Index of /rozprawy2/10344

Pełen tekst

(1)AGH University of Science and Technology Faculty of Electrical Engineering, Automatics, Computer Science and Electronics. Ph.D. Thesis Szymon Szott. Assuring QoS in IEEE 802.11 EDCA Multi-hop Ad-hoc Networks in the Presence of Misbehaving Nodes. Supervisor: Prof. dr hab. inż. Andrzej R. Pach.

(2) AGH University of Science and Technology Faculty of Electrical Engineering, Automatics, Computer Science and Electronics Department of Telecommunications Al. Mickiewicza 30, 30-059 Kraków, Poland tel. +48 12 6173937 fax +48 12 6342372 www.agh.edu.pl www.kt.agh.edu.pl. c Szymon Szott, 2011 Copyright All rights reserved Printed in Poland.

(3) Acknowledgements I would like to express my deep and sincere gratitude to my supervisor Prof. Andrzej R. Pach for his insightful comments and scientific guidance. I believe he has taught me the right approach to being a good scientist. I am indebted to Marek Natkaniec for sharing his truly impressive knowledge of wireless networks, for our numerous collaborations and for his friendship. I wish to thank all my colleagues from the Department of Telecommunications for stimulating discussions and support over the course of the last five years, especially Michał Grega, Piotr Pacyna, and Piotr Romaniak. I would also like to express my gratitude to Roberto Canonico from the University of Napoli Federico II who was my co-supervisor within NoE CONTENT. Above all, I would like to thank my wife Katarzyna for supporting me both academically and personally. Indeed, I am truly lucky in this regard. I am also grateful to my family for their continuous support..

(4) iv.

(5) Abstract This dissertation deals with the problem of misbehaviour in IEEE 802.11 multihop ad-hoc networks. Nodes in such networks can misbehave by manipulating channel access parameters in order to assure a higher probability of data transmission. The IEEE 802.11 standard does not contain any incentives for nodes to conform to the specification. This is in particular true for the Enhanced Distributed Channel Access (EDCA) function which ensures Quality of Service (QoS) but also provides new means of misbehaviour. Simulation and analytical studies presented in this dissertation show the impact of misbehaviour on ad-hoc networks. For example, in a five node network, a node can increase its throughput seven times by simple misbehaviour. Such actions can be easily performed with modern wireless drivers. Furthermore, even equipment vendors make non-standard modifications to increase the performance of their cards. Therefore, the following thesis is formulated and proved: In multi-hop ad-hoc networks which use the EDCA function of the IEEE 802.11 standard, it is possible to improve traffic prioritising for the access categories defined in this standard in the presence of misbehaving nodes through the use of a QoS architecture which is able to detect and react to uncooperative node behaviour. The thesis is proved by the proposed detection method and reaction mechanism which can be used to identify and penalize misbehaving nodes in the network. The detection method focuses on identifying nodes which cheat on the backoff selection. This is challenging because of the random nature of the selection. The chi-square test is employed because it is a statistical method for testing the uniformity of a distribution. Results show that it performs better than two other methods, known in the literature, in terms of probability and time of misbehaviour detection. The reaction method is based on a game-theoretic approach and penalizes nodes which choose non-standard parameters. The penalty is applied proportionately to the degree of misbehaviour and encourages the use of standard parameters..

(6) vi. Results have shown that both proposed solutions can be successfully used in single-hop and multi-hop networks. Furthermore, they can be incorporated into the IEEE 802.11 standard to provide a comprehensive MAC layer QoS architecture robust to the negative influence of misbehaving nodes.. Keywords: ad-hoc, Enhanced Distributed Channel Access, EDCA, misbehaviour, modelling, quality of service, QoS, simulations.

(7) Contents 1 Introduction 1.1 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Published Papers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Dissertation Structure . . . . . . . . . . . . . . . . . . . . . . . . .. 1 4 4 6. 2 Background Information 2.1 Description of EDCA . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 Misbehaviour in EDCA . . . . . . . . . . . . . . . . . . . . . . . .. 7 7 9. 3 State of the Art 3.1 QoS in Ad-hoc Networks . . . . . . . . . . 3.2 Misbehaviour in Ad-hoc Networks . . . . 3.3 Modeling EDCA . . . . . . . . . . . . . . 3.4 Detecting MAC Misbehaviour . . . . . . . 3.5 Preventing or Discouraging Misbehaviour 3.6 Game-theoretic Approaches . . . . . . . . 3.7 Chapter Summary . . . . . . . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. 11 11 12 13 13 14 14 15. 4 Impact of Misbehaviour on QoS 4.1 Single-hop Networks . . . . . . 4.2 Multi-hop Networks . . . . . . 4.2.1 Saturation Throughput 4.2.2 Reference Case . . . . . 4.2.3 Downgrading Forwarded 4.2.4 Promoting Local Traffic 4.2.5 Lessons Learned . . . . 4.3 Conclusions . . . . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. 17 17 24 25 27 28 30 31 32. . . . . . . . . . . . . . . . . Traffic . . . . . . . . . . . .. . . . . . . . .. . . . . . . . ..

(8) viii. CONTENTS. 5 IEEE 802.11 EDCA Model 5.1 Assumptions . . . . . . . . . . . . . . 5.2 Model Analysis . . . . . . . . . . . . . 5.3 Misbehaviour Analysis . . . . . . . . . 5.4 Validation . . . . . . . . . . . . . . . . 5.4.1 Model Verification . . . . . . . 5.4.2 Comparison with Other Models 5.4.3 Impact of Misbehaving Nodes . 5.5 Conclusions . . . . . . . . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. 35 35 36 44 45 45 46 47 52. 6 Detecting Backoff Misbehaviour 6.1 Detection Method . . . . . . . . 6.2 Detecting in Single-hop Networks 6.3 Detecting in Multi-hop Networks 6.4 Conclusions . . . . . . . . . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. 55 55 56 59 62. 7 Reacting to Backoff Misbehaviour 7.1 Simplified EDCA Model . . . . . . . . . . . . . . 7.2 Study of EDCA Games . . . . . . . . . . . . . . 7.2.1 Single-player EDCA Games . . . . . . . . 7.2.2 Multi-player Games . . . . . . . . . . . . 7.2.3 Proposed Solution . . . . . . . . . . . . . 7.3 Application of Penalty Mechanism . . . . . . . . 7.3.1 Single AC Traffic . . . . . . . . . . . . . . 7.3.2 Multiple AC Traffic . . . . . . . . . . . . 7.3.3 Multiple Misbehaving Nodes . . . . . . . 7.3.4 Multi-hop Networks . . . . . . . . . . . . 7.3.5 Misbehaviour on the Penalty Mechanism 7.4 Conclusions . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . . . . . . .. 63 64 65 66 67 68 70 71 73 74 75 76 77. . . . .. . . . .. . . . .. 8 Conclusions. 79. Bibliography. 81. Streszczenie. 89.

(9) Nomenclature Acronyms AC. Access Category. AIFS. Arbitration Inter-Frame Space. AP. Access Point. BE. Best Effort. BEB. Binary Exponential Backoff. BK. Background. C. The cooperation strategy. CSMA/CA. Carrier Sense Multiple Access with Collision Avoidance. CW. Contention Window. DCF. Distributed Coordination Function. EDCA. Enhanced Distributed Channel Access. HR/DSSS. High Rate/Direct Sequence Spread Spectrum. M. The misbehaviour strategy. MAC. Medium Access Control. MN. Mesh Node. OSI. Open Systems Interconnection. PD. Prisoner’s Dilemma. QoS. Quality of Service.

(10) x. CONTENTS. TCP. Transmission Control Protocol. UDP. User Datagram Protocol. Vi. Video. Vo. Voice. WLAN. Wireless Local Area Network. Variables α. Significance level for the chi-square test. αp. Penalty factor. χ2. The chi-square statistic. δ. Propagation delay. γe. Parameter for tuning the number of false positives in the mean test. γh. Parameter for tuning the number of false positives in the auxiliary test for multi-hop networks. γm. Parameter for tuning the number of false positives in the mean test. λi. Traffic rate of the i-th AC in frames per second. µ. Misbehaviour coefficient. ρi. Saturation probability for the i-th AC. τi. Transmission probability in a slot time for the i-th AC for the simplified model. τi. Transmission probability in a slot time for the i-th AC. AIF Si. AIFS for the i-th AC. AIF SNi. AIFS Number for the i-th AC. bi (t). Value of the backoff counter for the i-th AC at time t. bsi (t). Value of the backoff counter for the i-th AC at time t for the simplified model.

