Jamming Attacks and their Countermeasures in

Wireless Sensor Networks

Bharat Bhushan
Dept. of computer science and engg.
Birla Institute of Technology, Mesra
Ranchi, Jharkhand, India
bharat_bhushan1989@yahoo.com
Dr. G. Sahoo Amit Kumar Rai
Dept. of computer science and engg.
Dept. of computer science and engg.
Birla Institute of Technology, Mesra
Birla Institute of Technology, Mesra
Ranchi, Jharkhand, India
Ranchi, Jharkhand, India
ak_rai@yahoo.com
gsahoo@bitmesra.ac.in

Abstract—Wireless sensor networks, because of its low cost
design and ease of reprogramming, it is easy for the adversary to
conduct jamming or radio interference that can easily cause DoS
attacks. These attacks can be launched against WSNs. The
security attacks on WSNs are increasing drastically and these
degrade the performance in terms of throughput, energy
consumption and delay. This article models the jamming attacks
behavior and analyzes the WSNs performance. Jamming attack
jams the network traffic by blocking the communication channel.
The article explores the jamming attack modelling and then
presents countermeasures against the jamming attacks. Then, the
simulation parameters are presented along with summarizing the
severance of various jamming attacks. Finally, we conclude the
paper along with the future research scope.
Keywords— Jamming attack, wireless sensor networks,
behavioural modelling, optimization, anti-jamming approach,
denial of service, FHSS, DSSS, CSS, THSS.
I. INTRODUCTION
Wireless sensor networks (WSNs) have huge range of
applications that includes recording and monitoring of
sensitive information. These are used efficiently for security
applications such as surveillance systems of secure areas,
children, patients, etc. due to temporal disruption of streaming
data and high QoS requirements of these applications may
lead to disastrous results if there exists security concerns.
Jamming is a process of disruption or prevention of signal
transmission by directing electromagnetic waves towards any
communication system [1]. Jamming attack interferes with the
radio frequency of the network nodes [2]. Attackers using
powerful jamming may disrupt the normal functioning of the
WSNs. Thus countermeasures against jamming attack in
WSNs is of utmost importance as WSNs may suffer from
several constraints such as limited memory, low computation
capability and energy resources.
Jamming attack can be considered as a special type of
denial of service (DoS) attacks. Woods and Stankovic in [3]
defined DoS attack as “event that eliminates or diminishes the
networks performance”. DoS inhibits flooding network with
useless information. The radio frequency signals of jamming
attack correspond to useless information. Thus, jamming is a
special case of DoS attack.
WSNs are deployed in outdoor and hostile environments
such as gardens, marine coasts, large estates, rivers, or even
battlefields. Such outdoor scenario requires integration of
these applications with geographic information system (GIS)
applications. These provide visual layout of thousands of
sensors on single screen. This GIS is useful for target mobility
monitoring in case of machine or human tracking systems.
These GIS applications are not used for indoor scenarios and
are limited only to outdoor scenarios because of two basic
reasons. Firstly, obtaining a GPS location is not possible in
indoor environments such as tunnels, building or factories as
the signal strength decreases inside buildings. Secondly,
deployment of indoor location system is expensive and
requires huge processing power.
Jamming is the radio signals emission aimed at disrupting
the transceivers operations [1]. Jamming is against any
specific target and is intentional whereas radio frequency
interference (RFI) is unintentional and is a result of nearby
transmitters transmitting very close frequencies.
This article is organized as follows. In the section 1, we
introduce the jamming attack as a special type of DoS attack.
In section 2, we present classification and modelling of
jamming attack. Four types of jamming attacks are discussed
in this section: constant jamming, deceptive jamming, random
jamming and reactive jamming. Section 3, explores various
types of countermeasures against jamming attacks: DSSS,
FHSS, THSS, CSS and antenna polarization. Simulation
parameters and the use of NS-2 to simulate the jamming
architecture and countermeasures are presented in the section
4. In section 5, we discuss the effect of jamming attack on the
WSNs in terms of energy consumption, delay and the
throughput. The reason for performance degrading under
various jamming attack is also presented in this section.
Finally, we conclude our paper in section 6, where we present
the side effects of jamming attacks on the WSNs performance
and the future research scope is also discussed.
 II. CLASSIFICATION AND MODELLING OF JAMMING
ATTACKS
Mingyan Li et al. [4] proposed a concept of perfect
knowledge of strategy of both the network and jammer and the
case where these components lack this knowledge. They also
considered energy constraints of the network and the jammer.
They also proposed a heuristic jamming technique. Wenyuan
Xu et al [5] proposed enhanced detection protocols for
employment of consistency checks. It employs two schemes.
The first scheme considered reactive consistency check using
signal strength measurements. The second scheme considered
consistency check using location information. Jamming attack
can be classified into following four types as discussed below.
