Mohammad Hossein Manshaei

Similar documents
Computer Networks. Wireless LANs

standard. Acknowledgement: Slides borrowed from Richard Y. Yale

Wireless Network Security Spring 2014

WLAN Performance Aspects

MAC in /20/06

Local Area Networks NETW 901

Data Communications. Data Link Layer Protocols Wireless LANs

Wireless Network Security Spring 2015

Wireless Communication Session 4 Wi-Fi IEEE standard

Wireless Network Security Spring 2013

ICE 1332/0715 Mobile Computing (Summer, 2008)

Mobile Communications Chapter 7: Wireless LANs

Mohammad Hossein Manshaei 1393

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

CS 348: Computer Networks. - WiFi (contd.); 16 th Aug Instructor: Sridhar Iyer IIT Bombay

Wireless Network Security Spring 2012

Mobile & Wireless Networking. Lecture 7: Wireless LAN

Lecture 16: QoS and "

Mobile Communications Chapter 7: Wireless LANs

Mohamed Khedr.

Wireless Local Area Networks (WLANs) Part I

Wireless Local Area Network (IEEE )

Page 1. Wireless LANs: Design Requirements. Evolution. EEC173B/ECS152C, Winter Wireless LANs

Advanced Computer Networks WLAN

Chapter 6 Wireless and Mobile Networks. Csci 4211 David H.C. Du

original standard a transmission at 5 GHz bit rate 54 Mbit/s b support for 5.5 and 11 Mbit/s e QoS

3.1. Introduction to WLAN IEEE

MAC. Fall Data Communications II 1

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Topics for Today. More on Ethernet. Wireless LANs Readings. Topology and Wiring Switched Ethernet Fast Ethernet Gigabit Ethernet. 4.3 to 4.

Unit 7 Media Access Control (MAC)

Guide to Wireless Communications, Third Edition. Objectives

Mohammad Hossein Manshaei 1393

Wireless LANs. ITS 413 Internet Technologies and Applications

Hands-On Exercises: IEEE Standard

WLAN 1 IEEE Manuel Ricardo. Faculdade de Engenharia da Universidade do Porto

Wireless# Guide to Wireless Communications. Objectives

Mobile Communications Chapter 7: Wireless LANs

Computer Communication III

WLAN 1 IEEE Basic Connectivity. Manuel Ricardo. Faculdade de Engenharia da Universidade do Porto

Chapter 7: Wireless LANs

Mobile Communications Chapter 7: Wireless LANs

Chapter 7: Wireless LANs

Data and Computer Communications. Chapter 13 Wireless LANs

04/11/2011. Wireless LANs. CSE 3213 Fall November Overview

Overview : Computer Networking. Spectrum Use Comments. Spectrum Allocation in US Link layer challenges and WiFi WiFi

Introduction to IEEE

Chapter 4 WIRELESS LAN

Medium Access Control. MAC protocols: design goals, challenges, contention-based and contention-free protocols

Chapter 6 Medium Access Control Protocols and Local Area Networks

IEEE MAC Sublayer (Based on IEEE )

ECE442 Communications Lecture 3. Wireless Local Area Networks

DOMINO: A System to Detect Greedy Behavior in IEEE Hotspots

Wireless Protocols. Training materials for wireless trainers

Wireless Communication and Networking CMPT 371

Nomadic Communications WLAN MAC Fundamentals

Wireless Local Area Networks. Networks: Wireless LANs 1

Wireless Communications

Investigation of WLAN

Outline. CS5984 Mobile Computing. IEEE 802 Architecture 1/7. IEEE 802 Architecture 2/7. IEEE 802 Architecture 3/7. Dr. Ayman Abdel-Hamid, CS5984

Internet Protocol Stack

WiFi Networks: IEEE b Wireless LANs. Carey Williamson Department of Computer Science University of Calgary Winter 2018

Vehicle Networks. Wireless Local Area Network (WLAN) Univ.-Prof. Dr. Thomas Strang, Dipl.-Inform. Matthias Röckl

Wireless Networking & Mobile Computing

IEEE Medium Access Control. Medium Access Control

Wireless Communication and Networking CMPT 371

Performance anomaly of b

Certified Wireless Network Administrator (CWNA) PW Chapter Medium Access. Chapter 8 Overview

Wireless Network Security Spring 2011

Introduction to Wireless Networking CS 490WN/ECE 401WN Winter Lecture 4: Wireless LANs and IEEE Part II

