Journal of information and communication convergence engineering 2022; 20(4): 250-258
Published online December 31, 2022
https://doi.org/10.56977/jicce.2022.20.4.250
© Korea Institute of Information and Communication Engineering
Correspondence to : Ashraf Al Sharah (E-mail: aalsharah@bau.edu.jo, Tel: +962-797325603)
Department of Electrical Engineering, College of Engineering Technology, Al-Balqa Applied University, Amman 001962, Jordan
This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
The emerging scope of the Internet-of-Things (IoT) has piqued the interest of industry and academia in recent times. Therefore, security becomes the main issue to prevent the possibility of cyberattacks. Jamming attacks are threads that can affect performance and cause significant problems for IoT device. This study explores a smart jamming attack (coalition attack) in which the attackers were previously a part of the legitimate network and are now back to attack it based on the gained knowledge. These attackers regroup into a coalition and begin exchanging information about the legitimate network to launch attacks based on the gained knowledge. Our system enables jammer nodes to select the optimal transmission rates for attacks based on the attack probability table, which contains the most probable link transmission rate between nodes in the legitimate network. The table is updated constantly throughout the life cycle of the coalition. The simulation results show that a coalition of jammers can cause highly successful attacks.
Keywords Attacks, Cooperation, Internet of Things, Security
By employing Internet of Things (IoT) tools, enterprises may boost their productivity and creativity while also gaining a competitive advantage. IoT devices are used in many applications in different domains, such as smart cities, smart traffic controllers, smart homes, healthcare, and transportation. Many devices with diverse user populations take advantage of these applications. A vast number of IoT devices are interconnected by smart applications, which implies that data interchange and large-scale communication are hampered by the heterogeneous nature of the IoT ecosystem. Consequently, it is an ideal target for a variety of attacks. Because wireless communication is the primary conduit for IoT, practically all wireless communication security issues can spread to IoT networks. Because of the restricted resources and capabilities of nodes in an IoT network, security for such networks is a major concern compared to that for traditional networks. The most common IoT attacks can be classified into the following categories: black hole, wormhole, flooding, sinkhole, Sybil, and jamming. Many types of attacks can affect such networks, which use a wireless medium, making them easier to attack. However, many of these attacks can be easily detected. Jamming attacks are destructive attacks that can interfere with physical transmission and thus the rate at which data is transmitted via wireless communication.
In a black-hole attack, a malicious node advertises to its neighbors that it has the shortest path for the nodes that want to send or forward data; this usually occurs during the routing discovery process.
In a wormhole attack, a malicious node sends the received data to another malicious node via a tunnel, which requires two or more malicious nodes in the same network to collaborate with each other.
In a Sybil attack, malicious nodes generate additional fake nodes with different fake identities; this increases the malicious node's ability to intercept messages routing through the overall network. The malicious node in a sinkhole attack attracts network traffic by advertising to its neighbors that it has the best next hop. Subsequently, this node starts receiving (sinking) all network traffic. Sink nodes do not drop data but monitor all network data; this makes them undetectable to the neighboring nodes. A significant denial of service (DoS) attack known as a jamming attack can disrupt the communication link among a large number of genuine IoT nodes, which affects the performance of the overall network. In general, jamming attacks are among the most harmful attacks that can cripple the communication channels between IoT nodes by presenting counterfeit packets and damaging the communication transmission rates in IoT networks. As a result, this attack poses a significant risk to nodes within IoT networks.
Jamming attacks can be classified into different types: constant, random, deceptive, and reactive jamming attacks. In constant jamming, the jammer continues to produce a high-power signal without following any clear strategy; it simply continues sending a random bit. In random jamming, the jammer switches randomly between sleeping and jamming modes. When this jammer is in sleep mode, it does nothing, and in jamming mode, it acts as a reactive or constant jammer. The jammer in deceptive jamming works almost like a random jammer; the difference between them is that the deceptive jammer sends illegitimate data which appears legitimate to the receiver node to keep the communication channels busy. Reactive jamming can be considered a challenging attack, in which the attacker keeps sensing the channels for available transmissions to activate itself; it remains neutral if the channels remain idle. However, this study does not deal with detection techniques or anti-jamming strategies; rather, it aims to provide researchers interested in jamming attacks with a feasible method of smart jamming for use as a reference. Using a coalition game, we demonstrate a smart jamming attack strategy for IoT networks that may collaborate to assault legal nodes. In this strategy, the attacker node has long been a member of the IoT network. The following are the most significant contributions of this study:
A jamming attack scheme is proposed that relies on a coalition attack for transmission rates observed by the jammers, which is dependent on the attack probability that will come later.
A jamming attack on IoT networks is proposed, which reduces the complexity of individual attacks by offering a lightweight technique. The proposed scheme is a stepwise technique deployed by attackers inside the attacking coalition.
