On the IEEE 802.15.4 MAC Layer Attacks: GTS Attack Radosveta Sokullu 1 , Orhan Dagdeviren 2 , Ilker Korkmaz 3 , 1 Department of Electrical and Electronics Engineering, Ege University, Izmir, Turkey radosveta.sokullu@ege.edu.tr 2 Department of Computer Engineering, Izmir Institute of Technology, Izmir, Turkey orhandagdeviren@iyte.edu.tr 3 Department of Computer Engineering, Izmir University of Economics, Izmir, Turkey ilker.korkmaz@ieu.edu.tr Abstract In the last several years IEEE 802.15.4 [1] has been accepted as a major MAC layer protocol for wireless sen- sor networks (WSNs) and has attracted the interest of the research community involved in security issues as the in- creased range of application scenarios bring out new pos- sibilities for misuse and taking improper advantage of sen- sor nodes and their operation. As these nodes are very re- source restrained such possible attacks and their early de- tection must be carefully considered. This paper surveys the known attacks on wireless sensor networks, identifies and investigates a new attack, Guaranteed Time Slot (GTS) at- tack, taking as a basis the IEEE 802.15.4 MAC protocol for WSN. The GTS Attack is simulated with different scenarios using ns-2 and the results are evaluated both from the point of view of the attacked and the attacker. 1. Introduction Wireless Sensor Networks (WSNs) have many potential applications. In the ubiquitous environment enhanced with actuator capabilities they can materialize the interface be- tween people and the environment by establishing a context for a great variety of applications ranging from environmen- tal monitoring to assisted living and emergency measures and transport. In many of these scenarios, WSNs are of in- terest to adversaries and are easily prone to attacks as they are usually deployed in open and unrestricted environments. In many cases single nodes might be unattended and can be even physically destroyed or reprogrammed. An attack on a WSN in general is defined as a defective action on the efficient operations of the whole system or a malicious invasion on a specific part of the network [2]. The attacker can be an adversary within the network that attacks with the aim of damaging some nodes of the WSN or gain- ing more selfish benefits on the provided services than the other legitimate users. On the other hand the attacker may exploit protocol weaknesses to obtain network resources to his own benefit by depriving others or simply to cause dis- rupt in the operation of the network. The basic feature of attacks and misbehavior strategies is that they are entirely unpredictable [3]. Early definition and investigation of pos- sible attacks and misbehavior patterns can provide valuable insight into reliable and timely detection which is a main prerequisite for ensuring proper operation and minimization of performance losses in WSNs. In this paper a new type of MAC layer attack is defined, called the Guaranteed Time Slot (GTS) attack, which is based on the inherent properties of the IEEE 802.15.4 su- perframe organization in beacon-enabled operational mode for WSNs. The sequence of communication for realizing a GTS attack is presented, four different possible attack sce- narios are defined and their ns-2 implementation results are presented and evaluated. From here on the paper is orga- nized as follows: Section 2 covers the related work on at- tacks in WSN and their definitions, Section 3 identifies the new attack and presents the evaluation from the point of view of the attacker and the attacked taking into considera- tion both incurred damage and related energy consumption and finally Section 4 concludes the paper. 2. Related work The known attacks in IEEE 802.15.4 WSNs can be clas- sified into different categories according to different tax- onomical representations. In this section the attacks for wireless sensor networks are categorized with regards to the different OSI layers whose operation and functions are at- tacked, destroyed or damaged, such as physical layer, MAC layer attacks, or routing layer attacks [4].