ad hoc networks - École polytechnique fédérale de lausanne · 2012-04-24 · in mobile ad-hoc...
TRANSCRIPT
Ad Hoc Networks 8 (2010) 181–192
Contents lists available at ScienceDirect
Ad Hoc Networks
journal homepage: www.elsevier .com/locate /adhoc
A protocol for data availability in Mobile Ad-Hoc Networksin the presence of insider attacks
E. Ayday *, F. FekriSchool of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA
a r t i c l e i n f o
Article history:Received 31 December 2008Received in revised form 9 June 2009Accepted 10 July 2009Available online 17 July 2009
Keywords:TrustReputationSecurityGame theory
1570-8705/$ - see front matter Published by Elseviedoi:10.1016/j.adhoc.2009.07.001
* Corresponding author. Tel.: +1 404 518 7037; faE-mail addresses: [email protected] (E. Ayd
edu (F. Fekri).
a b s t r a c t
In Mobile Ad-Hoc Networks (MANETs), establishing trust relationships between the nodesin a decentralized fashion has been an important research issue for a long time. If the sen-der nodes accurately identify the legitimate nodes in the network, a robust routing can beprovided while mitigating the effects of malicious nodes. Further, there is always a mutualinteraction between a sender and its neighbor nodes during the communication. Thismutual interaction can be easily modeled as a game between two or more players (oneplayer being the sender and the rest being the receivers). Regardless of its type (legitimateor malicious), each player attempts to maximize its benefit during the game by choosing anoptimal strategy. In this paper, we propose a secure and robust routing scheme in whichthe interaction between the sender and receiver nodes is modeled using a dynamic Bayes-ian game model. A repeated game is considered and opinions of a node about the types ofother nodes is established using an acknowledgement mechanism from the destination.The proposed method uses the intersection of game theory, trust establishment and codingtheory to resist colluding Byzantine (insider) attacks. The scheme guarantees the availabil-ity of message as long as a legitimate path exists. Through simulations we will show theefficiency of the scheme with respect to latency, availability and energy consumption inthe presence of adversary.
Published by Elsevier B.V.
1. Introduction
Mobile Ad-Hoc Networks (MANETs) play key roles inmany military and civilian applications such as battlefields,environment monitoring and emergency response. Thelack of infrastructure in MANETs requires the networknodes to implement the network tasks by themselves.Hence, network operation is based on the cooperation ofnodes within neighborhood. For routing, intermediatenodes are used to forward a packet from a source to a des-tination node. Therefore, security becomes a challengingproblem in this multihop environment with unreliableintermediate nodes.
r B.V.
x: +1 404 894 8363.ay), [email protected].
The main threat for routing in a MANET is the existenceof selfish and malicious nodes. The goal of a selfish node isto maximize its own welfare, on the other hand a maliciousnode tries to prevent the network from operating effi-ciently or properly. Without any countermeasures againstthese threats, the network performance decreasesconsiderably.
We propose a secure and efficient routing scheme usinga game theoretical approach and trust relationships be-tween the nodes. We assume a ‘‘Dynamic Bayesian Game”model [1] among the nodes to find the optimal strategies oflegitimate and malicious nodes. Moreover, using the‘‘watchdog” technique [2] and the ‘‘acknowledgement”mechanism (ACK), we construct trust relationships be-tween the nodes. Recent works [2–10] either do not con-sider the malicious nodes or build the trust relationshipsbased on the watchdog mechanism, which has serious
182 E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192
drawbacks in a wireless medium (especially in the pres-ence of malicious nodes). Our main objective in this workis to mitigate the effects of malicious nodes to the networkperformance by establishing trust relationships and usinga game theoretical approach between the network nodes.The network under interest is a MANET. Moreover, the net-work is assumed to be connected at any time instant. Inother words, we assume that a path can be established be-tween any two nodes at any time.
The rest of this paper is organized as follows. In the restof this section, we summarize the related work in trustestablishment and game theory in ad hoc networks andalso mention the contributions of this paper. A briefdescription of the scheme is provided in Section 2. In Sec-tion 3, we analyze the game model, describe the parameterselection and show how the game changes dynamically.Trust establishment and using the trust values (node cre-dentials) are studied in Section 4. In Section 5, we describethe adversarial model and the possible threats specific toour scheme. We evaluate and compare our scheme usingcomputer simulations in Section 6. Eventually, the con-cluding remarks are provided in Section 7.
1.1. Related work
The main goal for building trust values (node creden-tials) among the nodes in MANETs is to protect DynamicSource Routing (DSR) [11] from attackers and increasethe performance of the network. In MANETs, a node evalu-ates another by using either direct or indirect measure-ments. Direct measurements are the ones that the nodeconducts itself to rate another node. On the other hand,indirect measurements are the ones that are received fromother nodes regarding the credential of a specific node.Building node credentials by direct measurement is eitherachieved by using the watchdog mechanism or by usingthe ACK from destination. Building node credentials byrelying on the direct measurements and using the watch-dog mechanism is proposed in [2,3,5]. The purpose of thewatchdog mechanism is to identify a malicious node byoverhearing the communication of the next hop. In [2,3],when a misbehavior is detected, it is reported to the sourceof the communication and the source updates the creden-tial for the detected node. In [5], legitimate nodes reject thetraffic initiated by the detected malicious nodes. In[6,7,4,12–14], the use of indirect measurements to buildnode credentials is also allowed while the watchdog mech-anism is used to obtain the direct measurements. In[12,13], credentials obtained by direct and indirect mea-surements are updated using the Bayesian approach. [14]proposes an information theoretical approach to trustand reputation. Some major drawbacks of using the watch-dog mechanism to obtain direct measurements are listedbelow:
1. The fact that the monitoring node (the one which usesthe watchdog mechanism) hears the transmission ofits next hop does not mean that the following node inthe path actually receives the packet. In other words,a malicious node may transfer a packet such that itsprevious-hop neighbor (who uses the watchdog mech-
anism) hears the transmission while its next-hop neigh-bor (who is supposed to receive the packet) does not.This can easily be achieved by adjusting the transmis-sion power of the antenna (given that the previous-hop neighbor is located closer than the next-hop neigh-bor) or by using a directional antenna. Hence, the mali-cious node achieves its goal by preventing thelegitimate flow without being penalized.
