Gonglong Chen,Wei Dong

DOI: https://doi.org/10.1145/3418210

2020-01-01

ACM Transactions on Sensor Networks

Abstract:Recently, Cross-Technology Communication (CTC), allowing the direct communication among heterogeneous devices with incompatible physical layers, has attracted much research attention. Many efficient CTC protocols have been proposed to demonstrate its promise in IoT applications. However, the applications built upon CTC will be significantly impaired when CTC suffers from malicious attacks such as jamming or sniffing. In this article, we implement a reactive jamming system, JamCloak, that can attack most existing CTC protocols. To this end, we first propose a taxonomy of the existing CTC protocols. Then based on the taxonomy, we extract essential features to train a CTC detection model, and estimate the parameters that can efficiently jam CTC links. Experimental results show that JamCloak consistently achieves 94.7% of classification accuracy on average in both Line-of-Sight and Non-Line-of-Sight scenarios. We also apply JamCloak to attack three existing CTC protocols: WiZig, Esense and EMF. Results show that JamCloak can significantly reduce PDR (packet delivery ratio) by 80.8% on average in practical environments. In the meantime, JamCloak’s jamming gain is more than 1.78× higher than the existing reactive jammer. In addition, we propose a practical countermeasure against reactive jamming attacks over CTC links like JamCloak. Results show that our approach significantly improves the jamming detection accuracy by 91.2% on average than the existing approach, and effectively decreases the reduction in packet delivery ratio to 1.7%.

Wenyuan Xu,Wade Trappe,Yanyong Zhang,Timothy Wood

DOI: https://doi.org/10.1145/1062689.1062697

2005-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The first scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

Sharaf Malebary,Wenyuan Xu,Chin-Tser Huang

DOI: https://doi.org/10.1109/pccc.2016.7820665

2016-01-01

Abstract:The development of wireless Vehicular Ad-Hoc Network (VANET) aimed to enhance road's safety and provide comfortable driving environment by delivering early warning and infotainment messages. Intentional jamming attacks target at undermining such a goal by disrupting wireless communications. While detecting jamming attacks is important towards enhancing road safety, it is challenging because VANET operates in outdoor environment (highly changeable road conditions and atmospheric phenomena), and encompasses volatile topology and high mobility of vehicles (traveling speed and directions). To overcome these challenges, in this work, we study jamming attack mobility and behaviors in IEEE802.11p networks. In particular, we focus on analyzing jamming impact based on jammers behaviors, and mobility patterns. Thus, in order to achieve reliable detection, first we identify the impact of vehicles' density on network performance. Then, we study jamming effectiveness when adopting different mobility patterns (stationary, random, or targeting) and behaviors (constant, random, and reactive). Finally, we propose a two phase detection algorithm and evaluate it in a simulation environment. Our approach shows promising results to detect different types of jammers accurately in IEEE802.11p networks.

Youness Arjoune,Saleh Faruque

DOI: https://doi.org/10.48550/arXiv.2009.05531

2020-09-12

Abstract:The fifth generation of wireless cellular networks (5G) is expected to be the infrastructure for emergency services, natural disasters rescue, public safety, and military communications. 5G, as any previous wireless cellular network, is vulnerable to jamming attacks, which create deliberate interference to hinder the communication of legitimate users. Therefore, jamming 5G networks can be a real threat to public safety. Thus, there is a strong need to investigate to what extent these networks are vulnerable to jamming attacks. For this investigation, we consider the 3GPP standard released in 2017, which is widely accepted as the primary reference for the deployment of these networks. First, we describe the key elements of 5G New Radio (NR) architecture, such as different channels and signals exchanged between the base station and user equipment. Second, we conduct an in-depth review of the jamming attack models and we assess the 5G NR vulnerabilities to these jamming attacks. Then, we present the state-of-the-art detection and mitigation techniques, and we discuss their suitability to defeat smart jammers in 5G wireless networks. Finally, we provide some recommendations and future research directions at the end of this paper.