Multiple Access Links and Protocols

IEEE Technical Tutorial. Introduction. IEEE Architecture

CSE 461: Wireless Networks

Wireless Networked Systems

Wireless LANs. Characteristics Bluetooth. PHY MAC Roaming Standards

IEEE WLANs (WiFi) Part II/III System Overview and MAC Layer

Outline / Wireless Networks and Applications Lecture 9: Wireless LANs Aloha and 802 Wireless. Regular Ethernet CSMA/CD

Wireless LAN -Architecture

Wireless Local Area Networks (WLANs)) and Wireless Sensor Networks (WSNs) Computer Networks: Wireless Networks 1

Resource sharing optimality in WiFi infrastructure networks

Wireless Networks (MAC)

IEEE Wireless LANs

MSIT 413: Wireless Technologies Week 8

IEEE Integrated Communication Systems Group Ilmenau University of Technology

Logical Link Control (LLC) Medium Access Control (MAC)

Transmission Control Protocol over Wireless LAN

Department of Electrical and Computer Systems Engineering

Lecture 23 Overview. Last Lecture. This Lecture. Next Lecture ADSL, ATM. Wireless Technologies (1) Source: chapters 6.2, 15

Wireless Networks (MAC) Kate Ching-Ju Lin ( 林靖茹 ) Academia Sinica

Wireless Local Area Networks (WLANs) and Wireless Sensor Networks (WSNs) Primer. Computer Networks: Wireless LANs

CSCD 433 Network Programming Fall Lecture 7 Ethernet and Wireless

CMPE 257: Wireless and Mobile Networking

Wireless Communication

Rahman 1. Application

WLAN (802.11) Nomadic Communications. Renato Lo Cigno - Tel: Dipartimento di Ingegneria e Scienza dell Informazione

Overview. Wireless networks basics IEEE (Wi-Fi) a/b/g/n ad Hoc MAC protocols ad Hoc routing DSR AODV

Page 1. Outline : Wireless Networks Lecture 11: MAC. Standardization of Wireless Networks. History. Frequency Bands

WLAN. Right, Gentlemen. The aim of our presentation is to give you detailed information on the topic WLAN (Wireless Local Area Network).

Performance analysis of Internet applications over an adaptive IEEE MAC architecture

IEEE WLAN (802.11) Copyright. Nomadic Communications

Transcription:

Mohammad Hossein Manshaei manshaei@gmail.com

Chapter 9: (secowinet.epfl.ch) operating principles of IEEE 802.11, detecting selfish behavior in hot spots, and selfish behavior in pure ad hoc networks 2

9.1 Operating principles of IEEE 802.11 9.2 Detecting selfish behavior in hotspots 9.3 Selfish behavior in pure ad hoc networks 3

Infrastructure network AP: Access Point AP AP wired network AP Ad hoc network Note: Slides 3 to 14 are derived from the slide show of the book Mobile CommunicaAons by Jochen SAller, Addison- Wesley, 2003 4

802.11 LAN 802.x LAN Station (STA) terminal with access mechanisms to the wireless medium and radio contact to the access point STA 1 ESS BSS 1 Access Point DistribuAon System Access Point Portal Basic Service Set (BSS) group of stations using the same radio frequency Access Point station integrated into the wireless LAN and the distribution system Portal bridge to other (wired) networks BSS 2 STA 2 802.11 LAN STA 3 Distribution System interconnection network to form one logical network (ESS: Extended Service Set) based on several BSS 5

STA 1 BSS 1 802.11 LAN STA 2 STA 3 Direct communication within a limited range Station (STA): terminal with access mechanisms to the wireless medium Basic Service Set (BSS): group of stations using the same radio frequency 802.11 LAN BSS 2 STA 5 STA 4 6

mobile staaon fixed terminal server infrastructure network access point applicaaon applicaaon TCP TCP IP IP 802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC 802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY 7

MAC access mechanisms, fragmentation, encryption MAC Management synchronization, roaming, MIB, power management PLCP (Physical Layer Convergence Protocol) clear channel assessment signal (carrier sense) PMD (Physical Medium Dependent) modulation, coding PHY Management channel selection, MIB Station Management coordination of all management functions PHY IP MAC PLCP PMD MAC Management PHY Management StaAon Management 8

Ø 3 versions: 2 radio: DSSS and FHSS (both typically at 2.4 GHz), 1 IR data rates 1, 2, 5 or 11 Mbit/s Ø DSSS (Direct Sequence Spread Spectrum) DBPSK modulation (Differential Binary Phase Shift Keying) or DQPSK (Differential Quadrature PSK) chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1 (Barker code) max. radiated power 1 W (USA), 100 mw (EU), min. 1mW Ø FHSS (Frequency Hopping Spread Spectrum) spreading, despreading, signal strength min. 2.5 frequency hops/s, two-level GFSK modulation (Gaussian Frequency Shift Keying) Ø Infrared 850-950 nm, diffuse light, around 10 m range carrier detection, energy detection, synchronization 9