A. Constant jamming
This jamming technique continuously generates a random
data incorporating some interval between this random data
generation. This random data transmission is done without
checking the channel for its idle state that is without following
the rules of MAC protocol [6], [7]. A normal node (n0) before
sending data transmits RTS packets to check the idleness of
the channel between destination and source. If the RTS finds
the channel to be idle, the destination node (n5) starts sending
CTS packets to normal node (n0). Suppose a jammer node
(n1), at the same time generates random data and this collides
with the CTS arriving from n5. The constant jammer is
activated after particular interval and generates and transmits
data in the network. If another node n2 sends RTS, and starts
sending data after receiving CTS. But the data from node n1
collides with randomly generated data. This is constant
jamming.
B. Deceptive jamming
This jammer continuously sends random data and injects
them to the channel. Between successive transmissions, it does
not keep any gap and injects all the packets. This continuous
stream of data prevents the normal sources to transmit data
successfully. The deceptive jammer (n1) continuously
generates malicious data. A normal node (n0) sends RTS
packets and receives CTS before sending data to the
destination. These packets may generate collision by colliding
with the malicious data on the channel. The continuous
generated malicious data from the deceptive jammer increases
the network collision and may result in several nodes in
receive state being placed in the networks.
C. Random jamming
This is the most intelligent jamming technique in which
the jammer considers its own energy and alternates itself
between jamming and sleeping after fixed time interval. It is
different from other jamming techniques where the jammer
continuously transmits data without considering its own
energy level. Random jamming may behave as both deceptive
as well as constant jamming. Thus random jamming detection
technique is more difficult as compared to deceptive or
constant jamming techniques. In this the nodes randomly
generates data after fixed time interval and also leads to
collision after fixed time interval in the same way as a
constant jammer. This random jammer tries to save its energy
level intelligently by switching itself to the sleep state. The
random jammer node switches itself to sleep mode after
jamming the network for facilitating energy conservation of
the jammer node. After waking up, it may act like a deceptive
jammer or constant jammer. It acts as deceptive jammer by
increasing collision and jamming the network.
D. Reactive jamming
It is difficult to detect reactive jamming as it is more
disastrous, considering network performance. In reactive
jamming, the jammer node starts its transmission upon any
event detection on the channel. As this is an intelligent
jamming technique, it reacts only upon observing any kind of
events in the network. The reactive jammer nodes (n1) first
analyze the networks state and if there is no event sensed, it
switches itself to quiet state. When normal node (n0) sends
RTS, the jammer node upon sensing such activity sends the
noise packets to the network. There occurs collision between
the noise packets and the CTS packets. The attacker only gets
activated only when the jammer sends any event in the
channel.
These jamming techniques can be summarized as follows.
TABLE I. JAMMING TECHNIQUES
Jamming technique Description
Constant jamming The MAC protocol is degraded by
continuously sending jamming
signals to the channel.
Deceptive jamming It involves constant injection of
regular packets without any gap to
the channel. Thus the normal node
is deceived.
Random jamming It alternates between sleeping and
jamming modes. The random
jammer performs deceptive or
constant jamming for a random
time period and then switches to
sleep mode.
Reactive jammer It stays quiet until any kind of
event on the channel is detected. It
spends large amount of energy in
channel sensing procedure.
III. COUNTERMEASURES AGAINST JAMMING TECHNIQUES
A brief description of various techniques and
countermeasures in jamming is presented below. In this
section, countermeasures dealing with possible radio jamming
scenarios are explored.
A. Telecommunications with spread spectrum
It is a type of radio transmission technique in which the
signals are transmitted over a large spectral width than the
original signals bandwidth when transmitted using
conventional modulation techniques. This is technique of
spreading the communication signals energy over a greater
bandwidth. This is done with the help of pseudo random code
and reduces the natural interference risks. It also withstands
interference and noise at the same time maintains privacy.
Security in WSNs is a challenging task because of its energy
constrained hardware and open medium. Jamming disrupts the
wireless communication by reducing the signal to noise ratio. rely on chirp pulses linear nature rather it distinguishes signal
Spreading of information of narrow band signal over a wide from noise in the channel. Doppler Effect is very common in
band spectrum decreases the interference effects. All these several mobile radio applications. CSS overcomes Doppler
spread spectral techniques employs a pseudo number for Effect.
