Chapter3 Wireless

Wireless and Mobile
Communications
Outline
Overview
MAC
Routing
Wireless TCP
Wireless in real world
Leverage broadcasting nature
Wireless security
2
From Wired to Wireless
3
The Difference: # 1
4
The Difference #2
5
Unicast vs. Broadcast
6
Why?
signal - to - noise - ratio
Interference
Your signal is noise to others
Broadcast nature
7
Existing Wireless Networks
Wireless Metropolitan Area Network (WMAN)
Cellular/Wireless Wide Area Network (WWAN) (GSM, WCDMA, EV-DO)
Wireless Local Area Network (WLAN)
Wireless Personal Area Network
(WPAN)
Ad hoc networks
Sensor networks
Emerging networks (variations of ad
hoc networks
Info-stations
Vehicular networks
Cognitive Radio Networks
IEEE 802.22 8
Data Rate
9
Transmission Range
10
Power Dissipation
11
Network Architectures
Cellular Networks (hierarchical systems) WLAN / Mesh networks

QoS + mobility $$$, lack of innovations Simple, cheap Poor management
12
Ad hoc networks Sensor networks
no infrastructure cost no guarantee Energy limited, low processing power
Challenges in Cellular Networks
Explosion of mobile phones, 1.5billion users (2004)
Scalability issues (particularly at radio network controller)
Better architecture design
Lack of bandwidth (we need mobile TV)
Give us more spectrum
13
IEEE 802.11 - Architecture of an
Infrastructure Network
Station (STA)
Terminal with access mechanisms to
the wireless medium and radio
contact to the access point
Basic Service Set (BSS)
Group of stations using the same
radio frequency
Access Point
Station integrated into the wireless
LAN and the distribution system
Portal
bridge to other (wired) networks
Distribution System
Interconnection network to form
one logical network
14
Challenges in WiFi
Again, explosion of users, devices
Interference, interference, interference
Heavy interference /contention when accessing the AP, no QoS
support
Inter-AP interference
Interference from other devices (microwave, cordless phones) in
the same frequency band
Mobility support
Seamless roaming when users move between APs
Normally low speed (3-10mph)
15
Challenges in Ad-hoc Networks
A flexible network infrastructure
Peer-to-peer communications
No backbone infrastructure
Routing can be multi-hop
Topology is dynamic
Challenges
Devices need to self-manage to survive
Manage interference (similar to WiFi but without AP, much harder)
Manage connectivity and routing (node mobility and unreliable links)
Transmission, access, and routing strategies for ad-hoc networks are
generally ad-hoc
User collaboration is a good direction but there are always selfish / 16
malicious users
How does Wireless affect
Networking?
Wireless access is different from Ethernet access
Wireless routing is different from IP routing
Wireless security is different from wired security
17
Wireless Access vs. Ethernet Access
Ethernet: fixed connection, always on, stable, fixed rate
Wireless: unreliable connection, competition based,
fading/unreliable, dynamic rate, limited bandwidth
Critical: how to coordinate among devices to avoid interference
Cellular: centralized, base station tells each device when and how to
send/receive data
WLAN + Ad hoc: distributed, CSMA, compete and backoff
Mobility
neighbor discovery + topology control
Rate adaptations
18
Wireless Routing vs. Wired Routing
Aside from traditional multi-hop routing
Mobility: route discovery and maintenance
Interference, interference, interference
Multi-hop interference mitigation
Spectrum assignment, multi-channel networks
19
Why is Security more of a Concern
in Wireless?
No inherent physical protection
Physical connections between devices are replaced by logical
associations
Sending and receiving messages do not need physical access to the
network infrastructure (cables, hubs, routers, etc.)
Broadcast communications
Wireless usually has a broadcast nature
Transmissions can be overheard by anyone in range
Anyone can generate transmissions,
which will be received by other devices in range
which will interfere with other nearby transmissions and may prevent
their correct reception (jamming)
20
Wireless Attacks
Eavesdropping is easy
Injecting bogus messages into the network is easy
Replaying previously recorded messages is easy
Illegitimate access to the network and its services is easy
Denial of service is easily achieved by jamming
21
So far
Understand why wireless data rate is lower than wired
Understand different types of wireless networks:
WPAN, WLAN, WWAN, WMAN and their challenges
Understand the difference between infrastructure and ad hoc
networks
Understand the challenges in MAC, networking and security
areas
22
Outline
Overview
MAC
Routing
Wireless TCP
Wireless security
23
Why Control Medium Access
Wireless channel is a shared medium
When conflict, interference disrupts communications
Medium access control (MAC)
Avoid interference
Provide fairness
Utilize channel variations to improve throughput
Independent link variations
24
MAC Categories
25
Random Access
Random Access vs. Controlled Access
No fixed schedule, no special node to coordinate
Distributed algorithm to determine how users share channel,
when each user should transmit
Challenges: two or more users can access the same channel

simultaneously Collisions
Protocol components:
How to detect and avoid collisions
How to recover from collisions
26
Examples
Slotted ALOHA
Pure ALOHA
CSMA, CSMA/CA, CSMA/CD
27
The Trivial Solution
A B C
collision
Transmit and pray

Plenty of collisions --> poor throughput at high load
28
The Simple Fix Dont
transmit
A B C
Transmit and pray Can collisions still occur?

Plenty of collisions --> poor throughput at high load
Listen before you talk

Carrier sense multiple access (CSMA)
Defer transmission when signal on channel
29
CSMA Collisions spatial layout of nodes
Collisions can still occur:

Propagation delay non-zero
between transmitters
When collision:
Entire packet transmission
time wasted
Note:
Role of distance & propagation delay
in determining collision probability
30
CSMA/CD (Collision Detection)
Keep listening to channel

While transmitting
If (Transmitted_Signal !=
Sensed_Signal)
Sender knows its a Collision
ABORT
31
Two Observations on CSMA/CD
Transmitter can send/listen concurrently
If (Sensed - received = null)? Then success
The signal is identical at Tx and Rx

Non-dispersive
The TRANSMITTER can detect if and

when collision occurs
32
Unfortunately
Both observations do not hold for

wireless!!!
Because
33
Wireless Medium Access Control
C D
A B
Signal
power
SINR threhold
34
Distance
Wireless Media Disperse Energy
A cannot send and listen in parallel
C D
A B
Signal
power
Signal not same at different locations

