Random Access Performance of Distributed Sensors Attacked by Unknown Jammers

Abstract

In this paper, we model and investigate the random access (RA) performance of sensor nodes (SN) in a wireless sensor network (WSN). In the WSN, a central head sensor (HS) collects the information from distributed SNs, and jammers disturb the information transmission primarily by generating interference. In this paper, two jamming attacks are considered: power and code jamming. Power jammers (if they are friendly jammers) generate noises and, as a result, degrade the quality of the signal from SNs. Power jamming is equally harmful to all the SNs that are accessing HS and simply induces denial of service (DoS) without any need to hack HS or SNs. On the other hand, code jammers mimic legitimate SNs by sending fake signals and thus need to know certain system parameters that are used by the legitimate SNs. As a result of code jamming, HS falsely allocates radio resources to SNs. The code jamming hence increases the failure probability in sending the information messages, as well as misleads the usage of radio resources. In this paper, we present the probabilities of successful preamble transmission with power ramping according to the jammer types and provide the resulting throughput and delay of information transmission by SNs, respectively. The effect of two jamming attacks on the RA performances is compared with numerical investigation. The results show that, compared to RA without jammers, power and code jamming degrade the throughput by up to 30.3% and 40.5%, respectively, while the delay performance by up to 40.1% and 65.6%, respectively.

1. Introduction

With the development of a wide range of intelligent and tiny wireless sensing devices, wireless sensor networks (WSNs) are being used for many applications in the fields of medical, industry, defense, smart homes, etc. In addition to these applications, WSNs currently drive Internet of Things (IoT) and machine-to-machine communications. WSNs consist of numerous sensor nodes (SNs) that are usually interconnected through radio frequency (RF) communication links.

Since the signal quality on a wireless medium such as RF easily degrades by unwanted interference, WSNs are vulnerable to malfunctioning SNs. In WSNs, attackers can create malicious SNs that can disrupt desired wireless transmission by generating interference and noise [1,2], which is so-called jamming [3]. Jamming attacks severely degrade the performance of WSNs, to a large extent, in energy consumption, throughput and delay.

Jamming attacks may be viewed as a special case of denial of service (DoS) attacks, which prevent or inhibit the normal use or management of communications through flooding a network with useless information using RF signals [4]. In [5], various techniques for detecting the presence of jamming attacks in WSNs are explored. In [6], jamming attacks and network defense policies are modeled together in order to capture the effect of knowledge available at each side. For LTE systems, jamming is also regarded as a major attack that causes significant DoS [7,8]. While most works have focused on the physical-layer aspects of jamming attacks, reference [9] evaluates the resilience of WSNs to jamming attacks in the aspect of the routing protocol.

On the other hand, jamming is also used to prevent eavesdroppers (Eves) from snooping legitimate communications, which is often called friendly jamming [10,11,12] or cooperative jamming [13,14]. The works in [10,12] investigate system-level issues of introducing friendly jammers. However, most works regarding cooperative jamming are in the direction of recently developing physical-layer security. In [13], multi-antenna jammers use null-space artificial noise (AN) that increases interference of Eves, but is avoided by the legitimate user, for which the right knowledge of the channel between the jammer and the Eves is essential. In [14], the cooperative jammers harvest energy transmitted by a source and use it to generate AN to jam the Eves in cognitive IoT networks, in which an auction framework that formulates the jammer selection and the power allocation together is also provided.

In WSNs, the messages are usually short and transmitted through random access (RA) procedures. However, to the best of our knowledge, there is a lack of detailed analysis in RA performance when attacked (or influenced) by jamming. In this paper, we model and investigate RA performance that is degraded by unknown jamming attacks. We assume that a central SN (referred to as the head sensor (HS) in this paper) collects information from distributed SNs through the RA channel (RACH). In order to avoid heavy collisions and contentions among crowded SNs, we assume a collision avoidance mechanism in which SNs transmit short preamble signals first and then send information messages only if they receive an indicator of acquisition (AI) of the preamble from HS. We assume a WSN that adopts direct sequence spread spectrum modulation like in ZigBee [15], IEEE 802.15.4 [16] and UMTS WCDMA [17] applications. Furthermore, two jamming attacks are considered: power and code jamming. In power jamming, attackers (if they are friendly jammers) generate noises and, as a result, degrade the quality of the signal from SNs. Power jamming is equally harmful to all the SNs that are accessing HS. To overcome the prevailing interference, so-called power-ramping by which SNs gradually increase transmitting power in preamble transmission is also modeled in this paper. Power jamming simply induces DoS without any need to hack HS and SNs.

On the other hand, code jammers need to know the boundary of access slots and the access code used to send preambles or the messages since they generate and send fake signals with the same spreading code being used by the legitimate SNs. The access slot can be known if the code jammers successfully look at the synchronization channel from HS and the access code is normally open in common air protocol specifications. Code jamming hence gives different effects compared with power jamming. At the stage of preamble transmission, code jamming reinforces the power level of SNs that use the same access code, but reduces, similarly to power jamming, the signal quality of SNs choosing different codes. As a result of code jamming, some SNs can receive AI more easily and have more chances to transmit the message, which is again jammed by the code jammers using the same code. Code jamming looks like RF spoofing where the jammers transmit a fake signal that masquerades as an actual signal [18]. The code jamming hence increases the failure probability in sending the information messages and intends to mislead the adequate allocation of radio resources.

In this paper, we also present the probability of successful preamble transmission with power ramping according to the jamming types and the resulting throughput and delay of information transmission of SNs, respectively. With numerical investigation, the effect of the two jamming attacks on RA performance of SNs is compared in terms of throughput, as well as delay. The results show that, compared to RA without jammers, power and code jamming degrade the throughput by up to 30.3% and 40.5%, respectively, while the delay performance by up to 40.1% and 65.6%, respectively.

