communication range, and network topologies, and present how to measure these jamming effects. To localize a jammer, we design an Adaptive Least-Squares-based (LSQ-based) algorithm which performs localization by exploiting the changes of communication range. Then, to further improve the localization accuracy, we propose an error minimizing framework that can localize not only one but also multiple jammers through utilizing the strength of jamming signals (JSS). To evaluate the effectiveness of our proposed localization schemes, we conducted real-world experiments using a testbed of MicaZ, and then carried out extensive performance studies in large-scale networks by simulation. Another problem that cannot be solved by traditional cryptographic method is the location privacy issue. We study this issue in wireless sensor network because the locations of the sink nodes are critically important to the viability of wireless networks, and such information can be easily determined by attackers. For instance, attackers can eavesdrop on the network communication at several spots and trace back to the sink nodes. Then, they can destroy the sink nodes physically to disable the data collection or dissemination. In this dissertation, we examine the sink location privacy problem from both the attack and defense sides. On the attack side, we present two types of Zeroing-In attacks which allow attackers to identify the sink location by estimating the hop count or the arrival time of a broadcast packet at a few spots in the network. To cope with the Zeroing-In attacks, we propose a directed-walk-based scheme and validate that it is effective in deceiving adversaries at modest energy costs.

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Gonglong Chen,Wei Dong

DOI: https://doi.org/10.1145/3418210

2020-01-01

ACM Transactions on Sensor Networks

Abstract:Recently, Cross-Technology Communication (CTC), allowing the direct communication among heterogeneous devices with incompatible physical layers, has attracted much research attention. Many efficient CTC protocols have been proposed to demonstrate its promise in IoT applications. However, the applications built upon CTC will be significantly impaired when CTC suffers from malicious attacks such as jamming or sniffing. In this article, we implement a reactive jamming system, JamCloak, that can attack most existing CTC protocols. To this end, we first propose a taxonomy of the existing CTC protocols. Then based on the taxonomy, we extract essential features to train a CTC detection model, and estimate the parameters that can efficiently jam CTC links. Experimental results show that JamCloak consistently achieves 94.7% of classification accuracy on average in both Line-of-Sight and Non-Line-of-Sight scenarios. We also apply JamCloak to attack three existing CTC protocols: WiZig, Esense and EMF. Results show that JamCloak can significantly reduce PDR (packet delivery ratio) by 80.8% on average in practical environments. In the meantime, JamCloak’s jamming gain is more than 1.78× higher than the existing reactive jammer. In addition, we propose a practical countermeasure against reactive jamming attacks over CTC links like JamCloak. Results show that our approach significantly improves the jamming detection accuracy by 91.2% on average than the existing approach, and effectively decreases the reduction in packet delivery ratio to 1.7%.

Debraj Basu,Tianbo Gu,Prasant Mohapatra

DOI: https://doi.org/10.48550/arXiv.2006.16554

2020-06-30

Abstract:Low Power Wide Area Networks (LPWAN) have been used to support low cost and mobile bi-directional communications for the Internet of Things (IoT), smart city and a wide range of industrial applications. A primary security concern of LPWAN technology is the attacks that block legitimate communication between nodes resulting in scenarios like loss of packets, delayed packet arrival, and skewed packet reaching the reporting gateway. LoRa (Long Range) is a promising wireless radio access technology that supports long-range communication at low data rates and low power consumption. LoRa is considered as one of the ideal candidates for building LPWANs. We use LoRa as a reference technology to review the IoT security threats on the air and the applicability of different countermeasures that have been adopted so far. LoRa nodes that are close to the gateway use a small SF than the nodes which are far away. But it also implies long in-the-air transmission time, which makes the transmitted packets vulnerable to different kinds of malicious attacks, especially in the physical and the link layer. Therefore, it is not possible to enforce a fixed set of rules for all LoRa nodes since they have different levels of vulnerabilities. Our survey reveals that there is an urgent need for secure and uninterrupted communication between an end-device and the gateway, especially when the threat models are unknown in advance. We explore the traditional countermeasures and find that most of them are ineffective now, such as frequency hopping and spread spectrum methods. In order to adapt to new threats, the emerging countermeasures using game-theoretic approaches and reinforcement machine learning methods can effectively identify threats and dynamically choose the corresponding actions to resist threats, thereby making secured and reliable communications.

