Detection and Handling of MAC Layer Misbehavior in Wireless
Networks
Pradeep Kyasanur
Nitin H. Vaidya
Coordinated Science Laboratory
University of Illinois at Urbana-Champaign
Problem Definition
Wireless channel
Access Point
A B
Infrastructure-based Network
C D
Ad hoc Network
Nodes may violate Medium Access Control rules
IEEE 802.11 overview
Distributed Coordination Function (DCF) - Mandatory Widely used for channel access
DCF is a Carrier Sense Multiple Access/ Collision Avoidance (CSMA/CA) protocol
CSMA/CA
Carrier sense Don’t transmit when channel is busy
Collision avoidance Defer transmission for random time after
channel goes idle
Backoff Example
Choose backoff value B in range [0,CW] CW is the Contention Window
Count down backoff by 1 every idle slot
wait
Transmit
Transmit
wait
B2=10
B1=20
B2=10
B1=0
S1
S2
CW=31
B1=15
B2=25
Data Transmission
Reserve channel with RTS/CTS exchange
Sender S
Receiver R
B=10D
ATA ACK
S BA R
RTS
RTS
CTS
CTS
Possible Misbehavior
Backoff selected from different distribution Select a small constant backoff always
Transmit
wait
B1 = 1
B2 = 20
Transmit
wait
B2 = 19
B1 = 1Misbehaving node
Well-behaved node
Goals of proposed scheme
Diagnose node misbehavior Catch misbehaving nodes
Discourage misbehavior with MAC layer scheme Punish misbehaving nodes
Related work at other layers
Many proposals for securing network layer
Designing protocols resilient to misbehavior [Savage99, Nisan99, Buttyan01]
Explicitly detect and penalize misbehavior [Marti00, Zhang00, Buchegger02, Hu02]
Related work at MAC Layer
Game-theoretic solutions proposed for selfish misbehavior at MAC layer [Konorski01, MacKenzie01, Konorski02]
Game-theoretic approach+ Protocols resilient to misbehavior
- Assumptions not always valid
- Performance may not be good
Misbehaving node can gain more bandwidthUse payment schemes, charging per packet
Misbehaving node can achieve lower delay Send burst of packets ignoring MAC rules Average delay is less with same cost
Solution Approaches
Payment based schemes not sufficient
Proposed Approach
Receivers detect sender misbehavior Assume receivers are well-behaved (can be
relaxed)
Receiver does not know exact backoff value chosen by sender
Wireless Channel introduces uncertainties
Wireless channel
Access Point
A
Use long-term statistics
Observe backoffs chosen by sender over multiple packets
Backoff values not from expected distribution Misbehavior
Selecting right observation interval difficult
Alternate Approach
Receiver provides backoff values to sender Send in current transmission backoff value for
next transmission
Receiver can then accurately observe sender behavior
Uncertainty of sender’s backoff eliminated
Modifications to 802.11
1. R provides backoff B to S in ACK
B selected from [0,CWmin]
DATA
Sender S
Receiver R
CTS
ACK(
B)RTS
2. S uses B for backoff
RTS
B
Protocol steps
1. Detect deviations: Receiver observes one transmission from the sender
3. Penalize deviations: Penalty is added, if the sender appears to have deviated
5. Diagnose misbehavior: Based on last W observations, diagnose misbehavior
Detecting deviations
Receiver counts number of idle slots Bobsr
Condition for detecting deviations:
Bobsr < α B 0 < α <= 1
Sender S
Receiver R
ACK(
B) RTS
Backoff
Bobsr
Penalizing Misbehavior
When Bobsr < α B, penalty P added
P proportional to α B– Bobsr
ACK(
B+P)
CTS D
ATA
Total backoff assigned = B + P
Bobsr
Sender S
Receiver R
ACK(
B) RTS
Actual backoff < B
Penalty Scheme issues
With penalty, sender has to misbehave more for same throughput gain
Misbehaving sender has two options Ignore assigned penalty Easier to detect Follow assigned penalty No throughput gain
