## Files in this item

FilesDescriptionFormat

application/pdf

hoang_nguyen.pdf (854kB)
(no description provided)PDF

## Description

 Title: Alibi framework for identifying insider jamming attacks in half-duplex wireless local area networks Author(s): Nguyen, Hoang V. Director of Research: Nahrstedt, Klara Doctoral Committee Chair(s): Nahrstedt, Klara Doctoral Committee Member(s): Campbell, Roy H.; Vaidya, Nitin H.; Yau, David Department / Program: Computer Science Discipline: Computer Science Degree Granting Institution: University of Illinois at Urbana-Champaign Degree: Ph.D. Genre: Dissertation Subject(s): wireless security jamming attacks intrusion detection systems alibis system-level fault diagnosis wireless LANs Abstract: Recent advances in wireless communications and digital electronics have enabled rapid development of a variety of wireless network technologies, such as wireless LANs, home networks, multi-hop ad hoc networks, and sensor networks. Wireless networks, unfortunately, are vulnerable to radio jamming attacks (in short, jamming attacks'') due to the open and shared nature of wireless medium. In a jamming attack, an attacker injects a high level of noise into the wireless system which significantly reduces the signal-to-noise ratio (SINR) and reducing the probability of successful message receptions. Even though the spread spectrum technologies have raised the bar for the jamming defenses, they cannot deal with insider jammers who launch the stealthy and intelligent jamming attacks from compromised nodes. To cope with such dangerous insider jammers, the first and most important step is to identify them. In this dissertation, we consider the problem of identifying the insider jammers. Our approach to this problem is unique: we exploit the half-duplex nature of the attackers. Specifically, a half-duplex jammer has the following characteristics: - It cannot send on two different channels simultaneously due to a non-negligible channel switching time. - It cannot receive on two different channels simultaneously due to a non-negligible channel switching time. - It cannot send and receive on a channel simultaneously due to a non-negligible transmit-to-receive switching time. Therefore, when a compromised node jams, it cannot either send or receive any other packets. More importantly, if an honest node is observed doing a send or receive action at the same time of the jammed packet, it can arguably prove that it cannot be the cause of the jammed packet. In other words, the honest node obtains an "alibi". Alibi is "a form of defense whereby a defendant attempts to prove that he or she was elsewhere when the crime in question was committed". In the context of jamming attacks, an alibi for a node is a proof showing that an honest node could not commit a jamming action at a specific time because it was witnessed doing a legitimate action at the same time. We focus on exploring the alibi framework in dealing with insider jammers. We study various properties of the framework including detection accuracy, detection time, network availability and necessary conditions for the alibi framework to work. We also investigate different designs of the alibi framework such as sending-based alibis and receiving-based alibis and study their strengths and weaknesses. We evaluate the alibi framework by the analysis, simulations and MICAz experiments. To the best of our knowledge, the alibi framework is the first framework exploiting the half-duplex nature of the nodes to identify insider attackers. Issue Date: 2010-08-20 URI: http://hdl.handle.net/2142/16889 Rights Information: Copyright 2010 Hoang Nguyen Date Available in IDEALS: 2010-08-20 Date Deposited: 2010-08
﻿