IoT networks can be directly targeted by proposed jamming strategies without any additional users.
The rest of the paper is organized as follows: Section II presents related work, Section III introduces the proposed model and the proposed attacking cases, Section IV discusses the simulation and results, and Section V concludes the study and discusses future work.
Because we have a limited understanding of how collaborative smart attacks work, there is a shortage of studies in this field that focus on new collaborative smart attacks in the IoT domain. The modeling and analysis of systems under attack has received considerable attention [1-6]. Researchers have illustrated existing attacks and methods to eliminate them. Additionally, work has been done to model threats in the IoT with the aim of studying and analyzing threat capabilities. This has been done by attempting to identify the issue from the perspective of a hypothetical attacker; one common technique is trying to leverage attack trees [7]. Chen [8] described a two-hop system with full-duplex jamming in the presence of a single eavesdropper. According to their findings, full-duplex jamming outperformed a halfduplex system by a wide margin. Chen [9] also discussed the scenario where a base station communicated with a single user in the presence of randomly positioned eavesdroppers. Additional problems for eavesdroppers can be caused by security advancements such as cooperative jamming systems, which broadcast many jamming signals simultaneously.
During a vampire assault, the vampire nodes in the network appear innocent, yet continue to communicate protocol-compliant data to other nodes. Vampire nodes can be observed in two different forms: carrousel and stretch attacks [10]. A situation in which IoT system nodes have varying degrees of relevance was examined by Labib. [11]. The purpose of the jammer is to interfere with an IoT network's performance while remaining undiscovered by limiting the power of its interference according to their own betweenness centrality. One of the most critical attacks on the IoT is a physical attack where the attacker must be close to the network to launch it, whereas a network assault differs significantly in that it does not require the attacker to be close to the network to be launched. A number of physical and network layer attacks have been attempted, such as tampering attack, which involves manipulating the data sent between nodes in an IoT network to manipulate the transferred data between nodes [12].
It is possible for a malicious node to insert code into the network, which will force the network to shut down, allowing an attacker to take control of that network; this is called malicious code injection [13].
Fake nodes or man-in-the-middle attacks, in which an attacker inserts a fake node between two real nodes in an IoT network. To manipulate the data flow between the nodes [14], algorithms are developed to analyze network traffic and thereby manage linkages and interactions between nodes in legitimate networks to launch an attack on them using traffic analysis, also known as a traffic analysis attack [15]. Through selective forwarding, a malicious node attempts to ensure that only parts of the message are forwarded to the intended recipient [16]. In a replay attack, a malicious node sends a signed packet to the destination numerous times to keep the network busy [17]. Routing information attacks, in which an attacker creates a route or continues to transmit error messages by altering the routing information [18], Table 1 summarize part of physical and network attacks.
Table 1 . Summary of physical and network attacks with their effects
Layer | Attacks | Description |
---|---|---|
Network Layer | Sinkhole Attack. [19] | Creates fake routing information, by declaring a shortest path to destination. |
Denial of Service Attack. [20] | Preventing a legitimate node from access, network or services | |
Sybil Attack [21] | Malicious node creates a large number of identities of other | |
Blackhole attack [22] | Malicious node receives packets and replies with high sequence rather than discard them | |
Grayhole Attack [23] | Malicious node agrees to participate in route formation but later it drops packets based on certain conditions | |
Wormhole attack [24] | Two or more malicious nodes forward data to each other via a tunnel | |
Rushing attack [25] | Malicious node receives route request packet, and immediately forwards it to its neighbors without processing the packet | |
Jellyfish attack [26] | Malicious node increases throughput by using alternative route for data packets | |
Physical layer | Jamming attack [27] | Malicious nodes transmit a radio signal to block legitimate communication by causing intentional interference in networks. |
Tampering [12] | Malicious nodes modify data transferred between nodes | |
Fake Node Injection [15] | Malicious control dataflow between nodes | |
Scrambling attack [25] | Malicious nodes injection interference using radio frequency to prevent bandwidth allocations | |
Replay attack [17] | Malicious nodes keeps network by resending a signed packets many times | |
Eavesdropping[25] | Malicious nodes deletes or modifies transmitted data between nodes |
In the current model, which is shown in Fig. 1, the environment is characterized as a coalition-based recurring game with incomplete knowledge. Consider a wireless IoT system with N legitimate IoT nodes connected to each other using any wireless protocol for data transport and sharing. In an IoT network, Nn denotes the number of legitimate nodes, where Nn=[N1,N2,N3…..Nn]. This legitimate network is the attacking surface that is targeted by the smart jammers’ coalition. On the other hand, the attacking coalition consists of C jammer nodes, which were previously a part of the legitimate network, where Cn denotes the number of smart jammers and Cn = [C1,C2,C3….Cn]. Each jammer node has a knowledge table; this table was maintained during its stay on the legitimate network, which is why we name it the jammer knowledge table. The duty of the table is to store the updated values of knowledge gained from the legitimate network. After joining the jamming coalition, jammers share the table data with each other. From this data, we use the transmission rates (R) gained by the attacker node during the time. R = [R1,R2,R3,…Rn]. A coalition game is labeled as a pair < C; v >, where C is the set of players in our case set of jammers and v is the characteristic function of any subset S of players where S ⊆ C is called a coalition; C is the grand coalition, which consists of the set of all players. As an example, if we have three players, then there will be eight coalitions (ϕ; (1); (2); (3); (1; 2); (1; 3); (2; 3); C). In general, for C players, the set of coalitions 2C has 2c elements.