Diagnosing Misbehavior
Total deviation for last W packets used Deviation per packet is B – Bobsr
If total deviation > THRESH then sender is designated as misbehaving
Higher layers/ administrator can be informed of misbehavior
Simulation Results
Using ns-2 simulator
Misbehavior modeled by parameter – “Percentage of Misbehavior (PM)” PM = 0% well-behaved Larger PM greater misbehavior
Results for one receiver, multiple senders with single misbehaving sender
Simulation Setup
Misbehaving Node
Results – Diagnosis Accuracy
0
10
20
30
40
50
60
70
80
90
100
100959080706050403020100
Correct Diagnosis
Misdiagnosis
Percentage of Misbehavior (of misbehaving node)
Per
cent
age
Misbehaving node throughput
0
100
200
300
400
500
600
700
800
900
100959080706050403020100
802.11
Proposed Scheme
Percentage of Misbehavior
Thr
ough
put (
Kbp
s pe
r no
de)
Avg. with penalty
Avg. with 802.11
Throughput – no misbehavior
0
100
200
300
400
500
600
700
800
900
1000
1 2 4 8 16 32 64
Proposed Scheme
802.11
Number of sender nodes
Thr
ough
put (
Kbp
s pe
r no
de)
Simulation Observations
Diagnosis accuracy is high Diagnosis accuracy depends on channel
conditions Persistent misbehavior detected with high
accuracy
Adding penalty negates throughput advantage Can discourage misbehavior
Additional details in paper
Mechanisms to address protocol response after packet collisions
Extensions for catching certain receiver misbehavior
Preliminary ideas for addressing collusion
Conclusion
MAC layer misbehavior can severely affect throughput of well-behaved nodes
We present simple modifications to IEEE 802.11 to detect/penalize misbehavior
Open issues: Collusion detection Integrate diagnosis scheme with higher layers
References
[Savage99] TCP Congestion Control with a misbehaving receiver [Nisan99] Algoithms for Selfish Agents [Buttyan01] Stimulating Cooperation in Self-Organizing Mobile Ad Hoc
Networks [Marti00] Mitigating Routing Misbehavior in Mobile Ad hoc Networks [Zhang00] Intrusion Detection in wireless ad hoc networks [Buchegger02] Nodes Bearing Grudges: Towards Routing Security,
Fairness and Robustness in Mobile Ad Hoc Networks [Hu02] Ariadne: A secure on-demand routing protocol for ad hoc
networks [Konorski01] Protection of Fairness for Multimedia Traffic Streams in a
Non-cooperative Wireless LAN setting [MacKenzie01] Selfish users in Aloha: A Game-theoretic Approach [Konorski02] Multiple Access in Ad Hoc Wireless LANs with
Noncooperative stations
Extra Slides follow ....
Collision Example
On collision double CW Binary exponential backoff algorithm
Pick new backoff and send again
S1
S2
CW=31
B1=10
B2=10
wait
Transmit
Collision
Collision
B2=40
B1=20
CW=63
Modifications to 802.11
1. On collision new backoff b2 is
b2 = f(b1, nodeId of S, attempt number)
2. RTS contains attempt number
waitRTS(2)
b2
Sender S
Receiver R
ACK(
b1) RTS(1)
waitb1
collision
Handling other misbehavior (1/2)
Receiver may misbehave by assigning large or small backoff values
Sender can detect receiver assigning small backoff values Backoff assigned by receiver has to follow
well-known distribution Sender uses larger of assigned backoff and
expected backoff
Handling other misbehavior (2/2)
Detecting receiver assigning large backoff values not handled Equivalent to receiver not responding at all Need higher layer mechanisms
Collusion between sender and receiver Harder to detect Requires third party observer
Simulation Metrics
Correct Diagnosis percentage
Misdiagnosis Percentage
Average throughput of well-behaved nodes
Misbehaving node throughput
Fairness - no misbehavior
0
0.2
0.4
0.6
0.8
1
1.2
1 2 4 8 16 32 64
Proposed scheme
Fai
rnes
s In
dex
Number of sender nodes
802.11