(11) CONTENTS. xi. bi,−1,0. Stationary distribution for non-saturation state. bi,−2,0. Stationary distribution for saturation state. bi,j,k. Stationary distribution for j 0. bsi,j. Stationary distribution for the simplified model. CH. Number of cells in the entropy test. Cm. Payoff for a cooperating node when m other nodes are misbehaving. C χ2. Number of cells in the chi-square test. CWiM AX. CW maximum size for the i-th AC. CWiM IN. CW minimum size for the i-th AC. Di. Average overall service time for the i-th AC. DiB. Average frame blocking delay for the i-th AC. DiCD. Average countdown delay for the i-th AC. DiR. Average retransmission delay for the i-th AC. DiT. Average transmission delay for the i-th AC. DIF S. DCF Inter-Frame Space. E. Expected number of samples in each cell in the chi-square test. Ec,r. Expected number of samples in cell c of range r in the chi-square test. Emin. Minimum required number of expected samples in the chi-square test. EIF S. Extended Inter-Frame Space. Hex. Expected entropy of the backoff values. Hobs. Entropy of the observed backoff values. i. AC number. j. Retransmission counter.

(12) xii. CONTENTS. k. Current CW value. M. Retransmission limit. m. Number of other misbehaving players. Mm. Payoff for a misbehaving node when m other nodes are misbehaving. Mex. Expected arithmetic mean of the backoff values. Mobs. Mean of the observed backoff values. Nc. Number of ACs. ni. Number of nodes using the i-th AC. NN. Total number of nodes in the network. NS. Number of measured backoff samples. Oc,r. Observed number of samples in cell c of range r in the chi-square test. P. Payoff when both players misbehave in a PD (penalty). pB. Probability that the wireless channel is busy. PS. Probability of a successful transmission in any AC. pB i. Frame blocking probability for the i-th AC. pC i. Frame collision probability for the i-th AC. pG i. Frame generation probability for the i-th AC. pSi. Successful transmission probability for the i-th AC. pTi. Probability of starting a frame transmission for the i-th AC. R. Payoff when both players cooperate in a PD (reward). RAC. Number of ranges for a given AC, within which the backoff distribution is uniform. S. Payoff for cooperating player in a PD if the other player misbehaves (sucker’s payoff). Si. Throughput value for the i-th AC.

(13) si (t). Backoff stage for the i-th AC at time t. SIF S. Short Inter-Frame Space. T. Payoff for misbehaving player in a PD if the other player cooperates (temptation to defect). TG. Time period of an EDCA game. T C , T CS , T S. Average duration of a collision/contention slot/successful transmission, respectively. T DAT A. Average time required to send a DATA frame. TH. Time required to send the PHY and MAC headers. Te. Slot time. T XOPLimit. Transmission Opportunity Limit.

(14) Chapter 1. Introduction Multi-hop ad-hoc networks represent an interesting and challenging approach to wireless networking. One of their most prominent features is that each node in the network acts both as a terminal and as a router (Figure 1.1). This means that cooperation between nodes (and users1 ) is required. Lack of cooperation is called misbehaviour. More precisely, misbehaviour in ad-hoc networks can be defined as selfish non-cooperation in using a common, limited resource. Within the scope of this dissertation the problem of sharing the common radio channel is considered. Since wireless interfaces operate in half-duplex mode only one node can transmit within a single carrier sensing domain. Therefore, nodes may misbehave when accessing the wireless channel. In the literature, such actions are also referred to as cheating2 or greedy behaviour. It must be emphasized, that misbehaviour is different from malicious behaviour (hacking). The former is rational and arises from selfishness. The later is irrational and meant to deteriorate network performance. In this work only the former is considered. Misbehaviour may be illustrated by presenting a particularly interesting application scenario for multi-hop ad-hoc networks: wireless mesh networks (Figure 1.2). These networks are steadily becoming a popular approach for providing network access to people’s homes, especially in suburban and rural environments. Mesh networks allow a neighbourhood to share a single Internet connection, thus solving the last mile problem. They can also bring a community together by enabling easy and reliable data exchange within the network. By utilizing the latest technology, multimedia content can also be exchanged over these networks. Figure 1.2 presents an aerial view of a mesh network. Each house in this 1 The terms node and user are used interchangeably, because users control the nodes in the network. 2 The terms misbehaving node, bad node, and cheater are used interchangeably in this dissertation..

(15) 2. Introduction. Figure 1.1: Multi-hop ad-hoc network neighbourhood has a wireless router, also called a Mesh Node (MN). These MNs form a backbone mesh network to provide robust connectivity. A mesh network can therefore be thought of as an immobile ad-hoc network. One of the MNs in the figure has a connection to the Internet and serves as a gateway for the other MNs. The MNs provide network access to each home. Wireless Access Points (APs) can be attached to the MNs to provide wireless access to household devices such as laptops, smartphones, and tablet PCs. Stationary PCs can be directly connected to the MNs through wired links. Mesh Node The Internet Access Point. Figure 1.2: Wireless mesh network Wireless connectivity in multi-hop ad-hoc networks can be provided using IEEE 802.11 equipment. This is the most commonly used standard for implementing wireless local area network (WLAN) technology because of inexpensive equipment, simple deployment, and high transmission speeds. In the upcoming 802.11 amendment for mesh networks –– 802.11s [22] –– the Enhanced Distributed Channel Access (EDCA) function of IEEE 802.11 is utilized to provide Quality of Service (QoS). EDCA ensures QoS at the Medium Access Control (MAC) sub-layer and facilitates the exchange of multimedia content over the network. In EDCA, nodes contend for wireless channel access using a modified Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) scheme. Traffic is prioritized with the use of Access Categories (ACs) which have different param-.

(16) 3. eters for accessing the wireless channel. Additionally, EDCA is the only commercially available QoS MAC protocol for multi-hop ad-hoc networks and it has been widely studied in the literature. Therefore, EDCA is the main focus of the research presented in this work. As has been stated, cooperation between wireless nodes is required in accessing the shared radio channel. A node may decide to misbehave in order to gain certain measurable profits (such as higher throughput). Misbehaviour is always done at the cost of the well-behaved nodes in the network. There is a severe problem with the IEEE 802.11 standard because it does not contain any incentives for nodes to conform to the specification. Nodes can misbehave by manipulating access parameters in order to assure a higher probability of data transmission. This is in particular true for EDCA which defines new parameters and new opportunities to misbehave. Therefore, misbehaviour, in the form of selfish parameter configuration, may become a serious problem. Studies have shown that, e.g., in a five node network, a node can increase its throughput seven times by simple misbehaviour (Chapter 4). Such actions can be easily performed with the use of the latest wireless drivers [41]. Even equipment vendors make non-standard modifications to increase the performance of their cards [5]. Therefore, the problem of misbehaviour has become pressing and requires a prompt resolution. The following thesis is proposed: In multi-hop ad-hoc networks which use the EDCA function of the IEEE 802.11 standard, it is possible to improve traffic prioritising for the access categories defined in this standard in the presence of misbehaving nodes through the use of a QoS architecture which is able to detect and react to uncooperative node behaviour. In this dissertation the proposed thesis is proven by describing a detection method and a reaction mechanism which can be used to identify and penalize misbehaving nodes in the network. The proposed solution considers the following assumptions: • misbehaviour occurs only at the MAC layer3 — selfish actions which occur at the Physical or Networking Layers (such as increasing transmission power or packet dropping, respectively) are not considered, • misbehaving users are not networking experts — they can change MAC parameters through an interface to the wireless card driver, but they cannot change the mechanisms embedded in the firmware, 3 In the OSI model MAC is the lower sub-layer of the Data Link Layer. Nevertheless, in the literature it is common to refer to “MAC layer misbehaviour”..

(17) 4. Introduction. • users misbehave to maximize throughput — achieving higher throughput is an immediate and highly beneficial goal to the user, the risk of detection is less significant, • there is no collusion of users — each user misbehaves for his/her singular benefit, • nodes have persistent identities — nodes in the network can be uniquely and permanently identified by their MAC address, • legacy nodes are present in the network — the proposed solution needs to be compatible with IEEE 802.11 EDCA.. 1.1. Methodology. In this dissertation simulation and analytical methods were used to obtain the reported results. The simulations were performed with the ns-2.28 simulator [50] and an EDCA patch [79]. This patch was modified to support misbehaving nodes. Additionally, significant discrepancies with the standard were corrected. Each simulation run was repeated multiple times to assure the defined confidence level. The 95% confidence intervals of the results are either presented in the figures or were too small for graphical representation. The numerical calculations were performed using Wolfram Mathematica 7 [80].. 1.2. Published Papers. During the writing of this dissertation the following relevant papers were published:. Book chapters • M. Natkaniec, K. Kosek-Szott, S. Szott, “QoS Support in Multi-hop Ad-hoc Networks,” in “Wireless Network Traffic and Quality of Service Support: Trends and Standards,” edited by T. Lagkas, P. Angelidis, and L. Georgiadis, IGI Global, 2010. Journal Papers • S. Szott, M. Natkaniec, R. Canonico,“Detecting Backoff Misbehaviour in IEEE 802.11 EDCA,” Wiley European Transactions on Telecommunications, vol. 22, pages 31—34, 2011..