SINR threhold
Distance
Collision Detection Difficult
B
A C
D
Signal reception based on SINR

Transmitter can only hear itself
Cannot determine signal quality at receiver
36
Calculating SINR
A B
C
D
SignalOfIn terest ( SoI )

SINR
Interferen ce ( I ) Noise( N )
PtraAn smit
SoI BA
A
Ptransmit
d AB

C d
I
C
B
P transmit

SINRBA AB
C
d CB Ptransmit
N 37
d CB
Red signal >> Blue signal Red < Blue = collision
C D
X A B
Signal
power
SINR threhold
38
Distance
Important: C has not heard A, but can interfere at receiver B
C is the hidden terminal to A
C D
X A B
Signal
power
SINR threhold
39
Distance
Important: X has heard A, but should not defer transmission to Y
Y X is the exposed terminal to A
C D
X A B
Signal
power
SINR threhold
40
Distance
Exposed Terminal Problem (ETP)
Dont know whether two transmissions will conflict or not
C wants to transmit to D but hears B; C defers transmission to
D although it wont disturb the transmission from B to A
Critical fact #1: Interference is receiver driven while CSMA is 41

sender driven
Hidden Terminal Problem (HTP)
Reason: limited transmit/sensing capabilities
B can communicate with A and C
A and C can not hear each other
If A transmits to B & C transmits to B, collision occurs at B
42
CSMA/CA-Avoiding Collisions
Idea: allow sender to reserve channel rather than random
access of data frames: avoid collisions of long data frames
Sender first transmits small request-to-send (RTS) packets to BS using
CSMA
BS broadcasts clear-to-send CTS in response to RTS
RTS heard by all nodes
Sender transmits data frame
Other stations defer transmissions
avoid data frame collisions completely

using small reservation packets!
43
Problems with Single Channel
Collisions happen to RTS and CTS too
Bandwidth is limited
Are there alternatives to avoid interference??
44
Multiple Channel Motivation
Ways to avoid interference
Time
Space
Frequency/channel
How to coordinate 45
among users which
channel to use?
MultiChannel Hidden Terminals
A sends RTS
46
B sends CTS
C does not hear CTS because C is listening on channel 2
47
C switches to channel 1 and transmits RTS

Collision occurs at B
48
HOW TO COORDINATE THE CHANNEL USAGE?
49
Solution 1: Add a Control Radio
Each user has two radios
Radio 1: control radio; users exchange control information
which channel to use for their data radio
Radio 2: data radio; transmit packets
Pro:
Simple; instantaneous coordination
Con:
Need an extra radio; bandwidth wasted..
50
Wus Protocol [Wu00ISPAN]
Assumes 2 transceivers per host
One transceiver always listens on control channel
Negotiate channels using RTS/CTS/RES
RTS/CTS/RES packets sent on control channel
Sender includes preferred channels in RTS
Receiver decides a channel and includes in CTS
Sender transmits RES (Reservation)
Sender sends DATA on the selected data channel
What if each user only has one radio???? 51

Solution 2: Add a control slot
Each user transmits in two phases
Phase I: users exchange control information which channel to
use for their data transmission
Phase II: transmit packets on the pre-determined channel
Pro:
Only need one radio
Con:
Need synchronization;
Only periodic coordination
52
An example of Solution 2: MMAC
Assumptions
Each node is equipped with a single transceiver
The transceiver is capable of switching channels
Channel switching delay is approximately 250us
Per-packet switching not recommended
Occasional channel switching not too expensive
Multi-hop synchronization is achieved by other means
[so04] J. So and N. Vaidya, Multichannel MAC for Ad Hoc

Networks: Handling Multichannel Hidden Terminals with a Single 53
Transceiver, Mobihoc 2004.
Power Saving in 802.11 Ad hoc Mode
Time is divided into beacon intervals
Each beacon interval begins with an ATIM window
If host A has a packet to transmit to B, A must send an
ATIM Request to B during an ATIM Window
If a host does not receive an ATIM Request during an ATIM
window, and has no pending packets to transmit, it may
sleep during rest of the beacon interval
54
Channel Negotiation
55
Channel Negotiation
56
Channel Negotiation
57
Channel Negotiation
58
QUESTION:
WHAT IS THE LIMITATION OF
MMAC??
59
MMAC
MMAC Basic idea:
Periodically rendezvous on a fixed channel to decide the next channel
Issues
Packets to multiple destinations high delays
Control channel congestion 60
Outline
Overview
MAC
Routing
Wireless TCP
Wireless security
61
Assumptions of Wireless Routing
Inherent mobility
Nodes are not static
Transmission properties
Classically assumed as unit-disc model
All or nothing range R
Symmetric reception
62
Scenarios
63
GOAL
Minimize control overhead
Minimize processing overhead
Multi-hop path routing capability
Dynamic topology maintenance
No routing loops
Self-starting
64
Brief Review of Internet Routing
Intra-AS routing
Link-state
Distance vector
Distance vector
Neighbors periodically exchange routing information with
neighbors
<destination IP addr, hop count>
Nodes iteratively learn network routing info and compute routes
to all destinations
Suffer from problems like counting-to-infinity
65
Review Cont.
Link State
Nodes flood neighbor routing information to all nodes in network
<neighbor IP Addr, cost>
Once each node knows all links in network, can individually
compute routing paths
Use Dijkstra for example
Minimize routing cost
Supports metrics other than hop count, but is more complex
66
Review Cont.
Examples of routing protocols
Distance vector: RIP
Link state: OSPF
What do these have in common?
Both maintain routes to all nodes in network
67
Approaches to Wireless Routing
Proactive Routing
Based on traditional distance-vector and link-state protocols
Nodes proactively maintains route to each other
Periodic and/or event triggered routing update exchange
Higher overhead in most scenarios
Longer route convergence time
Examples: DSDV, TBRPF, OLSR
68
Approaches Cont.
Reactive (on-demand) Routing
Source build routes on-demand by flooding
Maintain only active routes
Route discovery cycle
Typically, less control overhead, better scaling properties
Drawback??
Route acquisition latency
Example: AODV, DSR
69
WIRELESS ROUTING PROTOCOLS (1):
REACTIVE PROTOCOLS
70
Dynamic Source Routing (DSR)
[Johnson96]
When node S wants to send a packet to node D, but does not
know a route to D, node S initiates a route discovery
Source node S floods Route Request (RREQ)
Each node appends own identifier when forwarding RREQ
71
Route Discovery in DSR
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
Represents a node that has received RREQ for D from S 72

