EDJam: Effective Dynamic Jamming Against IEEE 802.15.4-Compliant Wireless Personal Area Networks Guobin Liu, Jiaqing Luo, Qingjun Xiao, Bin Xiao Department of Computing, The Hong Kong Polytechnic University, Hong Kong Emails: {csgliu, csjluo, csqjxiao, csbxiao}@comp.polyu.edu.hk Abstract—Jamming is one of the most important methods of attack to deprive or reduce the communication service of wireless personal area networks WPANs. Most existing jamming attacks can cause negative interference, but the attack strategies are usually not adjusted against the countermeasures that are currently taken. This paper proposes an effective dynamic jamming attack (EDJam) in an 802.15.4-compliant WPAN. In this attack, a jammer can choose a better strategy to make more damage to the network with less cost according to the the change of the network defense strategy. Similarly, a well-protected network can change its de- fense strategy against the EDJam. This procedure of competition between the EDJam attacker and defending networks is modeled as a Stackelberg game. We prove the existence of a unique Nash Equilibrium point. Based on an equilibrium analysis, we discuss the condition under which a defense strategy will increase the utility of the network and a dynamic retransmission mechanism defense strategy is proposed accordingly. The simulation results show that EDjam can be more cost-efficient than continuous, random and fixed-period jamming. I. I NTRODUCTION With widespread commercial implementation of the 802.15.4-compliant Wireless Personal Area Network (WPAN) in recent years, the demand for security has grown rapidly. The jamming attack is one of the security threats that can lead to great damage in the real world. Nowadays, however, with the help of a wireless sniffer, jammers can easily obtain transmitting packets in the open wireless communication environment that will allow them to analyze changes in critical parameters and jam the channel more smart. These parameters can reveal some configuration information (e.g. transmission and countermeasure) the network is using. Therefore, Jammers can dynamically adjust their strategy of attack after detecting the kind of environment that will make it possible for them to maximize their damage to the network, e.g. by the reduction of network throughput. Similarly, in order to fully utilize the channel bandwidth, legitimate users can dynamically change their defense strategies in response to the detection. Most existing works on jamming attacks fall into one of the following two categories according to whether the network configuration is known by attackers. In the first category, jam- mers are unaware of the network configuration. This category includes continuous, random, and deceptive jamming [1]. The random jamming is energy-efficient but less effective. Both of continuous and deceptive jamming are effective but consume a great deal of energy. This work was partly supported by HK RGC PolyU 5314/10E. The second category assumes that jammers are aware of the network configuration so that a jammer can adopt a relevant strategy of attack. Under this category, a typical method of jamming is reactive jamming [1]. It can cause the network throughput to fall to zero or almost zero. However it is not an energy-efficient method of attack because the jammer con- sumes energy sooner than the victims, given comparable energy budgets. A more efficient jamming attack is proposed in [2], in which the jammer controls the probability of jamming and the transmission range to cause maximal damage to the network in terms of corrupted communication links. However, the jamming transmission range can be difficult to control because the range depends on the circumstances. In this paper, we propose an effective dynamic jamming attack (EDJam) to efficiently corrupt the legitimate communica- tion. The jammer adjusts the jamming period in order to achieve maximal attack utility, with more damage done to network at less cost to launch the jam. Likewise, as a defender, the network would dynamically select a retransmission mechanism to maximize its utility of high throughput and reliability. In order for the jammer to maximize its utility, it needs to know the current value of the network retransmission timer (the longest waiting time for the ACK frame). Accordingly, the network would need to know the current period of jamming. Therefore, we use a dynamic competition model to describe the procedure of attacker jamming and the network defending. In our model, we assume that both the network and attackers are rational and selfish, in that they are interested in maximizing their own utilities. The model of attack that is being considered can be analyzed by game theory, characterized by a competition involving two players. One player (network) optimizes its strat- egy based on the knowledge of the effect of its decision on the behavior of another player (attacker). To study this competition procedure, we use an analytical model named the Stackelberg game [3]. We prove that there is a unique equilibrium point for this Stackelberg game under the following several constraints: the length of the jamming signal, the jamming period, and the power of the jamming signal. The main contributions of our work are as follows. 1). A novel, effective dynamic jamming attack (EDJam) and defense model is proposed to describe the procedure of jamming and defending. Different from previous work, our model can de- scribe the procedure of the attacker jamming and attackers and the network defending. In this procedure, they can revise their 978-1-61284-233-2/11/$26.00 ©2011 IEEE This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE ICC 2011 proceedings