540 likes | 709 Views
MAC Layer Misbehavior in Wireless Networks. Pradeep Kyasanur Nitin H. Vaidya University of Illinois at Urbana-Champaign. Access Point. Wireless channel. A. B. Problem Definition. Nodes are required to follow Medium Access Control (MAC) rules. Misbehaving nodes may violate MAC rules.
E N D
MAC Layer Misbehavior inWireless Networks Pradeep Kyasanur Nitin H. Vaidya University of Illinois at Urbana-Champaign
Access Point Wireless channel A B Problem Definition • Nodes are required to follow Medium Access Control (MAC) rules Misbehaving nodes may violate MAC rules
IEEE 802.11 overview • Distributed Coordination Function (DCF) • Widely used for channel access • DCF is a Carrier Sense Multiple Access/ Collision Avoidance (CSMA/CA) protocol
CSMA/CA • Don’t transmit when channel is busy • Defer transmission for a random duration on idle channel
B1=20 B1=15 B1=0 Transmit S1 wait CW=31 wait S2 Transmit B2=10 B2=25 B2=10 Backoff Example • Choose backoff value B in range [0,CW] • CW is the Contention Window • Count down backoff by 1 every idle slot
RTS CTS B=10 Sender S ACK CTS RTS DATA Receiver R Data Transmission • Reserve channel with RTS/CTS exchange A S R B
Possible Misbehavior • Backoff from biased distribution • Example: Always select a small backoff value B1 = 1 B1 = 1 Misbehaving node Transmit Transmit Well-behaved node wait wait B2 = 20 B2 = 19
Goals of proposed scheme • Diagnose node misbehavior • Catch misbehaving nodes • Discourage misbehavior • Punish misbehaving nodes
Routing: Security • Many proposals for securing network layer [Hou02, Zhou99, Awerbuch02] • Attacks: Creating routing loops, misrouting packets, ... • Solutions: Use cryptographic keys to prevent route tampering
Routing: Selfishness • Selfish misbehavior • Nodes cheat primarily to gain benefit • Example: Not relaying packets to save energy • Solutions • Designing protocols resilient to misbehavior • [Savage99, Nisan99, Buttyan01] • Explicitly detect and penalize misbehavior • [Marti00, Zhang00, Buchegger02]
MAC: Selfishness • MacKenzie addresses selfish misbehavior in Aloha networks • Nodes may use higher access probabilities • Solution uses game theoretic approach • Assumes there is some cost for transmitting • Nodes independently adjust access prob. • Under some assumptions network reaches a fair equilibrium
MAC: Selfishness • [Konorski01, Konorski02] discuss selfish misbehavior in 802.11 networks • Game theory used to analyze solution • Nodes use a black-burst to resolve contention • Winner is not the largest burst, but node with burst within slots of largest burst
Game theory - Discussion • Protocols resilient to misbehavior can be developed • Do not need explicit misbehavior detection • Solutions assume perfect knowledge • No guarantees with imperfect information • Performance at equilibrium may be poor
Solution Approaches • Misbehaving node can gain more bandwidth Use payment schemes, charging per packet • Misbehaving node can achieve lower delay (e.g., by sending packet bursts) Average delay is less with same cost Per-packet payment schemes not sufficient (need to factor delay – harder)
Access Point Wireless channel A Proposed Approach • Receivers detect sender misbehavior • Assume receivers are well-behaved (can be relaxed) • Access Point is trusted. When AP transmits, it is well-behaved • When AP receives, it can monitor sender behavior
Issues • Receiver does not know exact backoff value chosen by sender • Sender chooses random backoff • Hard to distinguish between maliciously chosen small values and a legitimate random sequence • Wireless channel introduces uncertainties • Channel status seen by sender and receiver may be different
Potential Solution:Use long-term statistics • Observe backoffs chosen by sender over multiple packets • Backoff values not from expected distribution Misbehavior Selecting right observation interval difficult
A Simpler Approach • Remove the non-determinism
A Simpler Approach • Receiver provides backoff values to sender • Receiver specified backoff for next packet in ACK for current packet • Modification does not significantly change 802.11 behavior • Backoffs of different nodes still independent Uncertainty of sender’s backoff eliminated
B Sender S CTS ACK(B) DATA RTS RTS Receiver R Modifications to 802.11 • R provides backoff B to S in ACK • B selected from [0,CWmin] • S uses B for backoff
Protocol steps Step 1: For each transmission: • Detect deviations: Decide if sender backed off for less than required number of slots • Penalize deviations: Penalty is added, if the sender appears to have deviated Goal: Identify and penalize suspected misbehavior • Reacting to individual transmission makes it harder to adapt to the protocol
Protocol steps Step 2: Based on last W transmissions: • Diagnose misbehavior: Identify misbehaving nodes Goal: Identify misbehaving nodes with high probability • Reduce impact of channel uncertainties • Filter out misbehaving nodes from well-behaved nodes