Y
Broadcast transmission
[S] Z
S E
F
B C M L
J
A G
H D
K
I N
Represents transmission of RREQ 73
[X,Y] Represents list of identifiers appended to RREQ

Y
Z
S [S,E]
E
F
B C M L
J
A [S,C] G
H D
K
I N
Node H receives packet RREQ from two neighbors:

74
potential for collision
Y
Z
S E
F [S,E,F]
B C M L
J
A G
H D
[S,C,G] K
I N
Node C receives RREQ from G and H, but does not forward

it again, because node C has already forwarded RREQ once 75
Y
Z
S E
F [S,E,F,J]
B C M L
J
A G
H D
K
I [S,C,G,K] N
Nodes J and K both broadcast RREQ to node D

76
Since nodes J and K are hidden from each other, their
transmissions may collide
Y
Z
S E
[S,E,F,J,M]
F
B C M L
J
A G
H D
K
I N
Node D does not forward RREQ, because node D 77

is the intended target of the route discovery
Destination D on receiving the first RREQ, sends a Route Reply

(RREP)
RREP is sent on a route obtained by reversing the route

appended to received RREQ
RREP includes the route from S to D on which RREQ was

received by node D
78
Route Reply in DSR
Y
Z
S RREP [S,E,F,J,D]
E
F
B C M L
J
A G
H D
K
I N
79
Represents RREP control message
Route Reply in DSR
Route Reply can be sent by reversing the route in Route Request
(RREQ) only if links are guaranteed to be bi-directional
To ensure this, RREQ should be forwarded only if it received on a link
that is known to be bi-directional
If unidirectional (asymmetric) links are allowed, then RREP may

need a route discovery for S from node D
Unless node D already knows a route to node S
If a route discovery is initiated by D for a route to S, then the Route
Reply is piggybacked on the Route Request from D.
If IEEE 802.11 MAC is used to send data, then links have to be bi-
directional (since Ack is used)
80
Dynamic Source Routing (DSR)
Node S on receiving RREP, caches the route included in the

RREP
When node S sends a data packet to D, the entire route is

included in the packet header
hence the name source routing
Intermediate nodes use the source route included in a packet

to determine to whom a packet should be forwarded
81
Data Delivery in DSR
Y
DATA [S,E,F,J,D] Z
S E
F
B C M L
J
A G
H D
K
I N
82
Packet header size grows with route length
When to Perform a Route
Discovery
When node S wants to send data to node D, but does not
know a valid route node D
83
DSR Optimization: Route Caching
Each node caches a new route it learns by any means
When node S finds route [S,E,F,J,D] to node D, node S also
learns route [S,E,F] to node F
When node K receives Route Request [S,C,G] destined for
node, node K learns route [K,G,C,S] to node S
When node F forwards Route Reply RREP [S,E,F,J,D], node F
learns route [F,J,D] to node D
When node E forwards Data [S,E,F,J,D] it learns route [E,F,J,D]
to node D
A node may also learn a route when it overhears Data
packets
84
Use of Route Caching
When node S learns that a route to node D is broken, it uses
another route from its local cache, if such a route to D exists
in its cache. Otherwise, node S initiates route discovery by
sending a route request
Node X on receiving a Route Request for some node D can

send a Route Reply if node X knows a route to node D
Use of route cache

can speed up route discovery
can reduce propagation of route requests
85
Use of Route Caching
[S,E,F,J,D]
[E,F,J,D]
S E [F,J,D],[F,E,S]
F [J,F,E,S]
B C M L
J
A [C,S] G
H [G,C,S] D
K
I N
Z
[P,Q,R] Represents cached route at a node 86
(DSR maintains the cached routes in a tree format)
Use of Route Caching:
Can Speed up Route Discovery
[S,E,F,J,D]
[E,F,J,D]
S E [F,J,D],[F,E,S]
F [J,F,E,S]
B C [G,C,S] M L
J
A [C,S] G
H D
[K,G,C,S] K
I RREP N
RREQ
Z
When node Z sends a route request
for node C, node K sends back a route 87
reply [Z,K,G,C] to node Z using a locally
cached route
Use of Route Caching:
Can Reduce Propagation of Route Requests
[S,E,F,J,D] Y
[E,F,J,D]
S E [F,J,D],[F,E,S]
F [J,F,E,S]
B C [G,C,S] M L
J
A [C,S] G
H D
[K,G,C,S] K
I RREP N
RREQ
Z
Assume that there is no link between D and Z. 88
Route Reply (RREP) from node K limits flooding of RREQ.
In general, the reduction may be less dramatic.
Route Error (RERR)
Y
RERR [J-D] Z
S E
F
B C M L
J
A G
H D
K
I N
J sends a route error to S along route J-F-E-S when its attempt to forward the
data packet S (with route SEFJD) on J-D fails 89
Nodes hearing RERR update their route cache to remove link J-D
Route Caching: Beware!
Stale caches can adversely affect performance
With passage of time and host mobility, cached routes may

become invalid
A sender host may try several stale routes (obtained from local
cache, or replied from cache by other nodes), before finding a
good route
An illustration of the adverse impact on TCP will be discussed

later in the tutorial [Holland99]
90
Dynamic Source Routing:
Advantages
Routes maintained only between nodes who need to
communicate
reduces overhead of route maintenance
Route caching can further reduce route discovery overhead
A single route discovery may yield many routes to the

destination, due to intermediate nodes replying from local
caches
91
Disadvantages
Packet header size grows with route length due to source
routing
Flood of route requests may potentially reach all nodes in the
network
Care must be taken to avoid collisions between route requests
propagated by neighboring nodes
insertion of random delays before forwarding RREQ
Increased contention if too many route replies come back due
to nodes replying using their local cache
Route Reply Storm problem
Reply storm may be eased by preventing a node from sending
RREP if it hears another RREP with a shorter route 92
Disadvantages
An intermediate node may send Route Reply using a stale
cached route, thus polluting other caches
This problem can be eased if some mechanism to purge

(potentially) invalid cached routes is incorporated.
For some proposals for cache invalidation, see

[Hu00Mobicom]
Static timeouts
Adaptive timeouts based on link stability
93
Flooding of Control Packets
How to reduce the scope of the route request flood ?

