On Limited-Range Strategic/Random Jamming Attacks in Wireless Ad hoc Networks Korporn Panyim, Thaier Hayajneh, Prashant Krishnamurthy, David Tipper University of Pittsburgh Pittsburgh, PA, USA Emails: {kpanyim, hayajneh, prashant, dtipper} @sis.pitt.edu Abstract—Jamming attacks are considered one of the most devastating attacks as they are difficult to prevent and sometimes hard to detect. In this paper we consider the impact of the placement and range of limited-range jammers on ad hoc networks. Limited range jammers are more difficult to detect as they use transmission powers similar to that of regular nodes (or perhaps even smaller transmit powers). The attacker can locate his jammer(s) randomly in the network. Alternatively, jammers can be placed at strategic locations. For instance, intuitively, this can be nodes with the highest traffic inputs/outputs (discovered by sensing the traffic flow in the network). Using OPNET, we perform extensive simulations to show how significant such strate- gically placed attacks can be compared to random placement of limited-range jammers on both TCP and UDP traffic. I. I NTRODUCTION Communications among ad hoc devices usually rely on a shared medium that makes it easy for attackers to launch attacks on communication availability. Jamming attacks can be deployed easily by transmitting on the same frequencies as honest nodes, which results in disruption of transmission (of nodes that use sensing of the medium) or reception func- tionalities. Optimal jamming attacks on ad hoc networks have been considered in the literature [1], [2]. In these approaches, the attacker needs global knowledge of the network and/or all traffic flows. In [3], the idea is to jam every node in the network with minimum number of jammers (the jammed area is assumed to be a circle). These attacks, while providing the necessary theoretical insight, may be harder to implement. An easier attack would be to simply constantly jam a subset of nodes in the network using limited power to avoid detection, yet cause significant disruption. Constant jamming eliminates the need to determine when to jam. Nodes to be jammed could be picked randomly or strategically. The amount of power to jam nodes could be small or large. Using a larger jamming power can be more disruptive, but could consume jammer resources and also lead to rapid detection. In this paper we consider the impact on wireless ad hoc networks of limited-range jamming attacks. We carefully model the impact of such jammers using a small number of nodes. We consider the detection of the limited-range jammers and determine that they do not significantly increase the interference for many nodes. Such attacks, using less power, may thus be more difficult to detect. Impact here is quantified by the drop in aggregate packet delivery ratio (PDR) for UDP and TCP traffic. The attacker employs jam- mers with capabilities similar to nodes in the network (we call them limited-range jammers) making it more difficult for neighboring nodes to detect the existence of jamming. The attacker is not assumed to have a global knowledge about the network topology, connectivity, or traffic flow map. Nodes may be picked randomly as targets for jamming (this is easiest). Alternatively, the attacker can silently sense the traffic flow at the MAC layer in the network and locate his jammer(s) at the most strategic locations. Intuitively, such locations would be close to nodes that have the highest input or output traffic (which can be sensed by a mobile attacker [4]). Using OPNET we perform extensive simulations to examine whether strategically placed attacks are significant compared to randomly placed jammers. We show that random placement can itself be disruptive, but strategic placement of jammers is more effective than random placement and can reduce the packet delivery ratio significantly with only a few jammers. The rest of the paper is organized as follows. In section II, we discuss related work. The jammer model, impact, and strategic jamming attacks, and detection issues are described in section III. We provide details of simulations/results in section IV. We discuss limitations and ongoing work in section V. We conclude the paper in section VI. II. RELATED WORK Jamming Classification: Xu et al. [5] have classified jammers into the following types: 1) Constant jammers that constantly emit a radio signal 2) Deceptive jammers that con- stantly inject fake packets into the network without following the medium access protocol 3) Random jammers (considered energy efficient) that randomly choose a period of time to sleep and a random period of time to jam and 4) Reactive jammers that sense the channel and when they sense valid traffic being exchanged in the network they start jamming. Jamming Strategies: The work in [6] considers improving jamming gain, targeted jamming at specific nodes, links, or flows and reduced probability of detection. Law et al. [7] de- rive a collection of energy efficient jamming attacks targeting MAC protocols in sensor networks. The approaches aim at jamming data packets by specifically looking at the probability distribution of the interarrival times between packets. Jamming strategy can be considered as an optimization problem. The objective is generally to cause maximal damage in terms of number of victim nodes or communication links while minimizing jamming resources such as power consump- tion or probability of being detected by nodes in the network. Li et al. derive optimal solutions for both an attacker and a defender [1]. Attackers control the probability of jamming and transmission range while trying to cause maximal damage 922 978-1-4244-4487-8/09/$25.00 ©2009 IEEE The 5th LCN Workshop on Security in Communications Networks (SICK 2009) Zürich, Switzerland; 20-23 October 2009