Académique Documents
Professionnel Documents
Culture Documents
in Wireless Networks
Chapter 9
Selfish Behavior at the MAC Layer of
CSMA/CA
http://secowinet.epfl.ch
Infrastructure vs. ad hoc networks
AP
AP wired network
AP
Ad hoc network
2
IEEE 802.11 - Architecture of an infrastructure
network
Station (STA)
802.11 LAN
802.x LAN • terminal with access mechanisms
to the wireless medium and radio
contact to the access point
STA1 Basic Service Set (BSS)
BSS1
Access Portal • group of stations using the same
Point radio frequency
Access
• station integrated into the wireless
ESS Point LAN and the distribution system
Portal
BSS2 • bridge to other (wired) networks
Distribution System
• interconnection network to form
STA2 STA3 one logical network (ESS:
802.11 LAN
Extended Service Set) based
on several BSS
3
802.11 - Architecture of an ad-hoc network
802.11 LAN
STA1 STA3
Direct communication within a
limited range
BSS1 • Station (STA):
terminal with access
mechanisms to the wireless
STA2
medium
• Basic Service Set (BSS):
group of stations using the
802.11 LAN
same radio frequency
BSS2
STA5
STA4
4
Interconnection of IEEE 802.11 with Ethernet
fixed terminal
mobile station
server
infrastructure network
access point
application application
TCP TCP
IP IP
802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC
802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY
5
802.11 - Layers and functions
Station Management
IP • coordination of all
management functions
MAC MAC Management
PLCP
PHY
PHY Management
PMD
6
802.11 - Physical layer
7
802.11 - MAC layer principles (1/2)
Traffic services
• Asynchronous Data Service (mandatory)
• exchange of data packets based on “best-effort”
• support of broadcast and multicast
• Time-Bounded Service (optional)
• implemented using PCF (Point Coordination Function)
Access methods (called DFWMAC: Distributed Foundation Wireless
MAC)
• DCF CSMA/CA (mandatory)
• collision avoidance via randomized „back-off“ mechanism
• minimum distance between consecutive packets
• ACK packet for acknowledgements (not for broadcasts)
• DCF with RTS/CTS (optional)
• avoids hidden terminal problem
• PCF (optional)
• access point polls terminals according to a list
Priorities
• defined through different inter frame spaces
• no guaranteed, hard priorities
• SIFS (Short Inter Frame Spacing)
• highest priority, for ACK, CTS, polling response
• PIFS (PCF IFS)
• medium priority, for time-bounded service using PCF
• DIFS (DCF, Distributed Coordination Function IFS)
• lowest priority, for asynchronous data service
DIFS DIFS
PIFS
SIFS
medium busy contention next frame
t
direct access if
medium is free ≥ DIFS time slot
9
Note : IFS durations are specific to each PHY
802.11 - CSMA/CA principles
contention window
DIFS DIFS (randomized back-off
mechanism)
direct access if t
medium has been free time slot
for at least DIFS
boe busy
station2
busy
station3
busy medium not idle (frame, ack etc.) boe elapsed backoff time
The size of the contention window can be adapted Note: broadcast is not acknowledged11
(if more collisions, then increase the size)
802.11 - CSMA/CA unicast
DIFS
data
sender
SIFS
ACK
receiver
DIFS
other NAV (DATA) data
stations t
waiting time Contention
window
DIFS
RTS data
sender
SIFS SIFS
CTS SIFS ACK
receiver
Motivation
System model
Misbehavior techniques
Components of DOMINO (System for Detection Of greedy behavior
in the MAC layer of IEEE 802.11 public NetwOrks)
Simulation
Implementation
Related work
Conclusion
15
Motivation
• Always usable
How to detect?
16
System model
Infrastructure mode
17
Example scenario
DOMINO
18
IEEE 802.11 MAC – Brief reminder
19
Misbehavior techniques – Overview
20
Uplink traffic – Frame scrambling
21
Solution: Number of retransmissions
retransmissions
behaved stations
cheater
22
Uplink traffic – Oversized NAV
23
Solution: Comparison of NAVs
24
Uplink traffic – Short DIFS
25
Solution: Comparison of DIFS
802.11 standard
26
Uplink traffic – Backoff
27
Solution (1/2): Actual backoff test
Transmission
from S ... Transmission
from S
DIFS DIFS
+
DIFS Consecutive
backoff
29
Downlink traffic – TCP ACK scrambling
AP Well-behaved user
Server
Server
Cheater
Server receives no TCP ACK and slows down the TCP flow
Repeated scrambling kills the TCP connection
The AP receives less packets destined to the well-behaved station
Packets destined to the cheater are delayed less in AP’s queue
30
TCP DATA scrambling with MAC forging
AP Well-behaved user
Server
TCP DATA
Internet
MAC ACK
Server
Cheater
31
Solution: Dummy frame injection
32
Components of DOMINO
Actual backoff
Backoff manipulation
Consecutive backoff
ns-2
Backoff manipulation
window (1 - m) x CWmin
34
Simulation – DOMINO performance – UDP case
35
Simulation – DOMINO performance – TCP case
36
Implementation
Equipment
• Adapters based on the
Atheros AR5212 chipset
• MADWIFI driver
AP DOMINO
Misbehavior (backoff)
• Write to the register containing
CWmin and CWmax (in driver)
Monitoring
• The driver in MONITOR mode Cheater Well-behaved
• prism2 frame header
37
Implementation – Throughput
38
Implementation – Backoff and DOMINO
39
Discussion
Hidden terminals
• Well-chosen detection thresholds can reduce false positives
Security
• Hybrid attacks: limited efficiency
Adaptive cheating
• Hard to implement
Overhead
• Negligible
40
Related work
• Issues:
• Modification of IEEE 802.11
• The receiver can control the sender
• Communication and computation overhead
41
Conclusion on Section 9.2
http://domino.epfl.ch
42