LAR [Ko98Mobicom]
Query localization [Castaneda99Mobicom]
How to reduce redundant broadcasts ?

The Broadcast Storm Problem [Ni99Mobicom]
94
Location-Aided Routing (LAR)
[Ko98Mobicom]
Exploits location information to limit scope of route request
flood
Location information may be obtained using GPS
Expected Zone is determined as a region that is expected to

hold the current location of the destination
Expected region determined based on potentially old location
information, and knowledge of the destinations speed
Route requests limited to a Request Zone that contains the

Expected Zone and location of the sender node
95
Expected Zone in LAR
X = last known location of node
D, at time t0
Y = location of node D at current

time t1, unknown to node S
r = (t1 - t0) * estimate of Ds speed

X
r
Y
96
Expected Zone
Request Zone in LAR
Network Space
Request Zone
X
r
B Y
A
S 97
LAR
Only nodes within the request zone forward route requests
Node A does not forward RREQ, but node B does (see previous
slide)
Request zone explicitly specified in the route request
Each node must know its physical location to determine

whether it is within the request zone
98
LAR
Only nodes within the request zone forward route requests
If route discovery using the smaller request zone fails to find a

route, the sender initiates another route discovery (after a
timeout) using a larger request zone
the larger request zone may be the entire network
Rest of route discovery protocol similar to DSR
99
LAR Variations: Adaptive Request
Zone
Each node may modify the request zone included in the
forwarded request
Modified request zone may be determined using more

recent/accurate information, and may be smaller than the
original request zone
B
Request zone adapted by B 100
S
Request zone defined by sender S
LAR Variations: Implicit Request
Zone
In the previous scheme, a route request explicitly specified a
request zone
Alternative approach: A node X forwards a route request

received from Y if node X is deemed to be closer to the
expected zone as compared to Y
The motivation is to attempt to bring the route request

physically closer to the destination node after each
forwarding
101
Location-Aided Routing
The basic proposal assumes that, initially, location information
for node X becomes known to Y only during a route discovery
This location information is used for a future route discovery
Each route discovery yields more updated information which is
used for the next discovery
Variations
Location information can also be piggybacked on any message
from Y to X
Y may also proactively distribute its location information
Similar to other protocols discussed later (e.g., DREAM, GLS)
102
Location Aided Routing (LAR)
Advantages
reduces the scope of route request flood
reduces overhead of route discovery
Disadvantages
Nodes need to know their physical locations
Does not take into account possible existence of obstructions for
radio transmissions
103
Query Localization
[Castaneda99Mobicom]
Limits route request flood without using physical information
Route requests are propagated only along paths that are close
to the previously known route
The closeness property is defined without using physical

location information
104
Query Localization
Path locality heuristic: Look for a new path that contains at

most k nodes that were not present in the previously known
route
Old route is piggybacked on a Route Request
Route Request is forwarded only if the accumulated route in

the Route Request contains at most k new nodes that were
absent in the old route
this limits propagation of the route request
105
Query Localization: Example
G G Node F does not forward the route
request since it is not on any route
F F from S to D that contains at most
2 new nodes
E Node D moved E
D
B C B C
Permitted routes
with k = 2
A D A
Initial route
from S to D 106
S S
Query Localization
Advantages:
Reduces overhead of route discovery without using physical
location information
Can perform better in presence of obstructions by searching for
new routes in the vicinity of old routes
Disadvantage:
May yield routes longer than LAR
(Shortest route may contain more than k new nodes)
107
Broadcast Storm Problem
[Ni99Mobicom]
When node A broadcasts a route query, nodes B and C both
receive it
B and C both forward to their neighbors
B and C transmit at about the same time since they are reacting
to receipt of the same message from A
This results in a high probability of collisions
B C
108
A
Broadcast Storm Problem
Redundancy: A given node may receive the same route
request from too many nodes, when one copy would have
sufficed
Node D may receive from nodes B and C both
B C
109
A
Solutions for Broadcast Storm
Probabilistic scheme: On receiving a route request for the first
time, a node will re-broadcast (forward) the request with
probability p
Also, re-broadcasts by different nodes should be staggered by

using a collision avoidance technique (wait a random delay
when channel is idle)
this would reduce the probability that nodes B and C would
forward a packet simultaneously in the previous example
110
Solutions for Broadcast Storms
Counter-Based Scheme: If node E hears more than k neighbors
broadcasting a given route request, before it can itself forward
it, then node E will not forward the request
Intuition: k neighbors together have probably already
forwarded the request to all of Es neighbors
E
B C
F 111
A
Solutions for Broadcast Storms
Distance-Based Scheme: If node E hears RREQ broadcasted by
some node Z within physical distance d, then E will not re-
broadcast the request
Intuition: Z and E are too close, so transmission areas covered
by Z and E are not very different
if E re-broadcasts the request, not many nodes who have not already
heard the request from Z will hear the request
E <d
Z
112
Summary: Broadcast Storm
Problem
Flooding is used in many protocols, such as Dynamic Source
Routing (DSR)
Problems associated with flooding

Collisions
Redundancy
Collisions may be reduced by jittering (waiting for a random

interval before propagating the flood)
Redundancy may be reduced by selectively re-broadcasting

packets from only a subset of the nodes 113
Ad Hoc On-Demand Distance Vector
Routing (AODV) [Perkins99Wmcsa]
DSR includes source routes in packet headers
Resulting large headers can sometimes degrade performance

particularly when data contents of a packet are small
AODV attempts to improve on DSR by maintaining routing

tables at the nodes, so that data packets do not have to
contain routes
AODV retains the desirable feature of DSR that routes are

maintained only between nodes which need to communicate
114
AODV
Route Requests (RREQ) are forwarded in a manner similar to
DSR
When a node re-broadcasts a Route Request, it sets up a

reverse path pointing towards the source
AODV assumes symmetric (bi-directional) links
When the intended destination receives a Route Request, it

replies by sending a Route Reply
Route Reply travels along the reverse path set-up when

Route Request is forwarded 115
Route Requests in AODV
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
Represents a node that has received RREQ for D from S 116

Y
Broadcast transmission
Z
S E
F
B C M L
J
A G
H D
K
I N
Represents transmission of RREQ 117