(18) 1.2 Published Papers. 5. • M. Natkaniec, K. Kosek-Szott, S. Szott, J. Gozdecki, A. Glowacz, S. Sergent’s, “Supporting QoS in Integrated Ad-Hoc Networks Wireless Personal Communications,” Springer Wireless Personal Communications, vol. 56, pages 183–206, 2011. • S. Szott, M. Natkaniec, A. R. Pach, “An IEEE 802.11 EDCA Model with Support for Analysing Networks with Misbehaving Nodes,” EURASIP Journal on Wireless Communications and Networking, Article ID 209895, 13 pages, 2010. • S. Szott, M. Natkaniec, A. R. Pach, “Analysis of Medium Access Unfairness Caused by Contention Window Parameter Modification in IEEE 802.11e Networks” (in Polish, original title “Analiza niesprawiedliwości w dostępie do medium przy zmianie parametrów okna współzawodnictwa w sieciach ad-hoc standardu IEEE 802.11e”), Telekomunikacja Cyfrowa, Technologie i Usługi 2008/2009, no. 9, pages 26–34. Conference Papers • K. Kosek, M. Natkaniec, S. Szott,“Simulation Analysis of IEEE 802.11 EDCA Ad-hoc Networks,” Proc. of the AGH 90th Anniversary Conference, Kraków, Poland, 28–29 May 2009. • S. Szott, M. Natkaniec, A. Banchs,“Impact of Misbehaviour on QoS in Wireless Mesh Networks,” Proc. of IFIP/TC6 NETWORKING 2009, Aachen, Germany, 11–15 May 2009. • S. Szott, M. Natkaniec, A. R. Pach, “Cheating on the CW and RTS/CTS Mechanisms in Single-hop IEEE 802.11e Networks,” Proc. of AdHoc-NOW 2008, Sophia Antipolis, France, 10–12 September 2008. • S. Szott, M. Natkaniec, R. Canonico, A. R. Pach, “Impact of Contention Window Cheating on Single-hop IEEE 802.11e MANETs,” Proc. of IEEE WCNC 2008, Las Vegas, USA, 31 March – 4 April 2008. Workshop Papers • S. Szott, “Assuring QoS in Wireless Mesh Networks with Misbehaving Users,” Proc. of INFOCOM 2009 Student Workshop, Rio de Janeiro, Brazil, 20 April 2009. • S. Szott, M. Natkaniec, R. Canonico, A. R. Pach, “Misbehaviour Analysis of 802.11 Mobile Ad-hoc Networks – Contention Window Cheating,” Proc. of Med-Hoc-Net 2007, Corfu, Greece, 12–15 June 2007..

(19) 6. Introduction. 1.3. Dissertation Structure. This dissertation is structured as follows. Chapter 2 provides background information related to the operation of the EDCA function. The possibility of misbehaviour is also discussed therein. The state of the art with respect to the areas of QoS and misbehaviour is given in Chapter 3. It also discusses the differences between existing approaches to the problem and those presented in this work. In the subsequent chapters, the following original contributions are provided: • in Chapter 4 — a simulation analysis of EDCA networks with misbehaving nodes, • in Chapter 5 — a mathematical model of EDCA with support for misbehaving nodes, • in Chapter 6 — a misbehaviour detection method for EDCA ad-hoc networks, • in Chapter 7 — a misbehaviour reaction mechanism based on a gametheoretic approach. Chapter 8 concludes the dissertation..

(20) Chapter 2. Background Information This chapter contains a description of the EDCA function and a discussion of the possibilities of misbehaving in EDCA networks. Parts of this chapter have previously been published in [73].. 2.1. Description of EDCA. EDCA introduces four ACs to provide QoS through traffic differentiation. These categories are, from the highest priority: Voice (Vo), Video (Vi), Best effort (BE), and Background (BK). The medium contention rules for EDCA are similar to the legacy IEEE 802.11 Distributed Coordination Function (DCF). Each frame arriving at the MAC layer is mapped, according to its priority, to an appropriate AC. There are four transmission queues; one for each AC (Figure 2.1). Traffic differentiation is achieved through medium access parameters which have different values for each AC. These parameters are the Arbitration Inter-frame Space Number (AIF SN ), as well as the Contention Window Minimum and Maximum values (CW M IN and CW M AX ).1 The EDCA parameters influence the medium access in the following manner. For the i-th AC, AIF SNi is the parameter which determines the length of time in which the medium has to be idle before a transmission or backoff countdown can commence. This period is called AIF Si and is calculated as AIF Si = SIF S + AIF SNi · Te ,. (2.1). where Te is the length of the slot time and SIF S is the Short Inter-Frame Space. After a collision has occurred, the medium has to be idle not for an AIF Si but 1 The standard also defines the Transmission Opportunity Limit (T XOP Limit ). However, this is an optional parameter and it is not considered in this dissertation..

(21) 8. Background Information. Classifier: Mapping to ACs Higher Priority. Lower Priority. Voice (Vo). Video (Vi). Best Effort (BE). Background (BK). Backoff. Backoff. Backoff. Backoff. Virtual Collision Handling. Transmission Attempt. Figure 2.1: Mapping to ACs in EDCA [21]. for an EIF S − DIF S (Extended/DCF Inter-Frame Space) period. The EIF S period is calculated as SIF S + DIF S + ACKT xT ime2 . According to the backoff procedure, for the i-th AC and j-th retransmission attempt, a node randomly selects an integer value from the range [0, CWi,j ]. The contention window CWi,j is calculated as. h i CWi,j = min 2j · (CWiM IN + 1) − 1, CWiM AX , i ∈ 0, ..., Nc − 1, j ∈ 0, ..., M, (2.2) where NC is the number of ACs and M is the retransmission limit. After the M -th retransmission attempt the frame is dropped. Table 2.1 contains the standard values of the EDCA parameters for the IEEE 802.11b3 physical layer [21]. Furthermore, for 802.11b the standard defines NC = 4, M equal to 4 or 7 (depending on frame length), SIF S = 10 µs, DIF S = 50 µs, and Te = 20 µs.. 2 This. is the time required to transmit an ACK frame at the lowest PHY mandatory rate. proper name for this physical layer is HR/DSSS, however, in the literature, it is commonly referred to as IEEE 802.11b. 3 The.

(22) 2.2 Misbehaviour in EDCA. 9. Table 2.1: Default EDCA Parameters of IEEE 802.11 HR/DSSS (802.11b) AC (i) AIF SNi CWiM IN CWiM AX Vo 2 7 15 Vi 2 15 31 BE 3 31 1023 BK 7 31 1023. 2.2. Misbehaviour in EDCA. Misbehaviour in EDCA can occur by deliberately changing the medium access parameters defined in the standard in order to increase the chance of accessing the medium and, as a result, increase the misbehaving node’s effective throughput. Though several parameters may be changed, modification of the contention window parameters (known in the literature as backoff misbehaviour ) are the most difficult to detect because of their random nature. Furthermore, backoff misbehaviour is hidden from detection schemes working at the network layer and can be combined with misbehaviour in upper layers. It is easy to perform because the medium access function, which governs the backoff procedure, can be modified through the wireless card driver. The latest drivers, e.g., [41], allow changing the contention window parameters through the command line. Studies have shown that even equipment vendors use non-standard contention window values to increase the performance of their cards [5]. In Chapter 3 it will be shown that misbehaviour is a serious threat to IEEE 802.11 EDCA networks..

(23) 10. Background Information.

(24) Chapter 3. State of the Art This chapter contains the state of the art in the areas of QoS and misbehaviour in multi-hop ad-hoc networks. First, QoS solutions for such networks are described (Section 3.1). Then general overview of misbehaviour threats in ad-hoc networks is given (Section 3.2) followed by a discussion on modelling the EDCA function (Section 3.3). Sections 3.4 and 3.5 contain the state of the art in the areas of detecting and preventing MAC layer misbehaviour, respectively. A special section is devoted to game-theoretic approaches (Section 3.6). Finally, Section 3.7 concludes the chapter and prepares the subsequent part of this dissertation. Fragments of this chapter have previously been published in [70, 71, 72, 73].. 3.1. QoS in Ad-hoc Networks. There are many challenges to QoS provisioning in wireless ad-hoc networks. Therefore, in recent years, numerous QoS solutions have been proposed operating at different layers of the OSI model. An overview of these challenges and solutions can be found in [46]. In this section, the focus is on those solutions which operate at the Data Link Layer and modify medium access (similarly to EDCA). The main goal of these QoS MAC protocols is to provide traffic differentiation. This means that different traffic priorities are distinguished. High priority traffic (such as real-time voice and video) is assured an increased probability of channel access. This is required to prevent such traffic from having severely degraded throughput at the cost of best-effort traffic. Notable examples of QoS MAC protocols providing traffic differentiation are [12, 38, 48, 52, 67, 78, 81]. The EDCA function (described in Section 2.1) is also an example of a QoS MAC protocol providing traffic differentiation in ad-hoc networks. It is the only.