The remainder of the paper is organized as follows. The system model, RA procedure, a power capture model according to jamming types and power ramping for preamble transmission are presented in Section 2. In Section 3, we present the success probability of preamble transmission, the throughput and the access delay. We compare RA performances of SNs attacked by power and code jamming with numerical investigation in Section 4. Finally, conclusions are presented in Section 5. The main notations used in this paper are listed in

Table A1. Notations.

Notation	Description
N	The number of legitimate SNs contending for the same access slot
G	Arrival rate of composite PT is modeled by a Poisson process
s	The number of available access codes
K	The number of SNs selecting the same code in the same time slot
L	The number of fingers in a RAKEreceiver
$\mu$	Average received power from each path
${\mathcal{P}}^{\left(l\right)}$	Received power at each finger
$n_p$	The number of SNs in simultaneous PT
$n_J$	The number of jammers
$n_m$	The number of SNs transmitting MSG
$P_i^{\left(p\right)}$	Received power from SN-i transmitting a preamble
$P_j^{\left(m\right)}$	Received power from SN-j transmitting MSG
$P_J$	Received power from a hostile jammer
${\beta }_p$	Minimum SINR required for successfully decoding a preamble
$\eta$	Interference plus noise power
q	Probability of successful reception of AI
W	The number of SNs that successfully receive AI
z	Slot length for MSG transmission
t	Time index of the access slots used by delivering MSG
$n_{p,t}$	The number of SNs transmitting a preamble at access slot t
$n_{m,t}$	The number of SNs transmitting MSG at access slot t
w	The number of SNs that receive the same AI with SN-A
${\mathcal{P}}_A^{\left(wco\right)}$	Probability of safe reception of MSG without collision-outage
${\mathcal{P}}_i^{(m,l)}$	Received MSG power at l-th finger from SN-i
$P_{i,t}^{\left(p\right)}$	Received power from SN-i transmitting a preamble at the t-th access slot
$P_{j,t}^{\left(m\right)}$	Received power from SN-j transmitting MSG at the t-th access slot
${\gamma }_A^{\left(m\right)}$	SINR of MSG signals
${\beta }_m$	SINR requirement of MSG signals
$\mu$	Average path power
r	The number of retransmissions
$\overline{m}$	Average number of preamble retransmissions
$m_J$	Average jamming power
$P_J$	Maximum power level of jamming signals
$\alpha$	Power increment ratio for MSG transmission
$u_{•}\left(r\right|n_p,k,n_m,n_J)$	Conditional success probability at the r-th preamble transmission
P	State variable for indicating power jamming
S	State variable for indicating code jamming
$G_0$	Arrival rate of initial PT
$G_r$	Arrival rate of the r-th preamble retransmissions
$S_P$	Throughput of PT
$r_{max}$	The maximum number of allowable preamble retransmissions
$q_A$	Probability that SN-A receives AI successfully
$q_J$	Probability that a jammer receives AI successfully
$T_{•}\left(r\right)$	Success probability of MT after the successful r-th preamble retransmission
$S_T$	Throughput of PT and MSG transmission
C	The number of restarts of TC
${\overline{T}}_{•}\left(r\right)$	Probability that MT is failed
$D_P$	Average delay occurred in PT and receiving AI
$D_S$	Average delay occurred in TC when TC terminates successfully
$D_F$	Average delay occurred in TC when TC terminates with a failure
$D_T$	Total access delay
$\stackrel{\left(\mathrm{def}\right)}{=}$	Definition declaration
$\lfloor ·\rfloor$	Floor function

in Appendix C.

2. System Model

2.1. System Description and RA Procedure

We consider a cluster-tree-based WSN that consists of multiple noncooperative SNs and an HS. SNs measure certain (local, ambient) information and send it to the HS through an RF channel called a physical RACH (PRACH is a well-known terminology used in 3GPP standards. In this paper, however, PRACH does not imply a specific one used in current standards, but is a generic term that just indicates some physical-layer definitions for RACH described in the following). Every node is assumed to be equipped with a single omnidirectional antenna. We assume that a frame of PRACH is 20 ms long, which consists of 15 access slots, as in Figure 1. When an SN has information to send, a frame-long message (referred to as MSG) is assumed to encapsulate the information wholly and to be sent to the HS using PRACH. To send MSG successfully, the SN should completes three steps: transmitting a preamble on PRACH, receiving the AI of the preamble from the HS and sending MSG, which is referred to as a transmission cycle (TC) in this paper.

2.1.1. RA Procedure

For a TC, SN starts with preamble transmission (PT). In PT, SN randomly selects an access code in a set of available orthogonal signature codes and an access slot among available slots. HS usually broadcasts a list of available codes and slots for SNs’ information. We assume that the preamble is 256 repetitions of the selected orthogonal spreading code of 16 chips long. It is noted that no user-specific information is carried by the preamble.

If HS receives the preamble successfully, it sends AI on the downlink (from HS to SN) AI channel (AICH in Figure 1). Unless the SN receives the AI adequately, it retransmits the same preamble again at a higher power level after a random back-off delay. Preamble retransmission will continue up to an allowable maximum number or until the preamble request is successfully received [17,19]. Parameter values used in PT (e.g., the transmission power range, the power control parameters and the maximum number of preamble retransmissions) are received through the higher layer control messages from HS.

If PT is successful and AI is correctly received by SN, MSG transmission (MT) will start using the same (selected) signature code used for PT and the same power level used in the latest PT. MSG usually delivers the information data, as well as the control data, which include pilot bits and/or the frame information. A TC is completed after successful PT and MT.