Cryptography and Security

Jiamei Lv,Gonglong Chen,Wei Dong

DOI: https://doi.org/10.1109/iwqos49365.2020.9212919

2022-01-01

ACM Transactions on Sensor Networks

Abstract:Long communication range and low energy consumption are two most important design goals of Low-Power Wide-Area Networks (LPWAN), however, many prior works have revealed that the performance of LPWAN in practical scenarios is not satisfactory. Although there are PHY-layer and link layer approaches proposed to improve the performance of LPWAN, they either rely heavily on the hardware modifications or suffer from low data recovery capability especially with bursty packet loss pattern. In this paper, we propose a practical system, eLoRa, for COTS devices. eLoRa utilizes rateless codes and jointly decoding with multiple gateways to extend the communication range and lifetime of LoRaWAN. To further improve the performance of LoRaWAN, eLoRa optimizes parameters of the PHY-layer (e.g., spreading factor) and the link layer (e.g, block length). We implement eLoRa on COTS LoRa devices, and conduct extensive experiments on outdoor testbed to evaluate the effectiveness of eLoRa. Results show that eLoRa can effectively improve the communication range of DaRe and LoRaWAN by 43.2% and 55.7% with packet reception ratio higher than 60%, and increase the expected lifetime of DaRe and LoRaWAN by 18.3% and 46.6%.

Hongbo Liu,Zhenhua Liu,Yingying Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/ICDCS.2011.38

2011-01-01

Abstract:Jamming attacks and unintentional radio interference are one of the most urgent threats harming the dependability of wireless communication and endangering the successful deployment of pervasive applications built on top of wireless networks. Unlike the traditional approaches focusing on developing jamming defense techniques without considering the location of jammers, we take a different viewpoint that the jammers' position should be identified and exploited for building a wide range of defense strategies to alleviate jamming. In this paper, we address the problem of localizing multiple jamming attackers coexisting in wireless networks by leveraging the network topology changes caused by jamming. We systematically analyze the jamming effects and develop a framework that can partition network topology into clusters and can successfully estimate the positions of multiple jammers even when their jamming areas are overlapping. Our experiments on a multi-hop network setup using MicaZ sensor nodes validate the feasibility of real-time collection of network topology changes under jamming and our extensive simulation results demonstrate that our approach is highly effective in localizing multiple attackers with or without the prior knowledge of the order that the jammers are turned on.

Steven Puckett,Jianqing Liu,Seong-Moo Yoo,Thomas H. Morris

DOI: https://doi.org/10.1109/jiot.2023.3304175

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Long-range wide-area network (LoRaWAN) is a low-power wide-area network (LP-WAN) protocol developed for low-bandwidth, battery-operated long-range sensors. However, the LoRaWAN specification has several security issues and utilizes software cryptography, which is not energy efficient. Our proposed solution combines a modified LoRaWAN protocol with a hardware-based cryptographic coprocessor that includes secure on-chip key storage for encryption, decryption, and digital signature creation. This design reduces the energy utilization of the wireless nodes while addressing several of the LoRaWAN threat surfaces. This article provides a security analysis of the reduced threat surfaces and demonstrates the improved energy efficiency of the LoRaWAN nodes with the integrated solution.

Frank Hessel,Lars Almon,Flor Álvarez

DOI: https://doi.org/10.1145/3395351.3399423

2020-05-23

Abstract:Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks. Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network. In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world <a class="link-external link-http" href="http://networks.We" rel="external noopener nofollow">this http URL</a> demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.

Cryptography and Security,Networking and Internet Architecture

Lukas Simon Laufenberg

DOI: https://doi.org/10.48550/arXiv.1904.10728

2019-04-24

Abstract:Low Power Wide Area Network (LPWAN) technologies like the Long Range Wide Area Network (LoRaWAN) standard provide the foundation of applications realizing communication and intelligent interaction between almost any kind of object. These applications are commonly called Smart Cities and the Internet of Things (IoT). Offering the potential of great benefits for mankind, these applications can also present a significant risk, especially when their security is compromised. This paper's work analyzes the possibility of two particular scenarios of impersonating a LoRaWAN gateway combining existing attacks. Impersonated gateways are of use when exploiting vulnerabilities already shown by other researchers. We give a basic overview about LoRaWAN, the Semtech Packet Forwarder protocol, attacks needed to perform the impersonation, and assumptions made. We explain our attack and propose countermeasures to increase the security of LoRaWAN networks. We show a gateway impersonation is possible in particular circumstances but can be detected and prevented.