(25) 12. State of the Art. standardized QoS MAC protocol for such networks and it has been widely studied in the literature. Many performance analyses have been performed (cf., Section 3.3). Several extensions to EDCA have also been proposed, e.g., to provide support for hidden nodes [32]. Furthermore, it has been shown that EDCA can be used in a comprehensive cross-layer QoS solution for ad-hoc networks [47]. For these reasons, EDCA is the focus of this dissertation.. 3.2. Misbehaviour in Ad-hoc Networks. Many of the first papers dealing with misbehaviour in ad-hoc networks were focused on the problem of not forwarding packets. Such actions are done at the network layer and can be performed with the use of a firewall. The first benefit is that the misbehaving node has more bandwidth for its own traffic. Secondly, in the case of mobile nodes, it can extend its battery life. The first solution to not forwarding packets was presented in [23] and later independently developed into CONFIDANT [6] and CORE [44]. This family of solutions is based on promiscuous observation of events in the network. Through such observation, many types of misbehaviour can be detected including dropping packets and packet manipulation. The statistical analysis of such events allows calculation of a reputation level for each node, which in turn determines cooperation. Misbehaving nodes (i.e., those with a low reputation) are gradually isolated from the network and thus misbehaviour is discouraged. Other papers dealing with the problem of dropping packets include [30, 31]. The possible types of misbehaviour at the MAC layer have been described in Section 2.2. Furthermore, a good overview of the challenges and solutions related to such misbehaviour can be found in [16]. Historically, one of the first papers proposing a solution to the problem of contention window misbehavior was [35] (extended in [36]). The authors of this paper take into account several misbehavior strategies, such as selecting a smaller backoff, having a fixed backoff or not doubling the CW . It was the first paper to report degraded throughput in 802.11 infrastructure networks. The authors proposed an algorithm to solve this problem, under the assumption that the receiver1 (an 802.11 AP) does not misbehave. In their approach, it is the receiver (not the sender as in 802.11), which chooses the random backoff value. This value is transferred to the sender in either a CTS or ACK frame. Misbehaviour occurs when the sender deviates from that backoff. The penalty assigned by the receiver is a larger backoff value in subsequent transmissions. The problem with this approach, other than requiring changes to the 802.11 standard, is that it is unsuitable for ad-hoc networks, where 1 Throughout. this dissertation it is assumed that the sender is the node which transmits DATA frames and the receiver is the destination node for these frames, i.e., the receiver responds with ACK frames..

(26) 3.3 Modeling EDCA. 13. the receiver cannot be trusted. Alternative solutions for detecting and reacting to MAC layer misbehaviour are described in Sections 3.4, 3.5, and 3.6. Examples of other misbehaviour issues, out of the scope of this dissertation, include carrier-sense misbehaviour [54, 55], application layer misbehaviour [37], dealing with misbehaviour in military ad-hoc networks [58], coping with network layer misbehaviour in mesh networks [43], and modifying inter-frame spaces [17].. 3.3. Modeling EDCA. There have been many analytical EDCA models presented in the literature [14, 33, 42, 75]. All of them are based on the seminal paper by Bianchi [4]. However, none of them have studied misbehaviour. On the other hand, papers which do study misbehaviour using IEEE 802.11 models (such as [18, 26, 53, 77]) consider DCF, the predecessor of EDCA. Therefore, an analytical model of EDCA is required to analyse the impact of misbehaving nodes on network performance. Such a model is presented in Chapter 5.. 3.4. Detecting MAC Misbehaviour. Several papers have studied the problem of detecting backoff misbehaviour. Most approaches are based on recording the observed backoff values of a node and determining whether they are standard compliant. Observations are hindered by such factors as: interference from other transmissions, unsynchronized clocks, and non-deterministic medium access. It is also necessary to determine when to cease observations and classify the behaviour. Depending on the detection method they can be classified into the following groups: mean test [8, 63, 65], entropy test [8], sequential probability ratio test [59, 60, 61, 62, 64, 77], Kolmogorov-Smirnov test [66, 76], Wilcoxon rank sum test [39], fuzzy logic-based test [13], or based on simulation results [57]. A comparison of selected detection schemes can be found in [9]. The main disadvantage of existing solutions is that none of them take into account the binary exponential backoff (BEB) feature of 802.11. Furthermore, only [65, 66] consider EDCA albeit in a limited scope. Other methods can be extended to support EDCA, though none of them have been evaluated with EDCA parameters. Some papers (such as [63, 65]) consider only infrastructure WLAN scenarios. Other solutions may be difficult to implement, because they are computationally expensive (such as [59, 76]) or based on measured throughput [64]. These disadvantages are mitigated by the detection method proposed in Chapter 6..

(27) 14. 3.5. State of the Art. Preventing or Discouraging Misbehaviour. Using a preventive or discouraging strategy to solve the problem of misbehaviour may be considered an alternative approach. However, for misbehaviour to become completely or nearly impossible extensive modifications to IEEE 802.11 are required. In [8], an algorithm (named ERA-802.11) for ensuring randomness in ad-hoc networks is proposed. It is based on the negotiation of CW parameters inspired by a protocol for determining, over the telephone, the outcome of a coin toss. This assures a truly random backoff. The detection system developed in [35] is used to monitor nodes. In the case of misbehaviour, a report is sent to an external reputation management system. ERA-802.11 introduces extra messages so it is not compatible with the 802.11 standard. Other examples of preventive or discouraging approaches are: using a hash function to determine the deferment time when accessing the channel [29] (an extension of [24, 25]), modifying the backoff selection function [15, 18, 39], and applying a Vickrey auction mechanism [3]. The disadvantage of preventive approaches, however, is that they do not provide support for legacy nodes and in many cases cannot be applied to EDCA. Therefore, a game-theoretic approach (Section 3.6) is considered in order to propose a method for reacting to misbehaviour.. 3.6. Game-theoretic Approaches. A comprehensive overview of the basics of game theory and its application to wireless ad-hoc networks can be found in [10, 68]. One of the first papers to employ game theory to optimize medium access in wireless networks was [40]. Similarly, other papers have used a game theoretic framework to enhance the performance of IEEE 802.11 networks [11, 26, 27, 28, 34, 51, 82]. A game theoretic model of a network with misbehaving users can be found in [74]. One of the most cited works with respect to backoff misbehaviour and game theory was written by Cagalj et. al [7]. In this paper the authors focus on the coexistence of several cheaters in an IEEE 802.11 network. The strategy of the cheaters is to manipulate contention window values to achieve the highest throughput. The authors prove that the network suffers from a tragedy of the commons [69] in the presence of multiple cheaters. They then introduce a method to guide the cheaters to choose a contention window value which assures optimal and fair distribution of throughput. This approach is implemented through a detection mechanism (based on observing throughput deviations) and a penalization scheme (based on selectively jamming the frames of cheaters). The proposed solution is anonymous, distributed, self-adaptive, and it does not encourage the abuse of the penalization.

(28) 3.7 Chapter Summary. 15. scheme. Despite these benefits the work presented in [7] cannot be applied to EDCA networks for the following reasons. In such networks it is impossible to find a single optimal contention window value because each AC has different access parameters, which result in differences in throughput. These differences are necessary to provide QoS. Furthermore, the approach presented in [7] ensures that even though the misbehaving nodes will have the same throughput it will be significantly higher than that of the well-behaving nodes. This does not comply with the standard. Additionally, the authors acknowledge that the misbehaviour detection mechanism that they use does not work in the presence of hidden nodes and with different traffic constraints (such as those present in EDCA networks). They suggest using backoff detection, i.e., comparing the measured and expected distributions of backoff values, to determine which nodes are misbehaving. Such a method is proposed in Chapter 6. Therefore, the goal of a game-theoretic solution for ad-hoc networks should be to provide incentives for nodes to behave according to the EDCA function of the IEEE 802.11 standard while assuring legacy node support. Such a solution is described in Chapter 7.. 3.7. Chapter Summary. To summarize, the major shortcomings of the current state of the art are: • focus on WLANs operating in infrastructure mode — this is different from ad-hoc scenarios most notably because of the presence of a central access point, • focus on unrealistic misbehaviour — examples include packet manipulation, selective jamming and other techniques which require expert skills, • considering adaptive misbehaviour — such actions are quite difficult to implement because they require excessive modification of a network driver, • focus on analysis of DCF — EDCA, with its four distinct sets of parameters, has rarely been taken into account, especially in ad-hoc network scenarios. As will be shown in Chapters 4, 5, 6 and 7, the approach presented in this dissertation goes beyond the state of the art..

(29) 16. State of the Art.