2.1.2. Jamming Types

In power jamming, the jammer is assumed to send arbitrary signals or just sine-waves with full transmitting power at each slot. It causes the same level of interference to every SN in the system. On the other hand, in code jamming, the jammer is assumed to send a preamble using a randomly or specifically selected access code with the full power. It targets influencing the SNs using the same access code, but also works as interference for the other SNs. Since the code jammer works like a legitimate SN, it can hear AI from HS if PT is successful, and then, it sends a fake MSG using the same code, which further distorts the utilization of radio resources in the WSN.

2.1.3. Traffic and RF Channel Model

The arrival of composite PTs (including initial transmissions and retransmissions) is modeled by a Poisson process with rate G, which is also known as the offered traffic. Let N be the number of (legitimate) SNs contending for the same access slot. The distribution of N is therefore:

$$\begin{array}{c}\hfill Pr\{N=n\}=\frac{G^n{e}^{-G}}{n!},n=0,1,2,\cdots .\end{array}$$

(1)

Let us denote a representative SN by SN-A (i.e., anonymous SN) for the purpose of presentation. Let s and K be the number of available access codes and the number of SNs selecting the same code with SN-A for accessing the same slot, respectively. Given s and $N=n$, the probability that SN-A collides with other $K-1$ SNs that choose the same code is given by:

$$\begin{array}{c}\hfill Pr\{K=k|s,N=n\}=\left(\genfrac{}{}{0pt}{}{n-1}{k-1}\right){\left(\frac{1}{s}\right)}^{k-1}{\left(\frac{s-1}{s}\right)}^{n-k},1\le k\le n.\end{array}$$

(2)

We assume that PRACH suffers from frequency-selective multipath Rayleigh slow-fading. Assuming that the shadowing and attenuation effects can be compensated by the open-loop power control used in UMTS RACH [19], the envelope of the received signal in one path is therefore a Rayleigh random variable. Let us assume that a perfect RAKE receiver with L fingers is used at HS. Additionally, we also assume that $\mu$ is the average received power from each path, and the received power of each finger ${\mathcal{P}}^{\left(l\right)}$ has an exponential distribution, i.e., $f_{{\mathcal{P}}^{\left(l\right)}}\left(x\right)=e^{-x/\mu }/\mu (x>0)$. Then, the signal powers distributed in L independent paths can be aggregated together so that the total received power $P={\sum }_{l=1}^L{\mathcal{P}}^{\left(l\right)}$ has a gamma distribution, i.e.,

$$\begin{array}{c}\hfill f_P\left(x\right)=\frac{x^{L-1}{e}^{-x/\mu }}{(L-1)!{\mu }^L},x>0.\end{array}$$

(3)

It is noted that if we assume a narrow-band transmission like in narrow-band IoT, then PRACH can be assumed to suffer from a frequency-non-selective Rayleigh channel. In this case, $L=1$ in (3) builds the probability distribution.

2.2. Power Capture Model for Preamble Transmission

Let us consider a typical access slot where there are s access codes available and k SNs (including SN-A) select the same code. Let $n_p$ (previously n) denote the number of SNs that are in simultaneous PT, $n_J$ be the total number of jammers and $n_m$ be the number of SNs that are transmitting MSG in this slot. If code jamming is considered, we assume that there are one code jammer and $n_J-1$ power jammers. Let $P_i^{\left(p\right)}$, $P_j^{\left(m\right)}$ and $P_J$ be the total received power from SN-i transmitting a preamble, from SN-j transmitting MSG and from a hostile jammer, respectively. Since the preamble contains only the repetitions of a selected code, assuming a perfect RAKE receiver, HS can aggregate the power of PTs from those k code-collided SNs (including SN-A) and the jammer (if it uses code jamming) [20,21]. Let ${\beta }_p$ be the minimum signal-to-interference-plus-noise ratio (SINR) required to decode a preamble successfully. Then, the condition for correct reception of the preamble sent by SN-A (or SNs using the same code) when the attack is power jamming is:

$$\begin{array}{c}\hfill \frac{P_A^{\left(p\right)}+{\sum }_{i=2}^k{P}_i^{\left(p\right)}}{{\sum }_{i=k+1}^{n_p}{P}_i^{\left(p\right)}+{\sum }_{j=1}^{n_m}{P}_j^{\left(m\right)}+n_J{P}_J+\eta }\ge {\beta }_p,\end{array}$$

(4)

where $\eta$ represents interfering power from other sources (for example, from a neighbor WSN using an adjacent RF channel) plus background noise.

If the attack includes code jamming, the above condition becomes:

$$\begin{array}{c}\hfill \frac{P_A^{\left(p\right)}+{\sum }_{i=2}^k{P}_i^{\left(p\right)}+P_J}{{\sum }_{i=k+1}^{n_p}{P}_i^{\left(p\right)}+{\sum }_{j=1}^{n_m}{P}_j^{\left(m\right)}+(n_J-1)P_J+\eta }\ge {\beta }_p,\end{array}$$

(5)

where $P_J$ in the numerator is the received power from the code jammer transmitting a fake preamble using the same code and $(n_J-1)P_J$ is the sum of powers from power jammers and/or the other code jammers that are using different access codes.