2. When there are consecutive malicious nodes in thepath, it becomes very easy to cheat a monitoring nodeand gain credit for a malicious node (even though itkeeps misbehaving). If one of the next-hop neighborsof a malicious node is also malicious, it can always sendits packets to its malicious neighbor. Hence, its previ-ous-hop neighbor (who uses the watchdog mechanism)hears the legitimate transmission and gives credit tothe malicious node while its malicious next-hop neigh-bor drops the packets to prevent the legitimate flow.
We note that it is not guaranteed that the scenarios welisted above will occur all the time. However, as the mali-cious nodes in the network and the resources of the adver-sary increases, it is very likely to observe these scenarios.Hence, we claim that relying on the watchdog mechanismto obtain direct measurements (hence, to build trust rela-tionships) is deceptive and misleading most of the time.
In [15,16], node credentials are constructed using theACK messages sent by the destination node. The majordrawback of these schemes is that, if a path dies due to amalicious node, the source will need to retransmit all thepackets it sent via a different path. Moreover, the diversityof latency for different paths can affect the overall schemenegatively. On the other hand, as we will describe, ourscheme does not suffer from this because of the use of rate-less coding. In [15,16], possible routes from the source tothe destination are established before the data transfer be-gins. Hence, even if one node is compromised from theseroutes, data availability is lost even though source and des-tination may have other alternative paths. In contrast, ourscheme provides data availability as long as there is a legit-imate path between the source and destination, since weconstruct the paths on-the-fly using our trust-metric.
Recently, researches started to use game theory to ana-lyze wireless networks. Especially Bayesian game theoret-ical model [1] is commonly used to analyze wirelessnetworks with selfish/attacker nodes. In reputation basedschemes which use the Tit-for-tat strategy (e.g., [6,17]),each node monitors its neighbors and behaves based onthe previous behavior of its neighbors. However, in theseschemes, even if all the nodes are willing to cooperate,packet collision or noise may infer with accurate monitor-ing, resulting in zero throughput even if there is no mali-cious node in the network. Generous Tit-for-tat isproposed in [8] to fix this problem. However, to achievefull cooperation in [8], the probability that a forwardedpacket was not overheard by the originating node ðpeÞshould be accurately estimated. In [9], authors proposeda reputation mechanism called DARWIN which does notdepend on the perfect estimation of pe. However, thescheme does not consider malicious nodes and assumesthat all nodes share their perceived dropping probabilities
E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192 183
with each other. A Bayesian attacker/defender game isstudied in [10]. Optimal behaviors of the defender and at-tacker is analyzed for static and dynamic Bayesian games.However, the game is only between two players and thetrust values (credentials) of the players are calculated onlyby using the watchdog mechanism. On the other hand, weconsider a game between a legitimate sender and the com-bination of legitimate and malicious receivers. Further, wedo not use the watchdog mechanism to update the opin-ions of the nodes for their neighbors.
1.2. Contributions of our scheme
The main contributions of our scheme are summarizedin the following.
1. By the intersection of the trust establishment, the gametheoretic approach and modern error control coding,we provide a robust scheme with low latency and highdata availability in the presence of the adversary.
2. As opposed to previously proposed trust managementschemes (which use game theory), we consider a gamebetween more than two network nodes, and find theoptimal behaviors of all the nodes which are involvedin the game.
3. We provide a robust scheme against the collaborationof malicious nodes. Most of the previous schemeswhich only depend on the watchdog mechanism (tobuild the trust relationships) are vulnerable to the col-laboration of malicious nodes. On the other hand, ourscheme guarantees the delivery of the message packetsas long as a legitimate path exists between the sourceand the destination. This robustness comes with com-munication/computation efficiency.
4. In the proposed scheme the paths from the source tothe destination are established on-the-fly by the backpressure policy. Hence, the latency and data availabilityof our scheme do not suffer when a specific pathinvolves malicious or selfish nodes. Moreover, thismechanism encourages to use the paths that providethe lowest latency even if there is no malicious activityin the network.
2. Description of the scheme
2.1. Overview of the scheme
The proposed scheme mainly consists of three mecha-nisms; game between the nodes, trust establishment andrateless coding. In general, the game theory studies theinteractions between the players. In a typical game, aplayer tries to maximize its benefit by choosing the correctstrategy considering the strategies of the other players.When the cost and gain of a player depends on the strate-gies of the other players, game theory helps to find theoptimal strategies of all players. This model is perfectlyanalogous with the interaction between the legitimateand malicious nodes in wireless networks. In a typical net-work, the main goal of the legitimate nodes is to make sure
that all the network operations are proceeding properly.On the other hand, the goal of the malicious nodes is toprevent the network operations as much as possible.Hence, legitimate nodes try to detect and isolate the mali-cious nodes and malicious nodes try to give the most harmto the network while staying undercover (not detected) toachieve their goals and maximize their outcome. Thus, wedecided to analyze the mutual action between the nodesusing a game theoretical approach. In our model, the play-ers are the nodes in the network, and the game is betweena legitimate sender and its next hop neighbors (potentialreceivers). The main goal of the sender (a source or anintermediate node) is to forward the packets it received(or generated) to the destination reliably and as soon aspossible. Hence, it expects its next hop neighbors to havethe same goal. As opposed to a legitimate node, the maingoal of a malicious node is to decrease the performanceof the network by increasing the total latency, decreasingdata availability or increasing the energy consumption ofthe legitimate nodes. Hence, a malicious node often tendsto drop the legitimate packets or to forward modifiedpackets so as to prevent the sender from achieving its goal.However, a malicious node has to take part in the ongoingcommunication (i.e., be part of the path) to give damage.On the other hand, a legitimate sender is always inclinedto select its next hop neighbors (potential receivers)among those which would help to achieve its goal. Hence,there is a game between the legitimate sender and its po-tential receivers to achieve their goals in which each nodehas to select an optimal strategy to maximize its benefit.