Traffic services Asynchronous Data Service (mandatory) exchange of data packets based on best-effort support of broadcast and multicast Time-Bounded Service (optional) implemented using PCF (Point Coordination Function) Access methods (called DFWMAC: Distributed Foundation Wireless MAC) DCF CSMA/CA (mandatory) collision avoidance via randomized back-off mechanism minimum distance between consecutive packets ACK packet for acknowledgements (not for broadcasts) DCF with RTS/CTS (optional) avoids hidden terminal problem PCF (optional) access point polls terminals according to a list DCF: Distributed Coordination Function PCF: Point Coordination Function 10

Priorities defined through different inter frame spaces no guaranteed, hard priorities SIFS (Short Inter Frame Spacing) highest priority, for ACK, CTS, polling response PIFS (PCF IFS) medium priority, for time-bounded service using PCF DIFS (DCF, Distributed Coordination Function IFS) lowest priority, for asynchronous data service DIFS medium busy direct access if medium is free DIFS DIFS PIFS SIFS contenaon Ame slot next frame Note : IFS duraaons are specific to each PHY t 11

DIFS DIFS contenaon window (randomized back- off mechanism) medium busy direct access if medium has been free for at least DIFS Ame slot next frame t Ø Station ready to send starts sensing the medium (Carrier Sense based on CCA, Clear Channel Assessment) Ø If the medium is free for the duration of an Inter-Frame Space (IFS), the station can start sending (IFS depends on service type) Ø If the medium is busy, the station has to wait for a free IFS, then the station must additionally wait a random back-off time (collision avoidance, multiple of slot-time) Ø If another station occupies the medium during the back-off time of the station, the back-off timer stops (to increase fairness) 12

Ø Sending unicast packets station has to wait for DIFS before sending data receiver acknowledges at once (after waiting for SIFS) if the packet was received correctly (CRC) automatic retransmission of data packets in case of transmission errors sender receiver other staaons DIFS data SIFS waiang Ame ACK NAV (DATA) DIFS ContenAon window data t The ACK is sent right at the end of SIFS (no contenaon) NAV: Net AllocaAon Vector 13

Ø Sending unicast packets station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium) acknowledgement via CTS after SIFS by receiver (if ready to receive) sender can now send data at once, acknowledgement via ACK other stations store medium reservations distributed via RTS and CTS sender receiver DIFS RTS SIFS CTS SIFS data SIFS ACK other staaons RTS/CTS can be present for some packets and not for other NAV (RTS) NAV (CTS) defer access DIFS ContenAon window NAV: Net AllocaAon Vector data t 14

9.1 Operating principles of IEEE 802.11 9.2 Detecting selfish behavior in hotspots 9.3 Selfish behavior in pure ad hoc networks 15

Motivation System model Misbehavior techniques Components of DOMINO (System for Detection Of greedy behavior in the MAC layer of IEEE 802.11 public NetwOrks) Simulation Implementation Related work Conclusion 16

Internet access through public hotspots Problem: misuse of protocols What about MAC-layer misbehavior? Considerable bandwidth gains Hidden from the upper layers Always usable If the misbehavior is detected, the WISP can take measures How to detect? 17

Infrastructure mode DCF (Distributed Coordination Function) Single trusted AP operated by a WISP Misbehavior is greedy as opposed to malicious DOMINO is implemented only at the AP 18

DOMINO Well- behaved node Well- behaved Cheater node 19

20

Uplink traffic (stations AP) Example scenarios: backup, webcam, Downlink traffic (AP stations) Constitutes most of the wireless traffic Over 90% is TCP Example scenarios: Web browsing, FTP, video streaming, 21

22

Lost frames are retransmitted Sequence numbers in the MAC header distinguish retransmissions Cheater s retransmissions are fewer than those of well-behaved stations By counting retransmissions, the AP can single out the cheater 23

24

AP measures the actual NAV and compares to the received one A repeated pattern of oversized NAVs distinguishes the cheater 25

26

The value of DIFS is constant and provided by the IEEE 802.11 standard A short DIFS cannot be but the result of cheating 27

28

Transmission(s) from other node(s) Transmission from S... Transmission from S DIFS + DIFS Measured actual backoff Ø Compares the average actual backoff of each station to the average actual backoff of the AP Ø Collisions are not taken into account Ø Unsuitable for sources with interframe delays (e.g., due to TCP congestion control) 29