When it comes to network attacks, we assume that there are multiple attackers in the network and that their primary purpose is to disrupt data transmissions between two nodes. As a result, data transmission between nodes is disrupted. At each specified window time (w), the jammers use the jamming attack method based on three separate jamming probabilities, which is described in detail later in section 3, to select a specific channel to attack; this method is then repeated.
The attackers’ coalition is formed from nodes that have been mitigated from the IoT network to which they previously belonged. When a node joins, it sends or broadcasts a joining signal to other nodes with the same intention, which means that a coalition has already been formed. As of this moment, nodes begin exchanging information with one another in accordance with Algorithm 1. Each time a new member of the coalition joins, the same procedure must be followed (all nodes exchange knowledge regarding the IoT network that was excluded from it). Forming an attackers’ coalition has the overall purpose of increasing the effectiveness of the nodes’ attacks rather than relying on blind attacks. Consequently, new nodes are needed in the jammers’ coalition because old nodes do not know what changes occurred in the IoT network after they left, but this information can be offered by the new nodes, which can then assist the jammers’ coalition in estimating the transmission rate hopping procedure after a jammer node leaves.
Fig. 2 shows algorithm 1, which states that the first disjoint attacker node (c1) from the IoT network broadcasts a joining signal for any other disjoint nodes that are interesting in forming an attacking coalition. There should be at least two nodes to testify the coalition formation rules: when two or more attackers exist, they start exchanging the gain information (transmission rates) currently used by the IoT network. This procedure continues throughout the life of the attacker coalition. Let cn be the number of attackers that join the coalition. We can also formulate joining criteria if we are looking for more powerful attacks. Therefore, our criteria is that any node willing to join the attackers’ coalition should have knowledge about the transmission rate for at least 15 communication link (NL) between the nodes in the legitimate IoT network; this number can be varied for more flexibility.
where Kcn (
As previously mentioned, in system mode, the attack surface is a legitimate IoT network, which consists of “N” IoT nodes. These nodes may be legitimate or potential future attackers. The node is a probable future attacker when it leaves the IoT network.
Performing aggressive attacks requires a large amount of information about the legitimate network transmission rates that have been used for data transmission between nodes, which is achieved by sharing previous knowledge about the legitimate network through the jammers’ coalition. This leads to a high potential to damage or corrupt the channels in several time slots. Therefore, this method of attacking urgently is not needed because the attacker nodes are not known for the legitimate network and the jamming probability is high according to their accumulated knowledge. This is the basis of the strength of this method. The attack strategy is computed over a given time window before launching the attack; this window is used to determine if there is any new information from the new joining nodes. Jamming is designed to attack a specific channel between nodes, where O is the number of observed transmission rates performed by the attackers. These observations have been collected over several time windows. These collections is done by using the following equation:
where
In this case, not all jammers have observations for a specific link in the legitimate network; thus, jammers will choose to attack this link with low probability for this window of time according to the attack rate, which is given by
While not all nodes capture the rate for a specific link, the probability of a successful attack can be utilized by
where
In addition, because of the lack of information, the jamming probability cannot be further improved subject to the probability of observations. The non-attaching probability is defined as
In this case, over 66% and less than 90% of jammers have observed a specific link in the legitimate network. Compared to Case 1, jammers will attack this link with a medium probability during the time window. In this case, the probability of a successful attack can be deduced by
Referring to the optimum solution of the attacking probability in case 1, we need to characterize the outcome to find the attacking probability
By solving Equation 6, we can obtain the satisfied solutions for the attack as follows:
From equations 7 and 10, the observations in case 2 are higher than observations in case 1, which implies that the attack is more efficient in case 2.