A legitimate sender node always tends to select itsmost trustworthy neighbors as its potential receivers. Inorder to find out the most trustworthy neighbors, a trustestablishment mechanism is required. Most previousschemes such as [4,5] use the watchdog mechanism tobuild the trust values (credentials) of the nodes. However,due to some serious shortcomings of this mechanism(discussed in Section 1.1), we use the ACK message fromthe destination to build the node credentials. Based onthe ACK messages, a legitimate sender node selects its po-tential receivers (among its next hop neighbors) whichhelp maximizing its benefits for the rest of the communi-cation session. We note that the type of trusted nodesmay change or a legitimate node may fail between twoconsecutive ACK messages. Hence, in addition to choosingthe most trustworthy neighbors (as its potential receiv-ers), a legitimate sender needs to determine its packetforwarding strategy among those chosen neighbors basedon their behaviors up until it receives the next ACK mes-sage. For this purpose, a legitimate node uses the watch-dog mechanism to monitor its neighbors and to takecountermeasures against the malicious ones. It is worthnoting that we do not use the watchdog mechanism tobuild the node credentials. It is used as a tool to enhancethe scheme when the drawbacks mentioned in Section 1.1does not occur (when there are no consecutive maliciousnodes on the path or when the malicious node has lim-ited resources). Even when the watchdog mechanism ischeated by the malicious nodes, node credentials are cal-culated accurately as the watchdog mechanism has no ef-fect on the calculation of the node credentials. In other
100...0111 100...0111 100...0111 100...0111 100...0111 100...0111. . .
+ ++
w1 w2 w3 w4 wt-1 wt
. . .
Q1 Q2 Q3
(a) Encoding
. . .w1 w2 w3 w4 wt-1 wt
. . .
Q1 Q2 Q3
(b) Decoding
Fig. 1. Illustration of encoding and decoding of rateless codes.
184 E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192
words, the drawbacks of the watchdog mechanism do nothave any impact on the node credentials in the proposedscheme.
In our model, the source node encodes its packets be-fore sending them to the destination using rateless codes[18,19]. The rational for this is to avoid retransmissions,decrease total latency and increase availability at the des-tination. If the original message packets are used withoutencoding, whenever the destination does not receive asubset of the original packets, the sender has to resendthose missing packets until they are received. However,using the rateless codes, the source keeps generatingand sending new packets until the destination receivessufficient number of packets to decode for the originalmessage.
2.2. Description
In order to facilitate future references, frequently usednotations are listed in Table 1 with their meanings.
We assume the source node has t number of packetsðw1;w2; . . . ;wtÞ to send. Using rateless coding [18,19],these packets are encoded into T packets Q 1;Q 2 . . . as illus-trated in Fig. 1a. The encoding process can be summarizedas follows:
1. Pick a generator polynomial XðxÞ ¼P
16i6tXixi whereXi 2 ½0;1� for i ¼ 1; . . . ; t and Xð1Þ ¼ 1.
2. Generate and instance, say z, of a random variable Zwith distribution X.
3. Pick z distinct packets at random from the input t datapackets.
4. XOR the selected packets and declare as the encodedpacket.
It is proved in [18] that, t original packets can be recov-ered from any T ¼ t þ Oð
ffiffitp
ln2ðt=dÞÞ of the encoded packetswith probability 1� d. Hence, rateless coding decreases thetotal latency and increases availability (even in the pres-ence of adversary) by helping the destination to get the ori-ginal message from any subset of the received legitimatepackets. When the destination receives sufficient numberof packets, it decodes the received packets to obtain theoriginal data as illustrated in Fig. 1b. We summarize thedecoding process as follows:
Table 1Notations.
N Total number of nodes in theT Number of encoded packets tslotT Duration of a time-slotACKT Acknowledgement period (froPa
b Probability of node a being m
Piwa
Probability that node i uses it
Piatt
Attacking probability for a ma
maxn Maximum number of neighbo
Wis
The event, node s uses its wa
Wis
The event, node s does not us
Ai The event, malicious node a m
Ai The event, malicious node a d
1. Wait until T packets are received.2. Construct the Tanner graph between the encoded and
the data packets.3. Use Message Passing Decoding [23,24] to recover data
packets.
After generating the encoded packets, if confidentialityis required, the source node may encrypt each encodedpacket Qi using the pairwise key shared between itselfand the destination node. By doing so, the source node pre-vents the eavesdroppers and intermediate nodes fromrevealing the content of the original message.
Even though the adversary cannot reach the content ofthe original message, it may try to prevent the destinationfrom getting the message by modifying the packets orinjecting noise to them (the complete adversary modeland the possible threats due to the adversarial nodes aredescribed in Section 5). To prevent this type of attacks,authentication tags are attached to each encoded packetat the source. Hence, when a malicious node modifies apacket, it is detected immediately at the next hop (if the
networkhat should be received by the destination for complete message recovery
m the destination)alicious in the eyes of node bs watchdog mechanism for its neighbor node a
licious node i
rs (potential receivers) a sender node may use within a time-slottchdog mechanism for node i
e its watchdog mechanism for node i
isbehavesoes not misbehave
Fig. 2. Illustration of the game between the sender s and the malicious receiver a.
Table 2Costs of possible incidents.
Cf Cost of forwarding a packetCr Cost of receiving a packetCWD Cost of using watchdog mechanism per packetCA Cost of attacking per packetGch Gain of a malicious node when it succeeds to cheat a legitimate
nodeLch Loss for a legitimate node when it is cheated ðGch ¼ LchÞGca Gain for a legitimate node when it succeeds to detect a
misbehaviorLca Loss for a malicious node when its misbehavior is detected
ðGca ¼ LcaÞGpr Gain for a potential receiver when another receiver is detected
while it is misbehaving
E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192 185
next hop is a legitimate node, otherwise the first legitimatenode who receives the packet will detect). Thus, the mali-cious packet will not be forwarded to the destination andthe resources of the legitimate nodes will not be con-sumed. Moreover, if the previous hop of the malicious nodeis in watchdog phase, it can also detect the misbehaviorand take the necessary countermeasures against it as ex-plained in Section 4. We note that message confidentialityand packet authentication are not the main goals of thiswork. Hence, we mention these issues only for the sakeof completeness.
Packets are sent from the source to the destination in ahop-by-hop fashion. During the packet forwarding, eachnode (legitimate or malicious) chooses its next move tomaximize its benefit in the game. As illustrated in Fig. 2,a legitimate sender node ðsÞ just forwards its packets andchooses whether to use its watchdog mechanism or to staypassive depending on the trust value (credential) of its re-ceiver. A malicious receiver node ðaÞ, on the other hand,decides whether to attack or not depending on the watch-dog strategy of its previous hop. As we mentioned before,we do not use the watchdog mechanism to built the nodecredentials. Hence, node credentials are not affected by thepossible flaws in the watchdog mechanism (which werediscussed in Section 1.1. We describe the game model indetail in the next section.