Y
Z
S E
F
B C M L
J
A G
H D
K
I N
Represents links on Reverse Path 118

Reverse Path Setup in AODV
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
Node C receives RREQ from G and H, but does not forward

it again, because node C has already forwarded RREQ once 119
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
120
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
Node D does not forward RREQ, because node D 121

is the intended target of the RREQ
Route Reply in AODV
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
122
Represents links on path taken by RREP
Route Reply in AODV
An intermediate node (not the destination) may also send a
Route Reply (RREP) provided that it knows a more recent path
than the one previously known to sender S
To determine whether the path known to an intermediate node

is more recent, destination sequence numbers are used
The likelihood that an intermediate node will send a Route

Reply when using AODV not as high as DSR
A new Route Request by node S for a destination is assigned a
higher destination sequence number. An intermediate node which
knows a route, but with a smaller sequence number, cannot send
Route Reply
123
Forward Path Setup in AODV
Y
Z
S E
F
B C M L
J
A G
H D
K
I N
Forward links are setup when RREP travels along

the reverse path
124
Represents a link on the forward path

Data Delivery in AODV
Y
DATA
Z
S E
F
B C M L
J
A G
H D
K
I N
Routing table entries used to forward data packet.

125
Route is not included in packet header.
Timeouts
A routing table entry maintaining a reverse path is purged

after a timeout interval
timeout should be long enough to allow RREP to come back
A routing table entry maintaining a forward path is purged if

not used for an active_route_timeout interval
if no is data being sent using a particular routing table entry, that
entry will be deleted from the routing table (even if the route
may actually still be valid)
126
Link Failure Reporting
A neighbor of node X is considered active for a routing table
entry if the neighbor sent a packet within
active_route_timeout interval which was forwarded using
that entry
When the next hop link in a routing table entry breaks, all
active neighbors are informed
Link failures are propagated by means of Route Error

messages, which also update destination sequence numbers
127
Route Error
When node X is unable to forward packet P (from node S to
node D) on link (X,Y), it generates a RERR message
Node X increments the destination sequence number for D

cached at node X
The incremented sequence number N is included in the RERR
When node S receives the RERR, it initiates a new route

discovery for D using destination sequence number at least as
large as N
128
Destination Sequence Number
Continuing from the previous slide
When node D receives the route request with destination

sequence number N, node D will set its sequence number to
N, unless it is already larger than N
129
Link Failure Detection
Hello messages: Neighboring nodes periodically exchange
hello message
Absence of hello message is used as an indication of link

failure
Alternatively, failure to receive several MAC-level

acknowledgement may be used as an indication of link failure
130
Why Sequence Numbers in AODV
To avoid using old/broken routes
To determine which route is newer
To prevent formation of loops
A B C D
E
Assume that A does not know about failure of link C-D because RERR
sent by C is lost
Now C performs a route discovery for D. Node A receives the RREQ
(say, via path C-E-A)
Node A will reply since A knows a route to D via node B
Results in a loop (for instance, C-E-A-B-C ) 131
Why Sequence Numbers in AODV
A B C D
Loop C-E-A-B-C
132
Optimization: Expanding Ring
Search
Route Requests are initially sent with small Time-to-Live (TTL)
field, to limit their propagation
DSR also includes a similar optimization
If no Route Reply is received, then larger TTL tried
133
Summary: AODV
Routes need not be included in packet headers
Nodes maintain routing tables containing entries only for routes

that are in active use
At most one next-hop per destination maintained at each node

DSR may maintain several routes for a single destination
Unused routes expire even if topology does not change

134
PROACTIVE PROTOCOLS
135
Proactive Protocols
Most of the schemes discussed so far are reactive
Proactive schemes based on distance-vector and link-state

mechanisms have also been proposed
136
Link State Routing [Huitema95]
Each node periodically floods status of its links
Each node re-broadcasts link state information received from

its neighbor
Each node keeps track of link state information received from

other nodes
Each node uses above information to determine next hop to

each destination
137
Optimized Link State Routing (OLSR)
[Jacquet00ietf, Jacquet99Inria]
The overhead of flooding link state information is reduced by
requiring fewer nodes to forward the information
A broadcast from node X is only forwarded by its multipoint

relays
Multipoint relays of node X are its neighbors such that each

two-hop neighbor of X is a one-hop neighbor of at least one
multipoint relay of X
Each node transmits its neighbor list in periodic beacons, so that
all nodes can know their 2-hop neighbors, in order to choose
the multipoint relays 138
Optimized Link State Routing
(OLSR)
Nodes C and E are multipoint relays of node A
B F J
A E H
C K
G
D
139
Node that has broadcast state information from A

(OLSR)
Nodes C and E forward information received from A
B F J
A E H
C K
G
D
140

(OLSR)
Nodes E and K are multipoint relays for node H
Node K forwards information received from H
E has already forwarded the same information once
B F J
A E H
C K
G
D
141

OLSR
OLSR floods information through the multipoint relays
The flooded itself is fir links connecting nodes to respective

multipoint relays
Routes used by OLSR only include multipoint relays as

intermediate nodes
142
Destination-Sequenced Distance-
Vector (DSDV) [Perkins94Sigcomm]
Each node maintains a routing table which stores
next hop towards each destination
a cost metric for the path to each destination
a destination sequence number that is created by the destination
itself
Sequence numbers used to avoid formation of loops
Each node periodically forwards the routing table to its

neighbors
Each node increments and appends its sequence number when
sending its local routing table
This sequence number will be attached to route entries created 143
for this node
Vector (DSDV)
Assume that node X receives routing information from Y about
a route to node Z
X Y Z
Let S(X) and S(Y) denote the destination sequence number for
node Z as stored at node X, and as sent by node Y with its
routing table to node X, respectively
144
Vector (DSDV)
Node X takes the following steps:
X Y Z
If S(X) > S(Y), then X ignores the routing information received

from Y
If S(X) = S(Y), and cost of going through Y is smaller than the

route known to X, then X sets Y as the next hop to Z
If S(X) < S(Y), then X sets Y as the next hop to Z, and S(X) is
updated to equal S(Y)
145
HYBRID PROTOCOLS
146
Zone Routing Protocol (ZRP)
[Haas98]
Zone routing protocol combines
Proactive protocol: which pro-actively updates network state

and maintains route regardless of whether any data traffic
exists or not
Reactive protocol: which only determines route to a

destination if there is some data to be sent to the destination
147
ZRP
All nodes within hop distance at most d from a node X are

said to be in the routing zone of node X
All nodes at hop distance exactly d are said to be peripheral

nodes of node Xs routing zone
148
ZRP
Intra-zone routing: Pro-actively maintain state information for

links within a short distance from any given node
Routes to nodes within short distance are thus maintained
proactively (using, say, link state or distance vector protocol)
Inter-zone routing: Use a route discovery protocol for

determining routes to far away nodes. Route discovery is
similar to DSR with the exception that route requests are
propagated via peripheral nodes.
149
ZRP: Example with Zone Radius = d
=2
S performs route
discovery for D
B
S
A C
D
E
F
150
Denotes route request
ZRP: Example with d = 2
S performs route
discovery for D
B
S
A C
D
E
F
E knows route from E to D, 151