The probability of success attacks in this case can be calculated by:
In this case, the transmission rate is highly likely to still be in use by the legitimate network, which gives it the highest possibility to aid in a successful attack; the result for attacking probability can be given by:
Note that
We implemented and proposed an approach using an NS-3 simulator. In the experiments, the attacking surface consists of 150 legitimate nodes, and the simulation consisted of different jammers’ coalition sizes (10, 15, 20, and 25) to show that increasing the number of attacker nodes in the attacking coalition leads to improved results. In addition, the impact of jammers was shown as the jammers’ coalition increases.
The percentage of successful attacks is shown for each of the three cases, compared with different jammers’ coalition sizes. A comparison of the impact factors for the three different cases is shown by comparing each case with different jammers’ coalition sizes and comparing the accuracy for the three cases using 25 jammers’ collation sizes. Finally, the number of false positives is presented separately for the three different cases with respect to time.
Fig. 3 shows the impact of the jamming attack on the three presented cases with different jamming coalition sizes. It is clearly shown that the impact factor increases as the number of jammers increases in the coalition and the number of observations increases, which thereby increases the attacking probability.
Fig. 4 shows the number of successfully generated attacks according to the total number of generated attacks. It is clear that when there are more nodes in the attackers’ coalition, more possible attacks are generated, as shown in the figure. The generated attacks comprise both successful and unsuccessful attacks that have been launched; the figure also shows the differences between the three presented cases with the same simulation time and the same sizes of the jammers’ coalition.
Our findings in Fig. 5 show that the probability of capturing the transmission rate increases when there are more observations in a given window of time; the capturing probability is large when
Fig. 6 shows the rate of false positives regarding the cases observed, and it is clearly shown that the rate of false positives increases when the number of jammers decreases. On the other hand, the rate of false positives decreases when the number of jammers increases.
This study demonstrates that if jammers are mitigated from a legitimate network, they are still able to form a coalition and launch attacks independently. Based on the network’s attacking possibility, these nodes have the potential to launch an attack on the legitimate network. Regarding the probability of an attack, three different scenarios were developed, and we were able to demonstrate the effects of the jamming attack carried out by the attacking coalition for each of these three scenarios. In addition, a comparison between the number of generated attacks and the number of successful attacks was demonstrated. According to our findings, the number of successful attacks was higher than that of isolated attacks, and the false positive rate decreased as the number of attackers increased. Both findings are based on comparisons with solitary attacks. In the future, we intend to analyze the model by expanding it to hundreds of nodes to investigate the proposed strategy in the context of a larger coalition.
This work is supported and sponsored by Al-Balqa Applied University and Al-Ahliyya Amman University.
Persons or institutes who contributed to the papers but not enough to be coauthors may be introduced. Financial support, including foundations, institutions, pharmaceutical and device manufacturers, private companies, intramural departmental sources, or any other support should be described.
Ashraf Al Sharah has completed his PhD from Tennessee State University. USA. He was a research associate at cyber vis research lab. And served as an Assistant Professor in the Department of Computer Engineering at Al-Ahliyya Amman University. He is serving now as an assistant professor in electrical engineering department in Al-Balqa Applied University. His research interest include wireless security, IoT, smart attack and game theory.
Hamza Abu Owida has completed his PhD from Keele university , UK. He was a postdoctoral Research Associate: Developing xeno-free nanofibrous scaffold methodology for human pluripotent stem cell expansion, differentiation and implantation towards a therapeutic product, Keele University, Institute for Science and Technology in Medicine (ISTM), Staffordshire /UK. He is assiosiate professor in medical engineering department in Al-Ahliyya Amman University . He has published more than 30 papers in reputed journals.
Talal A. Edwan has completed his PhD from Loughborough University UK. He served as an Assistant Professor in the Department of Computer Engineering at PSUT 2014-2019., and as an Assistant Professor in the Department of Computer Engineering at Al-Ahliyya Amman University (AAU) 2020-2022. He is now an Assistant Professor in the Department of Computer Engineering at the University of Jordan. His research interests are: Computer Networks, Network Congestion Control, Performance Evaluation/Engineering of Computer Systems/Networks and Queueing Theory.
Feras Alnaimat has completed his PhD from University of Birmingham, Birmingham, UK. In 2018, he joined the department of Medical Engineering, Al-Ahliyya Amman University, as an assistant professor. His current research interests include design of artificial disc implant, artificial joints and bio fluid mechanics. He is one of the steering committee of the Innovation and New Trends in Engineering, Science and Technology Education Conference.
Journal of information and communication convergence engineering 2022; 20(4): 250-258
Published online December 31, 2022 https://doi.org/10.56977/jicce.2022.20.4.250
Copyright © Korea Institute of Information and Communication Engineering.