We divide the time into time-slots of length slotT . Atthe beginning of a time-slot, each sender node finds outits potential receivers (among its one-hop neighbors)based on a metric which depends on the credentials ofits neighbors and their distances to the destination. Weassume that during a time-slot, the neighbors of a noderemain the same. Legitimate nodes use the ACK fromthe destination to build the trust values (credentials) oftheir neighbors and determine their optimal behaviors.ACKs are sent by the destination node with a specific per-iod which is ACKT . We observed via simulations (in Sec-tion 6) that the choice of ACKT does not have asignificant effect on the total latency and data availability.We note that ACK is sent for the block of packets that thedestination has received between two ACK periods andthe length of the ACK packet is negligible with respectto the data packets. Building the trust values are ex-plained in detail in Section 4.
3. Game model
3.1. Analysis of the game
We consider the interaction between a legitimate sen-der node and its receivers. The legitimate node picks itsmaxn neighbors as its potential receivers based on a metricdepending on neighbors’ credentials and distances to thedestination (as explained in Section 4). In our model, eachlegitimate node only knows the probabilities of its neigh-bors being malicious. The sender has two possibilities aftersending the packet. It may decide to use its watchdogmechanism to see whether its next hop neighbor is misbe-having, or it may decide not to use it (so it will not con-sume extra energy). For simplicity of discussion, weillustrate the game for the sender s and the receivers aand b (when maxn ¼ 2). In order to calculate the payoffsof the sender and the receivers, we introduce the costs ofpossible incidents in Table 2.
Based on the previous observations of the sender s(ACKs received from the destination), the probabilities ofnode a and node b being malicious are Pa
s and Pbs , respec-
tively. Further, a node being malicious does not imply thatit will behave maliciously all the time. Hence, given a and bare malicious, we define the attacking probabilities fornodes a and b as Pa
att and Pbatt , respectively.
186 E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192
Given the sender s communicates with node a, the totalpayoff of s when it uses its watchdog mechanism can beobtained as
Gs Was
� �¼ Pa
attPas ½�Cf � CWD þ Gca� þ 1� Pa
att
� �� Pa
s ½�Cf � CWD� þ ð1� Pas Þ½�Cf � CWD�: ð1Þ
Similarly, when the communication is between s and nodeb, the payoff of s becomes
Gs Wbs
� �¼ Pb
attPbs ½�Cf � CWD þ Gca� þ 1� Pb
att
� �
� Pbs ½�Cf � CWD� þ ð1� Pb
s Þ½�Cf � CWD�: ð2Þ
On the other hand, when s chooses not to use its watchdogmechanism, its total payoffs when communicating withnodes a and b becomes
Gs Was
� �¼ Pa
attPas ½�Cf � Gch� þ 1� Pa
att
� �Pa
s ½�Cf �þ ð1� Pa
s Þ½�Cf � ð3Þ
and
Gs Wbs
� �¼ Pb
attPbs ½�Cf � Gch� þ 1� Pb
att
� �Pb
s ½�Cf �
þ ð1� Pbs Þ½�Cf �; ð4Þ
respectively. However, s uses both nodes a and b as its po-tential receivers during a time-slot. Hence, combine (1)with (2) and (3) with (4) to get the total payoff of the sen-der s. We define fa (forwarding probability for node a) andfb (forwarding probability for node b) as the probabilitiesthat s will choose node a and b to forward a packet, respec-tively (computing these probabilities will be explained inSection 4). Therefore, the total payoffs of s for using andnot using its watchdog mechanism becomes
GsðWsÞ¼ fa PaattP
as ½�Cf �CWDþGca�þ 1�Pa
att
� �Pa
s ½�Cf �CWD��
þ 1�Pas
� �½�Cf �CWD�
�þ fb Pb
attPbs ½�Cf �CWDþGca�
n
þ 1�Pbatt
� �Pb
s ½�Cf �CWD�þ 1�Pbs
� �½�Cf �CWD�
oð5Þ
and
Gs Ws� �
¼ fa PaattP
as ½�Cf � Gch� þ 1� Pa
att
� �Pa
s ½�Cf ��
þ 1� Pas
� �½�Cf �
�þ fb Pb
attPbs ½�Cf � Gch�
n
þ 1� Pbatt
� �Pb
s ½�Cf � þ 1� Pbs
� �½�Cf �
o; ð6Þ
respectively. Using (5) and (6), we conclude that, ifGsðWsÞ > GsðWsÞ, the sender s will choose to use itswatchdog mechanism, because it gains more versus notusing it. However, if the sender always uses the watch-dog mechanism, the rational strategy for the maliciousreceiver node will be not to misbehave at all (as it willbe detected and punished each time it misbehaves). Onthe other hand, if GsðWsÞ < GsðWsÞ, then s will choosenot to use the watchdog mechanism. However, in thiscase the malicious receiver node will choose to attackas it will not be detected by s. As a result, we proposeto equate the payoffs GsðWsÞ and GsðWsÞ to use a mixedstrategy. Hence, by using a mixed strategy, we obtain thefollowing:
faPaattP
as þ fbPb
attPbs ¼
CWD
Gch þ Gca: ð7Þ
This illustrates the optimal attacking probabilities fornodes a and b (if they are malicious). This result can be eas-ily generalized to maxn > 2. For maxn ¼ I, the combinedattacking probabilities of next hop neighbors of node scan be obtained as
f1P1attP
1s þ f2P2
attP2s þ . . .þ fIP
IattP
Is ¼
CWD
Gch þ Gca: ð8Þ
It is also required to analyze the communication from thereceiver’s side to determine the optimal watchdog strategyof the sender s. For this analysis, it is sufficient to focus onone receiver and calculate the payoffs of that receiver fordifferent behaviors. First, we will assume that node a ismalicious and calculate its payoffs when it misbehavesand behaves as a legitimate node, respectively. We letPs
wabe the watchdog probability of node s for node a. Then,
the payoff of node a for attacking becomes
GaðAaÞ¼ fa Pswa Cf �Cr�Ca�Gca �
þ 1�Pswa
� �Cf �Cr�CaþGch �
þ fb Pbs Pb
attPswb
n oGpr :
ð9Þ
In (9), the last term fbfPbs Pb
attPswbgGpr represents the profit
gained by node a if node b is detected and punished bythe sender s when it is misbehaving (this mechanism willbe explained in more detail in Section 4). Similar to (9),the payoff of node a when it chooses not to attack can berepresented as
GaðAaÞ ¼ fa Pswa½Cf � Cr� þ 1� Pwasð Þ½Cf � Cr �
� �þ fb Pb
s PbattP
swb
n oGpr: ð10Þ
If GaðAaÞ > GaðAaÞ, then the malicious node will alwaysprefer to attack. However, in this case, the sender s willdecide to use its watchdog mechanism constantly. Onthe other hand, if GaðAaÞ < GaðAaÞ, then the attacker’sstrategy will be not to attack. Therefore, node s will neverneed to use its watchdog mechanism and there will notbe any problems in the network (attacker will not giveany harm to the network). As a result, we propose touse a mixed strategy as we did before by equating thepayoffs (9) and (10). By doing so, we obtain the followingwatchdog probability for the sender (representing howoften the sender s should use its watchdog mechanismfor the receiver node a).
