IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), May 09-11,2014, Jaipur, India

Effective Detection of Jamming in WiMAX Based

Communication Systems

Tanu Bhardwaj

Department of Computer Science & Engineering Jaypee University of Information Technology

Waknaghat-173234 (INDIA). tanu.bhardwaj89@gmail.com

Abstract-WiMAX is a wireless technology based on IEEE

802.16 specifications and its main motive is to provide cablelDSL

free high speed broadband access in the rural areas. Security and

performance issues would become more important if one is

dealing with communication as is in WiMAX. This paper is

devoted to propose a simple and efficient technique to detect

jamming in WiMAX based system. The proposed technique

involves the metrics such as Signal to Interference plus Noise

Ratio (SINR), Received Signal Strength (RSS), Packet Delivery

Ratio (PDR) and Channel Sensing for detecting jamming in the

WiMAX system. Finally, a mechanism for recovery from

jamming is also illustrated with a tentative comparison in

between proposed and existing techniques.

Keywords- IEEE 802.16; WiMAX; Wireless Security; lamming.

I. INTRODUCTION

Worldwide Interoperability for Microwave Access (WiMAX) is an emerging wireless technology at present. With the increasing popularity of broadband internet, wireless networking market is extending. It provides broadband internet access across the whole cities or countries for both fixed as well as mobile user. It is based upon the IEEE 802.16 family of wireless network standard. It specifies Wireless Metropolitan Area Network (WMAN) type of communication and extends the distance between the transmitting and receiving devices from less than 100m in Wi-Fi to 50 km [1]. It enables the delivery of last mile wireless broadband access as alternatives to cable and DSL. It also provides backhaul for 802.11 hotspots [2].

WiMAX works on both the high frequency range of llGHz-66GHz where line of sight (LOS) is required and the low frequency range (below 11 GHz), where non line of sight (NLOS)is significant [2]. It provides data rates as high as 100M bps for mobile user and IGbps for fixed user. The bandwidth and range of WiMAX makes it suitable for providing data, Voice over Internet Protocol (VoIP) and IPTV service [3].

A. Security Breach in WiMAX

In WiMAX, the security attacks are possible at the Physical and MAC Layer. At the Physical Layer, Jamming and Scrambling are the two security attacks that are possible [4]. At the MAC Layer, the security attacks are mainly due to the unencrypted behavior of the MAC Management Message. The possible security attacks at the MAC Layer are Ranging

[978-1-4799-4040-0114/$31.00 ©20 14 IEEE]

Hemraj Saini

Department of Computer Science & Engineering Jaypee University of Information Technology

Waknaghat-173234 (INDIA). hemraj 1977@yahoo.co.in

Attack, Power Saving Attack, Handover Attack, Interleaving Attack, MulticastIBroadcast Attack and Mesh Mode Attack [5]. These security attacks result in Denial of Service (DoS), Distributed Denial of Service (DDoS), Man in the Middle (MITM), Masquerading, Eavesdropping, Downgrading of Performance, Draining out of Battery and Computational Resources.

B. Jamming is a Significant Attack

Jamming can be defined as an activity of transmitting a radio signal with the intention of disrupting the normal communication. Jamming occurs when a very high frequency radio signal is transmitted over a low frequency channel. Jamming is major threats for the wireless communications especially in defense, this type of attacks have their roots in each type of communication from cellular to ad-hoc and from Wi-Fi to WiMAX. Jamming attack is a Denial of Service (DoS) attack which does not require the information about the targeted network and exploits the open and shared characteristic of the wireless network. It leads to throughput degradation, unavailability of channel and alteration of packets [6,7].

C. Process of Jamming Attack

There are several different attack models in which an adversary can use to jam the wireless channel.

1) Constant Jammer: The constant jammer is one that constantly transmitting the radio signals. Constant jamming can be achieved either using a waveform generator that continuously transmits the radio signal or by a wireless device that continuously sends out random bits to the channel.Thus the constant jammer prevents the legitimate source from sending packets [8].