Ashraf Al Sharah 1*, Hamza Abu Owida 2, Talal A. Edwan 3, and Feras Alnaimat2
1Department of Electrical Engineering, College of Engineering Technology, Al-Balqa Applied University, Amman 001962, Jordan
2Medical Engineering Department, Al-Ahliyya Amman University, Amman 001962, Jordan
3Department of Computer Engineering, The University of Jordan, Amman 001962, Jordan
Correspondence to:Ashraf Al Sharah (E-mail: aalsharah@bau.edu.jo, Tel: +962-797325603)
Department of Electrical Engineering, College of Engineering Technology, Al-Balqa Applied University, Amman 001962, Jordan
This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
The emerging scope of the Internet-of-Things (IoT) has piqued the interest of industry and academia in recent times. Therefore, security becomes the main issue to prevent the possibility of cyberattacks. Jamming attacks are threads that can affect performance and cause significant problems for IoT device. This study explores a smart jamming attack (coalition attack) in which the attackers were previously a part of the legitimate network and are now back to attack it based on the gained knowledge. These attackers regroup into a coalition and begin exchanging information about the legitimate network to launch attacks based on the gained knowledge. Our system enables jammer nodes to select the optimal transmission rates for attacks based on the attack probability table, which contains the most probable link transmission rate between nodes in the legitimate network. The table is updated constantly throughout the life cycle of the coalition. The simulation results show that a coalition of jammers can cause highly successful attacks.
Keywords: Attacks, Cooperation, Internet of Things, Security
By employing Internet of Things (IoT) tools, enterprises may boost their productivity and creativity while also gaining a competitive advantage. IoT devices are used in many applications in different domains, such as smart cities, smart traffic controllers, smart homes, healthcare, and transportation. Many devices with diverse user populations take advantage of these applications. A vast number of IoT devices are interconnected by smart applications, which implies that data interchange and large-scale communication are hampered by the heterogeneous nature of the IoT ecosystem. Consequently, it is an ideal target for a variety of attacks. Because wireless communication is the primary conduit for IoT, practically all wireless communication security issues can spread to IoT networks. Because of the restricted resources and capabilities of nodes in an IoT network, security for such networks is a major concern compared to that for traditional networks. The most common IoT attacks can be classified into the following categories: black hole, wormhole, flooding, sinkhole, Sybil, and jamming. Many types of attacks can affect such networks, which use a wireless medium, making them easier to attack. However, many of these attacks can be easily detected. Jamming attacks are destructive attacks that can interfere with physical transmission and thus the rate at which data is transmitted via wireless communication.
In a black-hole attack, a malicious node advertises to its neighbors that it has the shortest path for the nodes that want to send or forward data; this usually occurs during the routing discovery process.
In a wormhole attack, a malicious node sends the received data to another malicious node via a tunnel, which requires two or more malicious nodes in the same network to collaborate with each other.
In a Sybil attack, malicious nodes generate additional fake nodes with different fake identities; this increases the malicious node's ability to intercept messages routing through the overall network. The malicious node in a sinkhole attack attracts network traffic by advertising to its neighbors that it has the best next hop. Subsequently, this node starts receiving (sinking) all network traffic. Sink nodes do not drop data but monitor all network data; this makes them undetectable to the neighboring nodes. A significant denial of service (DoS) attack known as a jamming attack can disrupt the communication link among a large number of genuine IoT nodes, which affects the performance of the overall network. In general, jamming attacks are among the most harmful attacks that can cripple the communication channels between IoT nodes by presenting counterfeit packets and damaging the communication transmission rates in IoT networks. As a result, this attack poses a significant risk to nodes within IoT networks.
Jamming attacks can be classified into different types: constant, random, deceptive, and reactive jamming attacks. In constant jamming, the jammer continues to produce a high-power signal without following any clear strategy; it simply continues sending a random bit. In random jamming, the jammer switches randomly between sleeping and jamming modes. When this jammer is in sleep mode, it does nothing, and in jamming mode, it acts as a reactive or constant jammer. The jammer in deceptive jamming works almost like a random jammer; the difference between them is that the deceptive jammer sends illegitimate data which appears legitimate to the receiver node to keep the communication channels busy. Reactive jamming can be considered a challenging attack, in which the attacker keeps sensing the channels for available transmissions to activate itself; it remains neutral if the channels remain idle. However, this study does not deal with detection techniques or anti-jamming strategies; rather, it aims to provide researchers interested in jamming attacks with a feasible method of smart jamming for use as a reference. Using a coalition game, we demonstrate a smart jamming attack strategy for IoT networks that may collaborate to assault legal nodes. In this strategy, the attacker node has long been a member of the IoT network. The following are the most significant contributions of this study:
A jamming attack scheme is proposed that relies on a coalition attack for transmission rates observed by the jammers, which is dependent on the attack probability that will come later.
A jamming attack on IoT networks is proposed, which reduces the complexity of individual attacks by offering a lightweight technique. The proposed scheme is a stepwise technique deployed by attackers inside the attacking coalition.