bPswa¼ �Ca þ Gch
Gch þ Gca: ð11Þ
The probability in (11) is calculated with the assumptionthat the node a is malicious. Thus, we need to multiply(11) with the probability of node a being malicious in theeyes of sender s. Hence, we illustrate the optimal watchdogprobability of the sender in the following:
Pswa¼ Pa
s�Ca þ Gch
Gch þ Gca: ð12Þ
In the next section, we will describe how to compute theparameters in (7) and (12).
E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192 187
3.2. Parameter selection for the game
In this section, we will itemize the key issues for param-eter selection.
1. In (12), to satisfy the axioms of probability, we requireGch P Ca and ðGca þ CaÞP 0.
2. To make the model simpler, we assume that the cost anattacker pays when it is detected is equal to its gainwhen it attacks without being detected. Hence,Gca ¼ Gch.
3. The legitimate node’s gain via detecting a maliciousnode should be greater its loss for monitoring. Other-wise, a legitimate node will never prefer to use itswatchdog mechanism. Thus, Gca > CWD.
4. We assume that there is no node in the network that is100% trustworthy. Hence, we define a minimum valuefor Pi
s as Pmins . Further, we define a minimum value for
fi as fmin. The rational is that if fi approaches to zerothe corresponding node would have a negligible for-warding probability. Hence, when the forwarding prob-ability for a node decreases below fmin, the sender nodedecides not to use that node as a receiver until its fi
value increases above that limit again.5. The optimal attacking probability for the malicious
nodes is derived in (8). To satisfy the axioms of proba-bility, the following should be satisfied.
CWD
Gch þ Gca6 minffiP
isg; i ¼ 1; . . . ; I; ð13Þ
where maxn ¼ I and minffiPisg can be easily calculated
for different maxn values.
3.3. Dynamic game
In this section, we will briefly show the dynamicchanges during the game and the responses of the playersagainst those changes. First, we will observe the impactwhen the malicious nodes increase their attacking proba-bilities from the optimal one which is derived in (8). Weassume maxn ¼ 2, sender s has potential receivers a and b(among its one-hop neighbors), and at least one of theneighbors is malicious. The combined optimal attackingprobability for the neighbor nodes is given in (7). If a mali-cious node decides to increase its attacking probability,then the left hand side of (7) will also increase. Hence,the difference between the total payoffs of the sender sfor the events Ws and Ws becomes
GsðWsÞ � GsðWsÞ ¼ ðGch þ GcaÞ þ faPaattP
as þ fbPb
attPbs
� �� CWD:
ð14Þ
When the attacking probability of a malicious node in-creases, the difference in (14) becomes positive (the differ-ence is zero in optimal case). In other words, usingwatchdog mechanism will become more beneficial to thesender s, which causes the sender node s to increase itswatchdog probability Ps
waor Ps
wb.
The increase in the watchdog probability of the sendernode also effects the total payoffs of attacker nodes.
Assuming nodes a and b are malicious and legitimate,respectively, the difference between the payoffs of node afor the events Aa and Aa is illustrated in the following:
GaðAaÞ � GaðAaÞ ¼ fa½�PswaðGch þ GcaÞ � Ca þ Gch� ð15Þ
From (15), we can say that when the sender s increases itswatchdog probability Ps
wa, the result of (15) becomes nega-
tive (it was zero in the optimal case). In other words, themalicious node a gains more when it chooses not to attack.Hence, node a will decide to reduce its attacking probabil-ity Pa
att . As we illustrated here with this simple example,increasing the attacking probability to above the optimalvalue provides no extra gain for a malicious node. More-over, the malicious node will prefer to decrease its attack-ing probability further when it realizes that it would gainmore with a lower attacking probability.
It is worth noting that the dynamic Bayesian game de-scribed throughout this section has a Perfect Bayesian Equi-librium (PBE) that is proved in [10].
4. Trust establishment
4.1. Building credentials
Node Credentials take values between zero (i.e., mali-cious) and one (i.e., trustworthy). Credentials are built byusing the ACK from the destination node. Destination nodesends ACK packets to its downstream region with a periodof ACKT . A node which receives this ACK packet identifiesthe IDs of the packets that are received by the destinationthus far. When the ACK is received from the destination attime t, a legitimate node first determines the packet withthe maximum ID ðmaxIDÞ that is received by the destina-tion. Then, the credential for the neighbor node iðCRiÞ is up-
dated based on the Beta distribution CRi ¼ aþataþatþbþbt
� �as in
[20]. Here, bt stands for the number of packets sent to nodei by the sender that has IDs smaller than or equal to maxID,and at stands for the number of packets that are includedin the ACK message among those bt packets. Moreover, aand b represent the previous history of node i in the eyesof the legitimate sender. We note that the initial valuesfor the a and b values are 1. Hence all nodes start with acredential of 0.5, which means each node may be a mali-cious node with a probability of 0.5 initially.
The ACK period (i.e., the time elapsed between twoACKs), ACKT , is smaller than a time-slot duration, slotT . AsACKT decreases, intermediate nodes and the source willbe able to update the credentials more often. However,sending ACK packets with a high frequency may result incongestions and increase in the energy consumption.Hence, the ACKT is a network parameter that should be ad-justed to maximize the efficiency and security together.We note that because of the multihop communication,some paths may deliver the packets slower than the oth-ers. Hence, the nodes in the slower path will also get lowcredentials even though they might be legitimate. Thismay seem as if we give low credentials to the legitimatenodes. However, by doing so, we differentiate betweenthe good (fast) and bad (slow) paths even if there is nomalicious node participated in those paths.