Let q denote the probability of successful reception of AI by an SN, which is assumed independent of all other uplink probabilistic matters since AI is received through the downlink. Additionally, let W be the number of SNs that successfully receive AI among $K-1$ SNs except SN-A. Then:

$$\begin{array}{c}Pr\{W=w|K=k\}=\left(\genfrac{}{}{0pt}{}{k-1}{w}\right)q^w{(1-q)}^{k-1-w},0\le w\le k-1.\hfill \end{array}$$

(6)

2.3. Power Capture Model for Message Transmission

When an SN receives AI successfully, it sends its MSG that occupies z access slots. Let t ($1\le t\le z$) denote a time index of the access slots used by delivered MSG. Additionally, let $n_{p,t}$ and $n_{m,t}$ denote the number of SNs transmitting a preamble and the number of SNs transmitting MSG at access slot t, respectively. In MT, the desired MSG from an SN is received by HS through L signal paths. A collision-outage is assumed to occur if the received power, from SN-A for example, of at least one path drops below the power from other SNs that use the same code. If the collision-outage occurs, the desired MSG is corrupted by other MSGs. Recalling that w denotes the number of SNs that receive the same AI with SN-A, the probability of safe reception of MSG from SN-A without collision-outage at HS is given by:

$$\begin{array}{c}\hfill {\mathcal{P}}_A^{\left(\mathrm{wco}\right)}=\prod _{l=1}^{L}Pr\left\{P_A^{(m,l)}>\underset{i=1,2,\cdots ,w}{max}{P}_i^{(m,l)}\right\},\end{array}$$

(7)

where $P_i^{(m,l)}$ is the received MSG power at the l-th finger from SN-i. It is noted that $P_i^{\left(m\right)}={\sum }_{l=1}^L{P}_i^{(m,l)}$ for all i. A closed-form expression of ${\mathcal{P}}_A^{\left(\mathrm{wco}\right)}$ is presented in Appendix A.

Since a code jammer behaves similarly to legitimate SNs, it causes further interference additional to the interfering powers in the right-hand side of (7). With code jamming, the above collision-outage probability then becomes:

$$\begin{array}{c}\hfill {\mathcal{P}}_A^{(\mathrm{wco},\mathrm{c})}=\prod _{l=1}^{L}Pr\left\{P_A^{(m,l)}>max\left(\underset{i=1,2,\cdots ,w}{max}\left(P_i^{(m,l)}\right),P_J^{(m,l)}\right)\right\},\end{array}$$

(8)

where ${\mathcal{P}}_J^{(m,l)}$ is the received power of the l-th finger from the code jammer that transmits a fake message. If the jammer cannot receive the AI, then it is assumed to transmit a fake preamble and hence works like a power jammer. A closed-form expression of ${\mathcal{P}}_A^{(\mathrm{wco},\mathrm{c})}$ is presented in Appendix B.

Let $P_{i,t}^{\left(p\right)}$ and $P_{j,t}^{\left(m\right)}$ be the total received power from SN-i transmitting a preamble and SN-j transmitting MSG (using the different access codes from SN-A) at the t-th ($1\le t\le z$) access slot, respectively. Let $n_{p,t}$ and $n_{m,t}$ be the corresponding numbers of SNs transmitting a preamble and MSG at the t-th access slot, respectively. Then, the SINR of MSG signals from SN-A, ${\gamma }_A^m$, is defined by:

$$\begin{array}{c}\hfill {\gamma }_A^{\left(m\right)}\stackrel{\left(\mathrm{def}\right)}{=}\frac{z{P}_A^{\left(m\right)}}{{\sum }_{t=1}^z\left({\sum }_{i=1}^{n_{p,t}}{P}_{i,t}^{\left(p\right)}+{\sum }_{j=1}^{n_{m,t}}{P}_{j,t}^{\left(m\right)}\right)+z\left({\sum }_{i=1}^w{P}_i^{\left(m\right)}+n_J{P}_J\right)+z\eta }.\end{array}$$

(9)

Thus, ${\gamma }_A^{\left(m\right)}\ge {\beta }_m$ is the condition for correct reception of MSG sent by SN-A, where ${\beta }_m$ is the SINR requirement. In this paper, since we model that condition ${\gamma }_A^{\left(m\right)}\ge {\beta }_m$ is applied only when collision-outage is free, ${\gamma }_A^{\left(m\right)}$ is equally obtained for power and code jamming.

2.4. Power Ramping for Preamble Transmission and Message Transmission

By using open-loop power estimation, an SN can adjust its initial transmission power based on the received signal strength from the HS [17]. The aim is to let the received power at the HS exceed a predetermined power level. For the initial PT, we assume that all SNs have the same target power level $\mu L$, recalling that $\mu$ is an average path power and L is the number of effective paths. If the initial PT fails, a higher target power level is used for retransmission. We assume that $\mu L$ is the power increment unit adopted at each of preamble retransmissions as in [22]. Let us denote the number of retransmissions by r, and let $m_r\stackrel{\left(\mathrm{def}\right)}{=}r+1$. Then, $m_r\mu L$ represents the target power level in the r-th preamble retransmission. Hereafter, we denote the average number of preamble retransmissions by $\overline{m}$, and thus, $\overline{m}\mu L$ means that the average power level is used in PT. Average jamming power is also represented by $m_J$ (in the unit of power increment step $\mu L$), such that $m_J\mu L=P_J$, where $P_J$ is the maximum power level of jamming signals.

After PT is successful, SNs that received AI send MSG with an adjusted power level. Let us denote a power increasing factor for MSG transmission by $\alpha (\ge 1)$. When an SN receives AI successfully after r or the $\overline{m}$-th preamble retransmission, it sends its MSG using power level $\alpha m_r\mu L$ or $\alpha \overline{m}\mu L$, respectively.