IoT networks can be directly targeted by proposed jamming strategies without any additional users.
The rest of the paper is organized as follows: Section II presents related work, Section III introduces the proposed model and the proposed attacking cases, Section IV discusses the simulation and results, and Section V concludes the study and discusses future work.
Because we have a limited understanding of how collaborative smart attacks work, there is a shortage of studies in this field that focus on new collaborative smart attacks in the IoT domain. The modeling and analysis of systems under attack has received considerable attention [1-6]. Researchers have illustrated existing attacks and methods to eliminate them. Additionally, work has been done to model threats in the IoT with the aim of studying and analyzing threat capabilities. This has been done by attempting to identify the issue from the perspective of a hypothetical attacker; one common technique is trying to leverage attack trees [7]. Chen [8] described a two-hop system with full-duplex jamming in the presence of a single eavesdropper. According to their findings, full-duplex jamming outperformed a halfduplex system by a wide margin. Chen [9] also discussed the scenario where a base station communicated with a single user in the presence of randomly positioned eavesdroppers. Additional problems for eavesdroppers can be caused by security advancements such as cooperative jamming systems, which broadcast many jamming signals simultaneously.
During a vampire assault, the vampire nodes in the network appear innocent, yet continue to communicate protocol-compliant data to other nodes. Vampire nodes can be observed in two different forms: carrousel and stretch attacks [10]. A situation in which IoT system nodes have varying degrees of relevance was examined by Labib. [11]. The purpose of the jammer is to interfere with an IoT network's performance while remaining undiscovered by limiting the power of its interference according to their own betweenness centrality. One of the most critical attacks on the IoT is a physical attack where the attacker must be close to the network to launch it, whereas a network assault differs significantly in that it does not require the attacker to be close to the network to be launched. A number of physical and network layer attacks have been attempted, such as tampering attack, which involves manipulating the data sent between nodes in an IoT network to manipulate the transferred data between nodes [12].
It is possible for a malicious node to insert code into the network, which will force the network to shut down, allowing an attacker to take control of that network; this is called malicious code injection [13].
Fake nodes or man-in-the-middle attacks, in which an attacker inserts a fake node between two real nodes in an IoT network. To manipulate the data flow between the nodes [14], algorithms are developed to analyze network traffic and thereby manage linkages and interactions between nodes in legitimate networks to launch an attack on them using traffic analysis, also known as a traffic analysis attack [15]. Through selective forwarding, a malicious node attempts to ensure that only parts of the message are forwarded to the intended recipient [16]. In a replay attack, a malicious node sends a signed packet to the destination numerous times to keep the network busy [17]. Routing information attacks, in which an attacker creates a route or continues to transmit error messages by altering the routing information [18], Table 1 summarize part of physical and network attacks.
Table 1 . Summary of physical and network attacks with their effects.
Layer | Attacks | Description |
---|---|---|
Network Layer | Sinkhole Attack. [19] | Creates fake routing information, by declaring a shortest path to destination. |
Denial of Service Attack. [20] | Preventing a legitimate node from access, network or services | |
Sybil Attack [21] | Malicious node creates a large number of identities of other | |
Blackhole attack [22] | Malicious node receives packets and replies with high sequence rather than discard them | |
Grayhole Attack [23] | Malicious node agrees to participate in route formation but later it drops packets based on certain conditions | |
Wormhole attack [24] | Two or more malicious nodes forward data to each other via a tunnel | |
Rushing attack [25] | Malicious node receives route request packet, and immediately forwards it to its neighbors without processing the packet | |
Jellyfish attack [26] | Malicious node increases throughput by using alternative route for data packets | |
Physical layer | Jamming attack [27] | Malicious nodes transmit a radio signal to block legitimate communication by causing intentional interference in networks. |
Tampering [12] | Malicious nodes modify data transferred between nodes | |
Fake Node Injection [15] | Malicious control dataflow between nodes | |
Scrambling attack [25] | Malicious nodes injection interference using radio frequency to prevent bandwidth allocations | |
Replay attack [17] | Malicious nodes keeps network by resending a signed packets many times | |
Eavesdropping[25] | Malicious nodes deletes or modifies transmitted data between nodes |
In the current model, which is shown in Fig. 1, the environment is characterized as a coalition-based recurring game with incomplete knowledge. Consider a wireless IoT system with N legitimate IoT nodes connected to each other using any wireless protocol for data transport and sharing. In an IoT network, Nn denotes the number of legitimate nodes, where Nn=[N1,N2,N3…..Nn]. This legitimate network is the attacking surface that is targeted by the smart jammers’ coalition. On the other hand, the attacking coalition consists of C jammer nodes, which were previously a part of the legitimate network, where Cn denotes the number of smart jammers and Cn = [C1,C2,C3….Cn]. Each jammer node has a knowledge table; this table was maintained during its stay on the legitimate network, which is why we name it the jammer knowledge table. The duty of the table is to store the updated values of knowledge gained from the legitimate network. After joining the jamming coalition, jammers share the table data with each other. From this data, we use the transmission rates (R) gained by the attacker node during the time. R = [R1,R2,R3,…Rn]. A coalition game is labeled as a pair < C; v >, where C is the set of players in our case set of jammers and v is the characteristic function of any subset S of players where S ⊆ C is called a coalition; C is the grand coalition, which consists of the set of all players. As an example, if we have three players, then there will be eight coalitions (ϕ; (1); (2); (3); (1; 2); (1; 3); (2; 3); C). In general, for C players, the set of coalitions 2C has 2c elements.