Signal Processing,Cryptography and Security,Systems and Control

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Wenyuan Xu,Ke Ma,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1109/mnet.2006.1637931

IF: 10.294

2006-01-01

IEEE Network

Abstract:Wireless sensor networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming, attacks that effectively cause a denial of service of either transmission or reception functionalities. These attacks can easily be accomplished by an adversary by either bypassing MAC-layer protocols or emitting a radio signal targeted at jamming a particular channel. In this article we survey different jamming attacks that may be employed against a sensor network. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. We highlight the challenges associated with detecting jamming. To cope with jamming, we propose two different but complementary approaches. One approach is to simply retreat from the interferer which may be accomplished by either spectral evasion (channel surfing) or spatial evasion (spatial retreats). The second approach aims to compete more actively with the interferer by adjusting resources, such as power levels and communication coding, to achieve communication in the presence of the jammer.

Hongbo Liu,Yingying Chen,Wenyuan Xu,Zhenhua Liu,Yuchen Su

DOI: https://doi.org/10.1051/sands/2023025

2023-01-01

Security and Safety

Abstract:Jamming attacks and unintentional radio interference are some of the most urgent threats harming the dependability of wireless communication and endangering the successful deployment of pervasive applications built on top of wireless networks. Unlike the traditional approaches focusing on developing jamming defense techniques without considering the location of jammers, we take a different viewpoint that the jammers’ position should be identified and exploited for building a wide range of defense strategies to alleviate jamming. In this paper, we address the problem of localizing multiple jamming attackers coexisting in wireless networks by leveraging the network topology changes caused by jamming. We systematically analyze the jamming effects and develop a framework that can partition network topology into clusters and can successfully estimate the positions of multiple jammers even when their jamming areas are overlapping. Our experiments on a multi-hop network setup using MicaZ sensor nodes validate the feasibility of real-time collection of network topology changes under jamming and our extensive simulation results demonstrate that our approach is highly effective in localizing multiple attackers with or without the prior knowledge of the order that the jammers are turned on.

Hongbo Liu,Zhenhua Liu,Yingying Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/ICDCS.2011.38

2011-01-01

Abstract:Jamming attacks and unintentional radio interference are one of the most urgent threats harming the dependability of wireless communication and endangering the successful deployment of pervasive applications built on top of wireless networks. Unlike the traditional approaches focusing on developing jamming defense techniques without considering the location of jammers, we take a different viewpoint that the jammers' position should be identified and exploited for building a wide range of defense strategies to alleviate jamming. In this paper, we address the problem of localizing multiple jamming attackers coexisting in wireless networks by leveraging the network topology changes caused by jamming. We systematically analyze the jamming effects and develop a framework that can partition network topology into clusters and can successfully estimate the positions of multiple jammers even when their jamming areas are overlapping. Our experiments on a multi-hop network setup using MicaZ sensor nodes validate the feasibility of real-time collection of network topology changes under jamming and our extensive simulation results demonstrate that our approach is highly effective in localizing multiple attackers with or without the prior knowledge of the order that the jammers are turned on.

Ghazal Asemian,Michel Kulhandjian,Mohammadreza Amini,Burak Kantarci,Claude D'Amours,Melike Erol-Kantarci

2024-11-08

Abstract:The vulnerability of 5G networks to jamming attacks has emerged as a significant concern. This paper contributes in two primary aspects. Firstly, it investigates the effect of a multi-jammer on 5G cell metrics, specifically throughput and goodput. The investigation is conducted within the context of a mobility model for user equipment (UE), with a focus on scenarios involving connected vehicles (CVs) engaged in a mission. Secondly, the vulnerability of synchronization signal block (SSB) components is examined concerning jamming power and beam sweeping. Notably, the study reveals that increasing jamming power beyond 40 dBm in our specific scenario configuration no longer decreases network throughput due to the re-transmission of packets through the hybrid automatic repeat request (HARQ) process. Furthermore, it is observed that under the same jamming power, the physical downlink shared channel (PDSCH) is more vulnerable than the primary synchronization signal (PSS) and secondary synchronization signal (SSS). However, a smart jammer can disrupt the cell search process by injecting less power and targeting PSS-SSS or physical broadcast channel (PBCH) data compared to a barrage jammer. On the other hand, beam sweeping proves effective in mitigating the impact of a smart jammer, reducing the error vector magnitude root mean square from 51.59% to 23.36% under the same jamming power.