(30) Chapter 4. Impact of Misbehaviour on QoS This chapter provides simulation results which determine the impact of misbehaviour on QoS provisioning in IEEE 802.11 EDCA ad-hoc networks. Simulations were performed for both single-hop (Section 4.1) and multi-hop networks (Section 4.2). The results presented in this chapter have been published in [70, 72].. 4.1. Single-hop Networks. This section presents simulation analysis performed for several single-hop scenarios with a distinction made for uplink and downlink traffic. The potential benefits of a misbehaving node are measured for UDP and TCP traffic. Table 4.1 presents the various simulation parameters used. All nodes can communicate with each other directly. Table 4.1: Simulation PHY layer 802.11b Basic rate 1 Mb/s Transport protocol UDP and TCP. parameters Frame Size Data rate Traffic generator. 1000 B 11 Mb/s CBR. Two different network topologies were considered, for the uplink and downlink scenarios. In the uplink scenario, the number of homogeneous nodes in the adhoc network was set to 10, 50, and 200 to represent small, average and large.

(31) 18. Impact of Misbehaviour on QoS. network sizes, respectively. The normalised per-node offered load1 varied from 0.0058 (64 kb/s) to 0.73 (8 Mb/s). An example topology, for 10 nodes, is presented in Figure 4.1. Half of the nodes are senders and half are receivers of traffic. Therefore, the number of flows in the studied networks was either 5, 25, or 100.. Node 0. Node 5. Node 1. Node 6. Node 2. Node 7. Node 3. Node 8. Node 4. Node 9. Figure 4.1: Network topology (uplink scenario) Within each uplink scenario, there was one misbehaving node (the encircled node in Figure 4.1). Out of the four ACs of EDCA, the BK priority was used by all nodes. The well behaving (good) nodes had unaltered contention window M IN M AX parameters: CWBK = 31, CWBK = 1023. The misbehaving (bad) node had M IN M AX these parameters significantly decreased: CWmisb = 1, CWmisb = 5. It seems realistic that the misbehaving node would choose such low (or lower) parameters to maximize its gain in throughput over the good nodes. The effect of choosing M AX other CWmisb values is studied further on. In the downlink scenario, a different network topology was considered (Figure 4.2). There was one misbehaving node (encircled in the figure) and three wellbehaving nodes, all within hearing range of each other. Measuring UDP traffic is pointless because the misbehaving node has no means of influencing it in the downlink direction. For TCP, however, the bad node sends TCP acknowledgements so it has influence on the rate of the received data. Therefore, two TCP flows, with a normalized offered load of 0.73 (8 Mbit/s) each, were used to put 1 Throughout the dissertation the normalised offered load and normalised throughput are calculated with respect to the maximum data transmission rate, which for 802.11b is 11 Mbit/s..

(32) 4.1 Single-hop Networks. 19. the network in a state of saturation. The downlink throughput was measured with the misbehaviour either on or off.. Figure 4.2: Network topology (downlink scenario) For the uplink scenario, the normalised throughput of nodes as a function of the offered data rate is presented in Figures 4.3, 4.4, and 4.5 for 10, 50 and 200 total nodes in the network, respectively. These figures illustrate the normalised throughput of the misbehaving node compared to the normalised average throughput of the well-behaving nodes and the normalised average throughput in a case where there are no misbehaving nodes present. Data series of similar values have been merged to increase legibility. Figure 4.6 presents the average frame delay of the misbehaving and well-behaving nodes for the 10-node network scenario. If there are no misbehaving nodes present, the results match the delay of good nodes. The delay was similar for larger simulated networks (50 and 200 nodes), therefore only this figure is being presented.. Normalised Throughput. 0.70 0.60 Bad node. 0.50 0.40 0.30 0.20 Good nodes. 0.10 0.00 0.0. 0.1. 0.2. 0.3. 0.4. 0.5. 0.6. 0.7. 0.8. Normalised Offered Load UDP: Bad node. UDP: Good nodes (avg). TCP: Bad node. TCP: Good nodes (avg). UDP/TCP: No misbehaviour. Figure 4.3: Throughput vs. offered load (total no. of nodes: 10) The main conclusion from these figures is that the misbehaving node can easily dominate the network in terms of throughput and delay. To better understand.

(33) 20. Impact of Misbehaviour on QoS. Normalised Throughput. 0.5 0.4. Bad node. 0.3 0.2 0.1. Good nodes. 0 0. 0.1. 0.2. 0.3. 0.4. 0.5. 0.6. 0.7. 0.8. Normalised Offered Load UDP/TCP: No misbehaviour. UDP: Bad node. UDP/TCP: Good nodes (avg). TCP: Bad node. Figure 4.4: Throughput vs. offered load (total no. of nodes: 50). Normalised Throughput. 0.4. 0.3 Bad node. 0.2. 0.1 Good nodes. 0.0 0. 0.1. 0.2. 0.3. 0.4. 0.5. 0.6. Normalised Offered Load UDP: Bad node. TCP: Bad node. UDP/TCP: Good nodes (avg) / No misbehaviour. Figure 4.5: Throughput vs. offered load (total no. of nodes: 200). when this occurs, Figure 4.3 is repeated as Figure 4.7 with only the UDP results. It can now be clearly seen that the impact of the misbehaving node occurs once the network reaches congestion (at a normalised offered load of approximately 0.1). Until that point the bad node’s presence is not harmful. After reaching congestion, the bad node increases its throughput at the cost of the good nodes until saturation is achieved, in which the bad node has much more throughput than the average good node. The type of transport protocol used has no influence on this behaviour, although throughput is, of course, generally lower for TCP than UDP (cf., Figure 4.3). This is related to the TCP congestion control mechanisms and the depen-.

(34) Delay [ms]. 4.1 Single-hop Networks 500 450 400 350 300 250 200 150 100 50 0. 21. Good nodes. 0.0. 0.1. 0.2. Bad node. 0.3. 0.4. 0.5. 0.6. 0.7. 0.8. Normalised Offered Load UDP: Bad node. UDP: Good nodes (avg). Figure 4.6: Average frame delay vs. offered load (total no. of nodes: 10) dence on the TCP acknowledgements, which are sent to the bad node by a wellbehaved node. The total number of nodes in the network only limits the maximum throughput of the misbehaving node, otherwise, the behaviour is similar. Congestion Saturation. Normalised Throughput. 0.70 0.60 0.50 0.40 0.30 0.20 0.10 0.00 0.0. 0.1. 0.2. 0.3. 0.4. 0.5. 0.6. 0.7. 0.8. Normalised Offered Load UDP: Bad node. UDP: Good nodes (avg). Figure 4.7: Impact of misbehaving node The throughput gain of the misbehaving node in absolute values is presented in Figure 4.8. This gain is calculated as the difference between bad node throughput and average throughput in a scenario with no misbehaviour. The points where the network saturates differs for transport protocol (TCP, UDP) and network size (10, 50, 200 nodes). Nonetheless, misbehaviour is profitable — the cheating node.

(35) 22. Impact of Misbehaviour on QoS. Normalised Misbehaviour Gain. always experiences an increase of the uplink throughput. 0.6 0.5 0.4 UDP. 0.3 0.2 0.1 TCP. 0.0 0.0. 0.2. 0.4. 0.6. 0.8. 1.0. Normalised Offered Load UDP - 10 nodes. UDP - 50 nodes. UDP - 200 nodes. TCP - 10 nodes. TCP - 50 nodes. TCP - 200 nodes. Figure 4.8: Throughput gain of misbehaving node In the presented results, the misbehaving node was using the following CW M IN M AX M AX parameters: CWmisb = 1, CWmisb = 5. The choice of CWmisb can of course be challenged. Further simulations were performed to determine the impact of the M AX choice of CWmisb . Table 4.2 presents the results in the form of the misbehaving node’s normalised throughput. M AX on normalised bad node throughput Table 4.2: Impact of CWmisb M AX CWmisb Nodes 1 5 31 10 0.555 0.549 0.548 50 0.492 0.453 0.439 200 0.369 0.267 0.193 M AX The throughput difference between setting CWmisb = 1 and the previously M AX considered CWmisb = 5 is mostly visible for the largest network size. SimiM AX larly, the difference between setting CWmisb = 5 and increasing it to 31 is also significant only if the network is large. Therefore, it can be assumed that the M AX misbehaving node will want to choose the lowest possible CWmisb to maximize its gain, regardless of network size. Furthermore, as previously mentioned, there is no incentive in the 802.11 standard for the user to use only a subtle form of cheating. Another important and interesting question concerns the impact of misbe-.