2) Deceptive Jammer: The deceptive jammer is defined as the jammer that constantly placing the regular packet to the channel without any gap between the successive packet transmissions, as a result the legitimate receiver is misguided and believes that the packet are legal and authorized. The deceptive jamming is more difficult to identify because of its packet injecting property [8, 9].

3) Random Jammer: The random jammer is one that alternatively transmits radio signal between sleeping and jamming. The random jammer enters in the sleep mode after

IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), May 09-11,2014, Jaipur, India

jamming the channel for a while and it starts jamming again after sleeping for a time. The random jammer saves its energy while working in this pattern [8].

4) Reactive Jammer: The reactive jammer is defined as the jammer that becomes active when it sense activity on the channel and become inactive when the channel is idle. The reactive jammer is more difficult to implement and the detection of reactive jamming is also a very challenging task [9].

II. RELATED WORK

A. Prevention Methods for Jamming Attack

Jamming attack can be prevented by just increasing the power of radio signals or increasing the bandwidth of radio signals sent by the transmitter. While more practical methods such as, use of more powerful WiMAX transmitter, use of filter and a high gain WiMAX transmission antenna or WiMAX receiving antenna can prevent jamming attack.

B. Drawbacks in Prevention Methods

The drawback of prevention methods lies in the increased overhead, cost of implementation and energy consumption, as the increased power of radio signal and WiMAX transmitter would require additional battery usage, while the gain in the transmission antenna as well as receiving antenna and use of filter would result in the overhead of implementation and cost for gaining the suitable size so that the jamming is prevented.

C. Detection and Avoidance of Jamming Attack

L. Juan, and H. S. Gustav [10] proposed a link adaptation algorithm based on Carrier to Interference Ratio (CINR) to make the system resistance to jamming. In this paper, Carrier to Interference Ratio (CINR) is selected as a channel quality metric for the link adaptation algorithm and the value of this channel quality metric is checked continuously. If the calculated value is beyond the specified range of the current operation mode, the system will adapt to some other stronger/weaker operation mode. The advantage of this proposed work is that there will be no overhead of CINR computation and to change the standard protocol as it is mandated by the standard. M. Boris [11] considers the WiMAX Mesh network and proposed architecture to mitigate jamming. In the architecture, multiple base stations are considered that help in network survivability in case of jamming and Base Station (BS) demolition. Multiple base stations are used so that the nodes can be routed to another Base Station under the jamming attack. The multiple base station architecture needs a distributed scheduling algorithm because there is no single point of control for performing centralized scheduling, so the author proposed a scheduling algorithm based on finite field initial slot assignment. Multiple base stations not only help in network survivability under jamming but also improve the network throughput.

J. Jonnaand, J. Henryka [12] gives the antenna technique to mitigate jamming. The technique uses a combination of a linear array antenna and parabolic reflector at the base station, the array antenna behaves as an anti-jamming elements. The general idea is to have two receiver heads; one receiver head

gets the transmitted signal and jamming signal while the other receiver head gets only the jamming signal. Then these two received signals are subtracted, the result which is obtained will be the transmitted signal. H. Yikun et al. [13] developed a compact smart antenna which is capable of mitigating interference in the dense areas.

D. Drawbacks in Detection Methods

All the proposed methods of detection and avoidance have their own merits and demerits. Each author shows the benefits of their approaches but on the other side they have some drawbacks [10] like- defense against jamming using the CINR metric, there are things other than the jamming devices that cause the interference to the radio signal, so it is very hard to distinguish between the jamming device and other interference device on CINR value. The use of multiple base stations in [11] may be suitable for mesh network but it is not useful for point to multi-point (PMP) architecture and the idea of using multiple base stations also increases the complexity of having a distributed scheduling algorithm. The approaches in [12, 13] create an overhead of making changes in the antenna design.

III. PROPOSED WORK

A. Attack Model and Assumptions

In this paper, the focus is on low power constant and deceptive jammers. We made assumptions such as:

• Partial band and Full band jamming is considered while channel frequency and bandwidth of the targeted Base Station/Relay Station (BS/RS) and Subscriber Station (SS) are known to an adversary.