3. RA Performance Analysis

3.1. Success Probability of Preamble Transmission

3.1.1. Success Probability of r-th Preamble Retransmission

Given that $n_p$, $n_m$, k and $n_J$, let us denote the conditional success probability at the r-th preamble retransmission (i.e., at the $(r+1)$-th PT) by $u_{•}\left(r\right|n_p,k,n_m,n_J)$, where $•\in \{P,S\}$ and furthermore P for power jamming and S for code jamming. The probability can be obtained analogously by the method used in [22] according to the criteria (4) and (5), respectively.

$$\begin{array}{cc}\hfill & u_{•}\left(r\right|n_p,k,n_m,n_J)=\left\{\begin{array}{c}\frac{exp\left(-\frac{{\beta }_{p}c}{\mu }\right)}{{\left(1+{\beta }_p\right)}^b(b-1)!}\sum _{i=0}^{a-1}\sum _{j=0}^i\frac{(b+j-1)!}{j!(i-j)!}\frac{{\beta }_p^i}{{(1+{\beta }_p)}^j}{\left(\frac{c}{\mu }\right)}^{i-j},1\le k\le n_p-1,\hfill \\ exp\left(-\frac{{\beta }_{p}c}{\mu }\right)\sum _{i=0}^{a-1}\frac{1}{i!}{\left(\frac{{\beta }_{p}c}{\mu }\right)}^i,k=n_p,\hfill \end{array}\right.\hfill \end{array}$$

(10)

where the three interim variables a, b and c for the power jamming (i.e., $•=P$) are defined as:

$$\begin{array}{c}\hfill \left\{\begin{array}{c}a=\lfloor \left(k-1\right)\overline{m}L+m_{r}L\rfloor ,\hfill \\ b=\lfloor \left(n_p-k\right)\overline{m}L+n_m\alpha \overline{m}L+n_J{m}_{J}L\rfloor ,\hfill \\ c=\lfloor \eta \rfloor ,\hfill \end{array}\right.\end{array}$$

(11)

and for the code jamming (i.e., $•=C$):

$$\begin{array}{c}\hfill \left\{\begin{array}{c}a=\lfloor \left(k-1\right)\overline{m}L+m_{r}L+m_{J}L\rfloor ,\hfill \\ b=\lfloor \left(n_p-k\right)\overline{m}L+n_m\alpha \overline{m}L+(n_J-1)m_{J}L\rfloor ,\hfill \\ c=\lfloor \eta \rfloor .\hfill \end{array}\right.\end{array}$$

(12)

Aggregating $u_{•}\left(r\right|n_p,k,n_m,n_J)$ for all possible values on $n_p$ and k gives:

$$\begin{array}{c}\hfill u_{•}\left(r\right|n_m,n_J)=\sum _{n_p=1}^{\infty }\sum _{k=1}^{n_p}Pr\{K=k|N=n_p\}Pr\{N=n_p\}{\tilde{u}}_{•}\left(r\right|n_p,k,n_m,n_J),\end{array}$$

(13)

where an interim function ${\tilde{u}}_{•}\left(r\right|n_p,k,n_m,n_J)$ represents either ${\tilde{u}}_P\left(r\right|n_p,k,n_m,n_J)=u_P\left(r\right|n_p,k,n_m,n_J)$ for power jamming or:

$$\begin{array}{cc}\hfill & {\tilde{u}}_C\left(r\right|n_p,k,n_m,n_J)=\underset{u_{C,1}}{\underbrace{\frac{n_J}{s}{u}_C\left(r\right|n_p,k,n_m,n_J)}}+\underset{u_{C,2}}{\underbrace{\frac{s-n_J}{s}{u}_P\left(r\right|n_p,k,n_m,n_J)}},\hfill \end{array}$$

(14)

for code jamming. Furthermore, $u_{C,1}$ and $u_{C,2}$ in (14) represent whether SN-A selects the code being jammed by a code jammer or not, respectively. Hereafter, we use $u_{•}\left(r\right)\stackrel{\left(\mathrm{def}\right)}{=}{u}_{•}\left(r\right|n_m,n_J)$ for notational brevity.

3.1.2. Derivation of $\overline{m}$

Let $G_0$ and $G_r$ denote the arrival rates of the initial PT and the r-th preamble retransmissions, respectively. Let $S_P$ be the throughput of PT, and let $r_{\max }$ be the maximum number of preamble retransmissions allowed. Let $q_A$ denote the probability that SN-A receives AI successfully. The relationship between $G_0$ and $G_r$ is then:

$$\begin{array}{c}\hfill \left\{\begin{array}{c}{G}_0=S_P+G_{r_{\max }}\{1-u_{•}\left(r_{\max }\right)q_A\},\hfill \\ G_1=G_0\{1-u_{•}\left(0\right)q_A\},\hfill \\ G_2=G_1\{1-u_{•}\left(1\right)q_A\},\hfill \\ ⋮\hfill \\ G_{r_{\max }}=G_{r_{\max }-1}\{1-u_{•}(r_{\max }-1)q_A\}.\hfill \end{array}\right.\end{array}$$

(15)

The composite offered traffic is therefore $G={\sum }_{r=0}^{r_{\max }}{G}_r$. From (15), $G_r$ is given by:

$$\begin{array}{c}\hfill G_r=\frac{G{\prod }_{i=0}^{r-1}\{1-u_{•}\left(i\right)q_A\}}{1+{\sum }_{j=1}^{r_{max}}{\prod }_{i=0}^{j-1}\{1-u_{•}\left(i\right)q_A\}}.\end{array}$$

(16)

The average number of retransmissions $\overline{m}$ to measure the corresponding average power level in the unit of $\mu L$ is then given by:

$$\overline{m}=\sum _{r=0}^{r_{\max }}{m}_r\frac{G_r}{G}=\frac{1+{\sum }_{r=1}^{r_{\max }}\left[m_r{\prod }_{i=0}^{r-1}\{1-u_{•}\left(i\right)q_A\}\right]}{1+{\sum }_{r=1}^{r_{\max }}{\prod }_{i=0}^{r-1}\{1-u_{•}\left(i\right)q_A\}}.$$

(17)

It should be noted the success probability $u_{•}\left(r\right)$ in (13) is a function of $\overline{m}$, while $\overline{m}$ as expressed in (17) is a function of $u_{•}\left(r\right)$. Therefore, (13) and (17) are to be solved recursively in order to get $\overline{m}$.