Denotes route reply so route request need not be
forwarded to D from E
ZRP: Example with d = 2
S performs route
discovery for D
B
S
A C
D
E
F
152
Denotes route taken by Data
Landmark Routing (LANMAR) for MANET
with Group Mobility [Pei00Mobihoc]
A landmark node is elected for a group of nodes that are likely
to move together
A scope is defined such that each node would typically be

within the scope of its landmark node
Each node propagates link state information corresponding only

to nodes within it scope and distance-vector information for all
landmark nodes
Combination of link-state and distance-vector
Distance-vector used for landmark nodes outside the scope
No state information for non-landmark nodes outside scope
maintained 153
LANMAR Routing to Nodes Within
Scope
Assume that node C is within scope of node A
H
G
C D
A B E F
Routing from A to C: Node A can determine next hop to node

C using the available link state information
154
LANMAR Routing to Nodes Outside
Scope
Routing from node A to F which is outside As scope
Let H be the landmark node for node F
H
G
C D
A B E F
Node A somehow knows that H is the landmark for C

Node A can determine next hop to node H using the available
distance vector information
155
LANMAR Routing to Nodes Outside
Scope
Node D is within scope of node F
G
C D
A B E F
Node D can determine next hop to node F using link state

information
The packet for F may never reach the landmark node H, even
though initially node A sends it towards H
156
Outline
Overview
MAC
Routing
Wireless TCP
Wireless security
157
We have a route, Now What ?
TCP
TCP
NETWORK
Transport packets quickly and reliably over this network
Network properties often unknown (or difficult to track)

- Where is the congestion ? How much cross traffic ?
- What is the bottleneck bandwidth ? 158
- How much buffers at intermediate nodes ?
Motivation for end to end TCP
The End to End Argument [Reed,Clark]
The function in question can completely and correctly be
implemented only with the knowledge and help of the application
standing at the end points of the communication system.
Therefore, providing that questioned function as a feature of the
communication system itself is not possible.
In other words,
as a middle man, dont attempt to do it, if you cannot do it completely.
Let the end point handle it completely !!
Caveat: Middle-man involvement OK for performance optimization
Question is: Who is the end point ? TCP ? Application layer ? Human user ? 159
the debate goes on
The Control Problem
Two main components in TCP
Flow Control and Congestion Control
Flow Control
If receivers bucket filling up, pour less water
Congestion Control
Dont pour too much if there are leaks in intermediate pipes
Regulate your flow based on how much is leaking out
Aggressive pouring calls for retransmission of lost packets
Conservative pouring lower e2e capacity
Challenge: At what rate(t) should you pour ?
Why ? 160
The TCP Protocol (in a nutshell)
T transmits few packets, waits for ACK
Called slow start
R acknowledges all packet till seq #i by ACK i (optimizations possible)

ACK sent out only on receiving a packet
Can be Duplicate ACK if expected packet not received
ACK reaches T indicator of more capacity

T transmits larger burst of packets (self clocking) so on
Burst size increased until packet drops (i.e., DupACK)
When T gets DupACK or waits for longer than RTO

Assumes congestion reduces burst size (congestion window)
161
Several flavors of TCP: combines options / optimizations
Reno, Vegas, Eifel, Westwood
Overall TCP has worked well proven on the Internet
Then why study it again for wireless networks ?
162
Renewed Challenge
Key assumption in TCP
A packet loss is indicative of network congestion
Source needs to regulate flow by reducing CW
Assumption closely true for wired networks

BER ~ 10 -6
With wireless, errors due to fading, fluctuations

Need not reduce CW in response
But, TCP is e2e CANNOT see the network
Thus, TCP cannot classify the cause of loss CHALLENGE
163
The Problem Model
TCP connection
application application application

transport transport transport
network network network
rxmt
link link link
physical physical physical
Wireline
wireless 164
Impact of Misclassification
2.0E+06
Best possible
Sequence number (bytes)
TCP with no errors

1.5E+06
(1.30 Mbps) TCP Reno
(280 Kbps)
1.0E+06
5.0E+05
0.0E+00
0 10 20 30 40 50 60
Time (s) 165
2 MB wide-area TCP transfer over 2 Mbps WaveLAN

The Solution Space
Much research on TCP over wireless
Difficult to cover complete ground
We peek into some of the key ideas
Link layer mechanisms
Split connection approach
TCP-Aware link layer
TCP-Unaware approximation of TCP-aware link layer
Explicit notification
Receiver-based discrimination
Sender-based discrimination
166
LINK LAYER MECHANISMS
167
Link Layer Mechanisms
Forward error corrections (FEC)
Add redundancy in the packets to correct bit-errors
TCP retransmissions can be alleviated
Link layer retransmissions

MAC layer ACKnowledgments
Overhead only when errors occur (unlike FEC)
Such mechanisms require no change in TCP

Is that breaking e2e argument ??
168
Issues with Link Layer Mechanisms
Link layer cannot guarantee reliability
Have to drop packets after some finite limit
What is the retransmission limit (??)
Retransmission can take quite long

Can be significant fraction of RTT
TCP can timeout and retransmit the same packet again
Increasing RTO can avoid this
But that impacts TCPs recovery from congestion
Head of the line blocking

Link layer has to keep retransmitting even if bad channel
169
Blocks other streams
Findings
Link layer retransmission good
When channel errors infrequent
When retransmit time << RTO
When modifying TCP is not an acceptable solution
170
SPLIT CONNECTION APPROACH
171
1 TCP = TCP + (TCP or XXX)
Per-TCP connection state
TCP connection TCP connection
application application application

rxmt
transport transport transport
network network network
link link link
physical physical physical
172
Base wireless
Station
Splitting Approaches
Indirect TCP [Baker97]
Fixed host (FH) to base station (BS) uses TCP
BS to mobile host (MH) uses another TCP connection
Selective Repeat [Yavatkar94]

Over FH to BS: Use TCP
Over BS to MH: Use selective repeat on top of UDP
No congestion control over wireless [Haas97]

Also use less headers over wireless
Header compression
173
Issues with Splitting
E2E totally broken
2 separate connections
BS maintains hard state for each connection

What if MH disconnected from BS ?
Huge buffer requirements at BS
What if BS fails ?
Handoff between BS requires state transfer
What if Data and ACK travel on different routes ?

