Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The first scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	IEEE Std 802.11i/d3.0. Available at http://www.cs.umd.edu/ mhshin/doc/802.11/802.11i-D3.0.pdf.
	2	AusCERT. AA-2004.02 - denial of service vulnerability in IEEE 802.11 wireless devices. http://www.auscert.org.
	3	P. Bahl and V. Padmanabhan. RADAR: An in-building RF-based user location and tracking system. In Proceedings of IEEE Infocom 2003, pages 775--784, 2000.
	4	J. Bellardo and S. Savage. 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In Proceedings of the USENIX Security Symposium, pages 15--28, 2003.
	5	S. Capkun and J. Hubaux. Secure positioning in sensor networks. Technical report EPFL/IC/200444, May 2004.
	6	Chipcon. Chipcon cc1000 radio's datasheet. http://www.chipcon.com/files/CC1000 Data Sheet 2 1.pdf.
	7	P. Enge and P. Misra. Global Positioning System: Signals, Measurements and Performance. Ganga-Jamuna Pr, 2001.
	8	F. Fitzek and M. Reisslein. MPEG-4 and H.263 video traces for network performance evaluation. IEEE Network, 15(6):40--54, November/December 2002.
	9	Jason L. Hill , David E. Culler, Mica: A Wireless Platform for Deeply Embedded Networks, IEEE Micro, v.22 n.6, p.12-24, November 2002  [doi>10.1109/MM.2002.1134340]
	10	Yih-Chun Hu , Adrian Perrig , David B. Johnson, Ariadne:: a secure on-demand routing protocol for ad hoc networks, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA  [doi>10.1145/570645.570648]
	11	Y. Hu, A. Perrig, and D. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In Proceedings of IEEE Infocom 2003, pages 1976--1986, 2003.
	12	Q. Huang, H. Kobayashi, and B. Liu. Modeling of distributed denial of service attacks in wireless networks. In IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, volume 1, pages 41--44, 2003.
	13	C. Karlof and D. Wagner. Secure routing in wireless sensor networks: attacks and countermeasures. In Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, pages 113--127, 2003.
	14	S. Kay. Fundamentals of Statistical Signal Processing: Detection Theory. Prentice Hall, 1998.
	15	B. Kedem. Time Series Analysis by Higher Order Crossings. IEEE Press, 1994.
	16	L. Kleinrock. Queueing Systems, Volume 2: Computer Applications. John Wiley & Sons, 1976.
	17	L. Kleinrock and F. Tobagi. Packet switching in radio channels: Part i-carrier sense multiple-access modes and their throughput-delay characteristics. IEEE Trans. on Communications, 23(12):1400 -- 1416, 1975.
	18	P. Kyasanur and N. Vaidya. Detection and handling of mac layer misbehavior in wireless networks. In Proceedings of the 2003 IEEE International Conference on Dependable Systems and Networks, pages 173 -- 182, 2003.
	19	Koen Langendoen , Niels Reijers, Distributed localization in wireless sensor networks: a quantitative comparison, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.43 n.4, p.499-518, 15 November 2003  [doi>10.1016/S1389-1286(03)00356-6]
	20	Loukas Lazos , Radha Poovendran, SeRLoc: secure range-independent localization for wireless sensor networks, Proceedings of the 2004 ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA  [doi>10.1145/1023646.1023650]
	21	Z. Li, W. Trappe, Y. Zhang, and B. Nath. Securing wireless localization: Living with bad guys. In DIMACS Workshop on Mobile and Wireless Security, 2004.
	22	D. Nicelescu and B. Nath. DV based positioning in ad hoc networks. Telecommunication Systems, 22(1-4):267--280, 2003.
	23	Guevara Noubir , Guolong Lin, Low-power DoS attacks in data wireless LANs and countermeasures, ACM SIGMOBILE Mobile Computing and Communications Review, v.7 n.3, July 2003  [doi>10.1145/961268.961277]
	24	P. Papadimittratos and Z. Haas. Secure routing for mobile ad hoc networks. In SCS Communication Networks and Distributed Systems Modeling and Simulations Conference (CNDS 2002), San Antonio, 2002.
	25	Joseph Polastre , Jason Hill , David Culler, Versatile low power media access for wireless sensor networks, Proceedings of the 2nd international conference on Embedded networked sensor systems, November 03-05, 2004, Baltimore, MD, USA  [doi>10.1145/1031495.1031508]
	26	H. Vincent Poor, An introduction to signal detection and estimation (2nd ed.), Springer-Verlag New York, Inc., New York, NY, 1994
	27	Bruce Potter, Wireless Security's Future, IEEE Security and Privacy, v.1 n.4, p.68-72, July 2003  [doi>10.1109/MSECP.2003.1219074]
	28	J. G. Proakis. Digital Communications. McGraw-Hill, 4th edition, 2000.
	29	Maxim Raya , Jean-Pierre Hubaux , Imad Aad, DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots, Proceedings of the 2nd international conference on Mobile systems, applications, and services, June 06-09, 2004, Boston, MA, USA  [doi>10.1145/990064.990077]
	30	D. Curtis Schleher, Electronic Warfare in the Information Age, Artech House, Inc., Norwood, MA, 1999
	31	Anthony D. Wood , John A. Stankovic, Denial of Service in Sensor Networks, Computer, v.35 n.10, p.54-62, October 2002  [doi>10.1109/MC.2002.1039518]
	32	Anthony D. Wood , John A. Stankovic , Sang H. Son, JAM: A Jammed-Area Mapping Service for Sensor Networks, Proceedings of the 24th IEEE International Real-Time Systems Symposium, p.286, December 03-05, 2003
	33	Wenyuan Xu , Timothy Wood , Wade Trappe , Yanyong Zhang, Channel surfing and spatial retreats: defenses against wireless denial of service, Proceedings of the 2004 ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA  [doi>10.1145/1023646.1023661]
	34	L. Zhou and Z. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, 1999.