3.2. Throughput of Random Access Request

Let $q_J$ denote the probability that a jammer receives AI successfully. The success probability of MT after the successful r-th preamble retransmission in the presence of the power jamming and the code jamming for given $n_m$, $n_{m,t}$, $n_{p,t}$ and $n_J$ can be derived as:

$$\begin{array}{c}{T}_P\left(r\right|n_m,n_{m,t},n_{p,t},n_J)=\sum _{n_p=1}^{\infty }\sum _{k=1}^{n_p}Pr\{K=k|N=n_p\}Pr\{N=n_p\}{u}_P\left(r\right|n_p,k,n_m,n_J)q_A\hfill \\ \times \sum _{w=0}^{k-1}\left(\genfrac{}{}{0pt}{}{k-1}{w}\right)q^w{(1-q)}^{k-1-w}\left[\underset{\left(\mathrm{I}\right)}{\underbrace{{\mathcal{P}}_A^{\left(\mathrm{wco}\right)}}}\underset{\left(\mathrm{II}\right)}{\underbrace{Pr\{{\gamma }_A^{\left(m\right)}\ge {\beta }_m|n_{m,t},n_{p,t},w,n_J\}}}\right],\hfill \end{array}$$

(18)

and:

$$\begin{array}{cc}\hfill T_C\left(r\right|n_m,n_{m,t},n_{p,t},n_J)& =\sum _{n_p=1}^{\infty }\sum _{k=1}^{n_p}Pr\{K=k|N=n_p\}Pr\{N=n_p\}{q}_A\sum _{w=0}^{k-1}\left(\genfrac{}{}{0pt}{}{k-1}{w}\right)q^w{(1-q)}^{k-1-w}\hfill \\ & \times [\frac{n_J}{s}{u}_C\left(r\right|n_p,k,n_m,n_J)\left\{q_J\underset{\left(\mathrm{III}\right)}{\underbrace{{\mathcal{P}}_A^{(\mathrm{wco},\mathrm{c})}}}+(1-q_J){\mathcal{P}}_A^{\left(\mathrm{wco}\right)}\right\}\hfill \\ & +\frac{s-n_J}{s}{u}_P\left(r\right|n_p,k,n_m,n_J){\mathcal{P}}_A^{\left(\mathrm{wco}\right)}]Pr\{{\gamma }_A^{\left(m\right)}\ge {\beta }_m|n_{m,t},n_{p,t},w,n_J\},\hfill \end{array}$$

(19)

respectively. Hereafter, we use $T_{•}\left(r\right)\stackrel{\left(\mathrm{def}\right)}{=}{T}_{•}\left(r\right|n_m,n_{m,t},n_{p,t},n_J)$ for notational brevity. Practically, the terms $\left(\mathrm{I}\right)$ (also $\left(\mathrm{III}\right)$) and $\left(\mathrm{II}\right)$ are not independent when $w\ge 1$ and a closed-form expression of (18) (also for (19)) is not tractable. In this paper, we assume that the terms are independent for brevity. If $w=0$, $\left(\mathrm{I}\right)$ becomes one, and the independent assumption is valid. Now, the term $\left(\mathrm{II}\right)$ can be derived based on the result in (10):

$$\begin{array}{c}\hfill \left(\mathrm{II}\right)=\frac{exp\left(-\frac{{\beta }_{m}c}{\mu }\right)}{{\left(1+{\beta }_m\right)}^b(b-1)!}\sum _{i=0}^{a-1}\sum _{j=0}^i\frac{(b+j-1)!}{j!(i-j)!}\frac{{\beta }_m^i}{{(1+{\beta }_m)}^j}{\left(\frac{c}{\mu }\right)}^{i-j},\end{array}$$

(20)

where the three interim variables a, b and c are defined as:

$$\begin{array}{c}\hfill \left\{\begin{array}{c}a=\lfloor z\alpha m_{r}L\rfloor ,\hfill \\ b=\lfloor \sum _{t=1}^z\left(n_{p,t}\overline{m}L+n_{m,t}\alpha \overline{m}L\right)+z\left(w\alpha \overline{m}L+n_J{m}_{J}L\right)\rfloor ,\hfill \\ c=\lfloor z\eta \rfloor .\hfill \end{array}\right.\end{array}$$

(21)

From (18) and (19), the throughput of the preamble and the message transmission can be derived as:

$$\begin{array}{ccc}\hfill S_T& =& \sum _{r=0}^{r_{max}}{G}_r{T}_{•}\left(r\right)=\sum _{r=0}^{r_{max}}\frac{G{\prod }_{i=0}^{r_{max}-1}\{1-u_{•}\left(i\right)q_A\}{T}_{•}\left(r\right)}{1+{\sum }_{j=1}^{r_{max}}{\prod }_{i=0}^{j-1}\{1-u_{•}\left(i\right)q_A\}}.\hfill \end{array}$$

(22)

3.3. Access Delay of Random Access Request

The success of TC consists of both successes of PT and MT. The failure of TC then occurs when the number of preamble retransmissions exceeds $r_{max}$ or MT fails after the SN receives AI. If TC is declared to be a failure, SNs restarts PT in a new TC with setting the transmitting power at an initial level, i.e., $m_r=1$. Let C be the number of restarts of TC to an end of successful MT. By assuming that all transmission attempts are independent, the distribution of C is given by:

$$\begin{array}{c}\hfill Pr\{C=c\}=\frac{S_T}{G}{\left(1-\frac{S_T}{G}\right)}^c,c=0,1,2,\cdots .\end{array}$$

(23)