• The jammer is placed next to the Base Station/Relay Station (BSIRS) or Subscriber Station (SS). With this, the jammer is able to distort packet destined to the Base StationlRelay Station (BS/RS) or Subscriber Station (SS) and degrade or interrupts the communication. The jammer is continuously transmitting packet back to back, preventing the Base Station/Relay Station (BSIRS) and Subscriber Station (SS) from accessing the medium.

• The jammer is operating at very low power, such that the power of jammer is conserved and making the detection of the attack a difficult task.

B. Detecting the Jamming Attack

In this work, the method of detecting jamming is based on the basic statistics strategy such as Received Signal Strength (RSS), Packet Delivery Ratio (PDR), Signal to Interference plus Noise Ratio (SINR) and Channel Sensing.

1) Received Signal Strength (RSS): Received Signal Strength is defined as the power present in the received radio signal.The Signal Strength between the Base Station/Relay Station (BS/RS) and the SubscriberStation (SS) must be strong enough to maintain signal quality at the receiver. Jamming can be detected by measuring the signal strength received at the Base Station/Relay Station (BSIRS) or Subscriber Station (SS), as in the presence of jammer the Received Signal Strength (RSS) is affected [8].

IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), May 09-11,2014, Jaipur, India

2) Packet Delivery Ratio (PDR):The Packet Delivery Ratio (PDR) can be defined as the number of error free packet received from the total number of received packets. As the jammer corrupts the transmission between the Base Station/Relay Station (BS/RS) and the Subscriber Station (SS), the Packet Delivery Ratio (PDR) can be used as a technique to detect jamming. The Packet Delivery Ratio (PDR) will be zero in presence of a jammer [8]. There are two places in WiMAX where Packet Delivery Ratio (PDR) can be measured:

a) At the Base Station/Relay Station (BSIRS): The Packet Delivery Ratio (PDR) can be measured simply by keeping the track of the acknowledgement the Base Station/Relay Station (BSIRS) receives from the Subscriber Station (SS).

b) At the Subscriber Station (SS): The Packet Delivery Ratio (PDR) can be measured using the ratio between the number of Cyclic Redundancy Check (CRC) packet and the total number of packet the Subscriber Station (SS) received from the Base StationlRelay Station (BSIRS).

3) Signal to Interference plus Noise Ratio (SINR): The Signal to Interference plus Noise Ratio (SINR) is a ratio use to compute the condition of the wireless connection [8]. The Signal to Interference plus Noise Ratio for Base Station/Relay Station (BSIRS) or Subscriber Station (SS) can be defined as:

SINR=PI (N+I) (1 )

where'P' is the power of the received signal, 'N' is the noise caused by the medium in the incoming signal and 'I' is the interference caused by the jammer in the incoming signal

4) Channel Sensing: When a Base Station/Relay Station (BS/RS) or Subscriber Station (SS) is losing its sending capability it is a clear sign that it is being jammed. A jammer prevent a legitimate Base StationlRelay Station (BS/RS) or Subscriber Station (SS) from sending out a packets because the channel appears constantly busy to the Base StationlRelay Station (BS/RS) or Subscriber Station (SS), using Channel Sensing as a technique it can be determined whether the Base Station/Relay Station (BSIRS) or Subscriber Station (SS) is jammed [8]. The above whole process of detection is depicted in Fig. 1. Following Algorithm-I and Algorithm-II depicts the detection and avoidance of jamming of subscriber station: Algorithm-I:

Subscriber_Station _DownLink _Jamming_Detection

{ II calculate the Current Signal to Interference plus Noise Ratio

SS SINR=Measured SINR - -

if (SS_SINR <SINR_Threshold) then II calculate the Current Packet Delivery Ratio

SS PDR=Measured PDR - -

if (SS]DR <PDR_Threshold_ Value)then II calculate the Current Received Signal Strength

SS _ SS=Measured _Received _ Signal_Strength if (SS _ SS>Signal Strength _ Threshold)then

II comparing the PDR value with respect to Signal Strength

value

SS_SC=Status_Compare (SS]DR, SS_SS) if (SS _ SC==False )then

II Subscriber Station (SS) is Jammed SS DownLink Jammed = 1

- -

end end end end

} Algorithm:

Subscriber_Station _UpLink _Jamming_Detection

{ II initially UpLink is idle so its value will be I

II When Subscriber Station has data to send

UpLink = 1; z = Check (UpLink) II sense the UpLink when the subscriber station has data to

send, the value of z will be I if it is idle and 0 when it is busy.

if (z==I) Send (Data)

end else SS_UpLink_Jammed = 1 end

} The avoidance of jamming attack involves the step of

network entry by scanning the DownLink frequency and searching for the appropriate UpLink frequency corresponding to the selected DownLink frequency in case of DownLink channel jamming while in the case of UpLink jamming only searching of new UpLink channel is needed. After selecting the new channel the old frequency is transferred to the Base Station/Relay Station (BS/RS).

Alogithm-ll: Avoidance _ OC Subscriber_Station _From _Jamming

{ IIUpLink Channel value at which communication is going on

Old_SS_ULP = UL]arameter IIDownLink Channel value at which communication is going

on

Old SS DLP = DL Parameter - - -

if(SS _DownLink _Jammed) then II Start the Network Entry Procedure for Subscriber Station

(SS)

Network_Entry II After Network Entry, the Subscriber Station (SS) sends the

Old DownLink ChannelFrequency to the selected Base

Station/Relay Station (BSIRS).

end else

Send (Old_SS_DLP)

if (SS _UpLink _Jammed) then II If UpLink is jammed the SubscriberStation (SS) start

searching for new UpLink Channel

Search_UpLink _ Channel_Descriptor

IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), May 09-11,2014, Jaipur, India

II after having new UpLink Channel, the Subscriber Station

(SS) send the old UpLink Channel to the Base

Station/Relay Station (BSIRS).

Send(Old_SS_ULP) end end

Fig. I. Detection of Jamming at Subscriber Station

IV. THEORETICAL METHODOLOGY

In Wi MAX, the connection is established before any communication between the Base Station/Relay Station (BS/RS) and the Subscriber Station (SS) as depicted in Fig. 2. The connection channel between the Base Station/Relay Station (BS/RS) and Subscriber Station (SS) is known as DownLink Channel, while between the Subscriber Station (SS)and Base StationlRelay Station (BS/RS) is known as UpLink Channel [14].

Initially, the Subscriber Station (SS) scans the DownLink (DL) frequency band for the valid DL channel. Basically, this scanning is meant for the PHY synchronization and it will end when the Subscriber Station (SS) receives at least one DL­Medium Access Protocol (DL-MAP) message. The MAC remains synchronized till it get DL-MAP and DownLink Channel Descriptor (DCD) message for the channel. The

Subscriber Station (SS) can determine the suitable DownLink channel from the information present in the DCD message. Similarly, the Subscriber Station (SS) acquire the UpLink Channel by searching the UpLink Channel Descriptor (UCD) message which is transmitted periodically from the Base StationlRelay Station (BSIRS) [14]. After acquiring both the channels the communication gets started between the Base StationlRelay Station (BSIRS) and the Subscriber Station (SS).

Down Link Channel

Uplink Channel

Base Station

Subscriber Station

Fig. 2. Depiction ora WiMAX based system

A. Jamming at DownLink Channel

Consider a scenario when a jammer is trying to jam the communication on the DownLink Channel, so the communication between Base Station/Relay Station (BS/RS) and Subscriber Station (SS) get affected which leads to performance degradation as shown in Fig. 3. Now, the aim is to detect the jamming at the Subscriber Station (SS) for the DownLink Channel. At the Subscriber Station (SS), when a packet from the Base Station/Relay Station (BS/RS) is received using the DownLink Channel the Signal to Interference plus Noise Ratio (SINR) is calculated and compare with the Signal to Interference plus Noise (SINR) threshold value. If the value of the calculated Signal to Interference plus Noise Ratio (SINR) is less than the Signal to Interference plus Noise (SINR) threshold value, then the other two parameters (Packet Delivery Ratio and Signal Strength) are checked.

