We consider the following problem: how can two devices that do not share any secrets establish a shared secret key over a wireless radio channel in the presence of a communication jammer? An inherent challenge in solving this problem is that known anti-jamming techniques (e.g., frequency hopping or direct-sequence spread spectrum) which should support device communication during the key establishment require that the devices share a secret spreading key (or code) prior to the start of their communication. This requirement creates a circular dependency between antijamming spread-spectrum communication and key establishment, which has so far not been addressed. In this work, we propose an Uncoordinated Frequency Hopping (UFH) scheme that breaks this dependency and enables key establishment in the presence of a communication jammer. We perform a detailed analysis of our UFH scheme and show its feasibility, both in terms of execution time and resource requirements. 1.

Abstract—Jamming resistance is crucial for applications where reliable wireless communication is required. Spread spectrum techniques such as Frequency Hopping Spread Spectrum (FHSS) and Direct Sequence Spread Spectrum (DSSS) have been used as countermeasures against jamming attacks. Traditional antijamming techniques require that senders and receivers share a secret key in order to communicate with each other. However, such a requirement prevents these techniques from being effective for anti-jamming broadcast communication, where a jammer may learn the shared key from a compromised or malicious receiver and disrupt the reception at normal receivers. In this paper, we propose a Randomized Differential DSSS (RD-DSSS) scheme to achieve anti-jamming broadcast communication without shared keys. RD-DSSS encodes each bit of data using the correlation of unpredictable spreading codes. Specifically, bit “0 ” is encoded using two different spreading codes, which have low correlation with each other, while bit “1 ” is encoded using two identical spreading codes, which have high correlation. To defeat reactive jamming attacks, RD-DSSS uses multiple spreading code sequences to spread each message and rearranges the spread output before transmitting it. Our theoretical analysis and simulation results show that RD-DSSS can effectively defeat jamming attacks for anti-jamming broadcast communication without shared keys. I.

We present empirical measurements of the packet delivery performance of the latest sensor platforms: Micaz and Telos motes. In this paper, we present observations that have implications to a set of common assumptions protocol designers make while designing sensornet protocols – specifically – the MAC and network layer protocols. We first distill these common assumptions in to a conceptual model and show how our observations support or dispute these assumptions. We also present case studies of protocols that do not make these assumptions. Understanding the implications of these observations to the conceptual model can improve future protocol designs.

We present empirical measurements of the packet delivery performance of the latest sensor platforms: Micaz and Telos motes. In this article, we present observations that have implications to a set of common assumptions protocol designers make while designing sensornet protocols— specifically—the MAC and network layer protocols. We first distill these common assumptions in to a conceptual model and show how our observations support or dispute these assumptions. We also present case studies of protocols that do not make these assumptions. Understanding the implications of these observations to the conceptual model can improve future protocol designs.

Availability of service in many wireless networks depends on the ability for network users to establish and maintain communication channels using control messages from base stations and other users. An adversary with knowledge of the underlying communication protocol can mount an efficient denial of service attack by jamming the communication channels used to exchange control messages. The use of spread spectrum techniques can deter an external adversary from such control channel jamming attacks. However, malicious colluding insiders or an adversary who captures or compromises system users are not deterred by spread spectrum, as they know the required spreading sequences. For the case of internal adversaries, we propose a framework for control channel access schemes using the random assignment of cryptographic keys to hide the location of control channels. We propose and evaluate metrics to quantify the probabilistic availability of service under control channel jamming by malicious or compromised users and show that the availability of service degrades gracefully as the number of colluding insiders or compromised users increases. We propose an algorithm called GUIDE for the identification of compromised users in the system based on the set of control channels that

Abstract—Spread spectrum techniques (e.g., Frequency Hopping

Jamming is a serious security problem in wireless networks. Recently, software-based channel hopping has received attention as a jamming countermeasure. In particular, proactive, or periodic, channel hopping has been studied more extensively than reactive hopping. In this paper, we address the question of which of the two defense strategies, namely proactive and reactive channel-hopping, provides better jamming resiliency than the other? in the context of singleand multi-radio wireless devices. In the single-radio context, we develop theoretical models to analyze the blocking probability for combinations of defense and attack strategies. In the multi-radio setting, we formulate the jamming problem as a max-min game and show through simulation that the game outcome depends on the payoff function. Our results show that reactive defense provides better jamming tolerance than proactive when considering communication availability. However, both reactive and proactive defenses have almost the same performance when energy efficiency is considered as a performance metric.

Multi-radio (multi-interface, multi-channel) 802.11 and sensor networks have been proposed to increase network capacity and to reduce energy consumption, to name only a few of their applications. They are vulnerable, however, to jamming attacks, in which attackers block communication by radio interference or MAC-protocol violation. Two jamming countermeasures have been proposed, namely software-based channel hopping and error-correcting codes. In this paper, we introduce the problem of maximizing network goodput under jamming attacks through a combination of channel hopping and error-correction coding. We describe the solution space and investigate one point thereof, namely reactive defense against scanning attack. We develop a Markovian model of the reactive channel-hopping defense against the scanning jamming attack and validate it using simulation experiments. Our results suggest that an adaptive defense, based on our model, would improve the resiliency of multi-radio networks against jamming.

Spread spectrum techniques such as Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping (FH) have been commonly used for anti-jamming wireless communication. However, traditional spread spectrum techniques require that sender and receivers share a common secret in order to agree upon, for example, a common hopping sequence (in FH) or a common spreading code sequence (in DSSS). Such a requirement prevents these techniques from being effective for anti-jamming broadcast communication, where a jammer may learn the key from a compromised receiver and then disrupt the wireless communication. In this paper, we develop a novel Delayed Seed-Disclosure DSSS (DSD-DSSS) scheme for efficient anti-jamming broadcast communication. DSD-DSSS achieves its anti-jamming capability through randomly generating the spreading code sequence for each message using a random seed and delaying the disclosure of the seed at the end of the message. We also develop an effective protection mechanism for seed disclosure using content-based code subset selection. DSD-DSSS is superior to all previous attempts for anti-jamming spread spectrum broadcast communication without shared keys. In particular, even if a jammer possesses real-time online analysis capability to launch reactive jamming attacks, DSD-DSSS can still defeat the jamming attacks with a very high probability. We evaluate DSD-DSSS through both theoretical analysis and a prototype implementation based on GNU Radio; our evaluation results demonstrate that DSD-DSSS is practical and have superior security properties. 1.

Multi-frequency media access control has been well understood in general wireless ad hoc networks, while in wireless sensor networks, researchers still focus on single frequency solutions. In wireless sensor networks, each device is typically equipped with a single radio transceiver and applications adopt much smaller packet sizes compared to those in general wireless ad hoc networks. Hence, the multi-frequency MAC protocols proposed for general wireless ad hoc networks are not suitable for wireless sensor network applications, which we further demonstrate through our simulation experiments. In this paper, we propose MMSN, which takes advantage of multifrequency availability while, at the same time, takes into consideration the restrictions of wireless sensor networks. In MMSN, four frequency assignment options are provided to meet different application requirements. A scalable media access is designed with efficient broadcast support. Also, an optimal non-uniform backoff algorithm is derived and its lightweight approximation is implemented in MMSN, which significantly reduces congestion in the time synchronized media access design. Through extensive experiments, MMSN exhibits the prominent ability to utilize parallel transmissions among neighboring nodes. When multiple physical frequencies are available, it also achieves increased energy efficiency, demonstrating the ability to work against radio interference and the tolerance to a wide range of measured time synchronization errors.