controlling and determining the spread pattern. Spread F. Antenna Polarization
spectrum withstands high interference and this is the major
advantage of its usage. It provides a robust security approach The orientation of radio waves electric field with respect
for variety of WSNs applications [10]. to surface of earth is referred to as antenna polarization. This
technique plays an important role in jamming attack
B. Direct Sequence Spread Spectrum (DSSS) prevention. It is useful for LOS communications in WSNs.
This technology is mostly used in LAN wireless Right circular polarized antenna is unable to receive left
transmissions. At the sending station, a data signal is polarized signals and left circular polarized antenna cannot
combined with a bit sequence of high data rate. This divides receive right polarized signals. Thus for defending jamming
the user data on the basis of spreading ratio. DSSS enables attacks in WSNs, the nodes must be capable of changing
multiple users to share a single channel and shows resistance antenna polarization upon sensing any kind of interference.
to jamming attacks. It also shows negligible background noise But this also involves an overhead as the nodes must inform
and timing difference between receivers and transmitters. This about its peers to facilitate uninterrupted communications.
technique mixed data signals with pseudo noise code for This change in node polarization prevents jamming but
interference resistance. This results in larger signal bandwidth. requires specialized jamming equipments capable of rapidly
DSSS, a modulation technique, described in IEEE 802.11b changing its signal polarization during the jamming process
standards for computer wireless networking, spreads signals [11].
over broadband radio frequencies [8]. Various countermeasures against jamming attacks are
C. Frequency Hopping Spread Spectrum (FHSS) summarized in the table below.
This technique transmits radio wave signals that use
TABLE II. COUNTERMEASURES AGAINST JAMMING ATTACKS
multiple subcarrier channels in a frequency band. This is
based on pseudo random sequence which is known both by the Countermeasures Description
receiver and the transmitter. The FHSS is more advantageous Telecommunications ∑ Reduces the natural interference
than the single frequency usage. The transmitted signal is with SS risks.
∑ Withstands interference and noise.
made more resistant to interference as well as difficult to
∑ Maintains privacy and secrecy in
intercept. The radio attack interference is prevented by this WSNs.
technique. The advantages of FHSS are listed as follows. DSSS ∑ Enables multiple users to share a
Firstly, FHSS minimizes jamming and unauthorized single channel.
interception of radio transmissions. Secondly, it enables ∑ Shows resistance to jamming
coexistence of multiple WSNs in the same area. The major attacks.
drawback of FHSS is that it requires a wider overall ∑ Spreads signals over broadband
radio frequencies.
bandwidth than the single carrier frequency [9], [12].
FHSS ∑ Based on pseudorandom sequence
D. Time Hopping Spread Spectrum (THSS) which is known by both the receiver
and the transmitter.
The time hopping signals are divided into frames in THSS. ∑ Minimizes jamming and
These frames are again subdivided into number of unauthorized interception of radio
transmission slots. One time slot at a time is modulated in the transmissions.
frames using information modulation. The pseudo noise ∑ Enables co-existence of multiple
generator selects the time interval. These code generators are WSNs in the same area.
THSS ∑ Signals are divided into frames
responsible for performing switching using a power switch. which are again divided into
These switching leads to some output which needs to be transmission slots.
demodulated appropriately. These message bursts are CSS ∑ Chirp uses broad spectrum band
rescheduled and stored to retrieve information. The time axis, making CSS multipath fading
in a THSS system, is partitioned into frames and these frames resistant.
are again sub partitioned into slots. There may be several slots ∑ Operates at low power.
possible but only one slot is used for one use. ∑ Overcomes Doppler Effect.
Antenna polarization ∑ Useful for LOS communications in
E. Chirp Spread Spectrum (CSS) WSNs.
∑ Requires specialized jamming
Sliding of the carrier over some specified range of equipments capable of rapidly
frequencies in a specified or linear fashion generates a chirp changing its signal polarization
signal. The CSS receiver that employs a filter resembling time during the jamming attack.
dispersed carrier. In this technique, a signal is broadcasted
using the entire allocated bandwidth. Chirp uses broad
spectrum band making CSS multipath fading resistant and at
the same time operating at low power. It does not use any kind
of pseudo random elements, unlike DSSS or FHSS. It does not
 IV. SIMULATION PARAMETERS ∑ Constant jamming: The performance degrading of
Here, we have used Network Simulator (NS-2), a discrete constant jamming is less than other types of jamming
event simulator to simulate the jamming architecture and attack. This is because the network is jammed after
countermeasures. We have used IEEE 802.15.4 MAC radio regular intervals in constant jamming.
model for setting the parameters during simulations such as
receiving power, sleep power, transmission power, idle power. ∑ Deceptive jamming: As compared to constant
This MAC layer is required for device communications. This jamming, a deceptive jamming shows more
provides the physical channels to access all types of security performance degrading. This is because of
and transmission mechanisms. In this simulation, there are 50 continuous noise generation which increases delay
mobile nodes that move in 750 X 750 meter region for 25 and energy consumption as well as decreases the
second. Constant Bit Rate is the simulated traffic where the
sources send their data to the sink. We also considered several network throughput due to large number of collisions
jamming nodes or malicious nodes. The simulation parameters responsible for jamming the channel.
and settings are summarized in the table below. ∑ Random jamming: This jams the WSN randomly
using either deceptive jamming or constant jamming.
