detection and handling of mac layer misbehavior in ... · detection and handling of mac layer...

Detection and Handling of MAC Layer Misbehavior in Wireless

Networks

Pradeep Kyasanur

Nitin H. Vaidya

Coordinated Science Laboratory

University of Illinois at Urbana-Champaign

Problem Definition

Wireless channel

Access Point

A B

Infrastructure-based Network

C D

Ad hoc Network

Nodes may violate Medium Access Control rules

IEEE 802.11 overview

Distributed Coordination Function (DCF) - Mandatory Widely used for channel access

DCF is a Carrier Sense Multiple Access/ Collision Avoidance (CSMA/CA) protocol

CSMA/CA

Carrier sense Don’t transmit when channel is busy

Collision avoidance Defer transmission for random time after

channel goes idle

Backoff Example

Choose backoff value B in range [0,CW] CW is the Contention Window

Count down backoff by 1 every idle slot

wait

Transmit

Transmit

wait

B2=10

B1=20

B2=10

B1=0

S1

S2

CW=31

B1=15

B2=25

Data Transmission

Reserve channel with RTS/CTS exchange

Sender S

Receiver R

B=10D

ATA ACK

S BA R

RTS

RTS

CTS

CTS

Possible Misbehavior

Backoff selected from different distribution Select a small constant backoff always

Transmit

wait

B1 = 1

B2 = 20

Transmit

wait

B2 = 19

B1 = 1Misbehaving node

Well-behaved node

Goals of proposed scheme

Diagnose node misbehavior Catch misbehaving nodes

Discourage misbehavior with MAC layer scheme Punish misbehaving nodes

Related work at other layers

Many proposals for securing network layer

Designing protocols resilient to misbehavior [Savage99, Nisan99, Buttyan01]

Explicitly detect and penalize misbehavior [Marti00, Zhang00, Buchegger02, Hu02]

Related work at MAC Layer

Game-theoretic solutions proposed for selfish misbehavior at MAC layer [Konorski01, MacKenzie01, Konorski02]

Game-theoretic approach+ Protocols resilient to misbehavior

- Assumptions not always valid

- Performance may not be good

Misbehaving node can gain more bandwidthUse payment schemes, charging per packet

Misbehaving node can achieve lower delay Send burst of packets ignoring MAC rules Average delay is less with same cost

Solution Approaches

Payment based schemes not sufficient

Proposed Approach

Receivers detect sender misbehavior Assume receivers are well-behaved (can be

relaxed)

Receiver does not know exact backoff value chosen by sender

Wireless Channel introduces uncertainties

Wireless channel

Access Point

A

Use long-term statistics

Observe backoffs chosen by sender over multiple packets

Backoff values not from expected distribution Misbehavior

Selecting right observation interval difficult

Alternate Approach

Receiver provides backoff values to sender Send in current transmission backoff value for

next transmission

Receiver can then accurately observe sender behavior

Uncertainty of sender’s backoff eliminated

Modifications to 802.11

1. R provides backoff B to S in ACK

B selected from [0,CWmin]

DATA

Sender S

Receiver R

CTS

ACK(

B)RTS

2. S uses B for backoff

RTS

B

Protocol steps

1. Detect deviations: Receiver observes one transmission from the sender

3. Penalize deviations: Penalty is added, if the sender appears to have deviated

5. Diagnose misbehavior: Based on last W observations, diagnose misbehavior

Detecting deviations

Receiver counts number of idle slots Bobsr

Condition for detecting deviations:

Bobsr < α B 0 < α <= 1

Sender S

Receiver R

ACK(

B) RTS

Backoff

Bobsr

Penalizing Misbehavior

When Bobsr < α B, penalty P added

P proportional to α B– Bobsr

ACK(

B+P)

CTS D

ATA

Total backoff assigned = B + P

Bobsr

Sender S

Receiver R

ACK(

B) RTS

Actual backoff < B

Penalty Scheme issues

With penalty, sender has to misbehave more for same throughput gain

Misbehaving sender has two options Ignore assigned penalty Easier to detect Follow assigned penalty No throughput gain