(36) 4.1 Single-hop Networks. 23. haviour on higher priority traffic. Can a node, misbehaving with the use of the parameters of a lower priority AC (e.g., BK), take away throughput from a higher AC (e.g., Vo)? To answer this question, a modified version of the previous 5 node scenario (Figure 4.1) was simulated. The four good nodes were sending traffic of the highest priority – Vo. The misbehaving node continued to use the BK priority. Two situations were simulated, with the bad node’s misbehavior turned off and on. The achieved throughput, with respect to the offered load, is shown in Figure 4.9. In the first situation (represented by the solid lines), the good (Vo) nodes receive all the throughput, while the throughput of the bad (BK) node is reduced because misbehaviour is turned off. This is in accordance with the EDCA function. The dashed lines in the figure represent the case when the bad node modifies its CW parameters similarly to the previous scenarios (i.e., M IN M AX CWmisb = 1, CWmisb = 5). It can now obtain a significantly higher throughput than before, even higher than the Vo priority nodes. The difference between this scenario and the previous one is that the misbehaving node is not able to dominate the channel in the presence of Vo priority nodes (at least with contention window manipulation), as it was possible in the presence of well-behaving BK nodes. However, it can be inferred that, despite the fact that Vo is the highest priority, it does not matter which AC the misbehaving node will manipulate — it is always able to benefit it terms of throughput. This kind of network behaviour can further influence the decision of a potentially selfish user to take advantage of the benefits of misbehaviour. Normalised Throughput. 0.14 0.12 0.10 0.08 0.06 0.04 0.02 0.00 0.0. 0.1. 0.2. 0.3. 0.4. 0.5. 0.6. 0.7. 0.8. Normalised Offered Load Misbehaviour: OFF, Bad node. Misbehaviour: OFF, Good nodes (avg). Misbehaviour: ON, Bad node. Misbehaviour: ON, Good nodes (avg). Figure 4.9: Throughput vs. offered load for BK vs. Vo priority scenario In the downlink scenario (Figure 4.2) only TCP traffic was simulated. The misbehaving node could only influence the sending of TCP acknowledgements, by M IN M AX changing the CW values as in the previous scenario (to CWmisb = 1, CWmisb = 5)..

(37) 24. Impact of Misbehaviour on QoS. Figure 4.10 presents the throughput results for misbehaviour turned on and off. The result is that with misbehaviour turned on, the throughput of the bad node increases by an extremely small amount. The rapid sending of TCP acknowledgements increases the number of collisions in the channel but does not yield any substantial increase in the rate of the sender. This is a situation in which misbehaviour does not bring beneficial results.. Normalised Throughput. 0.25 0.20 0.15 0.10 0.05 0.00 0.0. 0.1. 0.2. 0.3. 0.4. 0.5. 0.6. 0.7. 0.8. Normalised Offered Load Misbehaviour: OFF, Receiver: Bad node. Misbehaviour: ON, Receiver: Bad node. Figure 4.10: Downlink throughput. 4.2. Multi-hop Networks. This section presents the results of a simulation study of misbehaviour in multihop, mesh networks. The simulated network topology is presented in Figure 4.11. Mesh Node The Internet Access Point. Flow 1b. Flow 1a Flow 2b. Alice. Flow 2a. Bob. George. Carl. Figure 4.11: Mesh network scenario Each MN uses the EDCA function and is within range of its closest neighbour only. George’s MN is a gateway to the Internet, Bob is sending a file to his friend.

(38) 4.2 Multi-hop Networks. 25. Carl (Flow 1a and 1b), and Alice is watching a video stream from the Internet (Flow 2a and 2b). It can be assumed that UDP is used if Alice’s transmission is real-time and TCP is used otherwise. Her traffic uses the highest priority (Vo) to ensure high quality of the video stream. If Bob uses a lower priority (BE) for his file transfer, the EDCA function will ensure that Alice’s video stream is uninterrupted by Bob’s file transfer. This is shown in the reference case (case A) in Section 4.2.2. However, since Bob is in the path of Alice’s traffic, he can misbehave by altering his medium access parameters. He can either simply degrade Alice’s traffic (Section 4.2.3) or combine this with promoting his own traffic (Section 4.2.4). The question is: can such actions be beneficial for Bob? The answer is provided in Section 4.2.5 which gives conclusions derived from the results of the simulations. Since there is no impact of (and therefore no gain from) misbehaviour in non-saturated networks (cf. Section 4.1), the network is simulated in a state of saturation. The saturation throughput is evaluated for the given topology in Section 4.2.1. In saturation, the traffic source may not be relevant, so CBR was chosen. The packet size was set to 1000 B. In fact, the packet size is not significant because this is not an analysis of network performance. The RTS/CTS mechanism was not used since only Bob’s and George’s MNs generate traffic and they are neither hidden from, nor exposed to each other. The 802.11b physical layer and the AODV routing protocol were used. The size of the network is small, but for one misbehaving node it is enough to show how its actions will influence network performance.. 4.2.1. Saturation Throughput. In order to determine the saturation throughput of the network, the following simulation study was performed. The normalised offered load of Flow 1 (Bob’s file transfer) and Flow 2 (Alice’s video stream) increased simultaneously from 0.0058 (64 kb/s) to 0.91 (10 Mb/s). The default priority (BE) was used for both flows. Both UDP and TCP were considered as the transport protocols. The results are presented in Figure 4.12, which shows the average normalised flow throughput achieved as a function of normalised offered load. For TCP the situation is clear — saturation is reached at a normalised offered load of approximately 0.1 (1 Mb/s). However, for UDP traffic, once a peak is reached, the throughput decreases to zero and a congestion collapse occurs. This is because the interface queue present in the MAC layer of ns-2 uses the drop tail queue management algorithm. Bob’s interface queue becomes completely filled with locally generated frames, leaving no room for frames that are to be forwarded. In real life wireless cards such behaviour depends on the implementation. This does not occur for TCP traffic because this protocol adjusts its transmission speed using the additive increase/multiplicative-.

(39) 26. Impact of Misbehaviour on QoS. decrease algorithm. With respect to these results, a normalised offered load of just over 0.18 (2 Mb/s) was chosen as the saturation throughput for simulations in the following subsections.Table 4.3 contains a brief description of all the considered cases.. Normalised Throughput. 0.14 0.13 TCP. 0.11 0.10 0.08 0.06 0.05. UDP. 0.03 0.02 0.00 0. 0.1. 0.2. 0.3 0.4 0.5 0.6 0.7 Normalised Offered Load. 0.8. 0.9. 1. Figure 4.12: Average flow throughput. Table 4.3: Descriptions of all cases Case A B C D E F G. Description Reference case, no misbehaviour Bob changes the parameters of the Vo AC in his router to resemble BK (simple misbehaviour) Case B + CW M IN of forwarded traffic is set to maximal value (1023) Bob uses CW M IN = CW M AX = 1 and T XOPLimit = 8160 µs for his traffic Case B + Case D (simple misbehaviour, change of forwarded traffic priority) Case E + CW M IN of forwarded traffic set to maximal value (1023) Case F + Bob uses AIF SN = 1.

(40) 4.2 Multi-hop Networks. 4.2.2. 27. Reference Case. Case A is the reference example. Alice sends traffic using the Vo AC, whereas Bob consecutively sends traffic using each of the four ACs for his file transfer. Table 4.4 shows the throughput results that both flows achieved in the first (Flow 1a, 2a) and the second (Flow 1b, 2b) hop. Figure 4.13 presents the end-to-end normalised throughput values for both flows. If Bob sends traffic using the same priority as Alice (i.e., Vo) they both achieve similar throughput. Otherwise, if Bob uses a lower priority, his throughput is likewise lower. This is in accordance with the EDCA function. An interesting observation is that when Bob changes the AC of his traffic from Vo to Vi the decrease in throughput is much larger for TCP than UDP. This can be explained by the fact that Flow 1 had to contend twice for the medium and twice with a lower priority and that TCP is more sensitive than UDP to congestion, especially in wireless environments.. Normalised Throughput. 0.25 0.20 0.15 0.10 0.05 0.00 Vo. Vi. BE. BK. Flow 1 Priority UDP Flow 1. UDP Flow 2. TCP Flow 1. TCP Flow 2. Figure 4.13: End-to-end throughput results for case A. Flow 1 AC Vo Vi BE BK. Table 4.4: Per-hop throughput UDP F1a F1b F2a F2b 0.161 0.124 0.161 0.124 0.109 0.084 0.192 0.192 0.103 0.079 0.192 0.192 0.096 0.070 0.192 0.192. results for case A TCP F1a F1b F2a 0.105 0.100 0.101 0.018 0.017 0.185 0.012 0.012 0.190 0.002 0.002 0.201. F2b 0.096 0.175 0.180 0.190.