TABLE III. SIMULATION PARAMETERS
It is not easy to detect as it shows random behaviour.
Parameters Settings
Interface type Physical 802.15.4
∑ Reactive jamming: This is the most disastrous type of
Radio model Two ray ground propagation jamming attack. After any event detection, it
Link layer LL introduces noise packets immediately into the
Antenna type Omni-directional network. By introducing severe collision, it corrupts
Queue Priority queue huge number of packets in the WSNs.
Channel type Wireless
Interface queue length 50 VI. CONCLUSION
Number of nodes 50
Transmission range 400 m Considering the low-cost design of WSNs and the ease
Area 750 X 750
Routing protocols AODV
with which these can be reprogrammed, WSNs is susceptible
MAC 802.15.4 to radio interference attacks. This paper surveys both defence
Initial energy 100 joules and attack side of jamming WSNs. The paper models and
Traffic source CBR analyzes the side effects of various types of jamming attacks
Sources 4 on the WSNs performance. Increasing the safety level and
Packet size 512 bytes
Node placement Randomized
avoiding DoS attacks is of utmost importance in WSNs. The
attacker may launch DoS attack by radio channel jamming.
V. RESULTS AND DISCUSSIONS Jamming attacks degrades the network performance in terms
of energy consumption, throughput and delay. Reactive
It is observed that jamming attack degrades the WSNs
jamming degrades the network performance to maximum
performance in terms of energy consumption, delay and the
extent and random jamming shows least degradation in the
throughput.
network. This article provides requirements for efficient
∑ Energy consumption: Energy consumption is highest
jamming defence technique development. The future research
for the reactive jamming. The deceptive and constant will be concentrated on new jamming possibilities in WSN
jamming shows similar increase in energy and developing an efficient defense mechanism.
consumption. Amongst, all the jamming techniques,
REFERENCES
random jamming shows the lowest energy
consumption but still more than the no attack
[1] D. L. Adamy, D. Adamy, EW 102: A Second Course in Electronic
condition. Warfare, Artech House Publishers, 2004.
∑ Delay: The delay involved in reactive jamming is [2] E. Shi, A. Perrig, "Designing Secure Sensor Networks", Wireless
highest amongst all jamming techniques while Communications Magazine, vol. 11, no. 6, pp. 38-43, Dec. 2004.
[3] A. D. Wood, J. A. Stankovic, "Denial of service in sensor
random jamming shows the lowest delay. networks", Computer, vol. 35, no. 10, pp. 54-62, 2002.
∑ Throughput: Throughput of no attack condition is [4] Mingyan Li et al "Optimal Jamming Attacks and Network Defense in
highest and among all the jamming attacks, the Wireless Sensor Networks" IEEE Transactions on Mobile Computing
August 2010
reactive jamming shows the least throughput by far [5] Wenyuan Xu, Wade Trappe, Yanyong Zhang and Timothy Wood."The
from all other jamming techniques. Constant feasibility of Launching and Detecting Jamming Attacks in Wireless
Networks" MobiHoc'05, May 25-27, 2005, Urbana Champaign, Illinois,
jamming produces highest throughput followed by USA.
deceptive jamming and random jamming techniques. [6] Aristides Mpitziopoulos, Damianos Gavalas, Charalampos
The reason for performance degrading under various jamming Konstantopoulos, and Grammati Pantziou, "A Survey on Jamming
attack is explored below. Attacks and Countermeasures in WSNs", IEEE Communications
Surveys & Tutorials, Vol. 11, Issue No. 4, pp. 42-56, 2009.
[7] Wen yuan Xu, Ke Ma, Wade Trappe, and Yanyong Zhang, "Jamming [11] W. Stutzman, G. Thiele, Antenna Theory and Design, John Wiley &
Sensor Networks: Attacks and defense stategies", IEEE Network, Sons, 1997.
MayJune, pp. 41-47, 2006. [12] J. Min, Analysis and design of a frequency-hopped spread-spectrum
[8] DSSS-wikipedia. http://en.wikipedia.org/wiki/Direct-sequence-spread-- transceiver for wireless personal communications, University of
spectrum. California, 1995.
[9] FHSS-wikipedia. http://en. wikipedia.org/wiki/Frequency-hopping--
spread-spectrum
[10] R. L. Pickholtz, D. L. Schilling, L. B. Milstein, "Theory of spread
spectrum communications-a tutorial", IEEE Trans. Commun., vol. 20,
no. 5, pp. 855-884, 1982.