BS will not see the ACK at all splitting not feasible
174
TCP-AWARE LINK LAYER
175
Snoop
Link layer at BS buffers un-acknowledged packets
Now, BS peeks into every returning TCP ACK from MH

If DupACK
Retransmits the necessary packet
Drops the DupACK
DupACK does not reach sender

Prevents fast retransmit
176
Snoop : Example
35 TCP state
maintained at
36
link layer
37
38
40 39 38 37
FH BS MH
34 36
Example assumes delayed ack - every other packet ackd

177
Snoop : Example
35 39
36
37
38
41 40 39 38
34 36
178
Snoop : Example
37 40
38
39
42 41 40 39
36 36
dupack
Duplicate acks are not delayed

179
Snoop : Example
37 40
38 41
39
43 42 41 40
36 36 36
Duplicate acks
180
Snoop : Example
37 40
38 41
39 42
44 43 37 41
FH BS MH
36 36
Discard
Dupack triggers retransmission dupack
of packet 37 from base station 36
181
BS needs to be TCP-aware to be able to interpret TCP headers

Snoop : Example
37 40 43
38 41
39 42
45 44 42 37
36 36
36
182
36
Snoop : Example
37 40 43
38 41 44
39 42
46 45 43 42
36 41
TCP sender does not

fast retransmit 36 36
183
36
Snoop : Example
37 40 43
38 41 44
39 42 45
47 46 44 43
41
TCP sender does not

fast retransmit 36 36
184
36 36
Snoop : Example
42 45
43 46
44
48 47 45 44
FH BS MH
41 43
36 36
185
36 36
Snoop [Balakrishnan95acm]
2000000
1600000
bits/sec
1200000 base TCP

800000 Snoop
400000
0
16K
32K
64K
128K
256K
no error
1/error rate (in bytes)
186
2 Mbps Wireless link
Issues with Snoop
Link layer needs to be TCP aware
Smelling cross layer
Link layer needs to buffer and perform sliding window
Not useful when TCP headers encrypted
Not feasible when Data and ACK travel different routes
RTT estimates can still go up due to link layer retransmission

Affects performance of Snoop
187
Quick look at other schemes
TCP-unaware schemes
Explicit notification
Receiver-based
188
TCP-Unaware, ELN
Delayed DupACKs
Receiver waits for sometime before sending DupACK
If link retransmission solves problem
Then TCP sender does not send redundant packet
Explicit Loss Notification (ELN)

BS remembers only packets sequence numbers
When DupACKs return through them, they check
If packet was received by BS, then colors the DupACK
Sender realizes that packet lost on wireless link
Does not cut down CW, just retransmits that packet
189
Receiver-Based TCP
Receiver estimates cause of packet loss
If estimate == wireless loss, sets ELN bit
12 11 10
FH BS MH
T
12 10
FH BS MH
11 When is this
Congestion loss Mechanism a
2T Big problem ?
12 11 10
Error loss 190
FH BS MH
Closing Thoughts
Reliable and in-order packet delivery important
TCP aims to support these features
Implements congestion control and flow control
TCP widely tuned for wireline networks

Proven to be efficient on the internet
When network periphery has wireless last mile

TCP exhibits myriad problems
Mainly because of
misclassification between congestion and channel errors
Several solution approaches but many open problems 191

Outline
Overview
MAC
Routing
Wireless TCP
Wireless security
192
Wireless in the Real World
Real world deployment patterns
Mesh networks and deployments
193
Wireless Challenges
Force us to rethink many assumptions
Need to share airwaves rather than wire
Dont know what hosts are involved
Host may not be using same link technology
Mobility
Other characteristics of wireless
Noisy lots of losses
Slow
Interaction of multiple transmitters at receiver
Collisions, capture, interference
Multipath interference 194
Overview
IEEE 802.11
Deployment patterns
Reaction to interference
Interference mitigation
Mesh networks
Architecture
Measurements
195
Characterizing Current Deployments
Datasets
Place Lab: 28,000 APs
MAC, ESSID, GPS
Selected US cities
www.placelab.org
Wifimaps: 300,000 APs
MAC, ESSID, Channel, GPS (derived)
wifimaps.com
Pittsburgh Wardrive: 667 APs
MAC, ESSID, Channel, Supported Rates, GPS
196
AP Stats, Degrees: Placelab
(Placelab: 28000 APs, MAC, ESSID, GPS)
#APs Max.
degree 50 m
(i.e., # neighbors)
Portland 8683 54
San Diego 7934 76
San
3037 85
Francisco 1 2 1
Boston 2551 39 197
Degree Distribution: Place Lab
198
Unmanaged Devices
WifiMaps.com
(300,000 APs, MAC, ESSID, Channel)
Channel %age
6 51
11 21 Most users dont change

default channel
1 14
Channel selection must
10 4 be automated
199
Growing Interference in Unlicensed
Bands
Anecdotal evidence of problems, but how severe?
Characterize how IEEE 802.11 operates under
interference in practice
Other 802.11
200
What do We Expect?
Throughput to decrease
linearly with interference
There to be lots of options for
802.11 devices to tolerate
Throughput (linear)
interference
Bit-rate adaptation
Power control
FEC
Packet size variation
Spread-spectrum processing
Transmission and reception
diversity Interferer power 201
(log-scale)
Key Questions
How damaging can a low-power and/or narrow-band
interferer be?
How can todays hardware tolerate interference well?