When it comes to network attacks, we assume that there are multiple attackers in the network and that their primary purpose is to disrupt data transmissions between two nodes. As a result, data transmission between nodes is disrupted. At each specified window time (w), the jammers use the jamming attack method based on three separate jamming probabilities, which is described in detail later in section 3, to select a specific channel to attack; this method is then repeated.
The attackers’ coalition is formed from nodes that have been mitigated from the IoT network to which they previously belonged. When a node joins, it sends or broadcasts a joining signal to other nodes with the same intention, which means that a coalition has already been formed. As of this moment, nodes begin exchanging information with one another in accordance with Algorithm 1. Each time a new member of the coalition joins, the same procedure must be followed (all nodes exchange knowledge regarding the IoT network that was excluded from it). Forming an attackers’ coalition has the overall purpose of increasing the effectiveness of the nodes’ attacks rather than relying on blind attacks. Consequently, new nodes are needed in the jammers’ coalition because old nodes do not know what changes occurred in the IoT network after they left, but this information can be offered by the new nodes, which can then assist the jammers’ coalition in estimating the transmission rate hopping procedure after a jammer node leaves.
Fig. 2 shows algorithm 1, which states that the first disjoint attacker node (c1) from the IoT network broadcasts a joining signal for any other disjoint nodes that are interesting in forming an attacking coalition. There should be at least two nodes to testify the coalition formation rules: when two or more attackers exist, they start exchanging the gain information (transmission rates) currently used by the IoT network. This procedure continues throughout the life of the attacker coalition. Let cn be the number of attackers that join the coalition. We can also formulate joining criteria if we are looking for more powerful attacks. Therefore, our criteria is that any node willing to join the attackers’ coalition should have knowledge about the transmission rate for at least 15 communication link (NL) between the nodes in the legitimate IoT network; this number can be varied for more flexibility.
where Kcn (
As previously mentioned, in system mode, the attack surface is a legitimate IoT network, which consists of “N” IoT nodes. These nodes may be legitimate or potential future attackers. The node is a probable future attacker when it leaves the IoT network.
Performing aggressive attacks requires a large amount of information about the legitimate network transmission rates that have been used for data transmission between nodes, which is achieved by sharing previous knowledge about the legitimate network through the jammers’ coalition. This leads to a high potential to damage or corrupt the channels in several time slots. Therefore, this method of attacking urgently is not needed because the attacker nodes are not known for the legitimate network and the jamming probability is high according to their accumulated knowledge. This is the basis of the strength of this method. The attack strategy is computed over a given time window before launching the attack; this window is used to determine if there is any new information from the new joining nodes. Jamming is designed to attack a specific channel between nodes, where O is the number of observed transmission rates performed by the attackers. These observations have been collected over several time windows. These collections is done by using the following equation:
where
In this case, not all jammers have observations for a specific link in the legitimate network; thus, jammers will choose to attack this link with low probability for this window of time according to the attack rate, which is given by
While not all nodes capture the rate for a specific link, the probability of a successful attack can be utilized by
where
In addition, because of the lack of information, the jamming probability cannot be further improved subject to the probability of observations. The non-attaching probability is defined as
In this case, over 66% and less than 90% of jammers have observed a specific link in the legitimate network. Compared to Case 1, jammers will attack this link with a medium probability during the time window. In this case, the probability of a successful attack can be deduced by
Referring to the optimum solution of the attacking probability in case 1, we need to characterize the outcome to find the attacking probability
By solving Equation 6, we can obtain the satisfied solutions for the attack as follows:
From equations 7 and 10, the observations in case 2 are higher than observations in case 1, which implies that the attack is more efficient in case 2.