(41) 28. 4.2.3. Impact of Misbehaviour on QoS. Downgrading Forwarded Traffic. Normalised Throughput. In case B Bob changes the Vo parameters in his router to the parameters used for the BK AC. Again, Alice sends traffic using Vo, whereas Bob consecutively uses each of the four EDCA priorities for his file transfer. The throughput results (Figure 4.14) again reveal interesting observations. When Bob sends locally generated traffic using the Vo AC he is using the EDCA parameters which he manipulated. This means that on the first hop, his traffic is sent using the Vo queue but with BK parameters, and then forwarded by George using the Vo queue with Vo parameters (Figure 4.15). For Alice’s traffic, the priorities are reversed (first hop using Vo, second using BK). Why is Bob’s end-to-end throughput higher? Analysing the hop-by-hop normalised UDP throughput for Vo (Table 4.5) the conclusion is the same as before: 100% of Bob’s traffic and only 33% of Alice’s traffic is forwarded. Again, locally generated traffic wins with traffic that is to be forwarded. When Bob sends Vi or BE traffic he achieves the throughput gain that he was expecting. This gain is obviously higher for Vi than for BE. When Bob’s traffic uses BK, another interesting situation occurs. The per-hop use of priorities is shown in Figure 4.16. When UDP is used, Alice’s flow has more throughput (because it first uses Vo and then BK whereas Bob’s flow always uses BK). However for TCP this is not the case, even though both flows have about 95% of traffic forwarded. This seems to be a similar case to the one described in [2], where it was shown that TCP may completely change throughput allocation independently of the EDCA configuration. 0.20 0.18 0.16 0.14 0.12 0.10 0.08 0.06 0.04 0.02 0.00 Vo. Vi. BE. BK. Flow 1 Priority UDP Flow 1. UDP Flow 2. TCP Flow 1. TCP Flow 2. Figure 4.14: End-to-end throughput results for case B Case C is similar to the previous one: Bob again modifies the Vo parameters in his router. This time he increases the CW M IN parameter to the maximum value permitted by the standard. Therefore, CW M IN = CW M AX = 1023. Bob.

(42) 4.2 Multi-hop Networks. 29 Flow 1. Vo. BK Vo. BK Bob. Alice. George. Carl. Flow 2. Figure 4.15: Access parameters used in Case B, Flow 1 priority: Vo Flow 1. BK. BK Vo. BK Bob. Alice. George. Carl. Flow 2. Figure 4.16: Access parameters used in Case B, Flow 1 priority: BK. has now degraded the Vo priority almost as severely as possible using EDCA parameter modification. The results are presented in Figure 4.17 and Table 4.6. When Bob sends Vo traffic, the situation is similar to that in case B. However, in case C the throughput values are significantly lower because of the high CW parameters. When Bob sends traffic using the other ACs (Vi, BE, and BK) it can be seen that misbehaviour brings meaningful gains. The fact that Bob’s throughput is high even if he sends traffic using BK signifies the importance of the CW parameters on throughput.. Normalised Throughput. 0.25 0.20 0.15 0.10 0.05 0.00 Vo. Vi. BE. BK. Flow 1 Priority UDP Flow 1. UDP Flow 2. TCP Flow 1. TCP Flow 2. Figure 4.17: End-to-end throughput results for case C.

(43) 30. Impact of Misbehaviour on QoS. Flow 1 AC Vo Vi BE BK. Flow 1 AC Vo Vi BE BK. 4.2.4. Table 4.5: Per-hop throughput UDP F1a F1b F2a F2b 0.135 0.135 0.192 0.062 0.178 0.178 0.192 0.018 0.147 0.137 0.192 0.075 0.107 0.103 0.192 0.130. results for case B TCP F1a F1b F2a 0.129 0.122 0.065 0.199 0.189 0.007 0.162 0.154 0.041 0.123 0.116 0.074. F2b 0.061 0.007 0.039 0.070. Table 4.6: Per-hop throughput UDP F1a F1b F2a F2b 0.039 0.039 0.192 0.011 0.187 0.186 0.192 0.001 0.174 0.173 0.192 0.003 0.161 0.161 0.192 0.005. results for case C TCP F1a F1b F2a 0.031 0.029 0.015 0.206 0.195 0.000 0.200 0.189 0.002 0.190 0.180 0.003. F2b 0.014 0.000 0.002 0.003. Promoting Local Traffic. In Section 4.2.3 (cases B and C) Bob gained throughput by degrading the traffic parameters of forwarded traffic. In the following cases (from D to G) Bob further manipulates EDCA parameters, this time in order to increase the medium access probability for his own traffic. To limit the number of results, it is assumed that Bob sends traffic using one AC (Vi). The results are presented in Table 4.7 and Figure 4.18. In case D Bob uses the lowest possible CW parameters (CW M IN = CW M AX = 1) and the highest possible T XOPLimit value (8160 µs). However, these parameters do not allow Bob to have a higher throughput than Alice. With UDP, he is able to achieve high throughput, but only on the first hop (Table 4.7). On the second hop his throughput decreases because Bob sends traffic using Vi priority, and Alice sends traffic using Vo. The results for TCP are similar, taking into account congestion control. In case E, Bob not only uses the most optimal EDCA parameters for Vi (like in case D) but also uses the simple misbehaviour that was presented in case B. This time, misbehaviour is advantageous for Bob in terms of achieved throughput. Case F differs from the previous one in that the CW M IN parameter of Vo is increased to its maximal value (1023). The result is an even higher throughput for Bob. Finally, case G was modified from the previous one by also cheating on the AIFS value and changing it from 2 to 1. This brought a further, though minor increase in throughput..

(44) 4.2 Multi-hop Networks. 31. Normalised Throughput. 0.25 0.20 0.15 0.10 0.05 0.00 Case D UDP Flow 1. Case E UDP Flow 2. Case F TCP Flow 1. Case G TCP Flow 2. Figure 4.18: End-to-end throughput results for cases D, E, F, and G (Alice uses standard Vo parameters, Bob uses modified Vi parameters) Table 4.7: Per-hop throughput results for cases D, E, F, and G UDP TCP Case F1a F1b F2a F2b F1a F1b F2a F2b D 0.192 0.060 0.159 0.160 0.024 0.022 0.180 0.170 E 0.192 0.171 0.192 0.021 0.199 0.189 0.010 0.010 F 0.192 0.187 0.192 0.003 0.207 0.196 0.002 0.002 G 0.192 0.192 0.192 0.003 0.211 0.199 0.003 0.002. 4.2.5. Lessons Learned. The results from the simulations have been gathered in Figure 4.19, which presents the maximum possible throughput gain that a misbehaving user can achieve by manipulating the Vo AC in the analysed multi-hop scenario. The gain was calculated as the ratio of the highest throughput in each case to the throughput achieved in case A in which the analysis was performed for Vo. Since the network was in saturation, it can be stated that the throughput gain of misbehaving Bob was related to the throughput loss of well-behaving Alice. With the exception of case D, all the combinations of misbehaviour turned out to be very beneficial. For UDP there was a 40–50% increase, and for TCP – a 90–100% increase in throughput. The conclusion is that in all cases when Bob degraded the EDCA parameters of Alice’s traffic he was able to achieve substantially higher throughput. He achieved best performance in case G, in which he both downgraded Alice’s traffic and promoted his own traffic. He changed his Vo.

(45) 32. Impact of Misbehaviour on QoS 250%. Throughput Gain. 200% 150% 100% 50% 0% B. C. D. E. F. G. Case UDP. TCP. Figure 4.19: Maximum possible throughput gain for misbehaving user manipulating the Vo AC parameters to resemble BK and additionally changed the CW M IN of Vo to its maximum possible value. At the same time he changed the parameters of his Vi traffic to be optimal (i.e., lowest possible CW M IN , highest possible T XOPLimit , and lowest possible AIFS). The unexpected result from these simulations is that, to achieve higher throughput in a multi-hop environment, it is significantly more important to degrade forwarded traffic than promote one’s own.. 4.3. Conclusions. This chapter has presented the impact of contention window misbehaviour on single-hop and multi-hop ad-hoc networks. For single-hop networks, the main conclusion is that with CW misbehaviour the misbehaving node can dominate uplink traffic in terms of both throughput and delay. This domination jeopardizes the whole ad-hoc network since other nodes receive little or no throughput. It has been observed that the increase in throughput of a misbehaving node occurs once the network is congested and has the largest impact when the network is saturated (Figure 4.7). Therefore, any future analysis should be limited to such scenarios. In non-congested networks, a node’s misbehaviour, though theoretically observable, has no influence on other nodes and is therefore harmless. This chapter has also shown that EDCA fails to provide Quality of Service in the face of contention window cheating. Misbehaviour allows a user’s lower priority traffic to outperform the higher priority traffic of others. The aim of a selfish user may be to increase the download throughput (e.g.,.

(46) 4.3 Conclusions. 33. of an FTP transfer). However, the analysed downlink scenario showed that the misbehaving node cannot significantly influence the rate of the sender, even with TCP traffic. Therefore, in such cases misbehaviour is not advantageous. For multi-hop networks, two forms of EDCA parameter modification were considered: downgrading forwarded traffic and promoting local traffic. It has been shown that this is a real threat to wireless mesh networks because it allows easy access to higher throughput and also degrades QoS provisioning. The main conclusion is that, in multi-hop scenarios, degrading forwarded traffic yields a greater advantage than modifying the medium access parameters of locally generated traffic. This problem has not been noticed before in the literature and should influence future misbehaviour detection schemes..