Transmission from S Transmission from S DIFS Consecutive backoff Ø Useful when cheaters have interframe delays (mainly TCP sources) Ø Does not work if the traffic is very high due to the lack of samples Ø Complementary to the actual backoff test 30

Server AP Well-behaved user Internet TCP DATA TCP ACK Server Cheater Ø Server receives no TCP ACK and slows down the TCP flow Ø Repeated scrambling kills the TCP connection Ø The AP receives less packets destined to the well-behaved station Ø Packets destined to the cheater are delayed less in AP s queue 31

Server AP Well-behaved user Internet TCP DATA Server MAC ACK Cheater Ø Tries to kill the TCP connection like the previous attack Ø MAC ACK contains no source address Ø The forged MAC ACK prevents the AP from retransmitting the lost packet 32

AP periodically injects dummy frames destined to non- existing stations If it receives corresponding MAC ACKs, there is cheating Higher-layer mechanisms will identify the cheater (e.g., by monitoring the TCP flows of stations) 33

Cheating method Frame scrambling Oversized NAV Transmission before DIFS Backoff manipulation Detection test Number of retransmissions Comparison of the declared and actual NAV values Comparison of the idle time after the last ACK with DIFS Actual backoff Consecutive backoff Frame scrambling with MAC forging Periodic dummy frame injection 34

Ø ns-2 Ø Backoff manipulation Ø CBR / UDP traffic Ø FTP / TCP traffic Ø misbehavior coefficient (m): cheater chooses its backoff from the fixed contention window (1 - m) x CWmin 35

36

37

Equipment Adapters based on the Atheros AR5212 chipset MADWIFI driver Misbehavior (backoff) Write to the register containing CWmin and CWmax (in driver) Monitoring The driver in MONITOR mode prism2 frame header AP DOMINO Cheater Well-behaved 38

39

40

Ø MAC-layer greedy behavior can be a serious problem Ø DOMINO is a simple and efficient solution compatible with the existing infrastructure Ø DOMINO can be seamlessly integrated with existing WiFi security tools to provide ultimate protection Ø First proof-of-concept implementation prototype Ø http://domino.epfl.ch 41

9.1 Operating principles of IEEE 802.11 9.2 Detecting selfish behavior in hotspots 9.3 Selfish behavior in pure ad hoc networks 42

System Model and Assumptions Bianchi s Model Static CSMA/CA Game Repeated CSMA/CA Game Implementation 43

Ø Ad hoc mode (no access point) Ø N wireless nodes transmit to N receivers (N links) Ø Any node can hear any other node (single-collision domain) Ø IEEE 802.11 CSMA/CA MAC layer Ø Bianchi s Model for throughput calculation Cheater Well-behaved 44

N links with the same physical condition (single-collision domain): 1 2 3 N 4 3 2 AP 1 N- 2 N- 1 N MAC Layer π = Probability of Transmission PHY Layer P = Probability of Collision = More than one transmission at the same Ame = 1 (1- π) N- 1 45

1-p 1/CW 0 1 1 1 1 (0,0) (0,1) (0,2) (0,CW 0-2) (0,CW 0-1) p/cw 1 (s(t), b(t)) (Backoff Stage, Backoff Timer) (i-1,0) p/cw i 1 1 1 1 (i,0) (i,1) (i,2) (i,cw i -2) (i,cw i -1) p/cw i+1 (m-1,0) p/cw m 1 1 1 1 (m,0) (m,1) (m,2) (m,cw m -2) (m,cw m -1) p 1/CW m 46

1-p 1/CW 0 1 1 1 1 (0,0) (0,1) (0,2) (0,CW 0-2) (0,CW 0-1) p/cw 1 (i-1,0) p/cw i StaAonary distribuaon: { } bik, = lim t P s( t) = i, b( t) = k, i (0, m), k (0, CWi 1) 1 1 1 1 (i,0) (i,1) (i,2) (i,cw i -2) (i,cw i -1) p/cw i+1 (m-1,0) p/cw m Probability of transmission: 1 1 1 1 (m,0) (m,1) (m,2) (m,cw m -2) (m,cw m -1) p 1/CW m 47

Successful Transmission 1-p 1/CW 0 1 1 1 1 (0,0) (0,1) (0,2) (0,CW 0-2) (0,CW 0-1) p/cw 1 (i-1,0) p/cw i 1 1 1 1 (i,0) (i,1) (i,2) (i,cw i -2) (i,cw i -1) p/cw i+1 (m-1,0) p/cw m 1 1 1 1 (m,0) (m,1) (m,2) (m,cw m -2) (m,cw m -1) p 1/CW m 48