The probability of success attacks in this case can be calculated by:
In this case, the transmission rate is highly likely to still be in use by the legitimate network, which gives it the highest possibility to aid in a successful attack; the result for attacking probability can be given by:
Note that
We implemented and proposed an approach using an NS-3 simulator. In the experiments, the attacking surface consists of 150 legitimate nodes, and the simulation consisted of different jammers’ coalition sizes (10, 15, 20, and 25) to show that increasing the number of attacker nodes in the attacking coalition leads to improved results. In addition, the impact of jammers was shown as the jammers’ coalition increases.
The percentage of successful attacks is shown for each of the three cases, compared with different jammers’ coalition sizes. A comparison of the impact factors for the three different cases is shown by comparing each case with different jammers’ coalition sizes and comparing the accuracy for the three cases using 25 jammers’ collation sizes. Finally, the number of false positives is presented separately for the three different cases with respect to time.
Fig. 3 shows the impact of the jamming attack on the three presented cases with different jamming coalition sizes. It is clearly shown that the impact factor increases as the number of jammers increases in the coalition and the number of observations increases, which thereby increases the attacking probability.
Fig. 4 shows the number of successfully generated attacks according to the total number of generated attacks. It is clear that when there are more nodes in the attackers’ coalition, more possible attacks are generated, as shown in the figure. The generated attacks comprise both successful and unsuccessful attacks that have been launched; the figure also shows the differences between the three presented cases with the same simulation time and the same sizes of the jammers’ coalition.
Our findings in Fig. 5 show that the probability of capturing the transmission rate increases when there are more observations in a given window of time; the capturing probability is large when
Fig. 6 shows the rate of false positives regarding the cases observed, and it is clearly shown that the rate of false positives increases when the number of jammers decreases. On the other hand, the rate of false positives decreases when the number of jammers increases.
This study demonstrates that if jammers are mitigated from a legitimate network, they are still able to form a coalition and launch attacks independently. Based on the network’s attacking possibility, these nodes have the potential to launch an attack on the legitimate network. Regarding the probability of an attack, three different scenarios were developed, and we were able to demonstrate the effects of the jamming attack carried out by the attacking coalition for each of these three scenarios. In addition, a comparison between the number of generated attacks and the number of successful attacks was demonstrated. According to our findings, the number of successful attacks was higher than that of isolated attacks, and the false positive rate decreased as the number of attackers increased. Both findings are based on comparisons with solitary attacks. In the future, we intend to analyze the model by expanding it to hundreds of nodes to investigate the proposed strategy in the context of a larger coalition.
This work is supported and sponsored by Al-Balqa Applied University and Al-Ahliyya Amman University.
Persons or institutes who contributed to the papers but not enough to be coauthors may be introduced. Financial support, including foundations, institutions, pharmaceutical and device manufacturers, private companies, intramural departmental sources, or any other support should be described.
Table 1 . Summary of physical and network attacks with their effects.
Layer | Attacks | Description |
---|---|---|
Network Layer | Sinkhole Attack. [19] | Creates fake routing information, by declaring a shortest path to destination. |
Denial of Service Attack. [20] | Preventing a legitimate node from access, network or services | |
Sybil Attack [21] | Malicious node creates a large number of identities of other | |
Blackhole attack [22] | Malicious node receives packets and replies with high sequence rather than discard them | |
Grayhole Attack [23] | Malicious node agrees to participate in route formation but later it drops packets based on certain conditions | |
Wormhole attack [24] | Two or more malicious nodes forward data to each other via a tunnel | |
Rushing attack [25] | Malicious node receives route request packet, and immediately forwards it to its neighbors without processing the packet | |
Jellyfish attack [26] | Malicious node increases throughput by using alternative route for data packets | |
Physical layer | Jamming attack [27] | Malicious nodes transmit a radio signal to block legitimate communication by causing intentional interference in networks. |
Tampering [12] | Malicious nodes modify data transferred between nodes | |
Fake Node Injection [15] | Malicious control dataflow between nodes | |
Scrambling attack [25] | Malicious nodes injection interference using radio frequency to prevent bandwidth allocations | |
Replay attack [17] | Malicious nodes keeps network by resending a signed packets many times | |
Eavesdropping[25] | Malicious nodes deletes or modifies transmitted data between nodes |
Anik Islam, Md Fazlul Kader, Soo Young Shin
Journal of information and communication convergence engineering 2019; 17(3): 174-184 https://doi.org/10.6109/jicce.2019.17.3.174Seo, Hwa-Jeong;Kim, Ho-Won;
The Korea Institute of Information and Commucation Engineering 2012; 10(3): 248-252 https://doi.org/10.6109/jicce.2012.10.3.248Shin Seung-jung;Kim Jung-tae;Ryu Dae-hyun;Na Jong-Whoa;
The Korea Institute of Information and Commucation Engineering 2005; 3(1): 38-42 https://doi.org/10.7853/.2005.3.1.38