The current Packet Delivery Ratio (PDR) is measured and checked with the Packet Delivery Ratio (PDR) threshold value, if themeasured Packet Delivery Ratio (PDR) is less than the threshold value then the current Received Signal Strength (RSS) is calculated and compared with the Received Signal Strength (RSS) threshold value, if the Received Signal Strength (RSS) value is above the threshold value then the measured Packet Delivery Ratio (PDR) is compared with the current Received Signal Strength (RSS) value. Now, if the current Received Signal Strength (RSS) has a higher value and corresponding to that the Packet Delivery Ratio (PDR) value islow then we say that the Subscriber Station (SS) is under the jamming attack in the DownLink Channel. All the parameters are deterministic and there threshold value can be evaluated by performing the experiment. The parameter solely dependent on several factor such as distance between the Base Station/Relay Station (BSIRS) and the Subscriber Station (SS), interference caused by co-channel and adjacent channel, environment, noise, physical obstacle like helicopter and etc.

IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), May 09-11,2014, Jaipur, India

1. UpLinkChan,el

Base Station

Subscriber Station

Fig. 3. Jamming at DownLink Channel

B. Jamming at UpLink Channel

Now, consider the situation when a jammer is trying to jam the communication on the UpLink channel, so the communication between the Subscriber Station (SS) and Base Station/Relay Station (BSIRS) get affected as shown in Fig. 4. Now our aim is to detect the jamming at the Subscriber Station (SS) for UpLink channel. At the Subscriber Station (SS), when the Subscriber Station (SS) is ready for sending data to the Base Station/Relay Station (BS/RS),first the Subscriber Station (SS) checks the status of the UpLink channel by sensing the UpLink channel and on the status of the UpLink channel the Subscriber Station (SS) takes the decision of sending the data. If the Subscriber Station (SS) found the UpLink channel idle it will start sending data towards the Base Station/Relay Station (BS/RS) and if it found the UpLink channel busy then it can' t send the data i.e. the Subscriber Station (SS) sending capability is losing and the Subscriber Station (SS) reported itself under the jamming attack. There are several techniques of sensing channel, the most simple one is to send the test signal and get the acknowledgment, the other methods includes matched filter and energy detection. The sensing of channel is beyond the scope of this work

Base Stat ion

Jammer Su bscriber Station

Fig. 4. Jamming at UpLink Channel

C. Recovery from Jamming

In WiMAX, the major task from the security point of view is to detect the jamming. After the detection of jamming the Subscriber Station (SS) need to be recovered from it. After jamming, the Subscriber Station (SS) need to do the channel hopping or in other words the Subscriber Station (SS) need to be modulated to some other channel. There are separate methods of channel hopping for DownLink channel and UpLink channel. To recover from DownLink channel jamming, the Subscriber Station (SS) saves the current DownLink frequency and disconnect from the current DownLink channel. After disconnecting the connection the

Subscriber Station (SS) start scanning the DownLink frequency band for the new DownLink channel and selects the most suitable DownLink channel. After the new DownLink channel is selected the UpLink channel corresponding to this DownLink channel is acquired between the Subscriber Station (SS) and the Base Station/Relay Station (BSIRS).

To recover from UpLink channel jamming, the Subscriber Station (SS) saves the current UpLink frequency and then disconnects the UpLink connection and start searching for the new UpLink channel. The difference lies in selection of new connection with the Base Station/Relay Station (BS/RS), when DownLink is changed the corresponding UpLink is also changed while when the UpLink is changed the DownLink remains the same. After making the new connection with the Base StationlRelay Station (BS/RS) either the DownLink or UpLink, the previous frequency saved by the Subscriber Station (SS) is transferred to the Base Station/Relay Station (BS/RS), so that the Base Station/Relay Station (BS/RS) would know in future that this appropriate frequency is vulnerable to jamming. The process of recovery is depicted in Fig. 5

New DownLin kChannel

Su bscri ber Stat ion

Fig. 5. Recovery from Jamming

V. COMPARISON

TABLEL COMP ARlSON OF PROPOSED APPROACH WITH THE EXISTING APPROACHES

Parameters Our Approach Previous

Approaches

Detection Metric(s) Signal to Interference plus Carrier to Noise Ratio, Packet interference to Delivery Ratio, Received Noise Ratio. Signal Strength and Channel Sensing.