Cryptography and Security

Richa Priyadarshani,Ki-Hong Park,Yalcin Ata,Mohamed-Slim Alouini

2024-03-29

Abstract:As the evolution of wireless communication progresses towards 6G networks, extreme bandwidth communication (EBC) emerges as a key enabler to meet the ambitious key performance indicator set for this next-generation technology. 6G aims for peak data rates of 1 Tb/s, peak spectral efficiency of 60 b/s/Hz, maximum bandwidth of 100 GHz, and mobility support up to 1000 km/h, while maintaining a high level of security. The capability of 6G to manage enormous data volumes introduces heightened security vulnerabilities, such as jamming attacks, highlighting the critical need for in-depth research into jamming in EBC. Understanding these attacks is vital for developing robust countermeasures, ensuring 6G networks can maintain their integrity and reliability amidst these advanced threats. Recognizing the paramount importance of security in 6G applications, this survey paper explores prevalent jamming attacks and the corresponding countermeasures in EBC technologies such as millimeter wave, terahertz, free-space optical, and visible light communications. By comprehensively reviewing the literature on jamming in EBC, this survey paper aims to provide a valuable resource for researchers, engineers, and policymakers involved in the development and deployment of 6G networks. Understanding the nuances of jamming in different EBC technologies is essential for devising robust security mechanisms and ensuring the success of 6G communication systems in the face of emerging threats.

Information Theory

Tanujay Saha,Najwa Aaraj,Niraj K. Jha

DOI: https://doi.org/10.48550/arXiv.2108.03514

2021-08-08

Abstract:The core network architecture of telecommunication systems has undergone a paradigm shift in the fifth-generation (5G)networks. 5G networks have transitioned to software-defined infrastructures, thereby reducing their dependence on hardware-based network functions. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This has resulted in significant improvements in efficiency, performance, and robustness of the networks. However, this has also made the core network more vulnerable, as software systems are generally easier to compromise than hardware systems. In this article, we present a comprehensive security analysis framework for the 5GCN. The novelty of this approach lies in the creation and analysis of attack graphs of the software-defined and virtualized 5GCN through machine learning. This analysis points to 119 novel possible exploits in the 5GCN. We demonstrate that these possible exploits of 5GCN vulnerabilities generate five novel attacks on the 5G Authentication and Key Agreement protocol. We combine the attacks at the network, protocol, and the application layers to generate complex attack vectors. In a case study, we use these attack vectors to find four novel security loopholes in WhatsApp running on a 5G network.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security,Machine Learning

Hossein Pirayesh,Huacheng Zeng

DOI: https://doi.org/10.48550/arXiv.2101.00292

2021-01-02

Abstract:Wireless networks are a key component of the telecommunications infrastructure in our society, and wireless services become increasingly important as the applications of wireless devices have penetrated every aspect of our lives. Although wireless technologies have significantly advanced in the past decades, most wireless networks are still vulnerable to radio jamming attacks due to the openness nature of wireless channels, and the progress in the design of jamming-resistant wireless networking systems remains limited. This stagnation can be attributed to the lack of practical physical-layer wireless technologies that can efficiently decode data packets in the presence of jamming attacks. This article surveys existing jamming attacks and anti-jamming strategies in wireless local area networks (WLANs), cellular networks, cognitive radio networks (CRNs), ZigBee networks, Bluetooth networks, vehicular networks, LoRa networks, RFID networks, and GPS system, with the objective of offering a comprehensive knowledge landscape of existing jamming/anti-jamming strategies and stimulating more research efforts to secure wireless networks against jamming attacks. Different from prior survey papers, this article conducts a comprehensive, in-depth review on jamming and anti-jamming strategies, casting insights on the design of jamming-resilient wireless networking systems. An outlook on promising antijamming techniques is offered at the end of this article to delineate important research directions.