(47) 34. Impact of Misbehaviour on QoS.

(48) Chapter 5. IEEE 802.11 EDCA Model This chapter contains a novel model of IEEE 802.11 EDCA with support for analysing networks with misbehaving nodes. After a description of the assumptions, an analysis of the model is performed. The model is then verified by extensive simulations and by comparing it to three other IEEE 802.11 models. Finally, a comparison with simulation results in several scenarios with misbehaving nodes proves that the model performs correctly for these scenarios. The results presented in this chapter have been published in [73].. 5.1. Assumptions. EDCA is modeled under the following assumptions: • traffic is generated with a Poisson distribution, • frames are of equal length, • there are M/G/1 queues in each node, • the RTS/CTS exchange is not used, • the T XOPLimit parameter is not used1 , • the medium is error-free, • all nodes are in a single-hop network and there are no hidden nodes, 1 An. example of including this parameter in the model can be found in [56]..

(49) 36. IEEE 802.11 EDCA Model. • each node transmits data of only one AC — this simplifies the analysis and it is a practical assumption that the misbehaving user wants to send a single type of data (support for multiple ACs per node can be easily added, e.g., as in [20]), • nodes misbehave only by changing CW M IN , CW M AX — such parameter modification can be easily performed with the use of the latest wireless drivers [41]. More elaborate attacks are not considered because they are either difficult to perform (e.g., modifying the EDCA mechanism implemented in the wireless card drivers) or are related to higher layers of the OSI model (e.g., swapping of ACs, node collusion) and thus out of the scope of this dissertation. All these assumptions do not affect the analysis of misbehaviour because they influence the results in a quantitative (not qualitative) manner.. 5.2. Model Analysis. The input parameters for the analysis of EDCA are: • the number of ACs in the network (NC ), • the number of nodes using the i-th AC (ni ), • the traffic rate of the i-th AC given in frames per second (λi ), • the average time required to send a DATA frame (T DAT A , based on the average frame size). The goal of the analysis is to derive the overall throughput in each AC (Si ). It is defined as the quotient of the average duration of a successful transmission of a frame of the i-th AC and the average duration of a contention slot (T CS ), in which the frame competes for medium access with other frames. Therefore, Si =. pSi T DAT A , T CS. (5.1). where pSi is the is the probability of a successful transmission for the i-th AC and T DAT A is the average time spent on transmitting a frame. Let τi be the transmission probability in a slot time for the i-th AC. Then pSi , the probability that only one node is transmitting in a given slot time, can be computed as ni −1. pSi = ni τi (1 − τi ). NY c −1 j=0 j6=i. (1 − τj )nj .. (5.2).

(50) 5.2 Model Analysis. 37. T CS is calculated using the following equation: T CS = (1 − pB )Te + P S T S + (pB − P S )T C ,. (5.3). where Te is the slot time, T S is the duration of a successful transmission, T C is the duration of a collision, pB is the probability of a busy channel, 1 − pB is the probability of a free channel, P S is the overall probability of a successful PNc −1 S transmission in any AC (P = i=0 pSi ). Now (5.1) can be rewritten as Si =. pSi T DAT A . (1 − pB )Te + P S T S + (pB − P S )T C. (5.4). The time intervals T S and T C can be calculated as T S = AIF S M IN + T H + T DAT A + SIF S + T ACK + 2δ,. (5.5). T C = T H + T DAT A + δ + ACKT imeout + AIF S M IN ,. (5.6). M IN. where AIF S is the minimum AIF S value among all ACs, δ is the propagation delay, T H is the time required to send the PHY and MAC headers, and ACKT imeout = EIF S − DIF S. The probability of a busy channel pB is equal to the probability that at least one node is transmitting: pB = 1 −. NY c −1. (1 − τi )ni .. (5.7). i=0. The remaining unknown variables of (5.2) and (5.4) can be found using analysis of the Markov chain presented in Figure 5.1. A fundamental assumption is that the events of frame generation, blocking, collision, and starting a frame transmission (defined below) are constant and independent from each other. This assumption, which follows from [4], allows the use a Markov chain to model EDCA. To describe the model the following AC-dependent probabilities are introduced, each one calculated from the perspective of a given node (i.e., taking into account the perceived activity of other nodes): • The frame blocking probability for the i-th AC (pB i ) is the probability that at least one other node is transmitting during the given node’s backoff. Following the fundamental assumption of event independence it can be stated that each transmission “sees” the system in the steady state in which each of the other nodes transmits with a constant probability τi . Therefore,.

(51) B i. )(. T i. ). i, j, 0 C i. 1− piB. .... piB. i, M,1. 1 − p iB. piB. piB. i,M,CWi,m -1. piB. 1 − piB. 1 − p iB. 1 − p iB. i,1,CWi,1 -1. i,M,CWi,j -1. 1 − piB. 1− piB ... 1 − p iB. .... .... piB. i,1,CWi,1. piB. i,M,CWi,m. piB. i,M,CWi,j. .... Collision at the first transmission attempt. 1− piB. 1− piB. 1− piB. piG piB CWi ,0 + 1. piB. i,1,CWi,1. piB. i,0,CWi,0. piB. i, j, CWi,j. 1− piB. piB. i,M,CWi,m -1. piB. i, j, CWi,j -1. piB. i,1,CWi,1-1. piB. .... .... 1− piB. 1− piB. .... 1− piB. B 1− piB ... 1− pi. 1− piB. i,0,CWi,0-1. .... piB. i, M,1. C i. i, 1, 0. 1− piB. i, j, 0. i, M, 0. p CWi, j +1 + 1. 1− piB. 1− piB. p CWi , 2 + 1. C i. i,0,0. i, j-1, 0. piC CWi,1 +1. 1− piB. piC CWi ,m + 1. piB. i, j,1. piC CWi, j + 1. piB. i, 1, 1. piB. i,0,1. 1 − ρi. ρi. 1. 1 − piC. 1 − piC. 1 − piC. 1 − piC. Busy channel at the first transmission attempt. piB. i,M,CWi,m. 1− piB. 1− piB. 1 CWi , 0 + 1. .... i, M ,0. piC CWi,m + 1. piB. i, j,1. piB. i, 1,1. .... piC CWi, j +1. 1− piB. piC CWi,2 +1. 1− piB. ). .... p CWi, j+1 +1. i, j-1, 0. .... .... .... 1. i, 1, 0. (. piG 1 − piB piT CWi,1 +1. Non-saturation i,-1,0. 1 − p iG. Saturation i,-2,0. .... 1 − piC. 1 − piC. 1 − piC. Success at the first transmission attempt. G i. p 1− p 1− p. (. 1 − ρi. ρi. 38 IEEE 802.11 EDCA Model. Figure 5.1: Markov chain of the proposed model. ni − 1 nodes in the i-th AC may transmit and any of the nodes in the other ACs may transmit as well. Furthermore, nodes transmitting with a lower priority AC need to wait for more empty slots than nodes transmitting with.

(52) 5.2 Model Analysis. 39. a higher priority AC (AIF SNi differentiation). The following equation is used to calculate pB i : h pB = 1 − (1 − τi )ni −1 i. NY c −1. (1 − τj )nj. iAIF SNi −AIF SN M IN +1. ,. (5.8). j=0,j6=i. where (1 − τi )ni −1 is the probability that no other nodes using the i-th AC QNc −1 nj are transmitting, j=0,j6 is the probability that no nodes using =i (1 − τj ) the other ACs are transmitting, and AIF SN M IN is the minimum AIF SN value among all ACs. • The frame collision probability for the i-th AC (pC i ) is the probability that at least one other node is transmitting while the given node is transmitting: ni −1 pC i = 1 − (1 − τi ). NY c −1. (1 − τj )nj .. (5.9). j=0,j6=i B The difference between pC i and pi is that in the former AIFS differentiation does not need to be taken into account.. • The probability that at least one frame will arrive at the i-th queue in a slot time is denoted as the frame generation probability (pG i ): −λi T pG i =1−e. CS. ,. (5.10). where T CS is the duration of a contention slot for the i-th AC. • pTi is the probability that any other node will immediately begin its transmission (i.e., the probability of starting a frame transmission): pTi. = 1 − (1 −. ni −1 pG i ). NY c −1. nj (1 − pG j ) .. (5.11). j=0,j6=i. This situation occurs only under non-saturation, when a frame is transmitted directly after being generated. • Finally, the saturation probability (ρi ) is the probability that the i-th queue is not empty after the previous transmission is finished: ρi = λi Di ,. (5.12). where Di is the overall service time of a frame for the i-th AC. A detailed description of this variable is given later..