Type of Jamming detected Constant and Deceptive Random and Recovered Number of BS affected One Two Adaptation of mode and New Channel New Modulation channel Mode Cost Overhead No Yes Antenna Design Overhead No Yes Simplicity Easy Complex

VI. CONCLUSION

In this paper, a technique is proposed for detecting jamming in WiMAX based system. Partial band and Full band jamming is considered under the influence of constant and deceptive type of jammer. A Signal to Interference plus Noise Ratio (SINR), Received Signal Strength (RSS), Packet Delivery Ratio (PDR) and Channel Sensing based method is used for detection of jamming and a mechanism for recovery is demonstrated. In last, a comparison between previous

IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), May 09-11,2014, Jaipur, India

approaches and our approach is summarized which shows that our approach is simple and efficient in detecting jamming, with no overhead in terms of cost and antenna design.

REFERENCES

[I] C. J. Pablo, 'THE LONG ROAD TO WiMAX",IEE Review, Volume: 51, Issue: 10,page(s): 38-42,2005.

[2] WiMax forum, "IEEE 802.16a Standard and WiMAX Igniting Broadband Wireless Access", White Paper, Available at: www.wimaxforum.org, 2004.

[3] WiMAX forum, "WiMAX and the IEEE 802.16m Air Interface Standard", White Paper, Available at: www.wimaxforum.org, 20 I O.

[4] B. Mitko, L. Pero, R. Aleksandar, and P.Borislav, "IEEE 802.16 Security Issues: A Survey", 16th Telecommunications forum TELFOR, page(s): 199-202, 2008.

[5] K. Constantinos, K. Georgios, and G. Stefan os, "Attacks and Countermeasures on 802.16: Analysis and Assessment",lEEE Communication Surveys and Tutorials, Volume: 15, Issue: I, page(s): 487-514,2013.

[6] D. B. Bruce, and T. Patrick, "Digital Filter Design for Jamming Mitigation in 802.15.4 Communication", lEEEComputer Communications and Networks (ICCCN), page(s): 1-6,2011.

[7] Y. S. Kim, M. Frank, C. Eric, and T. Patrick, "All Your Jammers Belong To Us - Localization of Wireless Sensors under Jamming Attack", IEEE

ICC - Communication and Information Systems Security Symposium, page(s): 949 - 954,2012.

[8] W. Xu, K. Ma, T. Wade, and Z. Yanyong, "Jamming Sensor Networks: Attack and Defence Strategies", IEEE Network Journal & Magazine, Volume: 20, Issue: 3, page(s): 41-47, 2006.

[9] I. Broustis, K. Pelechrinis, D. Syrivelis, S. V. Krishnamurthy, and L. Tassiulas, "A software framework for alleviating the effects of MAC­aware jamming attacks in wireless access networks", Springer Wireless Network, page(s): 1543-1560,2011.

[10] L. Juan, and H. S. Gustav, "Performance of IEEE 802.16-2004 Based System in Jamming Environment and its improvement with Link Adaptation", 17th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, page(s): 1-5,2006.

[II] M. Boris, "Jamming Resistant Architecture for WiMAX Mesh Network", IEEE Military Communication Conference, page(s): 1-6, 2006.

[12] J. Jorman, and J. Henryka, "Antenna Selection for Brigade Level Headquarter Use of Wi MAX", IEEE Military Communication Conference, page(s): 1-7,2007.

[13] YHuang, T.will, O. Andy, and W. Richard S., "A Compact Smart Antenna for WiMAX Radio", IEEE Mobile WiMAX Symposium, page(s): 169-173, 2009.

[14] TTA Standard, "802.16-2012, IEEE Standard for Air Interface for Broadband Wireless Access Systems". Available at: http://standards. ieee.org/getieee802/down load/802.16-20 12.pdf, 2012.