Run Away If You Can: - Persistent Jamming Attacks against Channel Hopping Wi-Fi Devices in Dense Networks

Wireless local area networks (WLANs) can adopt channel hopping technologies in order to avoid unintentional interferences such as radars or microwaves, which function as proactive jamming signals. Even though channel hopping technologies are effective against proactive types of jamming, it has been reported that reactive jammers could attack the targets through scanning busy channels. In this paper, we demonstrate that reactive jamming is only effective against channel hopping Wi-Fi devices in non-dense networks and that it is not effective in dense networks. Then, we propose a new jamming attack called “persistent jamming”, which is a modified reactive jamming that is effective in dense networks. The proposed persistent jamming attack can track a device that switches channels using the following two features, and it can attack the specific target or a target group of devices. The first feature is that the proposed attack can use the partial association ID (PAID), which is included for power saving in the IEEE 802.11ac/af/ah frame headers, to track and jam the targets. The second feature is that it is possible to attack persistently based on device fingerprints in IEEE 802.11a/b/g/n legacy devices. Our evaluation results demonstrate that the proposed persistent jamming can improve the attack efficiency by approximately 80% in dense networks compared with the reactive jamming scheme, and it can also shut down the communication link of the target nodes using 20 dBm of jamming power and a 125 ms response time.