Let ${\overline{T}}_{•}^{\left(M\right)}\left(r\right|n_m,n_{m,t},n_{p,t},n_J)$ be the probability that MT has failed though PT (i.e., the r-th retransmission), and receiving AI are successful, given $n_m$, $n_{m,t}$, $n_{p,t}$ and $n_J$. ${\overline{T}}_{•}^{\left(M\right)}\left(r\right)\stackrel{\left(\mathrm{def}\right)}{=}{\overline{T}}_{•}^{\left(M\right)}\left(r\right|n_m,n_{m,t},n_{p,t},n_J)$ can be expressed as in (24) and (25) for power and code jamming, respectively.

$$\begin{array}{cc}\hfill & {\overline{T}}_P\left(r\right|n_m,n_{m,t},n_{p,t},n_J)=\sum _{n_p=1}^{\infty }\sum _{k=1}^{n_p}Pr\{K=k|N=n_p\}Pr\{N=n_p\}{u}_P\left(r\right|n_p,k,n_m,n_J)q_A\hfill \\ & \times \sum _{w=0}^{k-1}\left(\genfrac{}{}{0pt}{}{k-1}{w}\right)q^w{(1-q)}^{k-1-w}\left[1-{\mathcal{P}}_A^{\left(\mathrm{wco}\right)}Pr\{{\gamma }_A^{\left(m\right)}\ge {\beta }_m|n_{m,t},n_{p,t},w,n_J\}\right],\hfill \end{array}$$

(24)

$$\begin{array}{cc}\hfill & {\overline{T}}_C\left(r\right|n_m,n_{m,t},n_{p,t},n_J)=\sum _{n_p=1}^{\infty }\sum _{k=1}^{n_p}Pr\{K=k|N=n_p\}Pr\{N=n_p\}{q}_A\sum _{w=0}^{k-1}\left(\genfrac{}{}{0pt}{}{k-1}{w}\right)q^w{(1-q)}^{k-1-w}\hfill \\ & \times [\frac{n_J}{s}{u}_C\left(r\right|n_p,k,n_m,n_J)q_J\left\{1-{\mathcal{P}}_A^{(\mathrm{wco},\mathrm{c})}Pr\{{\gamma }_A^{\left(m\right)}\ge {\beta }_m|n_{m,t},n_{p,t},w,n_J\}\right\}\hfill \\ & +\left\{\frac{n_J}{s}{u}_C\left(r\right|n_p,k,n_m,n_J)(1-q_J)+\frac{s-n_J}{s}{u}_P\left(r\right|n_p,k,n_m,n_J)\right\}\hfill \\ & \times \left\{1-{\mathcal{P}}_A^{\left(\mathrm{wco}\right)}Pr\{{\gamma }_A^{\left(m\right)}\ge {\beta }_m|n_{m,t},n_{p,t},w,n_J\}\right\}].\hfill \end{array}$$

(25)

Let us denote the average delay (in the unit of access slot) occurring in PT and receiving AI by $D_P$. Let $D_S$ and $D_F$ be the average delay occurred in TC when TC terminates successfully or not, respectively. By using (19) and (25) for $D_S$, and (18) and (24) for $D_F$, we can have, in addition to (16),

$$\begin{array}{ccc}\hfill D_F& =& \frac{1}{{\mathsf{\Omega }}_F}\left[\sum _{r=0}^{r_{max}}\frac{G_r}{G}{\overline{T}}_{•}\left(r\right)\{(r+1)D_P+z\}+\left\{1-\sum _{r=0}^{r_{max}}\frac{G_r}{G}({\overline{T}}_{•}\left(r\right)+T_{•}\left(r\right))\right\}(r_{max}+1)D_P\right],\hfill \end{array}$$

(26)

where ${\mathsf{\Omega }}_F=1-{\sum }_{r=0}^{r_{max}}\frac{G_r}{G}{T}_{•}\left(r\right)$, and:

$$\begin{array}{ccc}\hfill D_S& =& \frac{1}{{\mathsf{\Omega }}_S}\sum _{r=0}^{r_{max}}\frac{G_r}{G}{T}_{•}\left(r\right)\{(r+1)D_P+z\},\hfill \end{array}$$

(27)

where ${\mathsf{\Omega }}_S={\sum }_{r=0}^{r_{max}}{G}_r{T}_{•}\left(r\right)/G$.

By using (23), (26) and (27), the total access delay $D_T$ is given by:

$$\begin{array}{c}\hfill D_T=\sum _{c=0}^{\infty }Pr\{C=c\}(c{D}_F+D_S).\end{array}$$

(28)

4. Numerical Results

Computer simulation is done using the parameter values given in

Table 1. Parameter values used in numerical evaluation.

Parameter	Value
The number of resolvable paths	$L=3$
Average received power from one path	$\mu =1$
Interference plus noise power	$\eta =2$
Minimum SINR for correct preamble reception	${\beta }_p=-5$ dB
Power increment ratio for message transmission	$\alpha =1.2$
Minimum SINR for correct message reception	${\beta }_m=-5$ dB
Maximum number of preamble retransmission	$r_{max}=5$
The number of available access codes	$s=16$
Probability of successfully receiving AI by an SN or a jammer	$q=q_A=q_J=0.8$
Average delay in reception of AI after successful PT	$D_P=3$
Slot length in message transmission	$z=15$

. The number of SNs transmitting preamble signals follows a Poisson distribution with mean G, and we assume that $n_m=n_{m,t}=n_{p,t}=G$ for all t. Thus, when $G\ge 2$, it is assumed in the simulation that SNs during PT are interfered by other multiple SNs that are transmitting either MSG or preamble. Additionally, scenarios with a different number of jammers $n_J=1,2,3$ are also tested, respectively.