Cryptography and Security

Ales Povalac,Jan Kral,Holger Arthaber,Ondrej Kolar,Marek Novak

DOI: https://doi.org/10.3390/s23177333

2023-08-22

Abstract:In the past decade, Long-Range Wire-Area Network (LoRaWAN) has emerged as one of the most widely adopted Low Power Wide Area Network (LPWAN) standards. Significant efforts have been devoted to optimizing the operation of this network. However, research in this domain heavily relies on simulations and demands high-quality real-world traffic data. To address this need, we monitored and analyzed LoRaWAN traffic in four European cities, making the obtained data and post-processing scripts publicly available. For monitoring purposes, we developed an open-source sniffer capable of capturing all LoRaWAN communication within the EU868 band. Our analysis discovered significant issues in current LoRaWAN deployments, including violations of fundamental security principles, such as the use of default and exposed encryption keys, potential breaches of spectrum regulations including duty cycle violations, SyncWord issues, and misaligned Class-B beacons. This misalignment can render Class-B unusable, as the beacons cannot be validated. Furthermore, we enhanced Wireshark's LoRaWAN protocol dissector to accurately decode recorded traffic. Additionally, we proposed the passive reception of Class-B beacons as an alternative timebase source for devices operating within LoRaWAN coverage under the assumption that the issue of misaligned beacons can be addressed or mitigated in the future. The identified issues and the published dataset can serve as valuable resources for researchers simulating real-world traffic and for the LoRaWAN Alliance to enhance the standard to facilitate more reliable Class-B communication.

Jiming Xu,You Tang,Yujian Wang,Xin'an Wang

DOI: https://doi.org/10.1109/icasid.2019.8925203

2019-01-01

Abstract:With the development of Internet-of-Things technology, the electronic devices nowadays are embedded with "smart" functionalities, which enable them to upload data to the cloud for the easy access of the users. Such functionalities have been popular among commercial products. However, as we shall show in this paper, these functionalities, if not protected properly, can be vulnerable to attacks. An unprotected implementation leaks significant level of information related to the sensitive operations, which could pose threats to the security of the device. In this paper, we demonstrate a practical attack against a LoRaWAN communication module. This attack uses the deep-learning-based side-channel attack to recover the key for encrypting the payload data. By capturing less than 100 communication packets, the trained convolutional neural network is capable of recovering the full key for AES encryption.

Lin Hu,Hong Wen,Bin Wu,Fei Pan,Run-Fa Liao,Huanhuan Song,Jie Tang,Xiumin Wang

DOI: https://doi.org/10.1109/jiot.2017.2778185

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is becoming an emerging paradigm to achieve ubiquitous connectivity, via massive deployment of physical objects, such as sensors, controllers, and actuators. However, concerns on the IoT security are raised due to the wireless broadcasting nature and the energy constraint of the physical objects. In this paper, we study secure downlink transmission from a controller to an actuator, with the help of a cooperative jammer to fight against multiple passive and noncolluding eavesdroppers. In addition to artificial noise aided secrecy beamforming for secure transmission, cooperative jamming (CJ) is explored to further enhance physical layer security. In particular, we provide a secrecy enhancing transmit design to minimize the secrecy outage probability (SOP), subject to a minimum requirement on the secrecy rate. Based on a strict mathematical analysis, we further characterize the impacts of the main channel quality and the minimum secrecy rate on transmit designs. Numerical results confirm that our design can enhance both security (in terms of SOP) and power efficiency as compared with the approach without CJ.

Jetmir Haxhibeqiri,Eli De Poorter,Ingrid Moerman,Jeroen Hoebeke

DOI: https://doi.org/10.3390/s18113995

IF: 3.9

2018-11-16

Sensors

Abstract:LoRaWAN is one of the low power wide area network (LPWAN) technologies that have received significant attention by the research community in the recent years. It offers low-power, low-data rate communication over a wide range of covered area. In the past years, the number of publications regarding LoRa and LoRaWAN has grown tremendously. This paper provides an overview of research work that has been published from 2015 to September 2018 and that is accessible via Google Scholar and IEEE Explore databases. First, a detailed description of the technology is given, including existing security and reliability mechanisms. This literature overview is structured by categorizing papers according to the following topics: (i) physical layer aspects; (ii) network layer aspects; (iii) possible improvements; and (iv) extensions to the standard. Finally, a strengths, weaknesses, opportunities and threats (SWOT) analysis is presented along with the challenges that LoRa and LoRaWAN still face.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zequ Yang,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tdsc.2015.2501288

2015-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Jamming is a typical attack by exploiting the nature of wireless communication. Lots of researchers are working on improving energy-efficiency of jamming attack from the attacker's view. Whereas, in the low-duty-cycle wireless sensor networks where nodes stay asleep most of time, the design of jamming attack becomes even more challenging especially when considering the stochastic transmission pattern arising from both the clock drift and other uncertainties. In this paper, we propose LearJam, a novel learning-based jamming attack strategy against low-duty-cycle networks, which features the two-phase design consisting of the learning phase and attacking phase. Then in order to degrade the network throughput to the maximal degree, LearJam jointly optimizes these two phases subject to the energy constraint. Moreover, such process of optimization is operated iteratively to accommodate the requirement of practical implementation. Conversely, we also discuss how the state-of-the-art mechanisms can defend against LearJam, which will aid the researchers to improve the security of low-duty-cycle networks. Extensive simulations show that our design achieves significantly higher number of successful attacks and reduces the network's throughput considerably, especially in a sparse low-duty-cycle network, compared with some typical jamming strategies.

