spectrum sensing and reporting on wlans · number of wi-fi access points ... that a proportion of...
TRANSCRIPT
ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS
Department of Informatics
Master of Science Program in Computer Science
MASTER THESIS
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos
Advisor : Professor George C. Polyzos
Athens, June 2009
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 2
Abstract
In today’s urban areas, Wi-Fi appears as the predominant technology for local area
wireless connectivity. Driven from their ease of installation and use, as well as their
operation in unlicensed spectrum bands, the number of IEEE 802.11 access points (APs)
rapidly increases. Considering the above situation, information about APs deployed in
densely-populated areas can help the development of advanced interference mitigation
strategies, trying to enhance the performance of IEEE 802.11-based Wireless Local Area
Networks (WLANs).
Wi-Fi enabled handheld devices gain increasing popularity and in relation to the above
situation, Wi-Fi presence becomes ubiquitous. Towards that direction, we designed and
implemented a sensing and reporting architecture, where clients monitor the wireless
channels for available APs and report this information to a spatial database. All the
information gathered can be used for optimal deployment and configuration of WLANs
and can also be plotted using mapping software.
On the other hand, clients may not always provide truthful reports and thus try to ‘blur’
providers’ view of WLANs’ deployment. We try to determine, through a number of
simulations, how cheating behaviors from clients can affect the results gathered at the
reporting system. Finally, we propose and evaluate a set of techniques in order to defeat
the most viable cheating strategies which clients might adopt.
Copyright © 2009
Dimitrios I. Zografos
ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS
Department of Informatics
Master of Science Program in Computer Science
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 3
Acknowledgements I would like to thank Professor George Polyzos for his invaluable help and his kind
contribution to the preparation of my MSc thesis. Also, I want to thank him for the trust
he showed for me and for his thoughtful advice during my MSc studies. Furthermore, I
would like to thank Professor George Xylomenos for accepting the role of the second
reader. Finally, I want to thank Pantelis Frangoudis, Kostantinos Katsaros and Vaggelis
Douros who shared with me a lot of their expertise during my MSc studies.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 4
Table of Contents
Abstract ............................................................................................................................................2
Table of Contents .............................................................................................................................4
1. Introduction ..............................................................................................................................6
2. Related work .............................................................................................................................9
2.1 Similar Projects ......................................................................................................................9
3. Design and implementation ....................................................................................................... 13
3.1 Overview ............................................................................................................................. 13
3.2 Main design axes ................................................................................................................. 13
3.3 A motivating case ................................................................................................................ 14
3.4 Sensing and reporting architecture main features ................................................................ 17
3.5 Clients’ contribution ............................................................................................................ 19
3.6 Implementation details ........................................................................................................ 20
4. Analysis of clients’ reporting strategies .................................................................................... 28
4.1 Introduction ......................................................................................................................... 28
4.2 Incentives for clients to report fake or no information at all ............................................... 28
4.3 Completely no contribution to the system ........................................................................... 29
4.4 Cheating reporting strategy ................................................................................................. 29
4.5 Collusion rings among clients ............................................................................................. 30
5. Evaluation method ..................................................................................................................... 32
5.1 Overview ............................................................................................................................. 32
5.2 Basic evaluation approach ................................................................................................... 32
5.3 Topologies’ comparison and interference graph creation ................................................... 32
5.4 Relation between erroneous feedback and matrix creation ................................................. 34
5.5 Motivation for a new metric ................................................................................................ 36
5.6 Interference Similarity Graph Index ( ISGI ) ...................................................................... 37
6. Simulation setup ........................................................................................................................ 39
6.1 Overview ............................................................................................................................. 39
6.2 Pruning technique ................................................................................................................ 39
6.3 First Simulation Scenario .................................................................................................... 41
6.4 First scenario results analysis .............................................................................................. 43
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 5
6.5 Second simulation scenario ................................................................................................. 47
6.6 Trust and reports’ weights ................................................................................................... 51
6.7 Second simulation scenario results ...................................................................................... 52
6.8 Comparison between results of first and second scenario ................................................... 55
6.9 Third simulation scenario setup and results ........................................................................ 56
7. Incentives issues about clients’ contribution ............................................................................. 59
7.1 Introduction ......................................................................................................................... 59
7.2 Overview and Related Work ............................................................................................... 59
7.3 Sensing and reporting issues ............................................................................................... 62
7.4 Reputation and accounting mechanism ............................................................................... 64
8. Conclusions and contribution of our work ................................................................................ 67
8.1 Overview of the previous chapters ...................................................................................... 67
8.2 Key features of the designed and implemented architecture ............................................... 68
8.3 Contributions of the lying strategies analysis ...................................................................... 68
8.4 Future work ......................................................................................................................... 69
References ..................................................................................................................................... 71
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 6
1. Introduction
Nowadays, Wi-Fi (IEEE 802.11) appears as the de-facto standard for local area
wireless connectivity. Driven from their ease of use and low cost of deployment, the
number of Wi-Fi Access Points (APs) rapidly increases in urban areas. This fact leads
to interference in Wi-Fi channels, since there is a small number of non overlapping
ones. Considering the above situation, information about AP deployment and
configuration would be extremely important for wireless providers. Given the
appropriate information, providers could optimize the configuration and maximize
throughput of 802.11-based Wireless Local Area Networks (WLANs).
Taking into account the situation depicted above the Wi-Fi alliance proposed a new
standard-the 802.11k standard. This new standard aims to provide client feedback to
WLAN access points. This feedback includes the statistics that clients collect while
sensing the wireless environment at their location. 802.11k also involves sensing from
the APs in order to gather information about the wireless channels. Information
gathered from all network entities should be used for roaming decisions, transmit
power control or channel selection. Unfortunately, 802.11k must be supported both
from clients and APs and therefore it will be a while before its impact will be left.
In similar direction with 802.11k, we designed and developed a sensing and reporting
architecture for WLANs. Motivated from the increasing number of Wi-Fi –enabled
handheld devices, we developed an application that senses the wireless environment
and reports this information to a central ‘authority’. Also, due to the increasing
popularity of GPS technology, we assume that clients use the built-in GPS equipment
of their devices to report their location. In that way we can create a spatial database to
narrow our results to a specific area of interest or plot them on a map (e.g. Google
Maps).
Wi-Fi mapping, also known as WarDriving, is the most well known similar project.
People driving or walking with Wi-Fi devices, roam in a certain area to scan for
available APs and try to investigate their performance, or their security configuration.
All the information gathered is plotted on maps, or is used for statistical purposes. The
main difference of our approach is that we leverage the different locations of clients to
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 7
give us feedback and we let the system evolve on its own, hoping that clients will
contribute to the system.
Obviously, clients have to be motivated to contribute to the system. It is quite possible
that a proportion of clients might want to report incorrect values or do not report at all.
Since our main goal is to design a robust architecture we have to find out how
erroneous feedback can affect the resulting view of a topology. We use some
previously known topologies to simulate the sensing and reporting procedure. We
collect clients’ feedback and we create an interference graph which we compare with
the true one. This study will reveal the relationship between the proportion of non
compliant clients and our conclusion on areas where channel interference is high.
In order to evaluate our architecture we came up with a list of the most viable and not
easily detected cheating strategies. Afterwards, we ran a number of simulations to
study how these strategies can affect our system and how we can defeat them.
Simulations proved that if we do not take the appropriate countermeasures, clients can
very easily ‘blur’ a provider’s view of WLAN deployment. Consequently, we
proposed some algorithms that can defeat the most viable cheating strategies.
First of all, we proposed a pruning algorithm that ignores the feedback reported by just
one client. This way we ignore erroneous feedback that includes fake information
randomly invented by a client. This technique may reduce the accuracy if all clients
are truthful but it exhibits very well. This algorithm is used in our first simulation
scenario where all clients are treated equally since we do not have any proper
information about any of them.
On the other hand, we designed an algorithm for our second simulation scenario where
we have separate clients’ information. In that case, we can treat each client differently
by assigning different weights on their feedback. We group clients in two groups:
affiliated and roamers and we try to break collusion rings between roamers.
Simulations showed that proper weight assignment in addition to a pruning algorithm
has very good performance, because we can filter the erroneous feedback and also
have a perfect view of the real deployment of the APs.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 8
Finally, we invented and propose to use the Interference Graph Similarity Index
(ISGI), an appropriate metric that takes into account the number of affected clients
from truthful or erroneous feedback. We increase ISGI by one for each interference
graph’s real edge we reveal, or we decrease it by one for every edge that we do not
find due to erroneous feedback.
The remainder of this thesis is organized as follows. In Chapter 2, we present related
work and we pinpoint the main motivation for our work. We explicitly describe other
proposed solutions so far and we present the guidelines of our work.
In Chapter 3, we describe an implementation of our architecture with all the
technologies that we used in our effort to create a fully functional system, with a
number of useful features.
In Chapter 4, we illustrate all the possible lying strategies we came up with and that a
client might adopt in order to harm our system.
In chapter 5, we illustrate the evaluation method that we used and furthermore we
propose a new metric to compare the original interference graph and that obtained
based on the reports from clients.
In chapter 6, which is the most important of our work, we propose two new algorithms
that can be used against lying strategies and we present the simulations scenarios that
we ran to evaluate the above algorithms and also study the possible outcome when non
compliant clients do exist in our topology.
In chapter 7, we discuss what we consider the most relevant work on reputation and
incentives’ mechanisms and we propose a reputation and accounting mechanism for
our environment.
In Chapter 8, we propose what can be undertaken as future work towards solving
related problems and we summarize the contributions of our work.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 9
2. Related work
In this chapter, we will try to introduce the research work that is closely related to our
work and pinpoint the main differences of other similar projects.
The rapidly increasing number of Wi-Fi APs leads to significant interference problems in
metropolitan areas. Taking into account the scarcity of spectrum, we have to optimally
configure and place the APs, in order to effectively utilize the available spectrum bands.
If we consider that 2.4GHz bands (that Wi-Fi utilizes) are unlicensed, it is obvious that
AP owners might act selfishly in order to maximize their own benefit. Nevertheless, such
a selfish behavior might not always result in better performance for the AP owner. Since
IEEE 802.11b/g, the most common protocol for wireless local connectivity, uses 11
channels with 3 non overlapping ones; the probability of channel interference is
extremely high.
Considering the above situation, it is critical for wireless providers, or any AP owner, to
have information about the deployment and configuration of interfering APs. This
information could be properly used as input to power control or channel selection
algorithms in order to maximize performance of WLANs. A number of solutions have
been proposed to similar directions, so we try to briefly introduce them in the following
chapter.
2.1 Similar Projects
The most similar projects to our work are these in the Wi-Fi mapping area, also known as
WarDriving projects [1]. WarDriving is the act of moving around a specific area and
mapping the population of wireless access points for statistical purposes. Due to the
ominous sound of their name, such projects have many times been associated with
hacking activities. However, it is well known that these activities have been also adopted
for academic purposes and many research teams have participated in WarDriving or
WarWalking projects in university campuses. Nowadays, many web sites host Wi-Fi
maps of large areas, even worldwide. WIGLE-Wireless Geographic Logging Engine [2]
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 10
is such a web site with worldwide Wi-Fi maps, making maps of wireless networks since
2001.
Towards the above direction, Papagiannaki et al. [3] drove in the Carnegie Mellon
campus and passively recorded all transmissions they observed along with GPS
coordinates. A map of the APs within a neighborhood and key properties of the APs was
created. Using these data, they pruned out APs with low signal strength and identified
ideal locations to perform active measurements for the rest of the APs. In the second
stage, they drove to the chosen locations and performed detailed active probing of the
APs to measure properties of their wireless network and last-mile connectivity.
Nicholson et al. [4] have a proposed an automatic access point discovery and selection
system that goes one step further than WarDriving projects. They run a full set of tests for
available APs before selecting one for connection. They insist that WarDriving maps can
easily become obsolete and that choosing an AP by its signal strength is not the best
method. They also proved that choosing manually an AP has more overhead and they use
a number of servers to test the performance of certain services (e.g. FTP, SSH).
Another project we have to mention here is Dyson [5]. This is a proposed solution for
enterprises that want to optimally configure their WLANs. The proposed solution
involves a centralized entity that manages the resources allocation according to
measurements reported by clients and APs, creating a per client policy according to its
profile. However, there is a main assumption that all contributing entities conform to the
802.11 standard and they do not report erroneous or fake feedback.
Finally, for the Wi-Fi area, we of course have to mention the IEEE 802.11k standard,
which involves clients and APs scanning the wireless channels to enable STAs to
understand the radio environment in which they exist. The standard includes fixed format
that contains various information, like SSID, channel load and noise histogram, but it has
to be supported by both clients and APs. One important deployment feature is that the
standard only needs a new firmware upgrade for both AP and client interface’s drivers.
IEEE 802.11k involves APs sending scan requests to stations (STAs) and they have to
submit their measured values. STAs can also ask for or exchange measurements with
other STAs, trying to evaluate the quality of Radio Frequency (RF) connections between
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 11
STAs. Reported information can also contain each entity’s location given in longitude,
latitude and altitude. We must also refer to another key point which is sensing by APs;
information gathered for neighbor APs can be returned to clients for roaming decisions.
On the contrary, there is not much attention paid in the security threats that might be
posed. Our work can also be used on top of IEEE 802.11k in order to ensure that truthful
feedback can be reported. Last but not least, we mention that a year after its
standardization, the IEEE 802.11k standard is not widely adopted.
In cognitive radio, spectrum sensing is extremely important and a number of solutions
have been proposed. Users have to monitor spectrum usage to detect the presence or
absence of primary users. In [6] and [7], a cooperative scheme between clients is
proposed for early primary user detection. Clients can act as a relay for each other and
propagate their measurements in order to detect the primary user in time.
Security threats also exist in Cognitive Radio (CR) sensing, as is shown in [8]. An attack
that poses great threat to spectrum sensing is Primary User Emulation (PUE) attack. An
adversary’s CR transmits signals that emulate the characteristics of an incumbent’s
transmission. This attack can cause major interference to spectrum sensing, so two
alternative techniques are proposed. The first one is called Distance Ratio Test (DRT),
which utilizes the received signal strength (RSS) of a signal source. The other one is
called Distance Difference Test (DDT), which relies on the received signal's relative
phase difference when the signal is received at different receivers.
One similar problem to our work is described by Chen et al. [9]. They enforce a terminal
reporting fake sensing information and they propose a scheme for defeating such
behaviors. They show that with a proportion of 20% non compliant reporters they can
achieve a correct sensing ratio over 95%, using Weighted Sequential Probability Ratio
Test (WSPRT). This technique is quite similar to our technique, as it also assigns weights
on reported information to make a final decision.
Another technique based on adaptive weight assignment to clients’ feedback is proposed
in [10] for Wireless sensor Networks (WSNs). Malicious nodes can be easily detected
when a majority rule is applied for the received feedback. In other words, if the report is
the same with the final decision, then the nodes’ reputation increases and vice versa.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 12
On the other side, more distributed approaches for spectrum sensing have been proposed,
such as the one described in [11]. Both primary and secondary users sense the spectrum
and send the information to the AP where instead of traditional “And”, “Or” combination
algorithms, Dempster - Shafer’s (D-S) theory of evidence is applied to final decision
making at AP.
One similar idea for sensing and reporting is proposed for the IEEE 802.22 - a standard
for Wireless Regional Area Network (WRAN) using white spaces in the TV frequency
spectrum. This standard is aimed towards sharing the available spectrum allocated to
Television Broadcast Service. This spectrum usage can provide broadband connectivity
to large rural areas that are hard-to-reach. The initial drafts of the 802.22 standard specify
that the network should operate in a Point to Multi-Point basis (P2MP). The system will
be formed by Base Stations (BSs) and customer-premises equipment (CPE). The IEEE,
together with the FCC, is pursuing a centralized approach for available spectrum
discovery. Specifically each BS would be armed with a GPS receiver which would allow
its position to be reported. This information would be sent back to centralized servers,
which would respond with the information about available free TV channels and guard
bands in the area of the BS.
Although GPS provides us very good location information sometimes it can be inaccurate
for positioning. Trying to design better positioning systems, there a number of solutions
proposed, known as Wi-Fi fingerprinting techniques. In [12] and [13] fingerprinting
techniques are proposed, where in a similar way a database is created at the first place
and at the second phase is used for positioning.
Considering the evaluation method, we must mention that our approach for representing
interference conditions using a graph is well known in WLANs. It is a very sensible and
explicit way to depict possible interference in wireless channels and it is used in many
other projects including [14].
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 13
3. Design and implementation
3.1 Overview
Our main goal is to collect the appropriate information by clients’ feedback to create a
fully updated database that would help to optimally deploy WLANs. As a result, we
propose an architecture where each client runs one application developed by us and
reports to a central ‘authority’. This authority collects feedback and updates a spatial
database. This database can be used for spatial queries or Wi-Fi mapping. Further
details are described in the following chapters.
3.2 Main design axes
The main axis of our design is to create a client-driven architecture with clients being
its key component. We believe that Access-Point-centric approaches cannot provide
adequate feedback to contribute in optimal deployment of wireless infrastructure.
Measurements taken only by APs can only provide valuable feedback for near-by
areas, at a small range closely to the AP site. On the contrary we need information at
clients’ locations in order to get a full picture of the existing conditions. One common
problem that we believe that a client-driven approach would solve is the hidden
interference problem [15], which is obvious that it cannot be solved otherwise. Such
an approach can shed light to areas where wireless bands are underutilized, or reveal
areas where channel load is extremely high. In other words, it can be very helpful to
let such a client-driven system to self-develop from clients’ contribution, instead of
anticipating WarDrivers’ passion for creating maps. Of course we do not
underestimate their efforts or their existing contribution towards gathering
information, but it is a main drawback that the proportion of motivated clients to do
such research is just a minority in comparison to the clients that use wireless
connections every day.
As we mentioned earlier, clients have a key role in our system. Their feedback is used
to optimally deploy wireless infrastructure and consequently serve better their needs.
All clients are motivated to contribute because such a contribution will optimize the
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 14
performance of wireless links they use in their everyday life. Increasing needs for
ubiquitous presence of wireless connectivity is derived by clients’ needs for more and
more new applications. Clients demand to have the choice of a number of services at
given locations. Considering the fact that more and more clients adopt mobility
patterns, it is of high importance to serve handoffs in a more seamless manner.
Algorithms proposed so far [15] demand former scanning for nearby APs. Imagine
how easily this handoff could be planned, if this scanning information was formerly
known by a simple query to the reporting system. In this direction, we utilize the
feedback provided to create a coverage map with full description of available services.
As we will describe later, many security threats may arise against our system. One of
our main concerns is to keep the reporting database up to date, but also detect possible
erroneous feedback. Since network operators can consult the reporting system to
configure and place APs, a wrong decision derived from erroneous feedback would be
harmful and would increase existing interference. Taking into account that a number
of APs is deployed by wireless providers and they have economic incentives, it is
almost certain that some clients affiliated with one provider can submit erroneous
feedback in order to increase their income. So, trying to defeat such strategies, we
design and evaluate a mechanism that filters the feedback from cheating clients and
we present it in the following chapters.
There is another optic view for our design which takes into account possible behaviors
of different system entities. We believe that a number of providers might act
cooperatively and share the available spectrum, provided that it would maximize
performance and income for them both. In contradiction, a number of providers might
be non-cooperative and refuse to share the available spectrum or alter the
configuration of their APs. In both cases, each provider should have the ability to
make the best decision for them taking into account others’ decisions. This can be only
done if every provider is informed for the APs deployment in his coverage area.
3.3 A motivating case
The increasing popularity of wireless connections and networks in general,
necessitates the ability to sense the wireless environment and gather the appropriate
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 15
information for further examination. Imagine a square in a modern urban area; there is
no doubt that a number of different groups of users deploy APs for different purposes.
Some of them include:
• Home users who use their APs for local connectivity for their computers, PDAs,
or cameras.
• A number of providers wh0 deploy APs to serve their passing by clients who pay
in order to have connectivity at providers’ hotspots.
• Municipalities which offer free broadband services to clients.
• Cafés which offer similar services to their customers.
• Organizations which deploy open access APs to serve passing-by citizens.
Considering that the spectrum bands in this area of research are unlicensed and there is
a small number of non overlapping channels, interference cannot be eliminated
without any proper knowledge of WLANs deployment. It is very important to give a
picture of how urban areas look nowadays. In the figure below we can see APs
deployment in Seattle some years ago. There is no doubt that performance in this area
can deteriorate without proper deployment and configuration.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 16
Figure 1: ‘Wi-Fi jungle’ in Seattle
Imagine across the streets depicted above clients sensing for available services and
reporting them to a reporting system. It is quite easy this way to create such maps,
instead of some clients driving and walking along the streets to collect information.
We envisage an architecture where clients, like in p2p systems, contribute by
exchanging ‘chunks’ of information for available APs. This feedback can be used
from proper organizations or authorities to properly set up topologies like the one in
the figure above.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 17
3.4 Sensing and reporting architecture main features
Driven by their low cost and their increasing functionalities and features, PDAs and
handheld devices become more and more popular. This way, WLAN presence
becomes ubiquitous in order to serve the needs of the increasing number of Wi-Fi-
enabled handheld devices. It is a fact that the increasing number of these devices
results in more interference among APs. So we have to describe the role of these Wi-
Fi capable devices in our architecture.
• First of all, a mobile node is responsible for sensing Wi-Fi channels for available
APs at any given location. The node should create a list of available APs and a
number of their operating parameters. The most valuable of them are: SSID,
BSSID, Channel, Signal Strength (dB), Latitude, and Longitude. This information
is embedded in an XML report and is submitted to the system.
• The report that a mobile node creates must be submitted to a central ‘authority’
directly through the Internet. This can be done quite easily if the node creates a
direct connection to this authority and reports on a regular basis. The reporting
system collects the information and stores it as we describe later. Another
approach involves APs collecting the reports and forwarding them to the reporting
system. Such an approach would cause a small overhead since it would require AP
firmware update, but it could make our architecture more decentralized and
possibly more robust.
• Lastly, the mobile user must be able to authenticate itself through proper
mechanisms and certify to a third party that the information he reports is honest
and valuable.
Access Points are the least important entities in our approach, trying to decrease the
overhead of further involving them to the sensing and reporting mechanism. We do
not make any assumption that they will contribute to our system by sensing, because
this would mean that they would have to shift in monitor mode and this might lead to
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 18
performance deterioration1. Of course such a contribution from APs would help in our
effort, but we try to create as less overhead as possible. Our demand is that APs are
conformed to the 802.11 standard in order to cooperate with mobile nodes.
On the contrary, Reporting System is possibly the one of the most important
components of our architecture. It collects the information reported by clients and
stores it in spatial database for further examination. In our design this system is
centralized but it can also be more distributed if we duplicate those reporting servers.
• To begin with, we propose that there is an always-on concurrent server which
listens for connections from mobile nodes. When a connection is initiated the
server can collect the reported feedback.
• The reporting server is responsible for parsing the xml reports that are sent to it
and gather the embedded information.
• This information is stored to a spatial database extended by the spatial
information required for spatial queries. This database can be queried for certain
locations or any other reported attributes, but due to the spatial tools we use, it is
quite easy to make queries and gather the available services for certain ‘cell’
ranges. In other words, if we want to find all the available APs within range of
100m for a combination of longitude and latitude it can be done with just one
simple query.
• The above information in association with Google maps tools can provide as
with a great visualization of the reported information. With a number of
powerful software tools we developed an application that could be used from
clients to gather visual information in form of Google maps for certain locations
included in our database.
At this point, it must be noted that motivated by the increasing presence of GPS-
feature in many hand-held devices we assume that a certain number of clients’
equipment has this feature enabled. We suppose that the information provided by GPS 1 Another approach would be to use a dedicated Wi-Fi interface for monitoring, but this would increase their cost and complexity.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 19
interface is accurate enough and that this is acceptable to make proper positioning.
Clients associations with APs can be utilized to have a better understanding for each
client’s location. To put it simply, clients between others also report the associated AP
to the reporting system, so we can utilize a list of clients per AP to understand their
location and the distribution on the topology. To sum up, each AP load in accordance
with clients location can be extremely valuable towards optimal configuration and
better performance of WLANs.
3.5 Clients’ contribution
Clients are key components of the architecture we propose because its performance
depends on their submitted feedback. Nowadays, numerous applications can be served
by just a Wi-Fi Smartphone, so a user can make VoIP calls while walking or check
their emails and so forth. Obviously, these applications can be restricted by battery
consumption or even connection bandwidth. Taking into account the low CPU power
of these devices many clients might not want to contribute to the system. Many of
them might not even want to involve by just running our application. We should also
mention that there may be some QoS degradation due to scanning time, while the Wi-
Fi interface probes the available channels. As shown in other works [17], there is a
tradeoff between the scanning interval and the QoS. Other clients may just be
dishonest and not want to lose their time scanning and reporting and can modify the
source code of our application to submit a fixed (and maybe fake) report to the
reporting system. Such an action would quickly result in obsolete database
information. Not to even mention the case where clients modify their reports and
submit erroneous feedback in order to ‘blur’ our view of WLAN deployment.
Considering that a number of deployed APs belong to different service providers
economic incentives may lead to erroneous feedback from some clients. Imagine a
shopping mall where providers offer certain services and there is a number of
overlapping Wi-Fi ‘cells’ and someone wants to deteriorate others’ performance in
order to increase its own benefit. Without proper actions taken, a cheating client can
report a number of non-existing APs in order to motivate other providers to reduce
their transmission power or change their operating parameters. There is no doubt that
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 20
this way the affiliated provider would increase their coverage area by deteriorating
others’ performance. Such an attitude would also lead the authority that manages the
deployment of a topology to configure and place even worse the Wi-Fi APs and
probably increase the areas where interference is present. However, it is common
sense that honest clients will contribute to the system and let us decrease the areas
where interference occur and consequently maximize performance. It is our main
concern to assume that clients cannot always be truthful and we study possible
behaviors and their results in the next chapters, where we also explicitly refer to a
number of viable strategies.
3.6 Implementation details
As we mentioned earlier, motivated by the increasing number of hand-held devices we
developed a sensing and reporting application for Windows Mobile PDAs. We used
OpenNETCF, an open-source powerful framework for mobile devices, which gives us
the ability to develop high layer source code instead of developing native code. Using
such framework makes it quite easy to develop applications that can access mobile
device’s hardware. We use this framework to access wireless interface’s attributes and
embed them to the reported information. Accessing the appropriate class’s members
we can read the values of parameters such as the received signal strength of the
wireless adapter, SSID and BSSID of available APs. Unfortunately, channel number is
only available in the non-free version (v2.3) of the OpenNETCF Smart Device
Framework 2.3, but free version of this framework does not support this feature. Thus,
we had to modify the source code of the free framework to receive the operating
channel of the available APs. We list two figures below that depict the classes of the
framework that we mainly used.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 21
Figure 2: Access Point Class
Figure 3: OpenNETCF.Net Namespace
The application was developed in C#, which enables the creation of visual forms and
also provides a PDA emulator for testing the applications developed on Microsoft
Visual Studio 2008. The XML representation language was used as a format for the
reports that clients send. We chose XML trying to keep our application in a more
standardized format and motivated by a number of available software tools for parsing
the messages at the reporting system. Here we present a report with the above format.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 22
<? xml version= ‘1.0’ ? > <msg> <cell> <ssid>A_SSID </ssid> <signal>signal_db</signal> <quality> quality_of_signal </quality> <latitude> latitude_value </ latitude > <longtitude> longtitude _value </ longtitude > <Channel> channel_number </Channel> <Mac> BSSID </Mac> </cell> </msg>
Inspired by the useful tools that Microsoft Visual Studio provides, we decided to use
the Windows Mobile 6 SDK to gather the appropriate information from GPS interface
on the PDAs we used. We have to mention here that our application was tested on an
HTC PDA which uses a Windows Mobile 6 environment. The figures below show the
application on Visual Studio’s emulator.
Figure 4: First screen of the application Figure 5: Second screen of the application
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 23
On the left screen there is the home screen of the application. The user can select the
available wireless adapter from the drop down list. After that there are some
information for this adapter such as the IP address, the MAC address, if it is Wireless
Zero Configuration [18] compatible and so forth. Wireless Zero Configuration is a
wireless connection management utility included with Microsoft Windows XP and
later operating systems as a service that dynamically selects a wireless network to
connect to based on a user's preferences and various default settings. Choosing the
‘WiFi’ tab moves the application to the next screen where the selected driver appears
on the list, and the informatio shown in the lower text box appear to the user, while in
the upper text box preffered APs appear. Once the ‘Report!’ button is pressed, a new
report including information about the listed APs is sent to the reporting system.
Back to the GPS feature now, it is well-known to many WarDrivers who use
applications like Kismet [19], that the NMEA sentence information [20] returned by
the GPS drivers needs a number of heavy computational transformations in order to
get latitude and longitude in appropriate format. So WM6 SDK helped us by-pass the
above procedures. In a similar manner with OpenNETCF framework, WM6 SDK can
provide coordinates by accessing the appropriate class’s members. This information is
embedded in every report, provided that the GPS coverage is present.
On the server side, we developed a threaded server application on the same
environment- C# on Microsoft Visual Studio 2008. This application listens for direct
connections from clients and if so starts a new thread to handle the incoming reports.
Reports sent are parsed by our custom XML-parser and the information is extracted
from the reports. For each report received, each thread connects to the spatial database
and makes an insertion query extended with geo-location information (this information
is used for spatial queries).
For our spatial database we used the PostgreSQL [21] Open Source database which is
an easy to use database, with a very user-friendly environment and a number of
features. We also used PostGIS [22] which "spatially enables" the PostgreSQL server,
allowing it to be used as a backend spatial database for Geographic Information
Systems (GIS). PostGIS enables us to consult the database with a number of spatial
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 24
queries according to our needs. We can easily find the available APs at a certain
location given the coordinates and a range. One simple query will return us the APs at
a cell with radius equal to the query’s range. We can also store point, line, polygon,
multipoint, multiline, multipolygon, and geometrycollections. Many WarDriving
projects use the PostGIS and PostgreSQL to create polygon or lines and to export them
on .kml files which can be plotted on Google Earth. To sum up, it quite simple to use
such software tools to leverage the reported information. Here we add a screenshot of
the PostgreSQL server.
Figure 6: PostgreSQL server screenshot
As shown above PostgreSQL server has a very user-friendly GUI and can be easily set
up even from intermediate users. One very important feature of the PostgreSQL is that
it enables the use of a variety of types of fields. For example, we store the MAC
address of the available APs in each record. A mac_addr[] field type is provided by the
server for proper storage of data. Apart from the existing data types, we can create
new data types according to our needs since PostgreSQL is open source and can be
modified on demand. Just as there are many procedure languages supported by
PostgreSQL, there are also many library interfaces as well, allowing various languages
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 25
both compiled and interpreted to interface with PostgreSQL. There are interfaces for
Java (JDBC), ODBC, Perl, Python, Ruby, C, C++, PHP, Lisp, Scheme, and Qt just to
name a few. We will conclude with a reference to the last column of our schema. This
column adds a geometry object to the table, thus enabling the desired spatial queries. It
is obvious that with a couple of open source tools we managed to create a spatial
database to be consulted for APs at certain locations.
Even though the above systems can help us make some meaningful conclusions; we
tried to make information about wireless infrastructure more conceivable. We thought
that coverage maps in accordance with information about APs would be quite
interesting for our system’s clients. Therefore, we created an application that utilizes
the above spatial queries to return all the desirable information, but this time plotted
on Google maps. We used Google maps’ API [23] in association with JavaScript to
create this application and the results are depicted in a very user-friendly manner. The
figure below illustrates the plotting application that we created using the above
technologies.
Figure 7: Plotting application
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 26
We provide the desirable coordinates and a range in which we want to focus. This
application performs an SQL query to the database and plots the available APs in the
range asked before. Results from the database are shown in the window above the map
and for each AP found in the area we point a marker on the map. If the user makes a
click on the marker a balloon pops up containing the information provided by the
database. For simplicity reasons we only plot two available APs in this example.
JavaScript and Google Maps API are closely related. We used a custom HTML page
for this application that runs JavaScript code in order to provide the map’s
functionality. Google Maps offer a variety of features with many different markers and
information provided from them, although we used a simple example with point
markers that are the most commonly used in similar applications. We must also
mention that for every application developed that includes Google Maps API, a
specific API key must be used; otherwise the application will not be functional. We
envisage that in accordance with clients’ contribution this application will provide a
fully functional Google Map enhanced with the APs locations and operational
parameters. People could be informed for available APs, across the streets of cities
that they live in.
At this point, after describing all the components of our architecture we would like to
present a figure of the proposed architecture and briefly pinpoint the main
functionalities.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 27
Figure 8: Sensing and reporting application
Clients using a variety of Wi-Fi enabled devices are located in AP cells that due to
inappropriate deployment overlap among each other. Red-colored clients represent
non compliant clients that want to alter the resulting information at the other end – the
reporting system. Many clients can be associated with APs, while others remain out of
range or in the interference zone. Reporters send the XML reports through the Internet
to the reporting system and the data is forwarded to the spatial database in order to
collect statistics and update the Wi-Fi maps.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 28
4. Analysis of clients’ reporting strategies
4.1 Introduction
In our work we assume that is possible for a number of clients to report erroneous
feedback to the reporting system of the architecture. Either acting completely
indifferently or by economic incentives it is possible that a number of them might
want to shift our reporting equilibrium to a lying one. Anyone can enumerate possible
clients’ cheating behaviors, some of them easily detected, but a certain number of
them can be very harmful. In the following chapter we describe some cheating
strategies that could pose a threat against our architecture.
4.2 Incentives for clients to report fake or no information at all
Nowadays, more and more clients use mobile applications that are battery-consuming
and their performance can be greatly affected from CPU power or bandwidth
restrictions. As a result, many of these clients may do not want to interrupt the
services they run on the mobile devices, to submit feedback to our system. If they try
to scan for available APs, they might degrade their VoIP call’s performance due to
long scanning intervals. Others might want just to associate with an AP just to read
their emails and immediately disassociate, trying to preserve their devices’ battery for
the rest of the day. On the other side, a number of clients might be suspicious or just
indifferent and may not want to report their location to a central authority.
All the above reasons for not reporting cannot always result in malicious reporting.
Most of times many clients motivated from the above are more likely to avoid
reporting to enhance their performance. Others however, might follow different
strategies trying to deceive the network operators. Suppose that some clients affiliated
with service providers might roam in a certain location reporting fake information on
purpose. This way they can increase their provider’s performance against others. We
categorize the most common strategies in the next sections.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 29
4.3 Completely no contribution to the system
Indifferent clients for the possible incentives given by the network operators or for the
enhancement of their performance may not want to contribute to our architecture. It is
obvious that their contribution would possible lead to near-optimal performance of the
network, but we cannot assume that they will always contribute to our system.
Such indifferent clients can be less harmful than others who adopt malicious
behaviors. They just do not run our sensing and reporting application and as a result
the aggregated data at the reporting system is less than the expected. Thus, conclusions
about the interfering areas of WLANs may not be as helpful as they should. On the
other side, such a loss on the aggregated data might pose a threat when the distribution
of clients is quite sparse. In a dense clients’ distribution on a topology, the lost
information by the absence of a client’s report might by replaced by the report of a
near-by client. It is possible, though, that a group of clients in certain areas decide not
to provide feedback and this way we could get no information about existing
interferences.
All the possible outcomes from such behaviors are studied through simulations and the
results are presented in next chapter.
4.4 Cheating reporting strategy
In the previous section we described a possible attitude from clients that can be less
harmful than others. A proportion of clients might not be as honest as the ones
described above. Motivated by malicious or selfish incentives they may want to ‘blur’
network operators’ view of the wireless APs deployment. To be more specific,
imagine home users in a neighborhood who want to gather information about the
wireless infrastructure because they face performance problems. Clients of that area
report information to the reporting system, but some of them report non existing APs
operating at the same location and at the same channel with others. Thus, they deceive
other APs’ owners to decrease their range (by decreasing transmitting power) or
change the operating channel. Such a cheating behavior can easily be adopted if clients
can modify their software. They can change the source code of the application, invent
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 30
a set of non existing APs and report them to the reporting system. Otherwise the APs
can modify and forward the reports, trying to deceive the networks operator.
Behaviors like these can shift the reporting equilibrium to a lying one and
consequently enhance performance only for the lying proportion of clients. The central
authority can act erroneously, deceived by not existing APs and decrease some clients’
performance by wrong configurations to the wireless infrastructure.
Other clients might not be as clever as the clients above and send a fake report that
they have hardcoded in their application. In other words, they try to avoid scanning the
wireless channels and they report the same, but fake, information in a recursive
manner. Others may adopt a different strategy and use a more random fake reporting
strategy. They can just send a new set of fake APs every time they report to the
system. As a result the reporting system can be flooded by fake information and
deteriorate the performance of the sensing and reporting architecture. Another possible
strategy for clients is to report a set of APs that they have found during scanning while
roaming at random locations. Reporting them at other locations can also be a lying
strategy; a naive strategy though as we will study in the following chapters.
4.5 Collusion rings among clients
Economic or performance incentives might lead some groups of clients to adopt
similar cheating strategies, or even worse form collusion rings. Thus, they can deceive
the central ‘authority’ to change the wireless infrastructure deployment towards a new
direction that would better serve their needs.
One common example is the following: A group of clients are motivated by a provider
to submit erroneous feedback serving the provider’s needs for extending coverage area
or changing operating parameters. The most common incentive we can imagine is
better transmission rates for the colluders by the provider or lower price rates for the
services provided. So, colluders motivated by provider’s promise for better treatment
can erroneously submit feedback according to their location and the coverage at each
site.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 31
Suppose that there are some interfering APs ‘cells’ that each one belongs to a certain
provider. Colluders located at interfering zones can report that they only ‘hear’ one AP
during scans and thus deceive the providers to keep operating with low performance.
As a result, deceived provider’s clients will get annoyed by poor performance and they
may stop their cooperation with their existing provider. On the contrary, clients
located at non overlapping areas may report that interference exists with other APs and
this way motivate providers to alter the existing configuration trying to reduce the cell
size. Of course, such an action will leave some clients out of coverage range.
Consequently, the providers affiliated with colluding clients can serve the ‘starving’
clients and this way increase their profit.
The strategies depicted above are among the main concerns of our work and we
extensively study them through simulations in the following chapters, where we also
explicitly describe all the possible cheating behaviors colluders might adopt.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 32
5. Evaluation method
5.1 Overview
Trying to evaluate how the architecture we propose would perform, we decided to run
a number of simulations. Taking into account that it would be difficult to evaluate
such architecture through real deployment we concluded that it would be more
effective to simulate a number of topologies across with clients’ behaviors and
moreover to take for granted the GPS support. We also invented a new metric that
suits the needs of our simulations trying to have more accurate results.
5.2 Basic evaluation approach
The main evaluation method we use is to study how erroneous feedback affects the
information we gather about the wireless infrastructure. In that direction we set up
some wireless topologies in the simulator and we let clients honestly submit feedback
for certain time periods. We then collect this feedback and we create an interference
graph. Second, we run a number of simulations with clients submitting feedback each
time with the cheating strategy we want to study. Aggregated data are compared to the
truthfully created graph and we find out the differences at the outcomes. Such a simple
comparison between two graphs would be inaccurate, so we invented and used
Interference Similarity Graph Index – ISGI, which we describe in the following
section across with all the above procedure details.
5.3 Topologies’ comparison and interference graph creation
We believe that leaving clients submitting truthful feedback is the best way to create
the true interference graph. It obvious that we formerly know the topology and the
exact locations of the APs, but we use this way because overlapping areas of ‘cells’ do
not exactly mean that interference exists. There must be a transmission of at least one
client at the area to cause possible interference. In other words it would be too strict to
say that we do find any interference at overlapping areas since no clients’
transmissions take place at the area. Furthermore, we can safely assume that if there is
a dense client distribution on the topology, some client will reveal the interfering APs.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 33
After feedback is submitted we can easily create an interference graph leveraging this
valuable information. Every report submitted contains the APs that each client’s
wireless interface can hear beacons from and also the associated one. The graph is
created in a form of adjacency matrix where edges between two cells are translated
into possible interference between the APs that cells represent. To be more specific,
each column of the matrix represents an AP of the studied topology. Each cell
represents an edge between two APs; meaning that if matrix [i , j] equals 1, there is an
edge on the graph between APs i and j, and vice versa. It is easy to assign numeric
values to APs in the simulator, but in real life numeric values of the matrix columns or
rows can also represent an ID-e.g. SSID or MAC Address.
In order to create and update the graph, for every report that contains some APs we
place an edge for every combination between two of them. For example if the report
contains the APs represent by ID 1, 2, 4, we add the edges (1, 2), (1, 4), (2, 4). Every
report that is submitted with a number of APs increases the number at the appropriate
cell. So, the number of reports that contains similar APs is actually the weight of each
edge. We must also mention that the matrix is symmetric and we have created the
adding procedure in a way that, for each update on the matrix, the number of
associated clients to each AP is added on the matrix diagonal. Keeping track of the
number of clients associated with each AP helps us with the metric we designed and
we will describe later. Lastly, during evaluation comparisons we only use the upper
triangle of the matrix since it is symmetric and also the diagonal is used only for the
metric.
At this point we have to mention that each report increases edges’ weights by a certain
amount. We use an algorithm at the second simulation scenario that assigns weights to
each client’s feedback according to each one’s nature (roamer or trusted). So, we use
the values of the matrix for further processing on each occasion. Weights can help us
prune some edges below a certain threshold or make some very helpful conclusion
about network density and clients’ distribution. Great weight for an edge means that a
great number of reporters are located at the interfering zone between those APs. This
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 34
way we also use the diagonal of the matrix to understand the associations of clients
and APs and their distribution on the topology.
We present a figure below with an interference graph for a WLAN and the
corresponding matrix.
Figure 9: Interference graph of a topology with 9 APs
The above figure represents the possible interference between available APs. Every
edge is created by a client’s report who can receive beacons from the corresponding
APs. For example edge between 1 and 3 means that some clients included both AP 1
and AP 3 in their reports. In other words, there is an overlapping coverage area for
both APs’ cells. Vertices 2 and 6 are not connected to other APs since they were
reported by clients that can only receive beacons from each one of them.
Consequently, there is no possible interference between them or between them and the
other APs.
5.4 Relation between erroneous feedback and matrix creation
As we mentioned earlier, we compare the graph created by truthful reports and the one
that is created including a proportion of erroneous feedback. This kind of feedback
yields a number of edges at the new graph that do not exist in the truthful one. We
have to describe the possible differences that might occur during a comparison.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 35
A non compliant client that reports a set of APs that do not exist in the topology will
make a number of fake edges to appear in the graph. Those edges connect the
associated AP that appears in the report with the fake APs, and also the last between
them. Thus, if we depict the resulting graph will include an edge from an existing AP
to a small sub-graph of the fake APs. New edges will be in the space out of bounds
that real APs create. To be more specific, if we have 10 APs in a topology a fake AP
will placed at the 11th column. Of course, we do not want such edges to appear,
because erroneously leads network operators to change placement and configuration of
APs.
Another possible strategy is to report fake interference between existing APs. This
would create edges between existing APs and would also limit the new existing edges
in the space of the true ones. Such an outcome may be more harmful because the new
edges may be a problem for the operators. A great number of overlapping cells would
limit the possible solutions. Such attitude however, requires former knowledge of the
topology to be supported. Non compliant clients have to be informed about APs at
completely different location to report them, since they must report the SSID, the
MAC Address and the location of them. The following figures illustrate the original
interference graph between the APs and the graph created when non compliant clients
report fake interference between existing APs. This strategy though, is more difficult
to be accomplished since clients must have former knowledge for the whole topology.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 36
Figure 10: Interference graph of a topology Figure 11: Interference graph with fake edges
As both figures show fake reports create edges between the APs of the topology. In the
right figure we mark with red color the extra edges added by the fake reports and we
can also point that a number of edges do not exist. This fact is a result from the lack of
truthful contribution from clients that turned into liars. Anyone can observe the great
differences between the two graphs.
Now imagine the scenario, where clients report fake APs that do not exist in the real
topology. This strategy will add some extra edges between the APs above and some
not existing APs and some extra edges among the last. This addition between the last
APs is not so critical because they actually do not affect any client - no clients are
associated with non existing APs. The problem is that a fake edge between an existing
AP and an invented one can possibly affect the associated clients if the provider
decides to reduce the transmitting power and thus reduce the coverage area. In the
following figure we illustrate such an example.
Figure 12: Interference graph of a topology with fake edges between invented and real
APs
5.5 Motivation for a new metric
A simple comparison between the truthfully created graph and the reported one would
yield a number of different edges and vertices. This is common sense because a
number of clients, as we mentioned earlier, may be non compliant. Thus, if we
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 37
compare both graphs we will find out that a number of edges do not appear instead of
some new that are added. Just counting the different edges between the two graphs
would result to a simple number with no further meaning. A real interference graph
would not also always be a full graph to take into account the lost edges and calculate
the lost information.
Moreover, a metric should take into account the number of clients that are affected by
revealing or hiding possibly interfering APs. If due to liars we miss an edge between
two APs that are serving a vast majority of clients, it will be worse than missing one
that serves only a small percentage of them. In that direction we decided to design a
new metric that takes into account the number of affected clients from revealed or
hidden interference.
5.6 Interference Similarity Graph Index ( ISGI )
Trying to give more accuracy to our results we designed ISGI and we present it in this
section. This metric compares each adjacency matrix cell one-by-one and keeps track
of their similarity. This metric takes values between zero and one and higher value
mean more similar graphs.
Let’s describe how we compute ISGI:
• For each edge that we successfully reveal and exists both in the original and the
reported graph we credit the number of affected clients.
• For each edge that only appears at the reported graph we credit nothing as this
means that we have a fake edge.
• For each edge that exists in neither the original nor the reported graph we credit a
small fixed value C. We credit this small value because this is not a complete
success to find out that no one added edges at an area of the matrix graph, but since
there could have been more fake edges we must take this minor success into
account. For example, on a matrix graph certain areas are assigned with zero values.
This means that neither real edges exist nor fake ones are added. Since no edges
where added to that area, we should credit a small amount to the metric. This small
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 38
amount C, equals wD ⋅ , where D is the graph density and w is the average weight of
edges in the original graph.
ISGI is calculated with the equation below:
1 1
( )n m
CreditISGIA i C
=+∑ ∑
0 1ISGI≤ ≤
where A(i) is the number of affected clients along edge i, n is the number of real edges
and m the number of empty cells.
With this new metric we take into account the number of associated clients per AP.
This is done through using the information from the original graph. As we describe in
the previous section each client that reports an AP increase the weight of an edge with
a certain amount. Reading the weights from the original graph where all clients are
treated fairly with weight equal to 1, we find out the number of associated clients with
each AP, which is actually the weight of the edge.
For each simulation scenario we run we present ISGI values at the following chapters.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 39
6. Simulation setup
6.1 Overview
In order to study the effects of erroneous feedback from clients we ran a number of
simulations in Omnet++ 3.2 (containing the INET framework). We created a
1000x1000 terrain on the simulator and we created a number of random topologies to
evaluate our architecture. We tried to keep simulations very close to a real life
experiment and we designed the architecture as described in previous chapters.
Clients sense the wireless environment and we collect the AP list for available APs in
their range and the associated AP. We also adopt free space model as a propagation
model. Simulation scenarios and the algorithms that we propose to defeat non
compliant clients’ strategies are presented in the following section.
We have to mention that all the results we gather through simulations can be used for
general purposes and can apply to other mechanisms like IEEE 802.11k. Thus, we will
try to make some more assumptions on our simulations’ scenarios that would enable
the use of our conclusions for further research work and not only for our architecture.
6.2 Pruning technique
First of all, we must refer to the pruning technique that we propose in order to remove
erroneous feedback. Imagine a scenario where all clients are treated equally and we
have no further information about any of them. In this case, we cannot use any smart
algorithm that utilizes trusted clients or other former information. In such occasions,
we must use less demanding techniques in order to eliminate non compliant clients’
feedback effects.
In that direction, we believe that it would be helpful to apply a rule similar to the
majority rule. We only take account of information reported from more than one
client. In other words, we read the adjacency matrix cells one-by-one and we delete
any cell whose value is less than one. This way we ignore information that is reported
only once, trying to avoid random fake reports.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 40
Every client that sends a random fake report will add some edges on the adjacency
matrix with unit weight. These edges will appear between the associated AP and the
fake APs and among the other fake APs with unit weight. If we remove these edges
we ensure that such strategies will be eliminated.
It is quite possible though that this way we remove real edges that also appear in the
original graph. Overall performance however, as we will see on the simulation results,
is better in most cases. We also adopt that pruning technique because we believe that
ignoring feedback by just one client might lead to a better outcome for the whole set of
clients. Simulations’ results show that this was a decent decision.
Obviously, pruning with unit weight do not protect our system from colluding clients.
For that purpose we provide another mechanism that properly assigns weights for the
occasions that we have further information or different trust levels for each client. This
algorithm will be described in the second simulation scenario.
11
11 1
1
1
1 1 31 63 6 ij
i
ij
j ij
a x
y a
b y c z
x b
w
z c
w
⎛ ⎞⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠
⎛ ⎞ ⎛ ⎞⎜ ⎟ ⎜ ⎟⎜ ⎟
⎛ ⎞⎛ ⎞⎜ ⎟⎜ ⎟⎜ ⎟⎜ ⎟
⎜ ⎟⎜ ⎟ ⎜ ⎟⎝ ⎠
⎜ ⎟⎜ ⎟⎝ ⎠⎜ ⎟⎜ ⎟⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎝ ⎠ ⎠
L
M O M
L
L L
M O M M
O
O M
L L
Figure 13: Adjacency matrix representing interference graph
To be more specific, as is shown in the figure above the upper left sub-array contains
some real edges with unit weight. Fake reports add edges at the red-colored sub-arrays
with unit weight, too. When the pruning technique removes edges from the red-
colored sub-arrays it is obvious that real edges will be also removed. This is a
drawback of the proposed heuristic, but as we present later it has a great overall
performance!
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 41
6.3 First Simulation Scenario
In this first simulation scenario we are going to study the resulting topology from the
feedback we get in relation with percentage of erroneous feedback from non compliant
clients. In other words, we are going to study how a fake report from one or more
clients can ‘blur’ our view of a well-know topology. In a real life case the question is:
which is the percentage of fake reporters that can lead us to inappropriate
configurations of WLANs.
To begin with, we are going to make some assumptions for our simulation setup.
There are a certain number of APs and clients but the number of non compliant clients
is not known; it is one of the tunable parameters of our simulation. There is a
probability that a client will give us truthful or erroneous feedback. Thus, we believe
that none of our clients is malicious and wants to harm our mechanism, but we do
assume that some clients might not want to be truthful. They might want to send no
feedback at all, in order not to reduce their quality of service or to be distracted
running the sensing and reporting application.
Furthermore, we assume that one authority might want to have a full view of the
WLAN deployments in an urban area. So, instead of trying to build a map in a
WarDriving manner, this authority asks from clients to give feedback on a regular
basis. The feedback is collected to a central database and is plotted on a map to find
out where critical areas appear. In the areas that channel interference exists, actions
must be taken to maximize performance. It is of high importance to find out if this
feedback can give us accurate mapping of AP deployment and if we cannot create
such a map, we should be able to precisely point the critical areas mentioned above.
This is obviously the purpose of this simulation – we hope to find out the percentage
of erroneous feedback that can shift our reporting equilibrium to a lying one and
‘pollute’ our knowledge of the APs deployment.
The incentive of the entities responsible for APs’ deployment is that feedback
submitted can lead them to choose the best operational parameters that can boost their
performance-measured with strictly defined criteria (increased throughput, etc.).
Cooperating for the feedback collection, entities can better serve their clients and
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 42
optimally utilize their equipment. On the other side, we motivate clients to contribute
to the system by giving them free connectivity of better rates for every report they
submit. Improved performance is of course one of their main incentives for reporting
to the authority.
To be more specific, we create a topology with a 1000x1000 terrain where we
randomly place 30 clients and 9 APs. They are static and we use a free space
propagation model. Since both clients and APs are randomly placed we do not know
the exact distribution of clients per AP. We must also mention one more time that
clients randomly submit erroneous feedback, which means that all of them are treated
equally since we have no trusted measurements from them.
Non compliant reporters follow two strategies; following the first one and most
expected, they do not submit any feedback. Otherwise, they submit a random set of
APs each time they report to the authority. This way they create a number of edges
with unit weight, which we will try to filter with pruning techniques. The fist
simulation topology is depicted below.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 43
Figure 14: First scenario topology
6.4 First scenario results analysis
In this section we present the results of the first simulation scenario. In this scenario
we placed randomly both clients and APs and as it is shown above there is a
completely uneven distribution of clients to the available APs. This fact enables us to
show that in such occasions, which exist in everyday life, our mechanism can provide
valuable information about the deployment.
In the graph below we show the relation between the number of non compliant
reporters and the ISGI value. Non compliant reporters follow the strategy described
above but we also studied the case when they do not contribute to the system at all.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 44
Figure 15: First scenario results – ISGI value in relation with non compliant clients’ number
First of all, we should describe the above graph. On the vertical axis we have the value
of ISGI- the new metric we have designed. On the horizontal axis we have the number
of non compliant reporters on the topology. The red line represents resulting values of
ISGI without pruning technique and the blue line after applying the pruning technique.
Results depicted above are for a certain placement for both APs and clients. We will
show the results for some more random placements of clients and APs later.
As we see, when all clients are truthful, pruning makes performance worse. This is
quite sensible to occur because we remove feedback that has been submitted by single
clients and the respective edges with weight =1. On the other side, when clients decide
to be dishonest and not comply with our protocol, performance can easily deteriorate.
Even when only 5 clients are dishonest they can decrease ISGI value at 0.723. This
happens because we take into account a great number of edges that they create on the
graph. In the simulation scenario, we suppose that they send 2 invented APs along
with the associated, so they add a number of edges among the 3 reported APs. With
our technique however, we remove all the fake edges since they have unit weight and
thus we achieve higher values of ISGI; 0.963 in that case. The increasing number of
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 45
non compliant clients results to lower values of ISGI without pruning the fake edges.
This result is also expected since more and more fake edges appear on the graph. As
we see in the graph, there is a linear relation between the non compliant clients and
ISGI. Taking into account that for 20 liars we result to an ISGI value equal to 0.59, we
can clearly see that reporting systems’ performance can easily deteriorate. Such a
small value means extremely different graphs, since the reported graph is flooded with
fake edges. A great percentage of non compliant clients -67% here- can probably
deteriorate the performance, but we have to be prepared and defended against such
threats. On the contrary, even with such a great percentage of erroneous feedback we
can achieve value of ISGI equal to 0.931. This means that we lose some critical
information for possible interference between existing APs, but we are not deceived
by fake and not existing APs.
Trying to be more convincing about our results, we placed network components
randomly in different ways and studied the new resulting topologies. As we show in
the following graphs, results follow the same pattern. We created a number of new
random topologies with the same components, but results where almost always very
similar. In the following charts we highlight the most outstanding of them.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 46
Figure 16: Results for two random placements of clients and APs with and without the
pruning technique
On the above charts we see the results for two of the random topologies that we
created. Overall performance is very good here too, but as we see ISGI is less than the
previous topology. One reason for that is the clients’ location in the topology. If they
are distributed all across the topology their contribution is less critical, because even a
small portion of them can provide us enough information for available APs. On the
other hand, when all clients are located at only some AP cells, then the rest of them
must be honest because information for the rest of the network from them is critical.
No reporting at all is another possible strategy that we studied through simulations.
Results were exactly the same with the results when clients report random fake APs.
This can be easily explained if we consider the graph approach that we use. If all
clients are truthful then all edges appear in the upper left triangle of the matrix, in
other words all clients create real edges on the graph. If clients decide to adopt a
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 47
cheating strategy, then their potential contribution is lost. This means that either ways,
they do not contribute in the real edges’ space. If they report fake APs, then these will
get pruned by our technique or otherwise if they do not contribute at all, possibly
existing edges are not created. To sum up, both strategies result to fewer edges in the
real edges’ space as the portion of non compliant clients increases.
1
'
' '
k
k ij
w w fakeedges
w w subarray
fake fakeedges edgessubarray subarray
⎛ ⎞⎛ ⎞ ⎛ ⎞⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟⎜ ⎟ ⎜ ⎟
⎜ ⎟⎜ ⎟⎜ ⎟ ⎝ ⎠⎝ ⎠⎜ ⎟⎜ ⎟⎛ ⎞ ⎛ ⎞⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟⎝ ⎠ ⎝ ⎠⎝ ⎠
K
M O M
L
Figure 17: Adjacency matrix areas of real and fake edges
As depicted above, the upper left sub-array on adjacency matrix consists of symmetric
matrix that contains all the edges’ weights between existing APs and all the other sub-
arrays contain edges between fake APs that originally do not exist in the topology or
edges between the fake APs and the existing APs. The lower right sub-array contains
edges between fake APs appearing in fake reports, while others contain edges between
real and fake APs. When clients adopt cheating behaviors they remove edges from the
upper left sub-array and place them to the other sub-arrays.
6.5 Second simulation scenario
In this scenario we are going to build a simulation topology where there are a number
of providers’ hotspots available in an urban area. Clients pay in order to have
connectivity for some agreed duration. We suppose that for some reason providers
have recklessly or even selfishly configured their APs. This might not be the optimal
configuration because operating for example at full power and in the default channel
(e.g. 6 or 11) might result to interference with a nearby AP.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 48
Clients’ reporting in this scenario might be motivated by the promise of the provider
for a better rate for every report or for a better service price. It can also be pre-defined
that since clients connect to the provider’s AP they are obliged to report on a regular
basis. It is very important and interesting in this setup to study how different groups of
clients or their location might affect the resulting information. Clients that might be
affiliated with one provider might be fond of ‘polluting’ other providers received
feedback. They may also do so in order to maximize their benefit and make the other
providers back off by reducing their operating power. To understand some of the
possible behaviors we can take a look to the picture below.
Figure 18: Example of a topology with trusted and roaming clients
Clients at the red areas are in the zone where APs of the two providers interfere with
each other. They can honestly report the real situation in that area and help the
providers find out that interference problem exists. They can also submit fake
feedback and not mention the interference of the two APs. Their different attitude is
probably going to give extremely different information to the providers. In that case ,
the most simple countermeasure would be to use some trusted clients at possible
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 49
interfering zones that could help the providers find out first of all the configuration
problem and secondly the non compliant clients. It is obvious that a majority rule
wouldn’t apply in this case!
Another possible and more selfish action would be for clients on the green areas to
report that can receive beacons from other providers and not only from their associated
provider. In this case, it is silently assumed that these clients are affiliated with one
provider in order to give fake reports. This way they try to lead the other providers to
reduce their power in order to get more clients in their ‘cell’ and increase their profit.
We believe that the motivation for providers to contribute to the system and collect
information is that they can cooperate to better configure the parameters of operation.
Research has proved that cooperation through service exchange or clients’ handoffs
might maximize performance of all entities, both clients and providers. Otherwise, if
all entities do not cooperate we suppose that submitted information can help providers
to better utilize their resources, taken into account that others are not willing to
alternate their equipment configuration.
In relation with the example depicted above, we suppose that if providers knew that
red areas do exist, they might cooperatively decide to exchange some clients or change
their power or frequency. Or in a non-cooperative game, provider A could change the
operating channel taking into consideration that provider B would not change any
parameter.
To sum up, we hope that in this simulation scenario we are going to find out how
different possible behaviors can alternate the image providers have for their
deployments and how erroneous feedback possibly from affiliated clients might be
eliminated through appropriate countermeasures.
Below there is a figure of the topology that we created for the simulation scenario. We
suppose that there is a building block with 4 APs- each one at every edge. There are 30
clients and some of them are roamers, while others are trusted and affiliated with the
associated AP.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 50
Figure 19: Topology of the second simulation scenario
In this scenario we try to figure out how we can defend from more harmful and hard to
defeat strategies. The most difficult strategy is colluding strategy by groups of clients.
Colluders can easily harm our mechanism and flood the reporting system with fake
feedback in order to serve their needs. We suppose that there are groups of clients each
one belonging to a different provider. Each of these colluding groups decide to send
the same set of APs in order to deceive the rest of the providers, apart from the
provider that they are affiliated with. Colluders’ reports contain a number of non
existing APs and the associated one, too. These fake APs create edges between the
existing associated AP and the non-existing APs and of course among them. If a
number of colluders adopt this behavior it is obvious that the added edges will have
weights more than 1. Consequently, our pruning technique is useless in this scenario.
Instead of pruning we can utilize another key feature of this scenario. Clients that are
associated with their provider’s AP are always trusted. They can be identified by
certain identities and furthermore they have no incentive to harm their AP
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 51
performance by submitting false information. They pay a bill for the service they are
offered and some of them can be served for long time periods. Considering that these
clients do not have incentive to lie to their associated provider we can safely assume
that they are the trusted portion of clients. On the contrary, roaming clients are not
always motivated to truthfully report to the roaming AP. They may just want to get
associated with one AP for a short time period and quickly disassociate. In our
everyday life, we have numerous examples where in public areas hotspots provide
connection for roaming providers. These clients cannot be trusted and their reports
must be taken into account using smaller weight values.
Before we continue with the simulation results we must describe our weight
assignment algorithm.
6.6 Trust and reports’ weights
Trying to promote trusted clients and decrease roamers’ feedback contribution we
propose a scheme for weights’ assumption which we use in the second simulation
scenario. We assume that all roamers are trying to collude to blur the image that
providers have about the APs deployment. This way, we assign a small weight to their
reports in order to minimize their erroneous affect on the system.
Roamers’ weight assignment selection has two design aspects. First we have to take
into account their reports because we want to gather information and we cannot ignore
their contribution without certain reasons. Second we have to protect from colluders
because economic incentives might lead them to deteriorate overall performance. This
way, we had to design a proper scheme to assign weights in order to protect from
collusions but also gather valuable information.
The weight assigning scheme that we propose assigns weights per AP. We aggregate
data for clients associations and according to that data we assign weights properly. It is
safe to assume that non compliant clients will not alter the associated AP for some
certain reasons. First of all, it is possible that APs can collect and forward the reports,
so such liars would be easily detected. Moreover, utilizing the location information we
can easily detect great deviations between reported locations for the same list of APs
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 52
scanned. After a number of simulations that we tested a more global assignment for
weights, we concluded that assigning them on per AP manner is much better because
we can give more opportunities for truthful roamers to contribute. A more global
approach would give them less weight and their reports would not increase the weight
of existing edges. With our technique dishonest roamers add edges with weight less
than 1 and if they are truthful they can increase the weight of a real edge.
The weight assignment equation is listed below:
where iw is roamer’s i weight.
All trusted clients’ reports have weight 1 and we also use the pruning technique in this
scenario. Roamers’ reports always create edges with weight less than 1, so with
pruning every colluding group’s false addition on the graph is removed. Otherwise if
roamers are also truthful a small value is added to increase the weight of an existing
edge, which either way would have a weight value at least equal to one. As is it shown
in the simulation results, this technique works even for the occasion in which colluders
from different APs decide to report the same list of not existing APs.
6.7 Second simulation scenario results
Results from this scenario will shed light to occasions where trust relations do exist.
We hope that results from this study can help other research areas similar to our work
(e.g. 802.11k).
In this simulation we placed 4 APs as if they were on the edges of a building block.
We tried to place clients to many different random locations and we studied how
colluders can affect our system. This way we suppose that 50% of our clients are both
roamers and colluders. Colluders form groups of colluders of 3 clients each that report
the same list of APs including their associated AP.
11 , 1
i
n
iw δ δ
=
≤ − <<∑
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 53
In the graph below we show the results for 5 different random placements of clients
with a fixed 50% of roamers-colluders.
Figure 20: Results leveraging trust relations
The results are surprisingly good for even the half of clients being colluders. ISGI
value is 1 for all the topologies, which means that the resulting graph and the original
graph are completely the same. In other words in these simulations we managed not
only to defeat all the colluding strategies, but also to gather all the information about
possible interference.
On the other side we can see how performance deteriorates when no countermeasures
at are taken! The red line on the graph depicts the results when we do not prune the
edges with weight less than one and we do not assign values with our algorithm, but
all clients are treated equally with unit weight. Results are extremely different with
ISGI values very close to 0.6. Such values mean extremely differences in the results,
since about 40% of our clients are badly affected.
We will present the average performance for our algorithms in the following graph
and we will explain the results immediately after that.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 54
Figure 21: Average value of ISGI for the second simulation scenario runs
If we do not apply the proposed algorithms, colluders will manage to deceive the
network operator adding some fake edges to the interference graph. As we mentioned
before colluders decide to report a certain list of APs with the associated AP. This
means that the reported APs’ list would be in a format like: APs-> ‘X’ ‘Y’ ‘Z’
‘AssociatedAP’. As a result a colluders’ group would add the edges (X, Y), (X, Z), (X,
AssociatedAP), (Y, Z), (Y, AssociatedAP), (Z, AssociatedAP). These edges will have
unit weight and they will connect the existing associated AP with the fake ones and
the last between them. If we do not take the appropriate measures there are going to be
two critical problems. The first one is that we are going to lose critical information that
colluders could potentially provide us and the second one is that they are going to
deceive certain providers in order to shrink their AP cell or alter their operating
parameters.
Extreme differences shown in the chart between two approaches come from the added
edges we mention above. Taking into account that half of our clients are colluders we
both lose their valuable contribution and we also suffer fake edges’ addition with
weight more than 1.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 55
6.8 Comparison between results of first and second scenario
Obviously we achieve better performance for the second simulation scenario.
Performance is better because applying pruning and assigning weights properly result
to perfect matching between original and reported graph even when clients are divided
into colluders and truthful. In the first scenario we achieve values of ISGI at about
0.92, but in this scenario we achieved perfect matching.
First of all we must focus on the main differences between two scenarios. Second
simulation scenario includes a more dense distribution of clients and a heavier load on
APs. Only this difference is quite important for the differences in the results. More
clients can contribute more to the system and thus collect more valuable information.
It is obvious that even with 50% of clients being colluders we achieve perfect
matching, which means that there are enough remaining clients to submit feedback to
the system. On the contrary, in the first scenario we lost some valuable information
from lying clients because there was a more sparse distribution of them on the
topology. If there was a more dense clients’ distribution the remaining population
would replace the lost information. To sum up, we conclude that clients’ population is
a key-feature toward successful sensing and reporting.
Secondly, in the first scenario all clients are treated equally. This fact gives the ability
to lying clients to potentially flood the reporting system with fake information.
Without pruning techniques performance deteriorates linearly with the increasing
number of non compliant clients. In the second scenario, we can leverage trust
relations and thus achieve better performance. We do not treat all clients equally since
we do not have equal knowledge of their identities and their attitudes towards the
associated AP. Reports’ weights are assigned in accordance with the reputation and
the affiliations of each client. A reputation mechanism which keeps track of each
client contribution could easily assign weights in a similar manner and achieve great
performance for the sensing and reporting architecture. Trusted measurements and
weight assignment per AP resulted to great performance because we managed to
restrict the colluders’ actions but also to utilize the potentially truthful contribution of
roaming clients.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 56
To conclude, trust for clients is the key feature that such architecture should leverage
in order to achieve great performance. Trusted reports can always help in order to
avoid deception from non compliant clients.
6.9 Third simulation scenario setup and results
In this scenario we try to evaluate the pruning technique for a larger scale topology.
The simulation setup is almost identical with the first one apart from the number and
placement of the network entities. We try to find out if the pruning technique scales
for larger topologies, since it is not a complicated technique and we believe that this
simplicity would make it very scalable.
As we saw in the second scenario, clients’ number and their location is crucial for the
outcome of the scenario. In that direction, we increased the number of clients in order
to find out how the increasing number of reports in accordance with the randomness of
their locations could affect the results. We also increased the number of Access Points
and we decreased the size of the topology, trying to increase the network density. We
illustrate the topology in the figure below for a better understanding of the entities
location and distribution.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 57
Figure 22: Topology of the third simulation scenario
We assume that clients adopt the same cheating strategies as in the first scenario,
where they invent a set of APs and they report them to the authority. We ran a number
of simulations and we use the number of non compliant clients as a tuning parameter.
We provide the results in the figure below and as it is depicted the pruning technique
scales very well.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 58
Figure 23: Results for the large scale scenario
As in the first scenario, for the case where all clients are truthful we get worse results
with the pruning technique. We lose a number of honest reports with unit weight since
we prune them with our technique. Thus from the loss of this information we get
slightly lower values. Of course, this loss also occurs in the next simulation runs where
non compliant clients increase. Furthermore, we see that even with a great percentage
of liars (50% of clients’ population) we can achieve great values of ISGI with pruning
technique. On the contrary performance deteriorates without the pruning technique,
since network operators get deceived from the great number of fake edges.
To sum up, the intuitive thought that the technique would scale was confirmed. The
simulation results showed that this pruning scheme can easily scale with very good
results even for dense and large topologies.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 59
7. Incentives issues about clients’ contribution
7.1 Introduction
Incentives for clients’ truthful contribution to such architectures, as the one we
propose, are obviously crucial. We have no other choice but to mention some well
known solutions for other popular systems and try to associate them with our system.
Many popular applications or marketplaces have embedded incentive or reputation
mechanisms that secure them from erroneous feedback or malicious behaviors.
Electronic marketplaces such as e-bay or Amazon use a very clever reputation
mechanism enforcing truthful feedback and rating from both clients and sellers. Peer-
to-Peer systems proved very famous due to the incentives that clients have to exchange
their popular files. Such mechanism can be transferred to a sensing and reporting
system, increasing its security and robustness. In the following section we try to
present a list of interesting incentive mechanisms proposed for well-known systems
and we propose an incentives’ mechanism for our architecture.
7.2 Overview and Related Work
We should begin this section with a very famous example, the peer-to-peer (p2p)
systems. Those systems become very popular due to the robust mechanism that they
use for file exchange and the incentives for clients’ contribution. P2P systems become
popular because clients could download files that were hard to find or generally
popular. Peers of such systems had to exchange their files with others in order to
increase their downloading rates. So, p2p systems managed to motivate clients to
contribute in file sharing. On the other hand, the embedded tit-for-tat mechanism gave
no other choice to peers than share their files in order to increase their rates. Peers had
to exchange their file chunks’ in order to increase their uploading rate and become
more easily selected by other peers. This mechanism ensured that clients will
cooperate with others and thus contribute to the system.
Going one step further, we should also analyze the reputation mechanism that many
systems use nowadays. Apart from contributing to the system, we must ensure that
clients’ contribution, either in form of content or in form of feedback, will be honest
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 60
and valuable. There are numerous solutions proposed for reputation mechanisms in a
variety of systems. We would like to begin with an everyday example; the e-bay
reputation mechanism. Seller and buyers exchange binary feedback in order to
evaluate the transaction. Buyers pay for a purchase and they trust that the seller will
send the item. After that, the buyer rates the seller (and vice versa) with a binary value;
1 for positive feedback and -1 for negative. Obviously, both sellers and buyers struggle
to create high feedback rates in order to get better treatment. There is no doubt that no
one would buy items from a seller low very low value and vice versa. With the above
mechanism it is proved that e-bay has become a very robust, safe and popular
marketplace.
A similar mechanism was proposed by Jurca et al [24] but for the online hotel booking
industry. Hotels offer certain services for customers and both customers and hotels
submit a report. If their reports conflict, they are both punished. If the reports match
and they mention that the services were as described, the hotels’ reputation is
increased. The hotel has a great incentive to cheat by not providing the announced
services for the customers in order to increase income. Customers’ reputation although
can avert hotel owners for such actions, because no one would cheat a client with a
reputation for being truthful because this would possibly decrease the future revenue.
In that direction, Papaioanou et al. [25] proposed a similar reputation mechanism for
virtual communities. They propose that when two reporting sides disagree for the
‘transactions’ rating they should be both punished. This strategy always averts
reporters from being non compliant. They propose a similar solution in [26] where
they propose a robust reputation mechanism for p2p systems. Peers always rate each
other after a transaction and if their feedback does not match they are punished.
Furthermore, they propose a number of features that would enhance the mechanism’s
performance. Each client is assigned a low initial reputation value. This way name
changes are avoided. Clients use certain pseudonyms and they get a low initial
reputation and consequently they have no incentives to change their names. For each
successful transaction they increase their reputation. If they get caught lying for
transactions they are punished and they cannot transact for a certain time period. We
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 61
must also mention that clients are assigned a pseudonym and they get a certificate
signed by the system, as in Pretty Good Privacy (PGP) [27]. Thus, a clients’
pseudonym is closely related with his strategy, which is not public declared, the
performance that he might offer through a transaction and of course with his
reputation.
Another approach is to offer payments [24] to motivate clients for truthful feedback.
Clients are motivated to increase their income by being truthful and thus shift the
reporting equilibrium to a truthful one. In [28] clients’ feedback is used to monitor
QoS. Clients run a monitoring application that periodically reports feedback to a
trusted center. The center uses a number of reference reports to reveal all the erroneous
feedback. Instead, when a client honestly reports to the center he receives a payment
for the contribution. So, given that the reference report is true each client is motivated
to report truthfully to gain money and thus there is a Nash equilibrium. Collusion rings
are also easily broken because colluders have incentive to deviate and break the ring to
gain more money by truthfully reporting. This solution although requires a small
proportion of clients to be trusted in order to effectively compare the reports from
other clients.
The solution proposed in [29] utilizes the upcoming reports as a reference to compare
the reports received by clients at a certain time. They also propose solutions for other
security issues. They face the occasion where a client imitates some other
identification in order to submit erroneous feedback and remain undetected or harm
other’s reputation value. Encryption and sign, as they propose, will make the system
safe. No client will be able to impersonate client x and remain undetected.
All the above research works propose solutions for various systems. A small subset of
each of the problems described can suit the needs of a sensing and reporting system for
incentives and trust among network entities. In the next chapter, we describe the main
issues for our architecture and we propose a similar mechanism with those described
above.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 62
7.3 Sensing and reporting issues
Obviously there is a rapid increase in the features of the handheld devices that we use
every day. On the contrary, some problems remain unsolved and the most common is
the battery consumption. Wi-Fi connections greedily consume the battery life of a
handheld device even in some short time period. Any of us that use a PDA for VoIP
calls has faced a similar problem. As we mention in chapter 3, clients have a lot of
incentives to be indifferent or dishonest and thus do not contribute to the system. Apart
from not contributing they might also adopt cheating behaviors and it is quite possible
to harm the mechanism we propose. As a result, there must be a mechanism that
motivates clients to submit feedback and secondly there must be a reputation
mechanism that identifies each client and promotes honest behaviors.
We have silently assumed in the second simulation scenario that there is a reputation
or accounting mechanism that identifies clients and makes it possible to trust a subset
of them. This scheme, as we presented, takes into account the trusted reports while
roamers can contribute only when they adopt honest behaviors. There is an assumption
in our simulation scenario that an available reputation mechanism provides us the
appropriate information about trust relations and we develop and evaluate a proper
scheme for weights’ assignment to clients’ reports. This means that the results
presented can be easily used for other similar research areas that provide a full
accounting and reputation system.
Clients can be averted from lying if they have economic or performance incentives to
be honest. As it is presented in relevant works discussed above, economic incentives
might break collusion rings, since clients can increase their income by averting form
lying. There is no doubt that a great percentage of non compliant clients would avert
from lying if they knew that they could be easily detected and punished or if they
could increase their benefit. Such punishments could involve connection refuse,
performance degradation or even fine. On the other hand, it is quite a temptation for
some clients to ‘blur’ providers’ view of the APs’ deployments if they know that they
will remain undetected.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 63
Going one step further, we believe that clients have different incentives on each
occasion for being truthful or non compliant. Imagine a scenario where in a small area
home users try to collect statistics in order to optimally deploy their home APs. Clients
report the sensing results to their APs and the last forward the results to an authority.
In this case it is almost sure that each home user would not submit erroneous feedback
to his AP. On the contrary, home users might want to deteriorate their neighbors’
performance and thus report fake information about them. Either ways, anyone would
like to maximize the performance of their homes’ WLAN and it is quite possible to be
honest.
We would like to present another fact that is quite common in urban areas. Despite the
numerous APs that are publicly available, we are often not able to connect to none of
them. Heavy load or wrong setup does not allow many clients to be connected to
hotspots and thus the available spectrum is underutilized. This fact leads to clients’
disappointment because more and more people every day have to be connected to
hotspots to serve their needs. We mention the above situation because better
deployment of WLANs or free connectivity for certain time periods would motivate
all clients to contribute.
In that direction, we believe that a main incentive for clients of our architecture would
be free connectivity for certain time periods which would be extended for every
truthful report submission. Each authority that deploys such architecture could deploy
some dedicated APs in order to collect statistics. Clients motivated by free
connectivity could connect to the nearest AP to serve their needs and provide feedback
about wireless infrastructure. This scenario would fit the occasions where clients do
not have economic relations with providers and they just leverage the free connectivity
offer. These clients could also use the information depicted on the Wi-Fi maps created
from their feedback and thus have further knowledge of available APs in area the use
to spend their everyday life.
On the other hand, there might always be economic relations between clients and
providers. Providers deploy an increasing number of APs in metropolitan areas in
order to better serve their customers’ needs. They could also motivate their clients to
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 64
contribute by economic and performance incentives. Customers that would monitor
the wireless channels could be provided with better transmission rates; increasing by a
certain value for each honest report. They could be also motivated by the promise for
discounts on their bills, provided that they contribute to the system. Those economic
incentives might also lead some providers to ask from customers to erroenously report
to other providers’ hotspots, as we mention to the second simulation scenario.
Taking into account the above situation we should refer to the incentives for providers.
Providers want to optimally deploy their APs in order to serve their customers.
Clients’ feedback would inform them for the deployment of other APs and they could
take appropriate measures taking into account others’ decisions and deployments. This
means that some providers might not want to change their APs setup or location
because they believe that such action would degrade their clients’ performance. In that
case, others have to optimally set up their infrastructure in accordance with the attitude
of non-cooperating providers. There are some research works [30] although which
prove that with providers’ cooperation in such environments, they could all maximize
their performance. A more cooperative game would lead to a better outcome for all of
them. Imagine the case where two providers have equal APs closely placed and the
first one is heavy loaded while the other’s resources are underutilized. Clients’ handoff
from one to the other would obviously enhance performance for both providers, but
would also involve their economic cooperation.
In conclusion, we believe that there are numerous incentives for both clients and
providers to cooperate in a sensing and reporting system and thus we tried to briefly
introduce a small subset of them. In the following chapter we illustrate an accounting
and reputation mechanism that would suit such systems.
7.4 Reputation and accounting mechanism
In this chapter we will try to illustrate a simple mechanism, in a more centralized
manner, which would fit the sensing and reporting system. All the above issues
necessitate a robust mechanism that would identify the clients of our system and
would increase its robustness.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 65
First of all, we propose that each client should have a unique identifier e.g. a
pseudonym that would globally identify him all over the system. This identifier
should be associated with a physical person and would be associated with its
reputation and performance on the sensing and reporting system. Each new client
should be assigned a small reputation value associated with its ID, trying to avoid
name changes. This reputation value would be increased if the client reports honestly
and vice versa. Thus, he would increase his reputation by being truthful and this way
leverage all the extra services provided. So, in a similar way of payments in the
previous examples we propose that clients’ honesty would be promoted for example
with better rates or free connectivity.
On the other side, the network operator or the authority that would launch such
statistics’ collection would provide clients with the IDs we describe above. For
example, authorities like Federal Communications Commission (FCC) that are
globally trusted from all the providers could be responsible for the assignment of
proper IDs. These authorities could have a number of servers that would serve the
needs of the system and would also make the system more decentralized and thus
more robust.
The authorities could also keep track of the reputation values of each client, in order to
assign different weights on their feedback. A client with a reputation for always telling
the truth could be assigned a unit weight as in the first scenario. Otherwise, a small
weight could be assigned which could be increased in accordance with honest reports
from the client.
We illustrate the above scheme in the figure below in accordance with the details we
describe in the next paragraph.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 66
Figure 24: Clients are issued proper certificates before reporting to the system
The certificate authority issues a certificate to each client and after that he can
contribute to the system by reporting the monitoring results gathered during scanning
the available channels. Those certificates signed by the authority practically bind the
user’s ID with its credentials to the system and with the MAC Address of its device’s
wireless interface. In other words, a certificate binds a client, his ID and the wireless
equipment that is used for the system. This way, a client is averted from name changes
and cannot always change the equipment that senses the wireless environment. The
main goal of this procedure is to ensure that a client informed about the ID of others
will use it for malicious reporting instead of them. No malicious reports would be
created for spoofed MAC Addresses because each MAC Address would be ‘bind’ to a
certain client.
In conclusion, we believe that even such systems involve a centralized part of the
architecture and might reduce the robustness of a system; they have proved to be
useful and effective for a majority of them. We also believe that authentication and
reputation mechanisms are crucial for the system we envisage all across with an
accounting system for proper weight assignment for each client’s feedback.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 67
8. Conclusions and contribution of our work
8.1 Overview of the previous chapters
In this section we will try to give a short overview of the work that we presented in the
previous chapters.
In the first chapter we presented the motivation and the main goal of our work. We
mention the main problems that arise from the ubiquitous presence of Wi-Fi APs and
the increasing need for near optimal APs’ deployment.
Next chapter illustrates the similar research projects towards information gathering for
the wireless infrastructure deployed and the possible interference. The most related
work involves IEEE 802.11k protocol for the research area of Wi-Fi technology and
the WarDriving projects. We also mention similar approaches for the cognitive radio,
where plenty of solutions have been proposed and the 802.22 approach for information
gathering about base stations and available TV frequency bands.
In chapter 3, we describe the design and implementation of the architecture we
propose across with all the utilized technologies. All key functions and system
components are presented as possible triggers for further work, too. Key roles of each
entity are described and we try to illustrate a motivating case for our work.
As many clients might not conform to each protocol, in chapter 4, we describe a
number of possible cheating strategies to give a full picture of what possible threats
our or other systems may face.
The next chapter presents the evaluation method that we use to evaluate the
architecture we propose through a number of simulations. Our new metric is described
across with the two algorithms that we propose in order to secure our reporting system
from erroneous feedback.
Chapter 6 illustrates all the simulation scenarios that we studied in order to find the
possible outcomes from the presence of erroneous feedback. We also analyze the
simulation results trying to support the proposed solutions. We continue with a
comparison between the simulation scenarios results’ in order to describe the relation
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 68
between different parameters of their setup and we conclude with a large scale
simulation scenario.
In chapter 7, we refer to the most common issues about incentives for contributing or
not to the system and we propose a reputation and accounting mechanism.
8.2 Key features of the designed and implemented architecture
A lot of similar architectures have been proposed in order to gather information about
wireless infrastructure deployment. The most well known projects are the WarDriving
projects that have been deployed for a lot of years. Numerous web sites and
applications offer information about available APs all over the world depicted on
maps. IEEE 802.11k standard was recently proposed trying to utilize clients’ feedback
and optimally configure WLANs deployment.
The main design axis of the architecture we proposed is that we try to minimize the
overhead for the network entities. We believe that it is of high importance to utilize the
diversity of clients’ locations to gather information in a more distributed manner.
Access point-centric or sensors-centric approaches suffer from the close space that
these components can sense. 802.11k protocol demands firmware update for APs and
a variety of measurements for clients. This feature is extremely important but places a
burden for mobile devices and may lead to increasing number of not contributing
clients. WarDriving projects involve the personal interest and motivation from a group
of clients to support Wi-Fi mapping for urban areas. On the contrary, our architecture
does not require extra hardware or modifications on existing APs. Clients are not also
asked for a variety of battery or throughput consuming measurements. A few scans in
a periodic manner can be enough to support our system.
8.3 Contributions of the lying strategies analysis
We which strategies can be viable in a sensing and reporting system and we conclude
to a set of strategies that could pose a threat against it. The most naïve strategies were
excluded and we decided to study the possible outcomes from the most potentially
harmful ones. The results we presented can be also used for a number of other sensing
and reporting systems. No other work in the related research area studies the possible
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 69
outcome if users do not conform to the demands of each protocol. Most of them
silently or explicitly assume that users conform to the relevant mechanism and always
submit truthful feedback. We go one step further and we propose and evaluate two
appropriate algorithms as a defense against threats from erroneous feedback.
Proposed algorithms can be also used on top of other systems. IEEE 802.11k is the
most related protocol and we believe that the proposed algorithms can be easily
deployed over systems which support 802.11k. It is quite possible that a number of
clients can modify the version of the protocol that their wireless interface supports in
order to deceive the system and enhance their performance or their benefit. As we all
know it is quite easy for a client to change the parameters of the TCP protocol that his
computer supports. In a similar manner and provided that more and more users
become selfishly, many of them might want to modify their interfaces’ drivers to
enhance their performance. Sensing and reporting systems must be defended against
these actions and must have proper ways to filter the erroneous feedback. To conclude,
there is a great relation between IEEE 802.11k and our work; thus we strongly support
our opinion that our results can help the research area related to 802.11k or even
802.22.
8.4 Future work
In this chapter we would like to mention some possible future work that we think
should be done in the relative research area.
Driven from the ubiquitous presence of Wi-Fi APs and the increasing popularity of
small-size handheld devices, more and more users adopt mobility patterns. We believe
that the effect on sensing and reporting procedure from clients’ mobility should be
extensively studied in the near future.
Another important aspect that should be extensively studied and is closely associated
with the mobility issue is the arrival rate of new clients. During the simulations we ran,
we assumed that clients were static and that there was a generally static topology. In
other words, there was no possibility for new arriving clients. It is quite intersecting to
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 70
find out how or if a sensing and reporting mechanism can adapt itself to the increasing
number of reports or the increasing number of possible non compliant clients.
Lastly, in real environment it is not always safe to assume that transmissions occur
according to free space propagation model. Due to a number of obstacles transmitted
signal gets reflected and as a result propagation ranges decrease. In that direction, we
believe that a study with another propagation model would be very beneficial.
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 71
References
[1]Chris Hurley aka Roamer,Frank Thornton ,Michael Puchol, Russ Rogers
“WarDriving—Drive, Detect, Defend—A Guide to Wireless Security”.
[2] Wireless Geographic Logging Engine - http://www.wigle.net.
[3] Dongsu Han, Aditya Agarwala, David G. Andersen, Michael Kaminsky,
Konstantina Papagiannaki, and Srinivasan Seshan , Mark-and-Sweep: Getting the
Inside Scoop on Neighborhood Networks, In Proc. Internet Measurement Conference,
(Vouliagmeni, Greece), Oct. 2008.
[4] Anthony J Nicholson, Yatin Chawathe, Mike Y Chen, Brian D Noble, David
Wetherall, Improved access point selection, In MobiSys 2006: Proceedings of the 4th
international conference on Mobile systems, applications and services (2006), pp. 233-
245.
[5] Rohan Murty, Jitendra padhye, Alec Wolman, Matt Welsh, DYSON: An
architecture for extensible Wireless LANs, Harvard University, Microsoft Reasearch .
[6] Ganesan G.; Li Y., Cooperative spectrum sensing in cognitive radio networks,
New Frontiers in Dynamic Spectrum Access Networks, 2005.DySPAN 2005. Nov.
2005 Page(s):137 – 143.
[7] Ganesan, G., Li Ye, Cooperative Spectrum Sensing in Cognitive Radio, Part II:
Multiuser Networks, Wireless Communications, IEEE Transactions on Volume 6,
Issue 6, June 2007.
[8]. Ruiliang Chen and Jung-Min Park, Ensuring Trustworthy Spectrum Sensing in
Cognitive Radio Networks, Networking Technologies for Software Defined Radio
Networks, 2006.On page(s): 110-119.
[9]. Ruiliang Chen,Jung-Min Park,Kaigui Bian, Robust Distributed Spectrum Sensing
in Cognitive Radio Networks, INFOCOM 2008.On page(s): 1876-1884 .
[10]. Idris M. Atakli, Hongbing Hu, Yu Chen and Wei-Shinn Ku, Malicious Node
Detection in Wireless Sensor Networks using Weighted Trust Evaluation.
Symposium on Simulation of Systems Security (SSSS'08) .
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 72
[11]. Peng Qihang,Zeng Kun,Wang Jun,Li Shaoqian, A Distributed Spectrum Sensing
Scheme Based on Credibility and Evidence Theory in Cognitive Radio Context,
Personal, Indoor and Mobile Radio Communications, 2006,On page(s): 1-5.
[12]. Ishrat J. Quader,Binghao Li,Wendi (Patrick) Peng,Andrew G. Dempster, Use of
Fingerprinting in Wi-Fi Based Outdoor Positioning, International Global Navigation
Satellite Systems Society IGNSS Symposium 2007.
[13]. Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe,Jamie Van
Randwyk, Douglas Sicker, Passive Data Link Layer 802.11 Wireless Device Driver
Fingerprinting, Proceedings of the 15th conference on USENIX Security
Symposium.
[14]. Bruno Kauffmann, Francois Baccelli, Augustin Chaintreau, Vivek Mhatre,
Konstantina Papagiannaki, Christophe Diot, Measurement-Based Self Organization
of Interfering 802.11 Wireless Access Networks, INFOCOM 2007. 26th IEEE
International Conference on Computer Communications. On page(s): 1451-1459.
[15].A. Mishra, V. Brik, S. Banerjee, A. Srinivasan, and W. A. Arbaugh, A client-
driven approach for channel management in Wireless LANs, in Proc. IEEE
INFOCOM 2006, April 2006.
[16]. Haitao Wu Kun Tan Yongguang Zhang Qian Zhang Microsoft Res. Asia,
Beijing, Proactive Scan: Fast Handoff with Smart Triggers for 802.11 Wireless
LAN , INFOCOM 2007. 26th IEEE International Conference on Computer
Communications. IEEE.
[17]. P.A. Frangoudis,G.C. Polyzos, Coupling QoS provision with interference
reporting in WLAN sharing communities, Personal, Indoor and Mobile Radio
Communications, 2008. PIMRC 2008.
[18].Wireless Zero Configuration-
http://en.wikipedia.org/wiki/Wireless_Zero_Configuration
[19].Kismet- www.kismetwireless.net/
[20].Nmea - http://home.mira.net/~gnb/gps/nmea.html
Spectrum sensing and reporting on WLANs
Dimitrios I. Zografos 73
[21]. PostgreSQL - http://www.postgresql.org/
[22].PostGIS – http://postgis.refractions.net/
[23]. Google Maps - http://code.google.com/apis/maps/
[24]. Radu Jurca , Boi Faltings , " CONFESS " An Incentive Compatible Reputation
Mechanism for the Online Hotel Booking Industry, Proceedings of the IEEE
International Conference on E-Commerce Technology.
[25]. Thanasis G. Papaioannou, George D. Stamoulis, Optimizing an Incentives’
Mechanism for Truthful Feedback in Virtual Communities, Lecture Notes in
Computer Science, Springerlink, Volume 4118/2006, Agents and Peer-to-Peer
Computing.
[26]. Papaioannou, T.G. , Stamoulis, G.D., An incentives' mechanism promoting
truthful feedback in peer-to-peer systems, Cluster Computing and the Grid, 2005.
CCGrid 2005.
[27]. Pretty_Good_Privacy – http://en.wikipedia.org/wiki/Pretty_Good_Privacy
[28]. Radu Jurca, Boi Faltings, Reliable QoS monitoring based on client
feedback,Proceedings of the 16th international conference on World Wide Web, 2007.
[29]. Radu Jurca, Boi Faltings, Eliciting Truthful Feedback for Binary Reputation
Mechanisms, Proceedings of the 2004 IEEE/WIC/ACM International Conference on
Web Intelligence.
[30]. Xenofon Fafoutis and Vasilios A. Siris, Handover Incentives for WLANs with
Overlapping Coverage, Lecture Notes in Computer Science, Springerlink, Volume
5546/2009, Wired/Wireless Internet Communications.