Backoff Sender S ACK(B) RTS Receiver R Bobsr Detecting deviations • Receiver counts number of idle slots Bobsr Condition for detecting deviations:Bobsr < B (0 < <= 1)
Threshold scheme is optimal • Goal: Maximize detection percentage while keeping misdiagnosis percentage below some bound • Invoking Neyman-Pearson [Poor94] criteria, we prove that a threshold scheme is optimal (under a simplified channel mode)
Threshold scheme • Threshold is a function of assigned backoff B • In the protocol, we use a constant factor of B as threshold for simplicity
Actual backoff < B Sender S ACK(B) CTS ACK(B+P) DATA RTS Receiver R Bobsr Penalizing Misbehavior • When Bobsr < B, penalty P added • P proportional to B– Bobsr • Total backoff assigned = B + P
Penalty Scheme issues • Misbehaving sender has two options • Ignore assigned penalty Easier to detect • Follow assigned penalty No throughput gain • With penalty, sender has to misbehave more for same throughput gain
Diagnosing Misbehavior • Total deviation for last W packets used • Deviation per packet is B – Bobsr • If total deviation > THRESH then sender is designated as misbehaving • Higher layers / administrator can be informed of misbehavior
Simulation Results • Using ns-2 simulator • Results for one receiver, with one misbehaving sender • CBR traffic flows between receiver and all senders
Misbehaving Node Simulation Setup
Misbehavior Models • Persistent Misbehavior Model: • Uses “Percentage of Misbehavior” (PM) as a parameter • Misbehaving node backs off for (100-PM)% of assigned backoff • PM = 0% well-behaved • Simple misbehavior model used for evaluation of tradeoffs
Proposed Scheme Throughput (Kbps \ node) 802.11 Number of sender nodes Throughput – no misbehavior
Correct Diagnosis Percentage Misdiagnosis Percentage of Misbehavior (of misbehaving node) Persistent Misbehavior -Diagnosis Accuracy
802.11 Avg. with proposed scheme Proposed Scheme Throughput (Kbps) Avg. with 802.11 Percentage of Misbehavior Persistent Misbehavior- throughput
Observations • Persistent misbehavior detected with high accuracy • Accuracy increases with misbehavior • Accuracy depends on channel conditions • Accuracy not 100% due to channel variations
Handling other misbehavior • Receiver may misbehave by assigning large or small backoff values • Sender can detect receiver assigning small backoff values • Backoff assigned by receiver has to follow well-known distribution • Sender uses larger of assigned backoff and expected backoff
Handling other misbehavior • Detecting receiver assigning large backoff values not handled • Equivalent to receiver not responding at all • Need higher layer mechanisms • Collusion between sender and receiver • Harder to detect • Requires an observer that can monitor both sender and receiver
A S R B Multiple Observers • Currently, single observer is used (receiver) • Data from multiple observers can be combined to improve diagnosis • S sends a packet to R • A, B also monitor S • Information from A, B, R can be combined
Multiple Observers - Issues • How many observers are needed for obtaining specified diagnosis accuracy? • Impact of channel noise on observations • How to combine multiple observations? • Collect raw observations and then combine • Combine individual diagnoses
Conclusion • MAC layer misbehavior can severely affect throughput of well-behaved nodes • We present simple modifications to IEEE 802.11 to detect/penalize misbehavior • Open issues: • Using multiple observers • Integrate diagnosis scheme with higher layers
Thanks! http://www.crhc.uiuc.edu/wireless/
References • [Savage99] TCP Congestion Control with a misbehaving receiver • [Nisan99] Algoithms for Selfish Agents • [Buttyan01] Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks • [Marti00] Mitigating Routing Misbehavior in Mobile Ad hoc Networks • [Zhang00] Intrusion Detection in wireless ad hoc networks • [Buchegger02] Nodes Bearing Grudges: Towards Routing Security, Fairness and Robustness in Mobile Ad Hoc Networks • [Hu02] Ariadne: A secure on-demand routing protocol for ad hoc networks • [Konorski01] Protection of Fairness for Multimedia Traffic Streams in a Non-cooperative Wireless LAN setting • [MacKenzie01] Selfish users in Aloha: A Game-theoretic Approach • [Konorski02] Multiple Access in Ad Hoc Wireless LANs with Noncooperative stations • [Awerbach02] An On-Demand Secure Routing Protocol resilient to Byzantine Failures • [Zhou99] Securing Ad-hoc Networks • [Poor94] An Introduction to Signal Detection and Estimation
Additional details • Mechanisms to address protocol response after packet collisions
B1=10 B1=20 S1 Collision Transmit CW=31 CW=63 S2 Collision wait B2=10 B2=40 Collision Example • On collision double CW • Binary exponential backoff algorithm • Pick new backoff and send again
b1 b2 wait wait Sender S RTS(1) ACK(b1) RTS(2) collision Receiver R Modifications to 802.11 1. On collision new backoff b2 is b2 = f(b1, nodeId of S, attempt number) 2. RTS contains attempt number