Cryptography and Security

Marc Lichtman,Raghunandan M. Rao,Vuk Marojevic,Jeffrey H. Reed,Roger Piqueras Jover

DOI: https://doi.org/10.48550/arXiv.1803.03845

2018-04-09

Abstract:In December 2017, the Third Generation Partnership Project (3GPP) released the first set of specifications for 5G New Radio (NR), which is currently the most widely accepted 5G cellular standard. 5G NR is expected to replace LTE and previous generations of cellular technology over the next several years, providing higher throughput, lower latency, and a host of new features. Similar to LTE, the 5G NR physical layer consists of several physical channels and signals, most of which are vital to the operation of the network. Unfortunately, like for any wireless technology, disruption through radio jamming is possible. This paper investigates the extent to which 5G NR is vulnerable to jamming and spoofing, by analyzing the physical downlink and uplink control channels and signals. We identify the weakest links in the 5G NR frame, and propose mitigation strategies that should be taken into account during implementation of 5G NR chipsets and base stations.

Networking and Internet Architecture

Mohamad Saalim Wani,Michael Rademacher,Thorsten Horstmann,Mathias Kretschmer

DOI: https://doi.org/10.3390/jcp4010002

2024-01-02

Journal of Cybersecurity and Privacy

Abstract:5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, we identify known 4G attacks that can theoretically be applied to 5G NSA. We organize these attacks into a structured taxonomy. Our findings reveal that 5G NSA networks may offer a false sense of security, as most security and privacy improvements are concentrated in 5G SA networks. To underscore this concern, we implement three attacks with severe consequences and successfully validate them on various commercially available smartphones. Notably, one of these attacks, the IMSI Leak, consistently exposes user information with no apparent security mitigation in 5G NSA networks. This highlights the ease of tracking individuals on current 5G networks.

computer science, information systems, interdisciplinary applications, software engineering

J. R. Stegmann,M. Gundall,H. D. Schotten

2024-10-11

Abstract:Smart jamming attacks on cellular campus networks represent an enormous potential threat, especially in the industrial environment. In complex production processes, the disruption of a single wireless connected Cyber-Physical System (CPS) is enough to cause a large-scale failure. In this paper, a smart jamming attack on the Physical Random Access Channel (PRACH) of a 5G system is modeled. This is followed by a practical implementation of the jammer on a testbed based on Open Air Interface (OAI) and Software Defined Radios (SDRs). It is shown that the designed jammer design can interfere a legitimate transmission of a PRACH preamble with a ratio of more than 99.9%. While less than one percent of the cell resources are interfered compared to broadband jamming. In addition, two different types of jamming signal spectra are compared in relation to their interference capacity. The developed attack can be re-implemented based on publicly available source code and Commercial Off-The-Shelf (COTS) hardware.

Networking and Internet Architecture,Signal Processing

Zhihong Tian,Yanbin Sun,Shen Su,Mohan Li,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1902.04009

2019-02-12

Abstract:The 5th generation (5G) network adopts a great number of revolutionary technologies to fulfill continuously increasing requirements of a variety of applications, including ultra-high bandwidth, ultra-low latency, ultra-massive device access, ultra-reliability, and so on. Correspondingly, traditional security focuses on the core network, and the logical (non-physical) layer is no longer suitable for the 5G network. 5G security presents a tendency to extend from the network center to the network edge and from the logical layer to the physical layer. The physical layer security is also an essential part of 5G security. However, the security of each layer in 5G is mostly studied separately, which causes a lack of comprehensive analysis for security issues across layers. Meanwhile, potential security threats are lack of automated solutions. This article explores the 5G security by combining the physical layer and the logical layer from the perspective of automated attack and defense, and dedicate to provide automated solution framework for 5G security.

Networking and Internet Architecture

Felix Girke,Fabian Kurtz,Nils Dorsch,Christian Wietfeld

DOI: https://doi.org/10.48550/arXiv.1903.10947

2019-03-26

Abstract:Energy, water, health, transportation and emergency services act as backbones for our society. Aiming at high degrees of efficiency, these systems are increasingly automated, depending on communication systems. However, this makes these Critical Infrastructures (CI) prone to cyber attacks, resulting in data leaks, reduced performance or even total system failure. Beyond a survey of existing vulnerabilities, we provide an experimental evaluation of targeted uplink jamming against LTE's air interface. Primarily, our implementations of smart attacks on the LTE Physical Uplink Control Channel (PUCCH), the Physical Uplink Shared Channel (PUSCH) as well as on the radio access procedure are outlined and tested. In exploiting the unencrypted resource assignment process, these attacks are able to target and jam specific UE resources, effectively denying uplink access. Evaluation results reveal the criticality of such attacks, severely destabilizing CI, while minimizing attacker exposure. Finally we derive possible mitigations and recommendations for 5G stakeholders, which serve to improve the robustness of mission critical communications and enable the design of resilient next generation mobile networks.