Diagnosing Misbehavior

Total deviation for last W packets used Deviation per packet is B – Bobsr

If total deviation > THRESH then sender is designated as misbehaving

Higher layers/ administrator can be informed of misbehavior

Simulation Results

Using ns-2 simulator

Misbehavior modeled by parameter – “Percentage of Misbehavior (PM)” PM = 0% well-behaved Larger PM greater misbehavior

Results for one receiver, multiple senders with single misbehaving sender

Simulation Setup

Misbehaving Node

Results – Diagnosis Accuracy

0

10

20

30

40

50

60

70

80

90

100

100959080706050403020100

Correct Diagnosis

Misdiagnosis

Percentage of Misbehavior (of misbehaving node)

Per

cent

age

Misbehaving node throughput

0

100

200

300

400

500

600

700

800

900

100959080706050403020100

802.11

Proposed Scheme

Percentage of Misbehavior

Thr

ough

put (

Kbp

s pe

r no

de)

Avg. with penalty

Avg. with 802.11

Throughput – no misbehavior

0

100

200

300

400

500

600

700

800

900

1000

1 2 4 8 16 32 64

Proposed Scheme

802.11

Number of sender nodes

Thr

ough

put (

Kbp

s pe

r no

de)

Simulation Observations

Diagnosis accuracy is high Diagnosis accuracy depends on channel

conditions Persistent misbehavior detected with high

accuracy

Adding penalty negates throughput advantage Can discourage misbehavior

Additional details in paper

Mechanisms to address protocol response after packet collisions

Extensions for catching certain receiver misbehavior

Preliminary ideas for addressing collusion

Conclusion

MAC layer misbehavior can severely affect throughput of well-behaved nodes

We present simple modifications to IEEE 802.11 to detect/penalize misbehavior

Open issues: Collusion detection Integrate diagnosis scheme with higher layers

Thanks!

kyasanur@uiuc.edu

http://www.crhc.uiuc.edu/~kyasanur

References

[Savage99] TCP Congestion Control with a misbehaving receiver [Nisan99] Algoithms for Selfish Agents [Buttyan01] Stimulating Cooperation in Self-Organizing Mobile Ad Hoc

Networks [Marti00] Mitigating Routing Misbehavior in Mobile Ad hoc Networks [Zhang00] Intrusion Detection in wireless ad hoc networks [Buchegger02] Nodes Bearing Grudges: Towards Routing Security,

Fairness and Robustness in Mobile Ad Hoc Networks [Hu02] Ariadne: A secure on-demand routing protocol for ad hoc

networks [Konorski01] Protection of Fairness for Multimedia Traffic Streams in a

Non-cooperative Wireless LAN setting [MacKenzie01] Selfish users in Aloha: A Game-theoretic Approach [Konorski02] Multiple Access in Ad Hoc Wireless LANs with

Noncooperative stations

Extra Slides follow ....

Collision Example

On collision double CW Binary exponential backoff algorithm

Pick new backoff and send again

S1

S2

CW=31

B1=10

B2=10

wait

Transmit

Collision

Collision

B2=40

B1=20

CW=63

Modifications to 802.11

1. On collision new backoff b2 is

b2 = f(b1, nodeId of S, attempt number)

2. RTS contains attempt number

waitRTS(2)

b2

Sender S

Receiver R

ACK(

b1) RTS(1)

waitb1

collision

Handling other misbehavior (1/2)

Receiver may misbehave by assigning large or small backoff values

Sender can detect receiver assigning small backoff values Backoff assigned by receiver has to follow

well-known distribution Sender uses larger of assigned backoff and

expected backoff

Handling other misbehavior (2/2)

Detecting receiver assigning large backoff values not handled Equivalent to receiver not responding at all Need higher layer mechanisms

Collusion between sender and receiver Harder to detect Requires third party observer

Simulation Metrics

Correct Diagnosis percentage

Misdiagnosis Percentage

Average throughput of well-behaved nodes

Misbehaving node throughput

Fairness - no misbehavior

0

0.2

0.4

0.6

0.8

1

1.2

1 2 4 8 16 32 64

Proposed scheme

Fai

rnes

s In

dex

Number of sender nodes

802.11