188 E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192
4.2. Neighbor selection
At the beginning of each time-slot, each node selects itsmaxn neighbors to use as its potential receivers during thattime-slot. This neighbor selection is based on the creden-tials of the neighbor nodes and their distances to the des-tination. A sender node i calculates the metric for one ofits one-hop neighbors j as in the following:
Mij ¼
min½dist�distðjÞ �
credðjÞmax½cred� ; ð16Þ
where distðjÞ and credðjÞ are the nodes j’s distance to thedestination and its credential at node i. Further, min½dist�is the minimum of the node i’s neighbors’ distances tothe destination and max½cred� is the largest credentialamong the neighbors of node i. Node i ranks order itsneighbors based on their metric values and selects maxn
neighbors with the highest metric values as its potentialreceivers. This neighbor selection process is illustrated inFig. 3a for maxn ¼ 2.
4.3. Forwarding probabilities
A sender node assigns forwarding probabilities to itspotential receivers (chosen among its one-hop neighbors)and chooses them based on these probabilities for packetforwarding (illustrated in Fig. 3b for maxn ¼ 2). At thebeginning of each time-slot, these probabilities are deter-mined based on the credentials of the neighbors. If we con-sider the same scenario we discussed before (sender s andreceivers a and b), sender s initially determines the for-warding probabilities of nodes a and b based on Pa
s and
Pbs , respectively. Hence, initially s assigns fa ¼ ð1� Pa
s Þ=ð1� Pa
s Þ þ ð1� Pbs Þ
h iand fb ¼ ð1� Pb
s Þ= ð1� Pas Þ þ ð1� Pb
s Þh i
.
These forwarding probabilities are subject to changeduring the time-slot as a result of the watchdog mecha-nism. When the sender detects a misbehavior about the re-ceiver i, its forwarding probability is decreased by �, andthis decrease is rewarded proportionally to other nodes
s
a
b
c
d
Mc s
Md s
Neighbors whighest metri
(a)
Fig. 3. (a) Neighbor selection process and
depending on their credentials. Thus, the sender modifies
node j’s forwarding probability as fj þ � 1� Pjs
� �=
n
1� P1s
� �þ � � � þ 1� PI
s
� �h io(for maxn ¼ I). We note that
the forwarding probabilities for the potential receivers ofa sender node are subject to change for each individualpacket. Thus, given when maxn ¼ I, we illustrate the ex-
pected forwarding probability f ki for node i and the kth for-
warded packet in the following:
f ki ¼ f k�1
i � �f k�1i Pi
sPiattP
swi
� �þ � 1� Pi
s
ð1� P1s Þ þ . . .þ ð1� PI
sÞ�Xj–i
f k�1j ðPj
sPjattP
swjÞ: ð17Þ
5. Adversary model
We consider the insider adversary who is allowed to doanything that a legitimate network node can do. An insideradversary takes part in the ongoing transmission, drops thelegitimate packets that it receives, modifies the legitimatepackets before it forwards them to the next hop or tries toreveal the message sent from the source to the destination.We note that these attacks has a serious impact on the la-tency, throughput and data availability. Moreover, we con-sider that multiple malicious nodes may collaborate toachieve a common goal.
In this work we assume that a malicious node behavesmaliciously (drops or modifies the packets) with someprobability. That is to say, a malicious node behaves as alegitimate node occasionally to remain under cover. Spe-cific attacks that can be mounted against the proposedscheme are listed as follows:
� Since a node determines the credentials of its neighborsby itself, a malicious node is free to assign any credentialvalue to its neighbors. Hence, it will choose to give thehighest credential to its malicious neighbors.
Ma s
Mb s
ith thec values
s
a
b
fa
fb
(b)
(b) packet forwarding probabilities.
0 10 20 30 40 50 60 701
1.25
1.5
1.75
2
2.25
2.5
% adversary
norm
aliz
ed la
tenc
y
proposed scheme ACKT=20,50,100defenseless p(att)=1no−ACKno−WD ACKT=20,50,100 p(att)=1
(a)
E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192 189
� At the beginning of each time-slot, each node picks itsmaxn potential receivers. During this selection phase, amalicious node picks its malicious neighbors regardlessof their metric values. Hence, more malicious nodes canbe involved in the communication, which will increasethe latency.
� In general, a malicious node determines its optimalattacking probability based on (7). However, if the previ-ous neighbor of a malicious node is also malicious, thenit does not need to follow the rules of the game, becauseit knows that it will not be detected. Hence, we assumethat consecutive malicious nodes on a path collaboratewith each other.
6. Simulations
In order to illustrate the performance of our scheme andsee the effects of different design parameters, we evaluatethe proposed scheme via computer simulations. Theparameters we use for our simulations are listed in Table3. We assume that nodes move inside a specific boundarybased on the ‘‘random-way-point” (RWP) model [21].Hence, we describe the movement pattern of independentnodes by simple terms. At the end of each time-slot, eachnode moves to its new location based on the RWP modeland finds its new neighbors at the new location. For sim-plicity of routing, we assume that the paths are stable dur-ing a time-slot. Moreover, to avoid any packet collusion inthe wireless medium, we assume the existence of a med-ium access control (MAC) which controls the nodes whoget access to the channel. For this purpose, we use theMAC algorithm in [22].
The main purpose of our simulations is to examine thelatency, throughput, energy consumption and data avail-ability in the presence of malicious nodes. Throughoutour simulations, we assume the existence of insider mali-cious nodes whose behaviors are explained in Section 5.
We define the probability of data availability as a func-tion of time. If the destination node, on the average, re-ceives sufficient number of packets (to decode the
Table 3Simulation parameters.
N 100T 1000Communication range 0.45 unitsNetwork area 2 unitsRWP range 0.3,0.6 unitsNumber of trials 100maxn 2Number of malicious nodes 0; . . . ;70slotT 100 time unitsACKT 20,50,100 time units
Pmins
0.1
fmin 0.2� 0.1Gch 50 unitsGca 50 unitsCa 1 unitGpr 1 unitCWD 10 units
rateless code for the original message) in a definite timets, then we say that the scheme provides 100% availabilityat time ts. As long as the network is connected, destinationwill certainly receive enough number of packets if it waitssufficiently long enough. This is because the source is capa-ble of generating unlimited number of packets via ratelesscoding. However, malicious nodes try to decrease dataavailability at time t by dropping or modifying the datapackets. In our simulations, we measure this decrease indata availability with increasing number of maliciousnodes and with different design parameters. Moreover,we measure the change in energy consumption of thenetwork for different adversarial models and designparameters.
We compare our scheme with three different schemes:(1) defenseless scheme, in which there is no mechanismagainst the malicious nodes, (2) no-ACK scheme, in whichnodes just use the watchdog mechanism to observe andevaluate their next hop neighbors, and (3) no-WD scheme,in which nodes do not use the watchdog mechanism andsolely use the ACK from the destination to evaluate theother nodes. We note that these three schemes also illus-
0 10 20 30 40 50 60 70200
250
300
350
400
450
500
% adversary
aver
age
thro
ughp
ut p
er 1
000
time
units proposed scheme ACKT=20,50,100
defenseless p(att)=1no−ACKno−WD ACKT=20,50,100 p(att)=1
(b)
Fig. 4. Comparison of latency and average throughput versus fraction ofmalicious nodes for four different schemes.
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.60
10
20
30
40
50
60
70
80
90
100
normalized latency
% a
vaila
bilit
y
no adversary10% adversary20% adversary30% adversary40% adversary50% adversary60% adversary70% adversary
(a)
190 E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192
trate the techniques that are used in the recent workswhich are presented in Section 1.1. Moreover, in all thesethree schemes, we assume that the source uses the ratelessencoding to make a fair comparison with the proposedscheme.
First, we study the effect of malicious nodes to the totallatency. We note that there is no game between the nodesin both the defenseless and no-WD schemes because legiti-mate nodes do not use the watchdog mechanism. Hence,for these two schemes attacker nodes are free to choosetheir attacking probabilities independent of the legitimatenodes. We simulated these two schemes for attackingprobabilities of 0.2, 0.5 and 1, and observed that the attack-er gives the most severe damage when the malicious nodesattack with probability 1. Hence, we use attacking proba-bility, pðattÞ, as 1 when comparing these two schemes withour scheme and the no-ACK scheme.
In Fig. 4a, we show the normalized latency versus dif-ferent number of malicious nodes for different schemesand with different parameters. We normalize the latencyvalue using the latency of the defenseless scheme as a basewhen there are no malicious nodes in the network. We ob-serve that, the latency of the proposed scheme and no-WD
0 10 20 30 40 50 60 7020
30
40
50
60
70
80
90
100
110
% adversary
ener
gy
con
sum
pti
on
proposed scheme ACKT=20,50,100
no−ACKdefenseless p(att)=1no−WD ACK
T=20,50,100 p(att)=1
(a)
0 10 20 30 40 50 60 701
2
3
4
5
6
7
8
9
10
11
% adversary
late
ncy
* e
ner
gy
con
sum
pti
on
proposed scheme ACKT=20,50,100
no−ACKno−WD ACK
T=20,50,100 p(att)=1
defenseless p(att)=1
(b)
Fig. 5. Energy consumption and latency� energy consumption versusfraction of malicious nodes.
scheme are not significantly affected with the change inACKT . Hence, we conclude that, as the number of maliciousnodes increases, the proposed scheme becomes the mostrobust one in terms of total latency.
0 0.5 1 1.5 20
10
20
30
40
50
60
70
80
90
100
normalized latency
% a
vaila
bilit
y
no adversary10% adversary20% adversary30% adversary40% adversary50% adversary60% adversary70% adversary
(b)
0 0.25 0.5 0.75 1 1.25 1.5 1.75
10
20
30
40
50
60
70
80
90
100
normalized latency for 50% adversary
% a
vaila
bilit
y
proposed schemeno−ACKno−WDdefenseless
(c)
Fig. 6. Availability versus latency: (a) proposed scheme, (b) no-ACKscheme, (c) comparison of all schemes when 50% of nodes arecompromised.
E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192 191
We also examine the average throughput of eachscheme in Fig. 4b. Here, the vertical axis illustrates theaverage number of packets received by the destinationnode in 1000 time units. Similar to the latency simulation,as the number of malicious nodes increases, our schemeprovides the highest average throughput.
Next, we consider the energy consumption of eachscheme. Since, the average energy consumption is domi-nated by the energy consumption due to communication,we only consider the number of packet transmissions fora legitimate node. As illustrated in Fig. 5a, the proposedscheme has the lowest energy consumption as it provideshigh data availability sooner than the other schemes.
We also calculate the normalized latecy� energy con-sumption metric to compare the four schemes. In Fig. 5b,it is shown that no-ACK schemes has the closest perfor-mance to the proposed scheme. However, as we discussedin Section 1.1, calculating the node credentials based onthe watchdog mechanism (as in the no-ACK scheme) isnot reliable especially when there are two or more consec-utive malicious nodes exist on the path.
Finally, we study the data availability versus latency. InFig. 6a and b the change in availability with the normalizedlatency is shown for the proposed scheme and the no-ACKscheme, respectively. We observe that as the number ofmalicious nodes increases, our scheme provides higherdata availability with lower latency. Furthermore, inFig. 6c, we show the change in data availability of allschemes when 50% of the nodes are compromised. Hence,we can confidently say that our scheme provides the high-est data availability as the number of malicious nodesincreases.
We note that as we mention in Table 3, we also simu-lated each scheme with RWP range ¼ 0:6 and obtainedvery close results as we did for RWP range ¼ 0:3. Hencewe do not presented the results for RWP range ¼ 0:6.
7. Conclusions
This paper was concerned with secure and efficientrouting in the presence of malicious nodes, where adver-sary may compromise nodes, then drops or modifies pack-ets, injects bogus packets or mounts routing attacks. Weproposed a routing scheme which depends on the trustestablishment and a dynamic Bayesian game model be-tween the network nodes. Besides we used rateless codesat the source to avoid retransmissions and to increase dataavailability. We showed upon simulations that theproposed scheme provides low latency and high dataavailability while keeping the energy consumption moder-ately low even in highly adversarial environments.
References
[1] D. Fudenberg, J. Tirole, Game Theory, The MIT Press, Cambridge, MA,1991.
[2] S. Marti, T. Giuli, K. Lai, M. Baker, Mitigating routing misbehavior inmobile ad hoc networks, in: Proceedings of ACM InternationalConference on Mobile Computing and Networking (MobiCom00),2000, pp. 255–265.
[3] K. Paul, D. Westhoff, Context aware detection of selfish nodes in dsrbased ad-hoc networks, in: Proceedings of the IEEE GlobalTelecommunications Conference (GLOBECOM02), 2002, pp. 178–182.
[4] S. Buchegger, J. Boudec, Performance analysis of confidantprotocol (coorperation of nodes: Fairness in dynamic ad-hocnetworks), in: Proceedings of the IEEE/ACM Symposium onMobile Ad Hoc Networking and Computing (MobiHOC),Lausanne, CH, 2002.
[5] S. Bansal, M. Baker, Observation-based cooperation enforcement inad hoc networks, Research Report cs.NI/0307012, 2003.
[6] Q. He, D. Wu, P. Khlosa, Sori: a secure and objective reputation-basedincentive scheme for ad hoc networks, in: Proceedings of the IEEEWireless Communications and Networking Conference (WCNC2004), Atlanta, GA, 2004, pp. 825–830.
[7] P. Michiardi, R. Molva, Core: a collaborative reputationmechanism to enforce node cooperation in mobile ad hocnetworks, in: Proceedings of IFIP TC6/TC11 Sixth Joint WorkingConference on Communications and Multimedia Security:Advanced Communications and Multimedia Security, 2002, pp.107–121.
[8] F. Milan, J.J. Jaramillo, R. Sirikant, Achieving cooperation in multihopwireless networks of selfish nodes, Workshop on Game Thory forNetworks (GameNets 2006), Pisa, Italy, 2006.
[9] J. Jaramillo, R. Srikant, Darwin: distributed and adaptive reputationmechanism for wireless ad-hoc networks, in: Proceedings of ACMInternational Conference on Mobile Computing and Networking(MobiCom07), Montreal, Quebec, Canada, 2007, pp. 87–98.
[10] J. Liu, C. Comaniciu, H. Man, A bayesian game approach for intrusiondetection in wireless ad hoc networks, Workshop on Game Thory forNetworks (GameNets 2006), Pisa, Italy, 2006.
[11] D. Johnson, Routing in ad hoc networks of mobile hosts, in:Proceedings of Workshop on Mobile Computing Systems andApplications, Santa Cruz, CA, 1994.
[12] S. Buchegger, J. Boudec, A robust reputation system for p2p andmobile ad-hoc networks, in: Proceedings of the Second Workshop onthe Economics of Peer-to-Peer Systems, 2004.
[13] S. Ganeriwal, M. Srivastava, Reputation-based framework for highintegrity sensor networks, in: Proceedings of the Second ACMWorkshop on Security of Ad Hoc and Sensor Networks, 2004, pp.66–77.
[14] Y. Sun, W. Yu, Z. Han, K. Liu, Information theoretic framework oftrust modeling and evaluation for ad hoc networks, the IEEE Journalon Selected Areas in Communications 24 (2) (2006) 305–317.
[15] P. Dewan, P. Dasgupta, A. Bhattacharya, On using reputations in adhoc networks to counter malicious nodes, in: Proceedings of theTenth International Conference on Parallel and Distributed Systems(ICPADS04), 2004.
[16] A.S.A. Mahmoud, S. El-Kassas, Reputed authenticated routing for adhoc networks protocol (reputed-aran), in: Proceedings of the SecondACM International Workshop on Performance Evaluation of WirelessAd hoc, Sensor, and Ubiquitous Networks, 2005, pp. 258–259.
[17] R. Mahajan, M. Rodrig, D. Wetherall, J. Zahorjan, Sustainingcooperation in multihop wireless networks, in: Proceedings of theSecond USENIX Symposium on Networked System Design andImplementation (NSDI 05), Boston, MA, 2005.
[18] M. Luby, LT codes, in: Proceedings of the IEEE Symposium onFoundations of Computer Science. Vancouver, 2002, pp. 271–280.
[19] A. Shokrollahi, Raptor codes, IEEE Transactions on InformationTheory 52 (6) (2006) 2551–2567. Jun.
[20] S. Buchegger, J. Boudec, The effect of rumor spreading in reputationsystems for mobile ad-hoc networks, in: Proceedings of Modelingand Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt03), 2003.
[21] C. Bettstetter, H. Hartenstein, X. Perez-Costa, Stochastic properties ofthe random waypoint mobility model, Wireless Networks 10 (5)(2004) 555567.
[22] W. Ye, J. Heidemann, D. Estrin, An energy-efficient mac protocol forwireless sensor networks, in: Proceedings of the IEEE Conference onComputer Communications (INFOCOM02), 2002.
[23] T.J. Richardson, R.L. Urbanke, The capacity of low-density paritycheck codes under message-passing decoding, IEEE Transactions onInformation Theory 47 (2001) 599–618. Feb..
[24] G.D. Forney, Jr., On iterative decoding and the two-way algorithm,in: Proceedings of International Symposium on Turbo Codes andRelated Topics, 1997.
192 E. Ayday, F. Fekri / Ad Hoc Networks 8 (2010) 181–192
Erman Ayday received his B.Sc. degree inelectrical and electronics engineering fromMiddle East Technical University, Ankara,Turkey, in 2005. He received his M.S. degreein electrical and computer engineering fromSchool of Electrical and Computer Engi-neering, Georgia Institute of Technology,Atlanta, GA, in 2007. He is currently aResearch Assistant in the Information Pro-cessing, Communications and SecurityResearch Laboratory and pursuing his Ph.D.degree at the School of Electrical and Com-puter Engineering, Georgia Institute of
Technology, Atlanta, GA. His current research interests include wirelessnetwork security, game theory for wireless networks and trust and rep-
utation management.Faramarz Fekri received the B.Sc. and M.Sc.degrees from Sharif University of Technol-ogy, Tehran, Iran, in 1990 and 1993,respectively, and the Ph.D. degree from theGeorgia Institute of Technology, Atlanta, in2000. From 1995 to 1997, he was with theTelecommunication Research Laboratories(TRLabs), Calgary, AB, Canada, where heworked on multicarrier spread spectrumsystems. Since 2000, he has been with thefaculty of the School of Electrical and Com-puter Engineering, Georgia Institute ofTechnology. His current research interests
lie in the general field of signal processing and communications, in par-ticular, wavelets and filterbanks, error control coding, cryptography, and
communication security. In the past, he conducted research on speechand image processing. Dr. Fekri received the 2000 Sigma Xi Best Ph.D.Thesis Award from the Georgia Institute of Technology for his work onfinite-field wavelets and their application to error control coding. He alsoreceived the National Science Foundation CAREER award in 2001.