Wenbo Shen,Yao Liu,Xiaofan He,Huaiyu Dai,Peng Ning

DOI: https://doi.org/10.1109/MILCOM.2015.7357518

2015-01-01

Abstract:Jamming attacks are well-known threats to wireless communications, but on the other hand they provide insights for researchers to design novel approaches to protect wireless communications. In recent years, friendly jamming is used by a number of research works to achieve the wireless medium access control. However, in these works, the friendly jammer relies on bit-level information to distinguish the allies' wireless transmissions from the enemies', which requires the received signals to be processed through demodulation steps and thus introduces a non-trivial reaction time delay for the friendly jammer. This reaction delay is undesirable as the transmissions need to be jammed while they are still on the air.To address this problem, we propose fast friendly jamming, which eliminates the need for demodulation and enables the friendly jammer to verify the received signals directly on the physical layer. We have implemented a prototype of the proposed techniques based on GNURadio and USRP, and performed real-world experiments to validate the proposed techniques. The experiment results show that the proposed techniques reduce the normal reaction delay of the friendly jammer by 81.9%-85.7%, and achieve the accurate distinction between allies' and enemies' transmissions.

Hossein Pirayesh,Huacheng Zeng

DOI: https://doi.org/10.48550/arXiv.2101.00292

2021-01-02

Abstract:Wireless networks are a key component of the telecommunications infrastructure in our society, and wireless services become increasingly important as the applications of wireless devices have penetrated every aspect of our lives. Although wireless technologies have significantly advanced in the past decades, most wireless networks are still vulnerable to radio jamming attacks due to the openness nature of wireless channels, and the progress in the design of jamming-resistant wireless networking systems remains limited. This stagnation can be attributed to the lack of practical physical-layer wireless technologies that can efficiently decode data packets in the presence of jamming attacks. This article surveys existing jamming attacks and anti-jamming strategies in wireless local area networks (WLANs), cellular networks, cognitive radio networks (CRNs), ZigBee networks, Bluetooth networks, vehicular networks, LoRa networks, RFID networks, and GPS system, with the objective of offering a comprehensive knowledge landscape of existing jamming/anti-jamming strategies and stimulating more research efforts to secure wireless networks against jamming attacks. Different from prior survey papers, this article conducts a comprehensive, in-depth review on jamming and anti-jamming strategies, casting insights on the design of jamming-resilient wireless networking systems. An outlook on promising antijamming techniques is offered at the end of this article to delineate important research directions.

Cryptography and Security

Aloÿs Augustin,Jiazi Yi,Thomas Clausen,William Mark Townsley,William Townsley

DOI: https://doi.org/10.3390/s16091466

IF: 3.9

2016-09-09

Sensors

Abstract:LoRa is a long-range, low-power, low-bitrate, wireless telecommunications system, promoted as an infrastructure solution for the Internet of Things: end-devices use LoRa across a single wireless hop to communicate to gateway(s), connected to the Internet and which act as transparent bridges and relay messages between these end-devices and a central network server. This paper provides an overview of LoRa and an in-depth analysis of its functional components. The physical and data link layer performance is evaluated by field tests and simulations. Based on the analysis and evaluations, some possible solutions for performance enhancements are proposed.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiao Tang,Pinyi Ren,Zhu Han

DOI: https://doi.org/10.1109/access.2018.2793280

IF: 3.9

2018-01-01

IEEE Access

Abstract:In the Internet of Things (IoT), the malicious node with sensorial capability can smartly launch jamming attacks only when it detects the legitimate transmission, known as the reactive jamming. Compared with the conventional constant jamming model, the reactive nature enables highly efficient and long-lasting attacks with limited energy supply, which thus presents a significant threat upon the secure communications in IoT. In this paper, we investigate the anti-reactive-jamming transmission strategy for IoT by exploiting the inherent weakness of the jammer. Specifically, since the reactive jamming depends on the detection of the legitimate transmission, the legitimate user can elaborately determine its transmit power to tradeoff between its achieved signal-to-interference-plus-noise ratio and the probability to be detected and jammed by its adversary. Meanwhile, the jammer can smartly allocate the jamming power based on its observation of the legitimate transmission. We formulate the rivalry between the legitimate user and jammer as a hierarchical game, where the legitimate user takes action first as the leader while the jammer is the follower. We analyze the game equilibrium for both single-channel and multi-channel scenarios and derive the optimal transmission and jamming strategies for the legitimate user and jammer, respectively. Finally, we present the numerical results to evaluate the performance of the secure IoT communications under our proposal.