Figure 2, Figure 3 and Figure 4 compare the success probability $u_{•}\left(r\right)$ of PT under different jamming attacks by the different numbers of jammers when the offered traffic G is 1, 3 and 5, respectively. In the figures, it is seen that the code jamming is less harmful than the power jamming in terms of the success probability. This is because, referring to (5), the signal power of the code jammer is added to desired signal power from SNs that select the same access code with the jammer, which increases $u_{•}\left(r\right)$ at HS. In power jamming, on the other hand, the whole power is treated as interference. In the same context, it is seen that the performance definitely degrades as the number of power jammers increases in Figure 2, Figure 3 and Figure 4. In code jamming, however, more jammers can contribute to improving the performance: for example, if the number of code jammers increases to 1, 2 and 3, in Figure 2 (when G = 1), $u_{•}\left(0\right)$ also increases to 0.38, 0.4 and 0.41, respectively. It should be noted that the code jammers do not always contribute to increasing $u_{•}\left(r\right)$: for example, when $r\ge 3$ in Figure 2, it is seen that the more code jammers provide the lower $u_{•}\left(r\right)$, which is also true for the overall range of tested r in Figure 4 (when G = 5). Furthermore, code jamming (with one or two jammers) sometimes (when $0\le r\le 4$) gives better performance than PT without jamming especially when G = 5 in Figure 4. Comparing Figure 2, Figure 3 and Figure 4, it is seen that jamming severely degrades the performance of $u_{•}\left(r\right)$ especially in the light offered load. In the very heavy load, code jamming sometimes increases $u_{•}\left(r\right)$. In terms of $u_{•}\left(r\right)$, power jamming is more harmful than code jamming over a wide range of parameter values.

Figure 5 compares the throughput of final MSG transmission $S_T$ for increasing offered traffic G, where code and power jamming attacks with 1–3 jammers are considered, respectively. If the same number of jammers is considered, the throughput with code jamming is smaller than that with power jamming over all G tested, though code jamming achieves usually better $u_{•}\left(r\right)$ than power jamming in Figure 2, Figure 3 and Figure 4. This is because MSGs from desired SNs have collided with those from the code jammers using the same code. When $G=2$, 21%, 25%, 30%, 36%, 30% and 40% of throughput are lost due to 1 power jammer, 1 code jammer, 2 power jammers, 3 power jammers, 2 code jammers and 3 code jammers, respectively. When $G=3$, the amount of throughput loss is not distinguishable between the numbers of power jammers. Moreover, when $G=4$, the throughput with and without power jamming becomes equal due to the overwhelming interference. However, code jammers further degrade the throughput compared to power jammers over all G tested.

Figure 6 compares the access delay $D_T$ of final MSG transmission for increasing offered traffic G, where code and power jamming attacks with 1–3 jammers are considered, respectively. The result in Figure 6 certainly matches that in Figure 5. If the same number of jammers is considered, the delay with code jamming is greater than that with power jamming over all G tested, which is a similar trend that can be expected from Figure 5. When $G=2$, 27%, 34%, 40%, 56%, 40% and 65% of greater delay than without-jamming result due to 1 power jammer, 1 code jammer, 2 power jammers, 3 power jammers, 2 code jammers and 3 code jammers, respectively. When $G=3$, the amount of delay increase is not distinguishable with the numbers of power jammers. Moreover, when $G=4$, the delay with and without power jamming becomes equal due to overwhelming interference. However, code jammers further increase the delay compared to power jammers over all G tested.

From the above numerical investigations, we can address two ideas to detect whether the jammers exist or not if HS has certain measurement data, the implementation of which would be left for future study. One is using the concave throughput graphs achieved in Figure 5. We assume that HS have measurement data on received power (RxP) vs. throughput without jammers. Since the offered load cannot be directly measured, RxP is used to estimate the load. The jammer seems to generate additional interference, by which HS may overestimate the offered load since it has accordingly low throughput. For example, with one power jammer, the throughput in Figure 5 is about $0.47$ when $G=2.0$, which can be achieved when either $G=1.2$ or $3.0$ if the jammer does not exist. Let us assume that $0.47$ is the current throughput seen at HS. If HS has the measurement data, then HS can judge whether current $0.47$ is due to the low load or possibly due to the jammer. Let us denote the RxP measured when the throughput is $0.47$ by $R_1$ and $R_2$ ($R_1\le R_2$), which represent two different loads $G=1.2$ and $3.0$ (noting that both provide the same throughput $0.47$), respectively. Of course, HS does not know G exactly, but understands that throughput $0.47$ is achieved by different load conditions: low and high, respectively. If current RxP is approximately equal to $R_1$, then the throughput is due to low load. However, if it is much greater than $R_1$, HS sends a signaling message that temporarily prevents each SN from sending preambles with certain probability $p(0<p<1)$. Then, the load should be increased if throughput $0.47$ is due to the high load. Otherwise, the load should be decreased, and there probably exits a jammer.

The other idea is using the monotonically increasing delay graphs in Figure 6. If HS is assumed to have measurement data on RxP vs. delay without jammers, then it can guess that the current excessive delay is possibly due to jamming powers. Other methods to avoid or detect jamming such as using directional antennas are intensively summarized in [23].

5. Conclusions

We have investigated RA performances in a WSN where power or code jammers actively disturb the information transmission from distributed SNs to a central HS. Average throughput and average delay for the information message are modeled, respectively. Numerical investigation shows that power jamming is more harmful than code jamming in the stage of PT. However, code jamming finally degrades the modeled performances more severely. Code jamming falsely attracts HS to send AI and thus further deteriorates the resource allocation in the WSN. As a remedy of code jamming, a new secure code, which is different from the access code used in PT and hardly known to code jammers, can be used in sending MSG. This requires a more sophisticated protocol to allocate the secure codes, which is left for future work. The model and results in this paper are certainly useful in building up better and more sophisticated RA methods that tolerate attacks from malicious transmitters.