1-p 1/CW 0 1 1 1 1 (0,0) (0,1) (0,2) (0,CW 0-2) (0,CW 0-1) p/cw 1 (i-1,0) Collision p/cw i 1 1 1 1 (i,0) (i,1) (i,2) (i,cw i -2) (i,cw i -1) p/cw i+1 (m-1,0) p/cw m 1 1 1 1 (m,0) (m,1) (m,2) (m,cw m -2) (m,cw m -1) p 1/CW m 49

( i - 1, 0 ) p / CW i 1 1 1 ( i, 0 ) ( i, 1 ) ( i, 2 ) ( i, CW i - 2 ) ( i, CW i - 1 ) b i,0 = p b i-1,0 (m-1,0) p/cw m 1 1 1 (m,0) (m,1) (m,2) (m,cw m -2) (m,cw m -1) p 1/CW m b m,0 = p b m-1,0 + p b m,0 50

After some derivations à system of two nonlinear equations with two variables p and π: { è Can be solved numerically to obtain p and π 51

Throughput of node i: τ i = E[ Payload Transmitted by user i in a E[ Duration of slot time] slot time] = s s P T s Pi L c c + P T + P id T id P is : Probability of successful transmission of i during a random time slot L: Average packet payload size T s : Average time to transmit a packet of size L P id : Probability of the channel being idle T id : Duration of the idle period P c : Probability of collision T c : Average time of collision 52

A single cheater Selfish Tends to use the full channel capacity Does not respect the binary exponential backoff Keeps her W after a collision unchanged (m=0) Strategy set: Payoff function: 53

Ø Access probability of cheater i: Ø Throughput of cheater i: Ø Ø If for all j in P\{i}: strict inequality, so è throughput: strictly decreasing function of W i by unilaterally decreasing its own Wi: a selfish node can increase its throughput 54

55

Lemma 9.1: For any strategy profile W that constitutes a NE, such that W i = 1 Theorem 9.1: G CSMA/CA admits exactly NEs. 56

Define: D = {i: W i =1, i Є P} Two families of NE: D =1: only one player receives a non-null throughput and throughput = 0 for all others D >1: throughput = 0 for all players. Some NE from the first family are Pareto optimal. Example: W = (W 1 =1, W 2 =W,, W P =W ) is a Pareto optimal NE NE of the 2nd family: tragedy of the commons (misuse of the public good). 57

two families of NE: 1st: great unfairness, a single player gets some positive payoff 2nd: highly inefficient NE, zero payoff for every player none is satisfactory A desirable solution: Uniqueness Pareto optimality Fairness 58

Transformation of the Pareto-optimal point to a NE: Repeated games Selective jamming 59

G CSMA/CA = G CSMA/CA played repeatedly T times. Payoff function: the cheaters per stage payoff function change to u t i ( π ) = τ ( c) t ( π ) pf t i ( π ) pf: penalty function 60

Penalty function: if: Then u i has a unique maximizer 9.2). (Lemma 61

Theorem 9.4: The strategy profile is a SPNE of the G CSMA/CA. Corollary 9.1: any strategy profile such that can be made a SPNE. 62

Two players k and i k selectively jams i if τ ( π ) τ ( π ) i > k k calculates the penalty to be inflicted on i: u i has a unique maximizer: π i = π k π = min( π i, π ) W = max( W i, W ) so,, i.e. is a unique NE. k k equal payoffs for two players at NE. 63

64

each cheating node measures the throughput of all the others. cheater j is deviating if for T obs. 65

When cheater i is jammed (penalized) during Δ: increases her W by steps of size γ. 66

Ø W i =W init for all cheaters Ø Every cheater sets up a random timer to increase her W by γ. Ø X increase her W to W x init + γ. Ø X detects all other cheaters as deviating: begin penalizing them. Ø Penalized cheater: disable the timer and use the adaptive strategy Ø system will stabilize, when W i init = W i init + γ for all. Ø Then, every cheater compares her new throughput with previous: Ø if a decrease in throughput: terminate the search for W* Ø Otherwise: increase her W by γ. 67

7 cheaters step size = 5 68

69

Addressed the Problem of cheating in single collision domain CSMA/CA networks Formalism for the systematic study of rational cheating in CSMA/CA ad hoc networks Single cheater as well as several cheaters acting without restraint Transformation of the Pareto optimal point into a Subgame Perfect Nash Equilibrium (repeated games) Smart cheaters can collectively find this point 70

Ø Selfish behavior is relatively easy to implement at the MAC layer Ø Upcoming technologies such as cognitive radios will further facilitate this kind of misbehavior Ø In the case of IEEE 802.11, we have shown how to thwart it, both from the engineering and the analytical points of view. 71

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback