spectrum sensing and reporting on wlans · number of wi-fi access points ... that a proportion of...

ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS

Department of Informatics

Master of Science Program in Computer Science

MASTER THESIS

Spectrum sensing and reporting on WLANs

Dimitrios I. Zografos

Advisor : Professor George C. Polyzos

Athens, June 2009


Dimitrios I. Zografos 2

Abstract

In today’s urban areas, Wi-Fi appears as the predominant technology for local area

wireless connectivity. Driven from their ease of installation and use, as well as their

operation in unlicensed spectrum bands, the number of IEEE 802.11 access points (APs)

rapidly increases. Considering the above situation, information about APs deployed in

densely-populated areas can help the development of advanced interference mitigation

strategies, trying to enhance the performance of IEEE 802.11-based Wireless Local Area

Networks (WLANs).

Wi-Fi enabled handheld devices gain increasing popularity and in relation to the above

situation, Wi-Fi presence becomes ubiquitous. Towards that direction, we designed and

implemented a sensing and reporting architecture, where clients monitor the wireless

channels for available APs and report this information to a spatial database. All the

information gathered can be used for optimal deployment and configuration of WLANs

and can also be plotted using mapping software.

On the other hand, clients may not always provide truthful reports and thus try to ‘blur’

providers’ view of WLANs’ deployment. We try to determine, through a number of

simulations, how cheating behaviors from clients can affect the results gathered at the

reporting system. Finally, we propose and evaluate a set of techniques in order to defeat

the most viable cheating strategies which clients might adopt.

Copyright © 2009

Dimitrios I. Zografos

ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS

Department of Informatics

Master of Science Program in Computer Science



Acknowledgements I would like to thank Professor George Polyzos for his invaluable help and his kind

contribution to the preparation of my MSc thesis. Also, I want to thank him for the trust

he showed for me and for his thoughtful advice during my MSc studies. Furthermore, I

would like to thank Professor George Xylomenos for accepting the role of the second

reader. Finally, I want to thank Pantelis Frangoudis, Kostantinos Katsaros and Vaggelis

Douros who shared with me a lot of their expertise during my MSc studies.



Table of Contents

Abstract ............................................................................................................................................2

Table of Contents .............................................................................................................................4

1. Introduction ..............................................................................................................................6

2. Related work .............................................................................................................................9

2.1 Similar Projects ......................................................................................................................9

3. Design and implementation ....................................................................................................... 13

3.1 Overview ............................................................................................................................. 13

3.2 Main design axes ................................................................................................................. 13

3.3 A motivating case ................................................................................................................ 14

3.4 Sensing and reporting architecture main features ................................................................ 17

3.5 Clients’ contribution ............................................................................................................ 19

3.6 Implementation details ........................................................................................................ 20

4. Analysis of clients’ reporting strategies .................................................................................... 28

4.1 Introduction ......................................................................................................................... 28

4.2 Incentives for clients to report fake or no information at all ............................................... 28

4.3 Completely no contribution to the system ........................................................................... 29

4.4 Cheating reporting strategy ................................................................................................. 29

4.5 Collusion rings among clients ............................................................................................. 30

5. Evaluation method ..................................................................................................................... 32

5.1 Overview ............................................................................................................................. 32

5.2 Basic evaluation approach ................................................................................................... 32

5.3 Topologies’ comparison and interference graph creation ................................................... 32

5.4 Relation between erroneous feedback and matrix creation ................................................. 34

5.5 Motivation for a new metric ................................................................................................ 36

5.6 Interference Similarity Graph Index ( ISGI ) ...................................................................... 37

6. Simulation setup ........................................................................................................................ 39

6.1 Overview ............................................................................................................................. 39

6.2 Pruning technique ................................................................................................................ 39

6.3 First Simulation Scenario .................................................................................................... 41

6.4 First scenario results analysis .............................................................................................. 43



6.5 Second simulation scenario ................................................................................................. 47

6.6 Trust and reports’ weights ................................................................................................... 51

6.7 Second simulation scenario results ...................................................................................... 52

6.8 Comparison between results of first and second scenario ................................................... 55

6.9 Third simulation scenario setup and results ........................................................................ 56

7. Incentives issues about clients’ contribution ............................................................................. 59

7.1 Introduction ......................................................................................................................... 59

7.2 Overview and Related Work ............................................................................................... 59

7.3 Sensing and reporting issues ............................................................................................... 62

7.4 Reputation and accounting mechanism ............................................................................... 64

8. Conclusions and contribution of our work ................................................................................ 67

8.1 Overview of the previous chapters ...................................................................................... 67

8.2 Key features of the designed and implemented architecture ............................................... 68

8.3 Contributions of the lying strategies analysis ...................................................................... 68

8.4 Future work ......................................................................................................................... 69

References ..................................................................................................................................... 71



1. Introduction

Nowadays, Wi-Fi (IEEE 802.11) appears as the de-facto standard for local area

wireless connectivity. Driven from their ease of use and low cost of deployment, the

number of Wi-Fi Access Points (APs) rapidly increases in urban areas. This fact leads

to interference in Wi-Fi channels, since there is a small number of non overlapping

ones. Considering the above situation, information about AP deployment and

configuration would be extremely important for wireless providers. Given the

appropriate information, providers could optimize the configuration and maximize

throughput of 802.11-based Wireless Local Area Networks (WLANs).

Taking into account the situation depicted above the Wi-Fi alliance proposed a new

standard-the 802.11k standard. This new standard aims to provide client feedback to

WLAN access points. This feedback includes the statistics that clients collect while

sensing the wireless environment at their location. 802.11k also involves sensing from

the APs in order to gather information about the wireless channels. Information

gathered from all network entities should be used for roaming decisions, transmit

power control or channel selection. Unfortunately, 802.11k must be supported both

from clients and APs and therefore it will be a while before its impact will be left.

In similar direction with 802.11k, we designed and developed a sensing and reporting

architecture for WLANs. Motivated from the increasing number of Wi-Fi –enabled

handheld devices, we developed an application that senses the wireless environment

and reports this information to a central ‘authority’. Also, due to the increasing

popularity of GPS technology, we assume that clients use the built-in GPS equipment

of their devices to report their location. In that way we can create a spatial database to

narrow our results to a specific area of interest or plot them on a map (e.g. Google

Maps).

Wi-Fi mapping, also known as WarDriving, is the most well known similar project.

People driving or walking with Wi-Fi devices, roam in a certain area to scan for

available APs and try to investigate their performance, or their security configuration.

All the information gathered is plotted on maps, or is used for statistical purposes. The

main difference of our approach is that we leverage the different locations of clients to



give us feedback and we let the system evolve on its own, hoping that clients will

contribute to the system.

Obviously, clients have to be motivated to contribute to the system. It is quite possible

that a proportion of clients might want to report incorrect values or do not report at all.

Since our main goal is to design a robust architecture we have to find out how

erroneous feedback can affect the resulting view of a topology. We use some

previously known topologies to simulate the sensing and reporting procedure. We

collect clients’ feedback and we create an interference graph which we compare with

the true one. This study will reveal the relationship between the proportion of non

compliant clients and our conclusion on areas where channel interference is high.

In order to evaluate our architecture we came up with a list of the most viable and not

easily detected cheating strategies. Afterwards, we ran a number of simulations to

study how these strategies can affect our system and how we can defeat them.

Simulations proved that if we do not take the appropriate countermeasures, clients can

very easily ‘blur’ a provider’s view of WLAN deployment. Consequently, we

proposed some algorithms that can defeat the most viable cheating strategies.

First of all, we proposed a pruning algorithm that ignores the feedback reported by just

one client. This way we ignore erroneous feedback that includes fake information

randomly invented by a client. This technique may reduce the accuracy if all clients

are truthful but it exhibits very well. This algorithm is used in our first simulation

scenario where all clients are treated equally since we do not have any proper

information about any of them.

On the other hand, we designed an algorithm for our second simulation scenario where

we have separate clients’ information. In that case, we can treat each client differently

by assigning different weights on their feedback. We group clients in two groups:

affiliated and roamers and we try to break collusion rings between roamers.

Simulations showed that proper weight assignment in addition to a pruning algorithm

has very good performance, because we can filter the erroneous feedback and also

have a perfect view of the real deployment of the APs.



Finally, we invented and propose to use the Interference Graph Similarity Index

(ISGI), an appropriate metric that takes into account the number of affected clients

from truthful or erroneous feedback. We increase ISGI by one for each interference

graph’s real edge we reveal, or we decrease it by one for every edge that we do not

find due to erroneous feedback.

The remainder of this thesis is organized as follows. In Chapter 2, we present related

work and we pinpoint the main motivation for our work. We explicitly describe other

proposed solutions so far and we present the guidelines of our work.

In Chapter 3, we describe an implementation of our architecture with all the

technologies that we used in our effort to create a fully functional system, with a

number of useful features.

In Chapter 4, we illustrate all the possible lying strategies we came up with and that a

client might adopt in order to harm our system.

In chapter 5, we illustrate the evaluation method that we used and furthermore we

propose a new metric to compare the original interference graph and that obtained

based on the reports from clients.

In chapter 6, which is the most important of our work, we propose two new algorithms

that can be used against lying strategies and we present the simulations scenarios that

we ran to evaluate the above algorithms and also study the possible outcome when non

compliant clients do exist in our topology.

In chapter 7, we discuss what we consider the most relevant work on reputation and

incentives’ mechanisms and we propose a reputation and accounting mechanism for

our environment.

In Chapter 8, we propose what can be undertaken as future work towards solving

related problems and we summarize the contributions of our work.



2. Related work

In this chapter, we will try to introduce the research work that is closely related to our

work and pinpoint the main differences of other similar projects.

The rapidly increasing number of Wi-Fi APs leads to significant interference problems in

metropolitan areas. Taking into account the scarcity of spectrum, we have to optimally

configure and place the APs, in order to effectively utilize the available spectrum bands.

If we consider that 2.4GHz bands (that Wi-Fi utilizes) are unlicensed, it is obvious that

AP owners might act selfishly in order to maximize their own benefit. Nevertheless, such

a selfish behavior might not always result in better performance for the AP owner. Since

IEEE 802.11b/g, the most common protocol for wireless local connectivity, uses 11

channels with 3 non overlapping ones; the probability of channel interference is

extremely high.

Considering the above situation, it is critical for wireless providers, or any AP owner, to

have information about the deployment and configuration of interfering APs. This

information could be properly used as input to power control or channel selection

algorithms in order to maximize performance of WLANs. A number of solutions have

been proposed to similar directions, so we try to briefly introduce them in the following

chapter.

2.1 Similar Projects

The most similar projects to our work are these in the Wi-Fi mapping area, also known as

WarDriving projects [1]. WarDriving is the act of moving around a specific area and

mapping the population of wireless access points for statistical purposes. Due to the

ominous sound of their name, such projects have many times been associated with

hacking activities. However, it is well known that these activities have been also adopted

for academic purposes and many research teams have participated in WarDriving or

WarWalking projects in university campuses. Nowadays, many web sites host Wi-Fi

maps of large areas, even worldwide. WIGLE-Wireless Geographic Logging Engine [2]



is such a web site with worldwide Wi-Fi maps, making maps of wireless networks since

2001.

Towards the above direction, Papagiannaki et al. [3] drove in the Carnegie Mellon

campus and passively recorded all transmissions they observed along with GPS

coordinates. A map of the APs within a neighborhood and key properties of the APs was

created. Using these data, they pruned out APs with low signal strength and identified

ideal locations to perform active measurements for the rest of the APs. In the second

stage, they drove to the chosen locations and performed detailed active probing of the

APs to measure properties of their wireless network and last-mile connectivity.

Nicholson et al. [4] have a proposed an automatic access point discovery and selection

system that goes one step further than WarDriving projects. They run a full set of tests for

available APs before selecting one for connection. They insist that WarDriving maps can

easily become obsolete and that choosing an AP by its signal strength is not the best

method. They also proved that choosing manually an AP has more overhead and they use

a number of servers to test the performance of certain services (e.g. FTP, SSH).

Another project we have to mention here is Dyson [5]. This is a proposed solution for

enterprises that want to optimally configure their WLANs. The proposed solution

involves a centralized entity that manages the resources allocation according to

measurements reported by clients and APs, creating a per client policy according to its

profile. However, there is a main assumption that all contributing entities conform to the

802.11 standard and they do not report erroneous or fake feedback.

Finally, for the Wi-Fi area, we of course have to mention the IEEE 802.11k standard,

which involves clients and APs scanning the wireless channels to enable STAs to

understand the radio environment in which they exist. The standard includes fixed format

that contains various information, like SSID, channel load and noise histogram, but it has

to be supported by both clients and APs. One important deployment feature is that the

standard only needs a new firmware upgrade for both AP and client interface’s drivers.

IEEE 802.11k involves APs sending scan requests to stations (STAs) and they have to

submit their measured values. STAs can also ask for or exchange measurements with

other STAs, trying to evaluate the quality of Radio Frequency (RF) connections between



STAs. Reported information can also contain each entity’s location given in longitude,

latitude and altitude. We must also refer to another key point which is sensing by APs;

information gathered for neighbor APs can be returned to clients for roaming decisions.

On the contrary, there is not much attention paid in the security threats that might be

posed. Our work can also be used on top of IEEE 802.11k in order to ensure that truthful

feedback can be reported. Last but not least, we mention that a year after its

standardization, the IEEE 802.11k standard is not widely adopted.

In cognitive radio, spectrum sensing is extremely important and a number of solutions

have been proposed. Users have to monitor spectrum usage to detect the presence or

absence of primary users. In [6] and [7], a cooperative scheme between clients is

proposed for early primary user detection. Clients can act as a relay for each other and

propagate their measurements in order to detect the primary user in time.

Security threats also exist in Cognitive Radio (CR) sensing, as is shown in [8]. An attack

that poses great threat to spectrum sensing is Primary User Emulation (PUE) attack. An

adversary’s CR transmits signals that emulate the characteristics of an incumbent’s

transmission. This attack can cause major interference to spectrum sensing, so two

alternative techniques are proposed. The first one is called Distance Ratio Test (DRT),

which utilizes the received signal strength (RSS) of a signal source. The other one is

called Distance Difference Test (DDT), which relies on the received signal's relative

phase difference when the signal is received at different receivers.

One similar problem to our work is described by Chen et al. [9]. They enforce a terminal

reporting fake sensing information and they propose a scheme for defeating such

behaviors. They show that with a proportion of 20% non compliant reporters they can

achieve a correct sensing ratio over 95%, using Weighted Sequential Probability Ratio

Test (WSPRT). This technique is quite similar to our technique, as it also assigns weights

on reported information to make a final decision.

Another technique based on adaptive weight assignment to clients’ feedback is proposed

in [10] for Wireless sensor Networks (WSNs). Malicious nodes can be easily detected

when a majority rule is applied for the received feedback. In other words, if the report is

the same with the final decision, then the nodes’ reputation increases and vice versa.



On the other side, more distributed approaches for spectrum sensing have been proposed,

such as the one described in [11]. Both primary and secondary users sense the spectrum

and send the information to the AP where instead of traditional “And”, “Or” combination

algorithms, Dempster - Shafer’s (D-S) theory of evidence is applied to final decision

making at AP.

One similar idea for sensing and reporting is proposed for the IEEE 802.22 - a standard

for Wireless Regional Area Network (WRAN) using white spaces in the TV frequency

spectrum. This standard is aimed towards sharing the available spectrum allocated to

Television Broadcast Service. This spectrum usage can provide broadband connectivity

to large rural areas that are hard-to-reach. The initial drafts of the 802.22 standard specify

that the network should operate in a Point to Multi-Point basis (P2MP). The system will

be formed by Base Stations (BSs) and customer-premises equipment (CPE). The IEEE,

together with the FCC, is pursuing a centralized approach for available spectrum

discovery. Specifically each BS would be armed with a GPS receiver which would allow

its position to be reported. This information would be sent back to centralized servers,

which would respond with the information about available free TV channels and guard

bands in the area of the BS.

Although GPS provides us very good location information sometimes it can be inaccurate

for positioning. Trying to design better positioning systems, there a number of solutions

proposed, known as Wi-Fi fingerprinting techniques. In [12] and [13] fingerprinting

techniques are proposed, where in a similar way a database is created at the first place

and at the second phase is used for positioning.

Considering the evaluation method, we must mention that our approach for representing

interference conditions using a graph is well known in WLANs. It is a very sensible and

explicit way to depict possible interference in wireless channels and it is used in many

other projects including [14].



3. Design and implementation

3.1 Overview

Our main goal is to collect the appropriate information by clients’ feedback to create a

fully updated database that would help to optimally deploy WLANs. As a result, we

propose an architecture where each client runs one application developed by us and

reports to a central ‘authority’. This authority collects feedback and updates a spatial

database. This database can be used for spatial queries or Wi-Fi mapping. Further

details are described in the following chapters.

3.2 Main design axes

The main axis of our design is to create a client-driven architecture with clients being

its key component. We believe that Access-Point-centric approaches cannot provide

adequate feedback to contribute in optimal deployment of wireless infrastructure.

Measurements taken only by APs can only provide valuable feedback for near-by

areas, at a small range closely to the AP site. On the contrary we need information at

clients’ locations in order to get a full picture of the existing conditions. One common

problem that we believe that a client-driven approach would solve is the hidden

interference problem [15], which is obvious that it cannot be solved otherwise. Such

an approach can shed light to areas where wireless bands are underutilized, or reveal

areas where channel load is extremely high. In other words, it can be very helpful to

let such a client-driven system to self-develop from clients’ contribution, instead of

anticipating WarDrivers’ passion for creating maps. Of course we do not

underestimate their efforts or their existing contribution towards gathering

information, but it is a main drawback that the proportion of motivated clients to do

such research is just a minority in comparison to the clients that use wireless

connections every day.

As we mentioned earlier, clients have a key role in our system. Their feedback is used

to optimally deploy wireless infrastructure and consequently serve better their needs.

All clients are motivated to contribute because such a contribution will optimize the



performance of wireless links they use in their everyday life. Increasing needs for

ubiquitous presence of wireless connectivity is derived by clients’ needs for more and

more new applications. Clients demand to have the choice of a number of services at

given locations. Considering the fact that more and more clients adopt mobility

patterns, it is of high importance to serve handoffs in a more seamless manner.

Algorithms proposed so far [15] demand former scanning for nearby APs. Imagine

how easily this handoff could be planned, if this scanning information was formerly

known by a simple query to the reporting system. In this direction, we utilize the

feedback provided to create a coverage map with full description of available services.

As we will describe later, many security threats may arise against our system. One of

our main concerns is to keep the reporting database up to date, but also detect possible

erroneous feedback. Since network operators can consult the reporting system to

configure and place APs, a wrong decision derived from erroneous feedback would be

harmful and would increase existing interference. Taking into account that a number

of APs is deployed by wireless providers and they have economic incentives, it is

almost certain that some clients affiliated with one provider can submit erroneous

feedback in order to increase their income. So, trying to defeat such strategies, we

design and evaluate a mechanism that filters the feedback from cheating clients and

we present it in the following chapters.

There is another optic view for our design which takes into account possible behaviors

of different system entities. We believe that a number of providers might act

cooperatively and share the available spectrum, provided that it would maximize

performance and income for them both. In contradiction, a number of providers might

be non-cooperative and refuse to share the available spectrum or alter the

configuration of their APs. In both cases, each provider should have the ability to

make the best decision for them taking into account others’ decisions. This can be only

done if every provider is informed for the APs deployment in his coverage area.

3.3 A motivating case

The increasing popularity of wireless connections and networks in general,

necessitates the ability to sense the wireless environment and gather the appropriate



information for further examination. Imagine a square in a modern urban area; there is

no doubt that a number of different groups of users deploy APs for different purposes.

Some of them include:

• Home users who use their APs for local connectivity for their computers, PDAs,

or cameras.

• A number of providers wh0 deploy APs to serve their passing by clients who pay

in order to have connectivity at providers’ hotspots.

• Municipalities which offer free broadband services to clients.

• Cafés which offer similar services to their customers.

• Organizations which deploy open access APs to serve passing-by citizens.

Considering that the spectrum bands in this area of research are unlicensed and there is

a small number of non overlapping channels, interference cannot be eliminated

without any proper knowledge of WLANs deployment. It is very important to give a

picture of how urban areas look nowadays. In the figure below we can see APs

deployment in Seattle some years ago. There is no doubt that performance in this area

can deteriorate without proper deployment and configuration.



Figure 1: ‘Wi-Fi jungle’ in Seattle

Imagine across the streets depicted above clients sensing for available services and

reporting them to a reporting system. It is quite easy this way to create such maps,

instead of some clients driving and walking along the streets to collect information.

We envisage an architecture where clients, like in p2p systems, contribute by

exchanging ‘chunks’ of information for available APs. This feedback can be used

from proper organizations or authorities to properly set up topologies like the one in

the figure above.



3.4 Sensing and reporting architecture main features

Driven by their low cost and their increasing functionalities and features, PDAs and

handheld devices become more and more popular. This way, WLAN presence

becomes ubiquitous in order to serve the needs of the increasing number of Wi-Fi-

enabled handheld devices. It is a fact that the increasing number of these devices

results in more interference among APs. So we have to describe the role of these Wi-

Fi capable devices in our architecture.

• First of all, a mobile node is responsible for sensing Wi-Fi channels for available

APs at any given location. The node should create a list of available APs and a

number of their operating parameters. The most valuable of them are: SSID,

BSSID, Channel, Signal Strength (dB), Latitude, and Longitude. This information

is embedded in an XML report and is submitted to the system.

• The report that a mobile node creates must be submitted to a central ‘authority’

directly through the Internet. This can be done quite easily if the node creates a

direct connection to this authority and reports on a regular basis. The reporting

system collects the information and stores it as we describe later. Another

approach involves APs collecting the reports and forwarding them to the reporting

system. Such an approach would cause a small overhead since it would require AP

firmware update, but it could make our architecture more decentralized and

possibly more robust.

• Lastly, the mobile user must be able to authenticate itself through proper

mechanisms and certify to a third party that the information he reports is honest

and valuable.

Access Points are the least important entities in our approach, trying to decrease the

overhead of further involving them to the sensing and reporting mechanism. We do

not make any assumption that they will contribute to our system by sensing, because

this would mean that they would have to shift in monitor mode and this might lead to



performance deterioration1. Of course such a contribution from APs would help in our

effort, but we try to create as less overhead as possible. Our demand is that APs are

conformed to the 802.11 standard in order to cooperate with mobile nodes.

On the contrary, Reporting System is possibly the one of the most important

components of our architecture. It collects the information reported by clients and

stores it in spatial database for further examination. In our design this system is

centralized but it can also be more distributed if we duplicate those reporting servers.

• To begin with, we propose that there is an always-on concurrent server which

listens for connections from mobile nodes. When a connection is initiated the

server can collect the reported feedback.

• The reporting server is responsible for parsing the xml reports that are sent to it

and gather the embedded information.

• This information is stored to a spatial database extended by the spatial

information required for spatial queries. This database can be queried for certain

locations or any other reported attributes, but due to the spatial tools we use, it is

quite easy to make queries and gather the available services for certain ‘cell’

ranges. In other words, if we want to find all the available APs within range of

100m for a combination of longitude and latitude it can be done with just one

simple query.

• The above information in association with Google maps tools can provide as

with a great visualization of the reported information. With a number of

powerful software tools we developed an application that could be used from

clients to gather visual information in form of Google maps for certain locations

included in our database.

At this point, it must be noted that motivated by the increasing presence of GPS-

feature in many hand-held devices we assume that a certain number of clients’

equipment has this feature enabled. We suppose that the information provided by GPS 1 Another approach would be to use a dedicated Wi-Fi interface for monitoring, but this would increase their cost and complexity.



interface is accurate enough and that this is acceptable to make proper positioning.

Clients associations with APs can be utilized to have a better understanding for each

client’s location. To put it simply, clients between others also report the associated AP

to the reporting system, so we can utilize a list of clients per AP to understand their

location and the distribution on the topology. To sum up, each AP load in accordance

with clients location can be extremely valuable towards optimal configuration and

better performance of WLANs.

3.5 Clients’ contribution

Clients are key components of the architecture we propose because its performance

depends on their submitted feedback. Nowadays, numerous applications can be served

by just a Wi-Fi Smartphone, so a user can make VoIP calls while walking or check

their emails and so forth. Obviously, these applications can be restricted by battery

consumption or even connection bandwidth. Taking into account the low CPU power

of these devices many clients might not want to contribute to the system. Many of

them might not even want to involve by just running our application. We should also

mention that there may be some QoS degradation due to scanning time, while the Wi-

Fi interface probes the available channels. As shown in other works [17], there is a

tradeoff between the scanning interval and the QoS. Other clients may just be

dishonest and not want to lose their time scanning and reporting and can modify the

source code of our application to submit a fixed (and maybe fake) report to the

reporting system. Such an action would quickly result in obsolete database

information. Not to even mention the case where clients modify their reports and

submit erroneous feedback in order to ‘blur’ our view of WLAN deployment.

Considering that a number of deployed APs belong to different service providers

economic incentives may lead to erroneous feedback from some clients. Imagine a

shopping mall where providers offer certain services and there is a number of

overlapping Wi-Fi ‘cells’ and someone wants to deteriorate others’ performance in

order to increase its own benefit. Without proper actions taken, a cheating client can

report a number of non-existing APs in order to motivate other providers to reduce

their transmission power or change their operating parameters. There is no doubt that



this way the affiliated provider would increase their coverage area by deteriorating

others’ performance. Such an attitude would also lead the authority that manages the

deployment of a topology to configure and place even worse the Wi-Fi APs and

probably increase the areas where interference is present. However, it is common

sense that honest clients will contribute to the system and let us decrease the areas

where interference occur and consequently maximize performance. It is our main

concern to assume that clients cannot always be truthful and we study possible

behaviors and their results in the next chapters, where we also explicitly refer to a

number of viable strategies.

3.6 Implementation details

As we mentioned earlier, motivated by the increasing number of hand-held devices we

developed a sensing and reporting application for Windows Mobile PDAs. We used

OpenNETCF, an open-source powerful framework for mobile devices, which gives us

the ability to develop high layer source code instead of developing native code. Using

such framework makes it quite easy to develop applications that can access mobile

device’s hardware. We use this framework to access wireless interface’s attributes and

embed them to the reported information. Accessing the appropriate class’s members

we can read the values of parameters such as the received signal strength of the

wireless adapter, SSID and BSSID of available APs. Unfortunately, channel number is

only available in the non-free version (v2.3) of the OpenNETCF Smart Device

Framework 2.3, but free version of this framework does not support this feature. Thus,

we had to modify the source code of the free framework to receive the operating

channel of the available APs. We list two figures below that depict the classes of the

framework that we mainly used.



Figure 2: Access Point Class

Figure 3: OpenNETCF.Net Namespace

The application was developed in C#, which enables the creation of visual forms and

also provides a PDA emulator for testing the applications developed on Microsoft

Visual Studio 2008. The XML representation language was used as a format for the

reports that clients send. We chose XML trying to keep our application in a more

standardized format and motivated by a number of available software tools for parsing

the messages at the reporting system. Here we present a report with the above format.



<? xml version= ‘1.0’ ? > <msg> <cell> <ssid>A_SSID </ssid> <signal>signal_db</signal> <quality> quality_of_signal </quality> <latitude> latitude_value </ latitude > <longtitude> longtitude _value </ longtitude > <Channel> channel_number </Channel> <Mac> BSSID </Mac> </cell> </msg>

Inspired by the useful tools that Microsoft Visual Studio provides, we decided to use

the Windows Mobile 6 SDK to gather the appropriate information from GPS interface

on the PDAs we used. We have to mention here that our application was tested on an

HTC PDA which uses a Windows Mobile 6 environment. The figures below show the

application on Visual Studio’s emulator.

Figure 4: First screen of the application Figure 5: Second screen of the application



On the left screen there is the home screen of the application. The user can select the

available wireless adapter from the drop down list. After that there are some

information for this adapter such as the IP address, the MAC address, if it is Wireless

Zero Configuration [18] compatible and so forth. Wireless Zero Configuration is a

wireless connection management utility included with Microsoft Windows XP and

later operating systems as a service that dynamically selects a wireless network to

connect to based on a user's preferences and various default settings. Choosing the

‘WiFi’ tab moves the application to the next screen where the selected driver appears

on the list, and the informatio shown in the lower text box appear to the user, while in

the upper text box preffered APs appear. Once the ‘Report!’ button is pressed, a new

report including information about the listed APs is sent to the reporting system.

Back to the GPS feature now, it is well-known to many WarDrivers who use

applications like Kismet [19], that the NMEA sentence information [20] returned by

the GPS drivers needs a number of heavy computational transformations in order to

get latitude and longitude in appropriate format. So WM6 SDK helped us by-pass the

above procedures. In a similar manner with OpenNETCF framework, WM6 SDK can

provide coordinates by accessing the appropriate class’s members. This information is

embedded in every report, provided that the GPS coverage is present.

On the server side, we developed a threaded server application on the same

environment- C# on Microsoft Visual Studio 2008. This application listens for direct

connections from clients and if so starts a new thread to handle the incoming reports.

Reports sent are parsed by our custom XML-parser and the information is extracted

from the reports. For each report received, each thread connects to the spatial database

and makes an insertion query extended with geo-location information (this information

is used for spatial queries).

For our spatial database we used the PostgreSQL [21] Open Source database which is

an easy to use database, with a very user-friendly environment and a number of

features. We also used PostGIS [22] which "spatially enables" the PostgreSQL server,

allowing it to be used as a backend spatial database for Geographic Information

Systems (GIS). PostGIS enables us to consult the database with a number of spatial



queries according to our needs. We can easily find the available APs at a certain

location given the coordinates and a range. One simple query will return us the APs at

a cell with radius equal to the query’s range. We can also store point, line, polygon,

multipoint, multiline, multipolygon, and geometrycollections. Many WarDriving

projects use the PostGIS and PostgreSQL to create polygon or lines and to export them

on .kml files which can be plotted on Google Earth. To sum up, it quite simple to use

such software tools to leverage the reported information. Here we add a screenshot of

the PostgreSQL server.

Figure 6: PostgreSQL server screenshot

As shown above PostgreSQL server has a very user-friendly GUI and can be easily set

up even from intermediate users. One very important feature of the PostgreSQL is that

it enables the use of a variety of types of fields. For example, we store the MAC

address of the available APs in each record. A mac_addr[] field type is provided by the

server for proper storage of data. Apart from the existing data types, we can create

new data types according to our needs since PostgreSQL is open source and can be

modified on demand. Just as there are many procedure languages supported by

PostgreSQL, there are also many library interfaces as well, allowing various languages



both compiled and interpreted to interface with PostgreSQL. There are interfaces for

Java (JDBC), ODBC, Perl, Python, Ruby, C, C++, PHP, Lisp, Scheme, and Qt just to

name a few. We will conclude with a reference to the last column of our schema. This

column adds a geometry object to the table, thus enabling the desired spatial queries. It

is obvious that with a couple of open source tools we managed to create a spatial

database to be consulted for APs at certain locations.

Even though the above systems can help us make some meaningful conclusions; we

tried to make information about wireless infrastructure more conceivable. We thought

that coverage maps in accordance with information about APs would be quite

interesting for our system’s clients. Therefore, we created an application that utilizes

the above spatial queries to return all the desirable information, but this time plotted

on Google maps. We used Google maps’ API [23] in association with JavaScript to

create this application and the results are depicted in a very user-friendly manner. The

figure below illustrates the plotting application that we created using the above

technologies.

Figure 7: Plotting application



We provide the desirable coordinates and a range in which we want to focus. This

application performs an SQL query to the database and plots the available APs in the

range asked before. Results from the database are shown in the window above the map

and for each AP found in the area we point a marker on the map. If the user makes a

click on the marker a balloon pops up containing the information provided by the

database. For simplicity reasons we only plot two available APs in this example.

JavaScript and Google Maps API are closely related. We used a custom HTML page

for this application that runs JavaScript code in order to provide the map’s

functionality. Google Maps offer a variety of features with many different markers and

information provided from them, although we used a simple example with point

markers that are the most commonly used in similar applications. We must also

mention that for every application developed that includes Google Maps API, a

specific API key must be used; otherwise the application will not be functional. We

envisage that in accordance with clients’ contribution this application will provide a

fully functional Google Map enhanced with the APs locations and operational

parameters. People could be informed for available APs, across the streets of cities

that they live in.

At this point, after describing all the components of our architecture we would like to

present a figure of the proposed architecture and briefly pinpoint the main

functionalities.



Figure 8: Sensing and reporting application

Clients using a variety of Wi-Fi enabled devices are located in AP cells that due to

inappropriate deployment overlap among each other. Red-colored clients represent

non compliant clients that want to alter the resulting information at the other end – the

reporting system. Many clients can be associated with APs, while others remain out of

range or in the interference zone. Reporters send the XML reports through the Internet

to the reporting system and the data is forwarded to the spatial database in order to

collect statistics and update the Wi-Fi maps.



4. Analysis of clients’ reporting strategies

4.1 Introduction

In our work we assume that is possible for a number of clients to report erroneous

feedback to the reporting system of the architecture. Either acting completely

indifferently or by economic incentives it is possible that a number of them might

want to shift our reporting equilibrium to a lying one. Anyone can enumerate possible

clients’ cheating behaviors, some of them easily detected, but a certain number of

them can be very harmful. In the following chapter we describe some cheating

strategies that could pose a threat against our architecture.

4.2 Incentives for clients to report fake or no information at all

Nowadays, more and more clients use mobile applications that are battery-consuming

and their performance can be greatly affected from CPU power or bandwidth

restrictions. As a result, many of these clients may do not want to interrupt the

services they run on the mobile devices, to submit feedback to our system. If they try

to scan for available APs, they might degrade their VoIP call’s performance due to

long scanning intervals. Others might want just to associate with an AP just to read

their emails and immediately disassociate, trying to preserve their devices’ battery for

the rest of the day. On the other side, a number of clients might be suspicious or just

indifferent and may not want to report their location to a central authority.

All the above reasons for not reporting cannot always result in malicious reporting.

Most of times many clients motivated from the above are more likely to avoid

reporting to enhance their performance. Others however, might follow different

strategies trying to deceive the network operators. Suppose that some clients affiliated

with service providers might roam in a certain location reporting fake information on

purpose. This way they can increase their provider’s performance against others. We

categorize the most common strategies in the next sections.



4.3 Completely no contribution to the system

Indifferent clients for the possible incentives given by the network operators or for the

enhancement of their performance may not want to contribute to our architecture. It is

obvious that their contribution would possible lead to near-optimal performance of the

network, but we cannot assume that they will always contribute to our system.

Such indifferent clients can be less harmful than others who adopt malicious

behaviors. They just do not run our sensing and reporting application and as a result

the aggregated data at the reporting system is less than the expected. Thus, conclusions

about the interfering areas of WLANs may not be as helpful as they should. On the

other side, such a loss on the aggregated data might pose a threat when the distribution

of clients is quite sparse. In a dense clients’ distribution on a topology, the lost

information by the absence of a client’s report might by replaced by the report of a

near-by client. It is possible, though, that a group of clients in certain areas decide not

to provide feedback and this way we could get no information about existing

interferences.

All the possible outcomes from such behaviors are studied through simulations and the

results are presented in next chapter.

4.4 Cheating reporting strategy

In the previous section we described a possible attitude from clients that can be less

harmful than others. A proportion of clients might not be as honest as the ones

described above. Motivated by malicious or selfish incentives they may want to ‘blur’

network operators’ view of the wireless APs deployment. To be more specific,

imagine home users in a neighborhood who want to gather information about the

wireless infrastructure because they face performance problems. Clients of that area

report information to the reporting system, but some of them report non existing APs

operating at the same location and at the same channel with others. Thus, they deceive

other APs’ owners to decrease their range (by decreasing transmitting power) or

change the operating channel. Such a cheating behavior can easily be adopted if clients

can modify their software. They can change the source code of the application, invent



a set of non existing APs and report them to the reporting system. Otherwise the APs

can modify and forward the reports, trying to deceive the networks operator.

Behaviors like these can shift the reporting equilibrium to a lying one and

consequently enhance performance only for the lying proportion of clients. The central

authority can act erroneously, deceived by not existing APs and decrease some clients’

performance by wrong configurations to the wireless infrastructure.

Other clients might not be as clever as the clients above and send a fake report that

they have hardcoded in their application. In other words, they try to avoid scanning the

wireless channels and they report the same, but fake, information in a recursive

manner. Others may adopt a different strategy and use a more random fake reporting

strategy. They can just send a new set of fake APs every time they report to the

system. As a result the reporting system can be flooded by fake information and

deteriorate the performance of the sensing and reporting architecture. Another possible

strategy for clients is to report a set of APs that they have found during scanning while

roaming at random locations. Reporting them at other locations can also be a lying

strategy; a naive strategy though as we will study in the following chapters.

4.5 Collusion rings among clients

Economic or performance incentives might lead some groups of clients to adopt

similar cheating strategies, or even worse form collusion rings. Thus, they can deceive

the central ‘authority’ to change the wireless infrastructure deployment towards a new

direction that would better serve their needs.

One common example is the following: A group of clients are motivated by a provider

to submit erroneous feedback serving the provider’s needs for extending coverage area

or changing operating parameters. The most common incentive we can imagine is

better transmission rates for the colluders by the provider or lower price rates for the

services provided. So, colluders motivated by provider’s promise for better treatment

can erroneously submit feedback according to their location and the coverage at each

site.



Suppose that there are some interfering APs ‘cells’ that each one belongs to a certain

provider. Colluders located at interfering zones can report that they only ‘hear’ one AP

during scans and thus deceive the providers to keep operating with low performance.

As a result, deceived provider’s clients will get annoyed by poor performance and they

may stop their cooperation with their existing provider. On the contrary, clients

located at non overlapping areas may report that interference exists with other APs and

this way motivate providers to alter the existing configuration trying to reduce the cell

size. Of course, such an action will leave some clients out of coverage range.

Consequently, the providers affiliated with colluding clients can serve the ‘starving’

clients and this way increase their profit.

The strategies depicted above are among the main concerns of our work and we

extensively study them through simulations in the following chapters, where we also

explicitly describe all the possible cheating behaviors colluders might adopt.



5. Evaluation method

5.1 Overview

Trying to evaluate how the architecture we propose would perform, we decided to run

a number of simulations. Taking into account that it would be difficult to evaluate

such architecture through real deployment we concluded that it would be more

effective to simulate a number of topologies across with clients’ behaviors and

moreover to take for granted the GPS support. We also invented a new metric that

suits the needs of our simulations trying to have more accurate results.

5.2 Basic evaluation approach

The main evaluation method we use is to study how erroneous feedback affects the

information we gather about the wireless infrastructure. In that direction we set up

some wireless topologies in the simulator and we let clients honestly submit feedback

for certain time periods. We then collect this feedback and we create an interference

graph. Second, we run a number of simulations with clients submitting feedback each

time with the cheating strategy we want to study. Aggregated data are compared to the

truthfully created graph and we find out the differences at the outcomes. Such a simple

comparison between two graphs would be inaccurate, so we invented and used

Interference Similarity Graph Index – ISGI, which we describe in the following

section across with all the above procedure details.

5.3 Topologies’ comparison and interference graph creation

We believe that leaving clients submitting truthful feedback is the best way to create

the true interference graph. It obvious that we formerly know the topology and the

exact locations of the APs, but we use this way because overlapping areas of ‘cells’ do

not exactly mean that interference exists. There must be a transmission of at least one

client at the area to cause possible interference. In other words it would be too strict to

say that we do find any interference at overlapping areas since no clients’

transmissions take place at the area. Furthermore, we can safely assume that if there is

a dense client distribution on the topology, some client will reveal the interfering APs.



After feedback is submitted we can easily create an interference graph leveraging this

valuable information. Every report submitted contains the APs that each client’s

wireless interface can hear beacons from and also the associated one. The graph is

created in a form of adjacency matrix where edges between two cells are translated

into possible interference between the APs that cells represent. To be more specific,

each column of the matrix represents an AP of the studied topology. Each cell

represents an edge between two APs; meaning that if matrix [i , j] equals 1, there is an

edge on the graph between APs i and j, and vice versa. It is easy to assign numeric

values to APs in the simulator, but in real life numeric values of the matrix columns or

rows can also represent an ID-e.g. SSID or MAC Address.

In order to create and update the graph, for every report that contains some APs we

place an edge for every combination between two of them. For example if the report

contains the APs represent by ID 1, 2, 4, we add the edges (1, 2), (1, 4), (2, 4). Every

report that is submitted with a number of APs increases the number at the appropriate

cell. So, the number of reports that contains similar APs is actually the weight of each

edge. We must also mention that the matrix is symmetric and we have created the

adding procedure in a way that, for each update on the matrix, the number of

associated clients to each AP is added on the matrix diagonal. Keeping track of the

number of clients associated with each AP helps us with the metric we designed and

we will describe later. Lastly, during evaluation comparisons we only use the upper

triangle of the matrix since it is symmetric and also the diagonal is used only for the

metric.

At this point we have to mention that each report increases edges’ weights by a certain

amount. We use an algorithm at the second simulation scenario that assigns weights to

each client’s feedback according to each one’s nature (roamer or trusted). So, we use

the values of the matrix for further processing on each occasion. Weights can help us

prune some edges below a certain threshold or make some very helpful conclusion

about network density and clients’ distribution. Great weight for an edge means that a

great number of reporters are located at the interfering zone between those APs. This



way we also use the diagonal of the matrix to understand the associations of clients

and APs and their distribution on the topology.

We present a figure below with an interference graph for a WLAN and the

corresponding matrix.

Figure 9: Interference graph of a topology with 9 APs

The above figure represents the possible interference between available APs. Every

edge is created by a client’s report who can receive beacons from the corresponding

APs. For example edge between 1 and 3 means that some clients included both AP 1

and AP 3 in their reports. In other words, there is an overlapping coverage area for

both APs’ cells. Vertices 2 and 6 are not connected to other APs since they were

reported by clients that can only receive beacons from each one of them.

Consequently, there is no possible interference between them or between them and the

other APs.

5.4 Relation between erroneous feedback and matrix creation

As we mentioned earlier, we compare the graph created by truthful reports and the one

that is created including a proportion of erroneous feedback. This kind of feedback

yields a number of edges at the new graph that do not exist in the truthful one. We

have to describe the possible differences that might occur during a comparison.



A non compliant client that reports a set of APs that do not exist in the topology will

make a number of fake edges to appear in the graph. Those edges connect the

associated AP that appears in the report with the fake APs, and also the last between

them. Thus, if we depict the resulting graph will include an edge from an existing AP

to a small sub-graph of the fake APs. New edges will be in the space out of bounds

that real APs create. To be more specific, if we have 10 APs in a topology a fake AP

will placed at the 11th column. Of course, we do not want such edges to appear,

because erroneously leads network operators to change placement and configuration of

APs.

Another possible strategy is to report fake interference between existing APs. This

would create edges between existing APs and would also limit the new existing edges

in the space of the true ones. Such an outcome may be more harmful because the new

edges may be a problem for the operators. A great number of overlapping cells would

limit the possible solutions. Such attitude however, requires former knowledge of the

topology to be supported. Non compliant clients have to be informed about APs at

completely different location to report them, since they must report the SSID, the

MAC Address and the location of them. The following figures illustrate the original

interference graph between the APs and the graph created when non compliant clients

report fake interference between existing APs. This strategy though, is more difficult

to be accomplished since clients must have former knowledge for the whole topology.



Figure 10: Interference graph of a topology Figure 11: Interference graph with fake edges

As both figures show fake reports create edges between the APs of the topology. In the

right figure we mark with red color the extra edges added by the fake reports and we

can also point that a number of edges do not exist. This fact is a result from the lack of

truthful contribution from clients that turned into liars. Anyone can observe the great

differences between the two graphs.

Now imagine the scenario, where clients report fake APs that do not exist in the real

topology. This strategy will add some extra edges between the APs above and some

not existing APs and some extra edges among the last. This addition between the last

APs is not so critical because they actually do not affect any client - no clients are

associated with non existing APs. The problem is that a fake edge between an existing

AP and an invented one can possibly affect the associated clients if the provider

decides to reduce the transmitting power and thus reduce the coverage area. In the

following figure we illustrate such an example.

Figure 12: Interference graph of a topology with fake edges between invented and real

APs

5.5 Motivation for a new metric

A simple comparison between the truthfully created graph and the reported one would

yield a number of different edges and vertices. This is common sense because a

number of clients, as we mentioned earlier, may be non compliant. Thus, if we



compare both graphs we will find out that a number of edges do not appear instead of

some new that are added. Just counting the different edges between the two graphs

would result to a simple number with no further meaning. A real interference graph

would not also always be a full graph to take into account the lost edges and calculate

the lost information.

Moreover, a metric should take into account the number of clients that are affected by

revealing or hiding possibly interfering APs. If due to liars we miss an edge between

two APs that are serving a vast majority of clients, it will be worse than missing one

that serves only a small percentage of them. In that direction we decided to design a

new metric that takes into account the number of affected clients from revealed or

hidden interference.

5.6 Interference Similarity Graph Index ( ISGI )

Trying to give more accuracy to our results we designed ISGI and we present it in this

section. This metric compares each adjacency matrix cell one-by-one and keeps track

of their similarity. This metric takes values between zero and one and higher value

mean more similar graphs.

Let’s describe how we compute ISGI:

• For each edge that we successfully reveal and exists both in the original and the

reported graph we credit the number of affected clients.

• For each edge that only appears at the reported graph we credit nothing as this

means that we have a fake edge.

• For each edge that exists in neither the original nor the reported graph we credit a

small fixed value C. We credit this small value because this is not a complete

success to find out that no one added edges at an area of the matrix graph, but since

there could have been more fake edges we must take this minor success into

account. For example, on a matrix graph certain areas are assigned with zero values.

This means that neither real edges exist nor fake ones are added. Since no edges

where added to that area, we should credit a small amount to the metric. This small



amount C, equals wD ⋅ , where D is the graph density and w is the average weight of

edges in the original graph.

ISGI is calculated with the equation below:

1 1

( )n m

CreditISGIA i C

=+∑ ∑

0 1ISGI≤ ≤

where A(i) is the number of affected clients along edge i, n is the number of real edges

and m the number of empty cells.

With this new metric we take into account the number of associated clients per AP.

This is done through using the information from the original graph. As we describe in

the previous section each client that reports an AP increase the weight of an edge with

a certain amount. Reading the weights from the original graph where all clients are

treated fairly with weight equal to 1, we find out the number of associated clients with

each AP, which is actually the weight of the edge.

For each simulation scenario we run we present ISGI values at the following chapters.



6. Simulation setup

6.1 Overview

In order to study the effects of erroneous feedback from clients we ran a number of

simulations in Omnet++ 3.2 (containing the INET framework). We created a

1000x1000 terrain on the simulator and we created a number of random topologies to

evaluate our architecture. We tried to keep simulations very close to a real life

experiment and we designed the architecture as described in previous chapters.

Clients sense the wireless environment and we collect the AP list for available APs in

their range and the associated AP. We also adopt free space model as a propagation

model. Simulation scenarios and the algorithms that we propose to defeat non

compliant clients’ strategies are presented in the following section.

We have to mention that all the results we gather through simulations can be used for

general purposes and can apply to other mechanisms like IEEE 802.11k. Thus, we will

try to make some more assumptions on our simulations’ scenarios that would enable

the use of our conclusions for further research work and not only for our architecture.

6.2 Pruning technique

First of all, we must refer to the pruning technique that we propose in order to remove

erroneous feedback. Imagine a scenario where all clients are treated equally and we

have no further information about any of them. In this case, we cannot use any smart

algorithm that utilizes trusted clients or other former information. In such occasions,

we must use less demanding techniques in order to eliminate non compliant clients’

feedback effects.

In that direction, we believe that it would be helpful to apply a rule similar to the

majority rule. We only take account of information reported from more than one

client. In other words, we read the adjacency matrix cells one-by-one and we delete

any cell whose value is less than one. This way we ignore information that is reported

only once, trying to avoid random fake reports.



Every client that sends a random fake report will add some edges on the adjacency

matrix with unit weight. These edges will appear between the associated AP and the

fake APs and among the other fake APs with unit weight. If we remove these edges

we ensure that such strategies will be eliminated.

It is quite possible though that this way we remove real edges that also appear in the

original graph. Overall performance however, as we will see on the simulation results,

is better in most cases. We also adopt that pruning technique because we believe that

ignoring feedback by just one client might lead to a better outcome for the whole set of

clients. Simulations’ results show that this was a decent decision.

Obviously, pruning with unit weight do not protect our system from colluding clients.

For that purpose we provide another mechanism that properly assigns weights for the

occasions that we have further information or different trust levels for each client. This

algorithm will be described in the second simulation scenario.

11

11 1

1

1

1 1 31 63 6 ij

i

ij

j ij

a x

y a

b y c z

x b

w

z c

w

⎛ ⎞⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠

⎛ ⎞ ⎛ ⎞⎜ ⎟ ⎜ ⎟⎜ ⎟

⎛ ⎞⎛ ⎞⎜ ⎟⎜ ⎟⎜ ⎟⎜ ⎟

⎜ ⎟⎜ ⎟ ⎜ ⎟⎝ ⎠

⎜ ⎟⎜ ⎟⎝ ⎠⎜ ⎟⎜ ⎟⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎝ ⎠ ⎠

L

M O M

L

L L

M O M M

O

O M

L L

Figure 13: Adjacency matrix representing interference graph

To be more specific, as is shown in the figure above the upper left sub-array contains

some real edges with unit weight. Fake reports add edges at the red-colored sub-arrays

with unit weight, too. When the pruning technique removes edges from the red-

colored sub-arrays it is obvious that real edges will be also removed. This is a

drawback of the proposed heuristic, but as we present later it has a great overall

performance!



6.3 First Simulation Scenario

In this first simulation scenario we are going to study the resulting topology from the

feedback we get in relation with percentage of erroneous feedback from non compliant

clients. In other words, we are going to study how a fake report from one or more

clients can ‘blur’ our view of a well-know topology. In a real life case the question is:

which is the percentage of fake reporters that can lead us to inappropriate

configurations of WLANs.

To begin with, we are going to make some assumptions for our simulation setup.

There are a certain number of APs and clients but the number of non compliant clients

is not known; it is one of the tunable parameters of our simulation. There is a

probability that a client will give us truthful or erroneous feedback. Thus, we believe

that none of our clients is malicious and wants to harm our mechanism, but we do

assume that some clients might not want to be truthful. They might want to send no

feedback at all, in order not to reduce their quality of service or to be distracted

running the sensing and reporting application.

Furthermore, we assume that one authority might want to have a full view of the

WLAN deployments in an urban area. So, instead of trying to build a map in a

WarDriving manner, this authority asks from clients to give feedback on a regular

basis. The feedback is collected to a central database and is plotted on a map to find

out where critical areas appear. In the areas that channel interference exists, actions

must be taken to maximize performance. It is of high importance to find out if this

feedback can give us accurate mapping of AP deployment and if we cannot create

such a map, we should be able to precisely point the critical areas mentioned above.

This is obviously the purpose of this simulation – we hope to find out the percentage

of erroneous feedback that can shift our reporting equilibrium to a lying one and

‘pollute’ our knowledge of the APs deployment.

The incentive of the entities responsible for APs’ deployment is that feedback

submitted can lead them to choose the best operational parameters that can boost their

performance-measured with strictly defined criteria (increased throughput, etc.).

Cooperating for the feedback collection, entities can better serve their clients and



optimally utilize their equipment. On the other side, we motivate clients to contribute

to the system by giving them free connectivity of better rates for every report they

submit. Improved performance is of course one of their main incentives for reporting

to the authority.

To be more specific, we create a topology with a 1000x1000 terrain where we

randomly place 30 clients and 9 APs. They are static and we use a free space

propagation model. Since both clients and APs are randomly placed we do not know

the exact distribution of clients per AP. We must also mention one more time that

clients randomly submit erroneous feedback, which means that all of them are treated

equally since we have no trusted measurements from them.

Non compliant reporters follow two strategies; following the first one and most

expected, they do not submit any feedback. Otherwise, they submit a random set of

APs each time they report to the authority. This way they create a number of edges

with unit weight, which we will try to filter with pruning techniques. The fist

simulation topology is depicted below.



Figure 14: First scenario topology

6.4 First scenario results analysis

In this section we present the results of the first simulation scenario. In this scenario

we placed randomly both clients and APs and as it is shown above there is a

completely uneven distribution of clients to the available APs. This fact enables us to

show that in such occasions, which exist in everyday life, our mechanism can provide

valuable information about the deployment.

In the graph below we show the relation between the number of non compliant

reporters and the ISGI value. Non compliant reporters follow the strategy described

above but we also studied the case when they do not contribute to the system at all.



Figure 15: First scenario results – ISGI value in relation with non compliant clients’ number

First of all, we should describe the above graph. On the vertical axis we have the value

of ISGI- the new metric we have designed. On the horizontal axis we have the number

of non compliant reporters on the topology. The red line represents resulting values of

ISGI without pruning technique and the blue line after applying the pruning technique.

Results depicted above are for a certain placement for both APs and clients. We will

show the results for some more random placements of clients and APs later.

As we see, when all clients are truthful, pruning makes performance worse. This is

quite sensible to occur because we remove feedback that has been submitted by single

clients and the respective edges with weight =1. On the other side, when clients decide

to be dishonest and not comply with our protocol, performance can easily deteriorate.

Even when only 5 clients are dishonest they can decrease ISGI value at 0.723. This

happens because we take into account a great number of edges that they create on the

graph. In the simulation scenario, we suppose that they send 2 invented APs along

with the associated, so they add a number of edges among the 3 reported APs. With

our technique however, we remove all the fake edges since they have unit weight and

thus we achieve higher values of ISGI; 0.963 in that case. The increasing number of



non compliant clients results to lower values of ISGI without pruning the fake edges.

This result is also expected since more and more fake edges appear on the graph. As

we see in the graph, there is a linear relation between the non compliant clients and

ISGI. Taking into account that for 20 liars we result to an ISGI value equal to 0.59, we

can clearly see that reporting systems’ performance can easily deteriorate. Such a

small value means extremely different graphs, since the reported graph is flooded with

fake edges. A great percentage of non compliant clients -67% here- can probably

deteriorate the performance, but we have to be prepared and defended against such

threats. On the contrary, even with such a great percentage of erroneous feedback we

can achieve value of ISGI equal to 0.931. This means that we lose some critical

information for possible interference between existing APs, but we are not deceived

by fake and not existing APs.

Trying to be more convincing about our results, we placed network components

randomly in different ways and studied the new resulting topologies. As we show in

the following graphs, results follow the same pattern. We created a number of new

random topologies with the same components, but results where almost always very

similar. In the following charts we highlight the most outstanding of them.



Figure 16: Results for two random placements of clients and APs with and without the

pruning technique

On the above charts we see the results for two of the random topologies that we

created. Overall performance is very good here too, but as we see ISGI is less than the

previous topology. One reason for that is the clients’ location in the topology. If they

are distributed all across the topology their contribution is less critical, because even a

small portion of them can provide us enough information for available APs. On the

other hand, when all clients are located at only some AP cells, then the rest of them

must be honest because information for the rest of the network from them is critical.

No reporting at all is another possible strategy that we studied through simulations.

Results were exactly the same with the results when clients report random fake APs.

This can be easily explained if we consider the graph approach that we use. If all

clients are truthful then all edges appear in the upper left triangle of the matrix, in

other words all clients create real edges on the graph. If clients decide to adopt a



cheating strategy, then their potential contribution is lost. This means that either ways,

they do not contribute in the real edges’ space. If they report fake APs, then these will

get pruned by our technique or otherwise if they do not contribute at all, possibly

existing edges are not created. To sum up, both strategies result to fewer edges in the

real edges’ space as the portion of non compliant clients increases.

1

'

' '

k

k ij

w w fakeedges

w w subarray

fake fakeedges edgessubarray subarray

⎛ ⎞⎛ ⎞ ⎛ ⎞⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟⎜ ⎟ ⎜ ⎟

⎜ ⎟⎜ ⎟⎜ ⎟ ⎝ ⎠⎝ ⎠⎜ ⎟⎜ ⎟⎛ ⎞ ⎛ ⎞⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟⎜ ⎟⎝ ⎠ ⎝ ⎠⎝ ⎠

K

M O M

L

Figure 17: Adjacency matrix areas of real and fake edges

As depicted above, the upper left sub-array on adjacency matrix consists of symmetric

matrix that contains all the edges’ weights between existing APs and all the other sub-

arrays contain edges between fake APs that originally do not exist in the topology or

edges between the fake APs and the existing APs. The lower right sub-array contains

edges between fake APs appearing in fake reports, while others contain edges between

real and fake APs. When clients adopt cheating behaviors they remove edges from the

upper left sub-array and place them to the other sub-arrays.

6.5 Second simulation scenario

In this scenario we are going to build a simulation topology where there are a number

of providers’ hotspots available in an urban area. Clients pay in order to have

connectivity for some agreed duration. We suppose that for some reason providers

have recklessly or even selfishly configured their APs. This might not be the optimal

configuration because operating for example at full power and in the default channel

(e.g. 6 or 11) might result to interference with a nearby AP.



Clients’ reporting in this scenario might be motivated by the promise of the provider

for a better rate for every report or for a better service price. It can also be pre-defined

that since clients connect to the provider’s AP they are obliged to report on a regular

basis. It is very important and interesting in this setup to study how different groups of

clients or their location might affect the resulting information. Clients that might be

affiliated with one provider might be fond of ‘polluting’ other providers received

feedback. They may also do so in order to maximize their benefit and make the other

providers back off by reducing their operating power. To understand some of the

possible behaviors we can take a look to the picture below.

Figure 18: Example of a topology with trusted and roaming clients

Clients at the red areas are in the zone where APs of the two providers interfere with

each other. They can honestly report the real situation in that area and help the

providers find out that interference problem exists. They can also submit fake

feedback and not mention the interference of the two APs. Their different attitude is

probably going to give extremely different information to the providers. In that case ,

the most simple countermeasure would be to use some trusted clients at possible



interfering zones that could help the providers find out first of all the configuration

problem and secondly the non compliant clients. It is obvious that a majority rule

wouldn’t apply in this case!

Another possible and more selfish action would be for clients on the green areas to

report that can receive beacons from other providers and not only from their associated

provider. In this case, it is silently assumed that these clients are affiliated with one

provider in order to give fake reports. This way they try to lead the other providers to

reduce their power in order to get more clients in their ‘cell’ and increase their profit.

We believe that the motivation for providers to contribute to the system and collect

information is that they can cooperate to better configure the parameters of operation.

Research has proved that cooperation through service exchange or clients’ handoffs

might maximize performance of all entities, both clients and providers. Otherwise, if

all entities do not cooperate we suppose that submitted information can help providers

to better utilize their resources, taken into account that others are not willing to

alternate their equipment configuration.

In relation with the example depicted above, we suppose that if providers knew that

red areas do exist, they might cooperatively decide to exchange some clients or change

their power or frequency. Or in a non-cooperative game, provider A could change the

operating channel taking into consideration that provider B would not change any

parameter.

To sum up, we hope that in this simulation scenario we are going to find out how

different possible behaviors can alternate the image providers have for their

deployments and how erroneous feedback possibly from affiliated clients might be

eliminated through appropriate countermeasures.

Below there is a figure of the topology that we created for the simulation scenario. We

suppose that there is a building block with 4 APs- each one at every edge. There are 30

clients and some of them are roamers, while others are trusted and affiliated with the

associated AP.



Figure 19: Topology of the second simulation scenario

In this scenario we try to figure out how we can defend from more harmful and hard to

defeat strategies. The most difficult strategy is colluding strategy by groups of clients.

Colluders can easily harm our mechanism and flood the reporting system with fake

feedback in order to serve their needs. We suppose that there are groups of clients each

one belonging to a different provider. Each of these colluding groups decide to send

the same set of APs in order to deceive the rest of the providers, apart from the

provider that they are affiliated with. Colluders’ reports contain a number of non

existing APs and the associated one, too. These fake APs create edges between the

existing associated AP and the non-existing APs and of course among them. If a

number of colluders adopt this behavior it is obvious that the added edges will have

weights more than 1. Consequently, our pruning technique is useless in this scenario.

Instead of pruning we can utilize another key feature of this scenario. Clients that are

associated with their provider’s AP are always trusted. They can be identified by

certain identities and furthermore they have no incentive to harm their AP



performance by submitting false information. They pay a bill for the service they are

offered and some of them can be served for long time periods. Considering that these

clients do not have incentive to lie to their associated provider we can safely assume

that they are the trusted portion of clients. On the contrary, roaming clients are not

always motivated to truthfully report to the roaming AP. They may just want to get

associated with one AP for a short time period and quickly disassociate. In our

everyday life, we have numerous examples where in public areas hotspots provide

connection for roaming providers. These clients cannot be trusted and their reports

must be taken into account using smaller weight values.

Before we continue with the simulation results we must describe our weight

assignment algorithm.

6.6 Trust and reports’ weights

Trying to promote trusted clients and decrease roamers’ feedback contribution we

propose a scheme for weights’ assumption which we use in the second simulation

scenario. We assume that all roamers are trying to collude to blur the image that

providers have about the APs deployment. This way, we assign a small weight to their

reports in order to minimize their erroneous affect on the system.

Roamers’ weight assignment selection has two design aspects. First we have to take

into account their reports because we want to gather information and we cannot ignore

their contribution without certain reasons. Second we have to protect from colluders

because economic incentives might lead them to deteriorate overall performance. This

way, we had to design a proper scheme to assign weights in order to protect from

collusions but also gather valuable information.

The weight assigning scheme that we propose assigns weights per AP. We aggregate

data for clients associations and according to that data we assign weights properly. It is

safe to assume that non compliant clients will not alter the associated AP for some

certain reasons. First of all, it is possible that APs can collect and forward the reports,

so such liars would be easily detected. Moreover, utilizing the location information we

can easily detect great deviations between reported locations for the same list of APs



scanned. After a number of simulations that we tested a more global assignment for

weights, we concluded that assigning them on per AP manner is much better because

we can give more opportunities for truthful roamers to contribute. A more global

approach would give them less weight and their reports would not increase the weight

of existing edges. With our technique dishonest roamers add edges with weight less

than 1 and if they are truthful they can increase the weight of a real edge.

The weight assignment equation is listed below:

where iw is roamer’s i weight.

All trusted clients’ reports have weight 1 and we also use the pruning technique in this

scenario. Roamers’ reports always create edges with weight less than 1, so with

pruning every colluding group’s false addition on the graph is removed. Otherwise if

roamers are also truthful a small value is added to increase the weight of an existing

edge, which either way would have a weight value at least equal to one. As is it shown

in the simulation results, this technique works even for the occasion in which colluders

from different APs decide to report the same list of not existing APs.

6.7 Second simulation scenario results

Results from this scenario will shed light to occasions where trust relations do exist.

We hope that results from this study can help other research areas similar to our work

(e.g. 802.11k).

In this simulation we placed 4 APs as if they were on the edges of a building block.

We tried to place clients to many different random locations and we studied how

colluders can affect our system. This way we suppose that 50% of our clients are both

roamers and colluders. Colluders form groups of colluders of 3 clients each that report

the same list of APs including their associated AP.

11 , 1

i

n

iw δ δ

=

≤ − <<∑



In the graph below we show the results for 5 different random placements of clients

with a fixed 50% of roamers-colluders.

Figure 20: Results leveraging trust relations

The results are surprisingly good for even the half of clients being colluders. ISGI

value is 1 for all the topologies, which means that the resulting graph and the original

graph are completely the same. In other words in these simulations we managed not

only to defeat all the colluding strategies, but also to gather all the information about

possible interference.

On the other side we can see how performance deteriorates when no countermeasures

at are taken! The red line on the graph depicts the results when we do not prune the

edges with weight less than one and we do not assign values with our algorithm, but

all clients are treated equally with unit weight. Results are extremely different with

ISGI values very close to 0.6. Such values mean extremely differences in the results,

since about 40% of our clients are badly affected.

We will present the average performance for our algorithms in the following graph

and we will explain the results immediately after that.



Figure 21: Average value of ISGI for the second simulation scenario runs

If we do not apply the proposed algorithms, colluders will manage to deceive the

network operator adding some fake edges to the interference graph. As we mentioned

before colluders decide to report a certain list of APs with the associated AP. This

means that the reported APs’ list would be in a format like: APs-> ‘X’ ‘Y’ ‘Z’

‘AssociatedAP’. As a result a colluders’ group would add the edges (X, Y), (X, Z), (X,

AssociatedAP), (Y, Z), (Y, AssociatedAP), (Z, AssociatedAP). These edges will have

unit weight and they will connect the existing associated AP with the fake ones and

the last between them. If we do not take the appropriate measures there are going to be

two critical problems. The first one is that we are going to lose critical information that

colluders could potentially provide us and the second one is that they are going to

deceive certain providers in order to shrink their AP cell or alter their operating

parameters.

Extreme differences shown in the chart between two approaches come from the added

edges we mention above. Taking into account that half of our clients are colluders we

both lose their valuable contribution and we also suffer fake edges’ addition with

weight more than 1.



6.8 Comparison between results of first and second scenario

Obviously we achieve better performance for the second simulation scenario.

Performance is better because applying pruning and assigning weights properly result

to perfect matching between original and reported graph even when clients are divided

into colluders and truthful. In the first scenario we achieve values of ISGI at about

0.92, but in this scenario we achieved perfect matching.

First of all we must focus on the main differences between two scenarios. Second

simulation scenario includes a more dense distribution of clients and a heavier load on

APs. Only this difference is quite important for the differences in the results. More

clients can contribute more to the system and thus collect more valuable information.

It is obvious that even with 50% of clients being colluders we achieve perfect

matching, which means that there are enough remaining clients to submit feedback to

the system. On the contrary, in the first scenario we lost some valuable information

from lying clients because there was a more sparse distribution of them on the

topology. If there was a more dense clients’ distribution the remaining population

would replace the lost information. To sum up, we conclude that clients’ population is

a key-feature toward successful sensing and reporting.

Secondly, in the first scenario all clients are treated equally. This fact gives the ability

to lying clients to potentially flood the reporting system with fake information.

Without pruning techniques performance deteriorates linearly with the increasing

number of non compliant clients. In the second scenario, we can leverage trust

relations and thus achieve better performance. We do not treat all clients equally since

we do not have equal knowledge of their identities and their attitudes towards the

associated AP. Reports’ weights are assigned in accordance with the reputation and

the affiliations of each client. A reputation mechanism which keeps track of each

client contribution could easily assign weights in a similar manner and achieve great

performance for the sensing and reporting architecture. Trusted measurements and

weight assignment per AP resulted to great performance because we managed to

restrict the colluders’ actions but also to utilize the potentially truthful contribution of

roaming clients.



To conclude, trust for clients is the key feature that such architecture should leverage

in order to achieve great performance. Trusted reports can always help in order to

avoid deception from non compliant clients.

6.9 Third simulation scenario setup and results

In this scenario we try to evaluate the pruning technique for a larger scale topology.

The simulation setup is almost identical with the first one apart from the number and

placement of the network entities. We try to find out if the pruning technique scales

for larger topologies, since it is not a complicated technique and we believe that this

simplicity would make it very scalable.

As we saw in the second scenario, clients’ number and their location is crucial for the

outcome of the scenario. In that direction, we increased the number of clients in order

to find out how the increasing number of reports in accordance with the randomness of

their locations could affect the results. We also increased the number of Access Points

and we decreased the size of the topology, trying to increase the network density. We

illustrate the topology in the figure below for a better understanding of the entities

location and distribution.



Figure 22: Topology of the third simulation scenario

We assume that clients adopt the same cheating strategies as in the first scenario,

where they invent a set of APs and they report them to the authority. We ran a number

of simulations and we use the number of non compliant clients as a tuning parameter.

We provide the results in the figure below and as it is depicted the pruning technique

scales very well.



Figure 23: Results for the large scale scenario

As in the first scenario, for the case where all clients are truthful we get worse results

with the pruning technique. We lose a number of honest reports with unit weight since

we prune them with our technique. Thus from the loss of this information we get

slightly lower values. Of course, this loss also occurs in the next simulation runs where

non compliant clients increase. Furthermore, we see that even with a great percentage

of liars (50% of clients’ population) we can achieve great values of ISGI with pruning

technique. On the contrary performance deteriorates without the pruning technique,

since network operators get deceived from the great number of fake edges.

To sum up, the intuitive thought that the technique would scale was confirmed. The

simulation results showed that this pruning scheme can easily scale with very good

results even for dense and large topologies.



7. Incentives issues about clients’ contribution

7.1 Introduction

Incentives for clients’ truthful contribution to such architectures, as the one we

propose, are obviously crucial. We have no other choice but to mention some well

known solutions for other popular systems and try to associate them with our system.

Many popular applications or marketplaces have embedded incentive or reputation

mechanisms that secure them from erroneous feedback or malicious behaviors.

Electronic marketplaces such as e-bay or Amazon use a very clever reputation

mechanism enforcing truthful feedback and rating from both clients and sellers. Peer-

to-Peer systems proved very famous due to the incentives that clients have to exchange

their popular files. Such mechanism can be transferred to a sensing and reporting

system, increasing its security and robustness. In the following section we try to

present a list of interesting incentive mechanisms proposed for well-known systems

and we propose an incentives’ mechanism for our architecture.

7.2 Overview and Related Work

We should begin this section with a very famous example, the peer-to-peer (p2p)

systems. Those systems become very popular due to the robust mechanism that they

use for file exchange and the incentives for clients’ contribution. P2P systems become

popular because clients could download files that were hard to find or generally

popular. Peers of such systems had to exchange their files with others in order to

increase their downloading rates. So, p2p systems managed to motivate clients to

contribute in file sharing. On the other hand, the embedded tit-for-tat mechanism gave

no other choice to peers than share their files in order to increase their rates. Peers had

to exchange their file chunks’ in order to increase their uploading rate and become

more easily selected by other peers. This mechanism ensured that clients will

cooperate with others and thus contribute to the system.

Going one step further, we should also analyze the reputation mechanism that many

systems use nowadays. Apart from contributing to the system, we must ensure that

clients’ contribution, either in form of content or in form of feedback, will be honest



and valuable. There are numerous solutions proposed for reputation mechanisms in a

variety of systems. We would like to begin with an everyday example; the e-bay

reputation mechanism. Seller and buyers exchange binary feedback in order to

evaluate the transaction. Buyers pay for a purchase and they trust that the seller will

send the item. After that, the buyer rates the seller (and vice versa) with a binary value;

1 for positive feedback and -1 for negative. Obviously, both sellers and buyers struggle

to create high feedback rates in order to get better treatment. There is no doubt that no

one would buy items from a seller low very low value and vice versa. With the above

mechanism it is proved that e-bay has become a very robust, safe and popular

marketplace.

A similar mechanism was proposed by Jurca et al [24] but for the online hotel booking

industry. Hotels offer certain services for customers and both customers and hotels

submit a report. If their reports conflict, they are both punished. If the reports match

and they mention that the services were as described, the hotels’ reputation is

increased. The hotel has a great incentive to cheat by not providing the announced

services for the customers in order to increase income. Customers’ reputation although

can avert hotel owners for such actions, because no one would cheat a client with a

reputation for being truthful because this would possibly decrease the future revenue.

In that direction, Papaioanou et al. [25] proposed a similar reputation mechanism for

virtual communities. They propose that when two reporting sides disagree for the

‘transactions’ rating they should be both punished. This strategy always averts

reporters from being non compliant. They propose a similar solution in [26] where

they propose a robust reputation mechanism for p2p systems. Peers always rate each

other after a transaction and if their feedback does not match they are punished.

Furthermore, they propose a number of features that would enhance the mechanism’s

performance. Each client is assigned a low initial reputation value. This way name

changes are avoided. Clients use certain pseudonyms and they get a low initial

reputation and consequently they have no incentives to change their names. For each

successful transaction they increase their reputation. If they get caught lying for

transactions they are punished and they cannot transact for a certain time period. We



must also mention that clients are assigned a pseudonym and they get a certificate

signed by the system, as in Pretty Good Privacy (PGP) [27]. Thus, a clients’

pseudonym is closely related with his strategy, which is not public declared, the

performance that he might offer through a transaction and of course with his

reputation.

Another approach is to offer payments [24] to motivate clients for truthful feedback.

Clients are motivated to increase their income by being truthful and thus shift the

reporting equilibrium to a truthful one. In [28] clients’ feedback is used to monitor

QoS. Clients run a monitoring application that periodically reports feedback to a

trusted center. The center uses a number of reference reports to reveal all the erroneous

feedback. Instead, when a client honestly reports to the center he receives a payment

for the contribution. So, given that the reference report is true each client is motivated

to report truthfully to gain money and thus there is a Nash equilibrium. Collusion rings

are also easily broken because colluders have incentive to deviate and break the ring to

gain more money by truthfully reporting. This solution although requires a small

proportion of clients to be trusted in order to effectively compare the reports from

other clients.

The solution proposed in [29] utilizes the upcoming reports as a reference to compare

the reports received by clients at a certain time. They also propose solutions for other

security issues. They face the occasion where a client imitates some other

identification in order to submit erroneous feedback and remain undetected or harm

other’s reputation value. Encryption and sign, as they propose, will make the system

safe. No client will be able to impersonate client x and remain undetected.

All the above research works propose solutions for various systems. A small subset of

each of the problems described can suit the needs of a sensing and reporting system for

incentives and trust among network entities. In the next chapter, we describe the main

issues for our architecture and we propose a similar mechanism with those described

above.



7.3 Sensing and reporting issues

Obviously there is a rapid increase in the features of the handheld devices that we use

every day. On the contrary, some problems remain unsolved and the most common is

the battery consumption. Wi-Fi connections greedily consume the battery life of a

handheld device even in some short time period. Any of us that use a PDA for VoIP

calls has faced a similar problem. As we mention in chapter 3, clients have a lot of

incentives to be indifferent or dishonest and thus do not contribute to the system. Apart

from not contributing they might also adopt cheating behaviors and it is quite possible

to harm the mechanism we propose. As a result, there must be a mechanism that

motivates clients to submit feedback and secondly there must be a reputation

mechanism that identifies each client and promotes honest behaviors.

We have silently assumed in the second simulation scenario that there is a reputation

or accounting mechanism that identifies clients and makes it possible to trust a subset

of them. This scheme, as we presented, takes into account the trusted reports while

roamers can contribute only when they adopt honest behaviors. There is an assumption

in our simulation scenario that an available reputation mechanism provides us the

appropriate information about trust relations and we develop and evaluate a proper

scheme for weights’ assignment to clients’ reports. This means that the results

presented can be easily used for other similar research areas that provide a full

accounting and reputation system.

Clients can be averted from lying if they have economic or performance incentives to

be honest. As it is presented in relevant works discussed above, economic incentives

might break collusion rings, since clients can increase their income by averting form

lying. There is no doubt that a great percentage of non compliant clients would avert

from lying if they knew that they could be easily detected and punished or if they

could increase their benefit. Such punishments could involve connection refuse,

performance degradation or even fine. On the other hand, it is quite a temptation for

some clients to ‘blur’ providers’ view of the APs’ deployments if they know that they

will remain undetected.



Going one step further, we believe that clients have different incentives on each

occasion for being truthful or non compliant. Imagine a scenario where in a small area

home users try to collect statistics in order to optimally deploy their home APs. Clients

report the sensing results to their APs and the last forward the results to an authority.

In this case it is almost sure that each home user would not submit erroneous feedback

to his AP. On the contrary, home users might want to deteriorate their neighbors’

performance and thus report fake information about them. Either ways, anyone would

like to maximize the performance of their homes’ WLAN and it is quite possible to be

honest.

We would like to present another fact that is quite common in urban areas. Despite the

numerous APs that are publicly available, we are often not able to connect to none of

them. Heavy load or wrong setup does not allow many clients to be connected to

hotspots and thus the available spectrum is underutilized. This fact leads to clients’

disappointment because more and more people every day have to be connected to

hotspots to serve their needs. We mention the above situation because better

deployment of WLANs or free connectivity for certain time periods would motivate

all clients to contribute.

In that direction, we believe that a main incentive for clients of our architecture would

be free connectivity for certain time periods which would be extended for every

truthful report submission. Each authority that deploys such architecture could deploy

some dedicated APs in order to collect statistics. Clients motivated by free

connectivity could connect to the nearest AP to serve their needs and provide feedback

about wireless infrastructure. This scenario would fit the occasions where clients do

not have economic relations with providers and they just leverage the free connectivity

offer. These clients could also use the information depicted on the Wi-Fi maps created

from their feedback and thus have further knowledge of available APs in area the use

to spend their everyday life.

On the other hand, there might always be economic relations between clients and

providers. Providers deploy an increasing number of APs in metropolitan areas in

order to better serve their customers’ needs. They could also motivate their clients to



contribute by economic and performance incentives. Customers that would monitor

the wireless channels could be provided with better transmission rates; increasing by a

certain value for each honest report. They could be also motivated by the promise for

discounts on their bills, provided that they contribute to the system. Those economic

incentives might also lead some providers to ask from customers to erroenously report

to other providers’ hotspots, as we mention to the second simulation scenario.

Taking into account the above situation we should refer to the incentives for providers.

Providers want to optimally deploy their APs in order to serve their customers.

Clients’ feedback would inform them for the deployment of other APs and they could

take appropriate measures taking into account others’ decisions and deployments. This

means that some providers might not want to change their APs setup or location

because they believe that such action would degrade their clients’ performance. In that

case, others have to optimally set up their infrastructure in accordance with the attitude

of non-cooperating providers. There are some research works [30] although which

prove that with providers’ cooperation in such environments, they could all maximize

their performance. A more cooperative game would lead to a better outcome for all of

them. Imagine the case where two providers have equal APs closely placed and the

first one is heavy loaded while the other’s resources are underutilized. Clients’ handoff

from one to the other would obviously enhance performance for both providers, but

would also involve their economic cooperation.

In conclusion, we believe that there are numerous incentives for both clients and

providers to cooperate in a sensing and reporting system and thus we tried to briefly

introduce a small subset of them. In the following chapter we illustrate an accounting

and reputation mechanism that would suit such systems.

7.4 Reputation and accounting mechanism

In this chapter we will try to illustrate a simple mechanism, in a more centralized

manner, which would fit the sensing and reporting system. All the above issues

necessitate a robust mechanism that would identify the clients of our system and

would increase its robustness.



First of all, we propose that each client should have a unique identifier e.g. a

pseudonym that would globally identify him all over the system. This identifier

should be associated with a physical person and would be associated with its

reputation and performance on the sensing and reporting system. Each new client

should be assigned a small reputation value associated with its ID, trying to avoid

name changes. This reputation value would be increased if the client reports honestly

and vice versa. Thus, he would increase his reputation by being truthful and this way

leverage all the extra services provided. So, in a similar way of payments in the

previous examples we propose that clients’ honesty would be promoted for example

with better rates or free connectivity.

On the other side, the network operator or the authority that would launch such

statistics’ collection would provide clients with the IDs we describe above. For

example, authorities like Federal Communications Commission (FCC) that are

globally trusted from all the providers could be responsible for the assignment of

proper IDs. These authorities could have a number of servers that would serve the

needs of the system and would also make the system more decentralized and thus

more robust.

The authorities could also keep track of the reputation values of each client, in order to

assign different weights on their feedback. A client with a reputation for always telling

the truth could be assigned a unit weight as in the first scenario. Otherwise, a small

weight could be assigned which could be increased in accordance with honest reports

from the client.

We illustrate the above scheme in the figure below in accordance with the details we

describe in the next paragraph.



Figure 24: Clients are issued proper certificates before reporting to the system

The certificate authority issues a certificate to each client and after that he can

contribute to the system by reporting the monitoring results gathered during scanning

the available channels. Those certificates signed by the authority practically bind the

user’s ID with its credentials to the system and with the MAC Address of its device’s

wireless interface. In other words, a certificate binds a client, his ID and the wireless

equipment that is used for the system. This way, a client is averted from name changes

and cannot always change the equipment that senses the wireless environment. The

main goal of this procedure is to ensure that a client informed about the ID of others

will use it for malicious reporting instead of them. No malicious reports would be

created for spoofed MAC Addresses because each MAC Address would be ‘bind’ to a

certain client.

In conclusion, we believe that even such systems involve a centralized part of the

architecture and might reduce the robustness of a system; they have proved to be

useful and effective for a majority of them. We also believe that authentication and

reputation mechanisms are crucial for the system we envisage all across with an

accounting system for proper weight assignment for each client’s feedback.



8. Conclusions and contribution of our work

8.1 Overview of the previous chapters

In this section we will try to give a short overview of the work that we presented in the

previous chapters.

In the first chapter we presented the motivation and the main goal of our work. We

mention the main problems that arise from the ubiquitous presence of Wi-Fi APs and

the increasing need for near optimal APs’ deployment.

Next chapter illustrates the similar research projects towards information gathering for

the wireless infrastructure deployed and the possible interference. The most related

work involves IEEE 802.11k protocol for the research area of Wi-Fi technology and

the WarDriving projects. We also mention similar approaches for the cognitive radio,

where plenty of solutions have been proposed and the 802.22 approach for information

gathering about base stations and available TV frequency bands.

In chapter 3, we describe the design and implementation of the architecture we

propose across with all the utilized technologies. All key functions and system

components are presented as possible triggers for further work, too. Key roles of each

entity are described and we try to illustrate a motivating case for our work.

As many clients might not conform to each protocol, in chapter 4, we describe a

number of possible cheating strategies to give a full picture of what possible threats

our or other systems may face.

The next chapter presents the evaluation method that we use to evaluate the

architecture we propose through a number of simulations. Our new metric is described

across with the two algorithms that we propose in order to secure our reporting system

from erroneous feedback.

Chapter 6 illustrates all the simulation scenarios that we studied in order to find the

possible outcomes from the presence of erroneous feedback. We also analyze the

simulation results trying to support the proposed solutions. We continue with a

comparison between the simulation scenarios results’ in order to describe the relation



between different parameters of their setup and we conclude with a large scale

simulation scenario.

In chapter 7, we refer to the most common issues about incentives for contributing or

not to the system and we propose a reputation and accounting mechanism.

8.2 Key features of the designed and implemented architecture

A lot of similar architectures have been proposed in order to gather information about

wireless infrastructure deployment. The most well known projects are the WarDriving

projects that have been deployed for a lot of years. Numerous web sites and

applications offer information about available APs all over the world depicted on

maps. IEEE 802.11k standard was recently proposed trying to utilize clients’ feedback

and optimally configure WLANs deployment.

The main design axis of the architecture we proposed is that we try to minimize the

overhead for the network entities. We believe that it is of high importance to utilize the

diversity of clients’ locations to gather information in a more distributed manner.

Access point-centric or sensors-centric approaches suffer from the close space that

these components can sense. 802.11k protocol demands firmware update for APs and

a variety of measurements for clients. This feature is extremely important but places a

burden for mobile devices and may lead to increasing number of not contributing

clients. WarDriving projects involve the personal interest and motivation from a group

of clients to support Wi-Fi mapping for urban areas. On the contrary, our architecture

does not require extra hardware or modifications on existing APs. Clients are not also

asked for a variety of battery or throughput consuming measurements. A few scans in

a periodic manner can be enough to support our system.

8.3 Contributions of the lying strategies analysis

We which strategies can be viable in a sensing and reporting system and we conclude

to a set of strategies that could pose a threat against it. The most naïve strategies were

excluded and we decided to study the possible outcomes from the most potentially

harmful ones. The results we presented can be also used for a number of other sensing

and reporting systems. No other work in the related research area studies the possible



outcome if users do not conform to the demands of each protocol. Most of them

silently or explicitly assume that users conform to the relevant mechanism and always

submit truthful feedback. We go one step further and we propose and evaluate two

appropriate algorithms as a defense against threats from erroneous feedback.

Proposed algorithms can be also used on top of other systems. IEEE 802.11k is the

most related protocol and we believe that the proposed algorithms can be easily

deployed over systems which support 802.11k. It is quite possible that a number of

clients can modify the version of the protocol that their wireless interface supports in

order to deceive the system and enhance their performance or their benefit. As we all

know it is quite easy for a client to change the parameters of the TCP protocol that his

computer supports. In a similar manner and provided that more and more users

become selfishly, many of them might want to modify their interfaces’ drivers to

enhance their performance. Sensing and reporting systems must be defended against

these actions and must have proper ways to filter the erroneous feedback. To conclude,

there is a great relation between IEEE 802.11k and our work; thus we strongly support

our opinion that our results can help the research area related to 802.11k or even

802.22.

8.4 Future work

In this chapter we would like to mention some possible future work that we think

should be done in the relative research area.

Driven from the ubiquitous presence of Wi-Fi APs and the increasing popularity of

small-size handheld devices, more and more users adopt mobility patterns. We believe

that the effect on sensing and reporting procedure from clients’ mobility should be

extensively studied in the near future.

Another important aspect that should be extensively studied and is closely associated

with the mobility issue is the arrival rate of new clients. During the simulations we ran,

we assumed that clients were static and that there was a generally static topology. In

other words, there was no possibility for new arriving clients. It is quite intersecting to



find out how or if a sensing and reporting mechanism can adapt itself to the increasing

number of reports or the increasing number of possible non compliant clients.

Lastly, in real environment it is not always safe to assume that transmissions occur

according to free space propagation model. Due to a number of obstacles transmitted

signal gets reflected and as a result propagation ranges decrease. In that direction, we

believe that a study with another propagation model would be very beneficial.



References

[1]Chris Hurley aka Roamer,Frank Thornton ,Michael Puchol, Russ Rogers

“WarDriving—Drive, Detect, Defend—A Guide to Wireless Security”.

[2] Wireless Geographic Logging Engine - http://www.wigle.net.

[3] Dongsu Han, Aditya Agarwala, David G. Andersen, Michael Kaminsky,

Konstantina Papagiannaki, and Srinivasan Seshan , Mark-and-Sweep: Getting the

Inside Scoop on Neighborhood Networks, In Proc. Internet Measurement Conference,

(Vouliagmeni, Greece), Oct. 2008.

[4] Anthony J Nicholson, Yatin Chawathe, Mike Y Chen, Brian D Noble, David

Wetherall, Improved access point selection, In MobiSys 2006: Proceedings of the 4th

international conference on Mobile systems, applications and services (2006), pp. 233-

245.

[5] Rohan Murty, Jitendra padhye, Alec Wolman, Matt Welsh, DYSON: An

architecture for extensible Wireless LANs, Harvard University, Microsoft Reasearch .

[6] Ganesan G.; Li Y., Cooperative spectrum sensing in cognitive radio networks,

New Frontiers in Dynamic Spectrum Access Networks, 2005.DySPAN 2005. Nov.

2005 Page(s):137 – 143.

[7] Ganesan, G., Li Ye, Cooperative Spectrum Sensing in Cognitive Radio, Part II:

Multiuser Networks, Wireless Communications, IEEE Transactions on Volume 6,

Issue 6, June 2007.

[8]. Ruiliang Chen and Jung-Min Park, Ensuring Trustworthy Spectrum Sensing in

Cognitive Radio Networks, Networking Technologies for Software Defined Radio

Networks, 2006.On page(s): 110-119.

[9]. Ruiliang Chen,Jung-Min Park,Kaigui Bian, Robust Distributed Spectrum Sensing

in Cognitive Radio Networks, INFOCOM 2008.On page(s): 1876-1884 .

[10]. Idris M. Atakli, Hongbing Hu, Yu Chen and Wei-Shinn Ku, Malicious Node

Detection in Wireless Sensor Networks using Weighted Trust Evaluation.

Symposium on Simulation of Systems Security (SSSS'08) .



[11]. Peng Qihang,Zeng Kun,Wang Jun,Li Shaoqian, A Distributed Spectrum Sensing

Scheme Based on Credibility and Evidence Theory in Cognitive Radio Context,

Personal, Indoor and Mobile Radio Communications, 2006,On page(s): 1-5.

[12]. Ishrat J. Quader,Binghao Li,Wendi (Patrick) Peng,Andrew G. Dempster, Use of

Fingerprinting in Wi-Fi Based Outdoor Positioning, International Global Navigation

Satellite Systems Society IGNSS Symposium 2007.

[13]. Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe,Jamie Van

Randwyk, Douglas Sicker, Passive Data Link Layer 802.11 Wireless Device Driver

Fingerprinting, Proceedings of the 15th conference on USENIX Security

Symposium.

[14]. Bruno Kauffmann, Francois Baccelli, Augustin Chaintreau, Vivek Mhatre,

Konstantina Papagiannaki, Christophe Diot, Measurement-Based Self Organization

of Interfering 802.11 Wireless Access Networks, INFOCOM 2007. 26th IEEE

International Conference on Computer Communications. On page(s): 1451-1459.

[15].A. Mishra, V. Brik, S. Banerjee, A. Srinivasan, and W. A. Arbaugh, A client-

driven approach for channel management in Wireless LANs, in Proc. IEEE

INFOCOM 2006, April 2006.

[16]. Haitao Wu Kun Tan Yongguang Zhang Qian Zhang Microsoft Res. Asia,

Beijing, Proactive Scan: Fast Handoff with Smart Triggers for 802.11 Wireless

LAN , INFOCOM 2007. 26th IEEE International Conference on Computer

Communications. IEEE.

[17]. P.A. Frangoudis,G.C. Polyzos, Coupling QoS provision with interference

reporting in WLAN sharing communities, Personal, Indoor and Mobile Radio

Communications, 2008. PIMRC 2008.

[18].Wireless Zero Configuration-

http://en.wikipedia.org/wiki/Wireless_Zero_Configuration

[19].Kismet- www.kismetwireless.net/

[20].Nmea - http://home.mira.net/~gnb/gps/nmea.html



[21]. PostgreSQL - http://www.postgresql.org/

[22].PostGIS – http://postgis.refractions.net/

[23]. Google Maps - http://code.google.com/apis/maps/

[24]. Radu Jurca , Boi Faltings , " CONFESS " An Incentive Compatible Reputation

Mechanism for the Online Hotel Booking Industry, Proceedings of the IEEE

International Conference on E-Commerce Technology.

[25]. Thanasis G. Papaioannou, George D. Stamoulis, Optimizing an Incentives’

Mechanism for Truthful Feedback in Virtual Communities, Lecture Notes in

Computer Science, Springerlink, Volume 4118/2006, Agents and Peer-to-Peer

Computing.

[26]. Papaioannou, T.G. , Stamoulis, G.D., An incentives' mechanism promoting

truthful feedback in peer-to-peer systems, Cluster Computing and the Grid, 2005.

CCGrid 2005.

[27]. Pretty_Good_Privacy – http://en.wikipedia.org/wiki/Pretty_Good_Privacy

[28]. Radu Jurca, Boi Faltings, Reliable QoS monitoring based on client

feedback,Proceedings of the 16th international conference on World Wide Web, 2007.

[29]. Radu Jurca, Boi Faltings, Eliciting Truthful Feedback for Binary Reputation

Mechanisms, Proceedings of the 2004 IEEE/WIC/ACM International Conference on

Web Intelligence.

[30]. Xenofon Fafoutis and Vasilios A. Siris, Handover Incentives for WLANs with

Overlapping Coverage, Lecture Notes in Computer Science, Springerlink, Volume

5546/2009, Wired/Wireless Internet Communications.

spectrum sensing and reporting on wlans · number of wi-fi access points ... that a proportion of...

Documents