Networking and Internet Architecture

Michal Harvanek,Jan Bolcek,Jan Kufa,Ladislav Polak,Marek Simka,Roman Marsalek

DOI: https://doi.org/10.3390/s24175523

IF: 3.9

2024-08-28

Sensors

Abstract:With the expansion of wireless mobile networks into both the daily lives of individuals as well as into the widely developing market of connected devices, communication is an increasingly attractive target for attackers. As the complexity of mobile cellular systems grows and the respective countermeasures are implemented to secure data transmissions, the attacks have become increasingly sophisticated on the one hand, but at the same time the system complexity can open up expanded opportunities for security and privacy breaches. After an in-depth summary of possible entry points to attacks to mobile networks, this paper first briefly reviews the basic principles of the physical layer implementation of 4G/5G systems, then gives an overview of possible attacks from a physical layer perspective. It also provides an overview of the software frameworks and hardware tool-software defined radios currently in use for experimenting with 4G/5G mobile networks, and it discusses their basic capabilities. In the final part, the paper summarizes the currently most promising families of techniques to detect illegitimate base stations—the machine-learning-based, localization-based, and behavior-based methods .

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Akhil Gupta,Rakesh Kumar Jha,Sanjeev Jain

DOI: https://doi.org/10.1002/dac.3237

2016-11-28

International Journal of Communication Systems

Abstract:Research has been going around the globe to overcome the challenges that are associated with the increase in the number of users, such as interference management, load sharing, and increased capacity. 5G is emerging as a budding prospect for fulfilling demand and overcoming these challenges. For meeting the increased demands, new technologies such as relays in device‐to‐device communication and small cell access points have been introduced. However, these introductions have opened up security issues in the 5G wireless communication networks. This article focuses on security issues of the 5G wireless communication networks and analyzes the effect of a bandwidth spoofing attack using game theory on the small cell access point in 5G wireless communication network. This article also proposes an adaptive intrusion detection system using a hidden Markov Model for detecting an intrusion on small cell access point in a 5G wireless communication networks. This article has concluded that the Game theory has proven to be a useful method in examining the bandwidth spoofing attack. In addition, with the use of prisoner's dilemma game theory, attacker is able to spoof the bandwidth from the defender with a significant winning percentage. This article has also proposed an adaptive intrusion detection system, which is capable of detecting and removing the intruder executing the bandwidth spoofing attack on the small cell access in a 5G wireless communication network.

telecommunications,engineering, electrical & electronic

Shari-Ann Smith-Haynes

2024-07-24

Abstract:Advances in fifth-generation (5G) networks enable unprecedented reliability, speed, and connectivity compared to previous mobile networks. These advancements can revolutionize various sectors by supporting applications requiring real-time data processing. However, the rapid deployment and integration of 5G networks bring security concerns that must be addressed to operate these infrastructures safely. This paper reviews penetration testing approaches for identifying security vulnerabilities in 5G networks. Penetration testing is an ethical hacking technique used to simulate a network's security posture in the event of cyberattacks. This review highlights the capabilities, advantages, and limitations of recent 5G-targeting security tools for penetration testing. It examines ways adversaries exploit vulnerabilities in 5G networks, covering tactics and strategies targeted at 5G features. A key topic explored is the comparison of penetration testing methods for 5G and earlier generations. The article delves into the unique characteristics of 5G, including massive MIMO, edge computing, and network slicing, and how these aspects require new penetration testing methods. Understanding these differences helps develop more effective security solutions tailored to 5G networks. Our research also indicates that 5G penetration testing should use a multithreaded approach for addressing current security challenges. Furthermore, this paper includes case studies illustrating practical challenges and limitations in real-world applications of penetration testing in 5G networks. A comparative analysis of penetration testing tools for 5G networks highlights their effectiveness in mitigating vulnerabilities, emphasizing the need for advanced security measures against evolving cyber threats in 5G deployment.

Cryptography and Security