What 802.11 options work well, and why?
202
What We See
Effects of interference
more severe in
practice
Throughput (linear)
Caused by hardware
limitations of
commodity cards,
which theory doesnt
model Interferer power
(log-scale) 203
Experimental Setup
Access
Point
UDP flow
802.11 Interferer
802.11
Client
204
802.11 Receiver Path
PHY PHY MAC
MAC
To RF Amplifiers
Amplifier control
RF AGC
Signal ADC Data
Analog Timing Barker
Demodulator Descrambler
Correlator (includes
signal 6-bit
Recovery beacons)
samples Preamble Detector/
Header CRC-16 Checker
Receiver
SYNC SFD CRC Payload
PHY header
Extend SINR model to capture these vulnerabilities 205

Interested in worst-case natural or adversarial interference
Have developed range of attacks that trigger these vulnerabilities
Timing Recovery Interference
Interferer sends continuous SYNC pattern
Interferes with packet acquisition (PHY reception errors)
10000 1200
Weak interferer
Moderate 1000
Throughput (kbps)
1000
(microseconds)
interferer
800
Latency
100 Throughput
Log-scale 600
10
400
Latency
1
200
0.1 0 206
-20 -12 -2 0 8 12 15 20
Interferer Power (dBm)

Interference Management
Interference will get worse
Density/device diversity is increasing
Unlicensed spectrum is not keeping up
Spectrum management
Channel hopping 802.11 effective at mitigating some
performance problems [Sigcomm07]
Coordinated spectrum use based on RF sensor network
Transmission power control

Enable spatial reuse of spectrum by controlling transmit
power
Must also adapt carrier sense behavior to take advantage 207
Impact of frequency separation
Even small frequency separation (i.e., adjacent 802.11 channel)

helps
10000
15MHz separation
1000
Throughput (kbps)
10MHz separation
5MHz separation
(good performance)
100 Same channel
(poor performance)
10
0.1 208
-20 -12 0 8 12 15 20
Interferer Power (dBm)

Transmission Power Control
Choose transmit power levels to maximize physical

spatial reuse
Tune MAC to ensure nodes transmit simultaneously
when possible
Spatial reuse = network capacity / link capacity
Client2 Concurrent transmissions Client2

AP1 AP2 increase spatial reuse AP2
Client1 AP1 Client1

Spatial Reuse = 1 Spatial Reuse = 2 209
Transmission Power Control in
Practice
For simple scenario easy to compute
optimal transmit power
May or may not enable simultaneous
transmit AP1
Protocol builds on iterative pair-wise

d12 AP2
optimization
d22
d11
Adjusting transmit power requires
Client2
adjusting carrier sense thresholds d21
Echos, Alpha or eliminate carrier sense

Altrusitic Echos eliminates starvation in Client1
Echos 210
Details of Power Control
Hard to do per-packet with many NICs

Some even might have to re-init (many ms)
May have to balance power with rate
Reasonable goal: lowest power for max rate
But finding ths empirically is hard! Many {power, rate}
combinations, and not always easy to predict how each
will perform
Alternate goal: lowest power for max needed rate
But this interacts with other people because you use more
channel time to send the same data. Uh-oh.
Nice example of the difficulty of local vs. global optimization
211
Rate Adaptation
General idea:
Observe channel conditions like SNR (signal-to-noise
ratio), bit errors, packet errors
Pick a transmission rate that will get best goodput
There are channel conditions when reducing the bitrate can
greatly increase throughput e.g., if a decrease in bitrate
gets you from 90% loss to 10% loss.
212
Simple Rate Adaptation Scheme
Watch packet error rate over window (K packets or T seconds)
If loss rate > threshhigh (or SNR <, etc)
Reduce Tx rate
If loss rate < threshlow
Increase Tx rate
Most devices support a discrete set of rates
802.11 1, 2, 5.5, 11Mbps, etc.
213
Challenges in Rate Adaptation
Channel conditions change over time
Loss rates must be measured over a window
SNR estimates from the hardware are coarse, and dont always
predict loss rate
May be some overhead (time, transient interruptions, etc.) to
changing rates
214
Power and Rate Selection Algorithms
Rate Selection
Auto Rate Fallback: ARF
Estimated Rate Fallback: ERF
Goal: Transmit at minimum necessary power to reach

receiver
Minimizes interference with other nodes
Paper: Can double or more capacity, if done right.
Joint Power and Rate Selection

Power Auto Rate Fallback: PARF
Power Estimated Rate Fallback: PERF
Conservative Algorithms
Always attempt to achieve highest possible modulation rate
215
Power Control/Rate Control Summary
Complex interactions.
More power:
Higher received signal strength
May enable faster rate (more S in S/N)
May mean you occupy media for less time
Interferes with more people
Less power
Interfere with fewer people
Less power + less rate
Fewer people but for a longer time
Gets even harder once you consider

Carrier sense
Calibration and measurement error 216
Mobility
Overview
802.11
Deployment patterns
Reaction to interference
Interference mitigation
Mesh networks
Architecture
Measurements
217
Community Wireless Network
Share a few wired Internet connections
Construction of community networks
Multi-hop network
Nodes in chosen locations
Directional antennas
Require well-coordination
Access point
Clients directly connect
Access points operates independently
Do not require much coordination
218
Roofnet
Goals
Operate without extensive planning or central management
Provide wide coverage and acceptable performance
Design decisions
Unconstrained node placement
Omni-directional antennas
Multi-hop routing
Optimization of routing for throughput in a slowly changing
network
219
Roofnet Design
Deployment
Over an area of about four square kilometers in Cambridge,
Messachusetts
Most nodes are located in buildings
3~4 story apartment buildings
8 nodes are in taller buildings
Each Rooftnet node is hosted by a volunteer user
Hardware
PC, omni-directional antenna, hard drive
802.11b card
RTS/CTS disabled
Share the same 802.11b channel
Non-standard pseudo-IBSS mode
Similar to standard 802.11b IBSS (ad hoc)
Omit beacon and BSSID (network ID)
220
Roofnet Node Map
221
1 kilometer
Roofnet
222
Typical Rooftop View
223
A Roofnet Self-Installation Kit
Antenna ($65) 50 ft. Cable ($40)

8dBi, 20 degree Low loss (3dB/100ft)
vertical
Computer ($340) Miscellaneous ($75)
533 MHz PC, hard Chimney Mount,
disk, CDROM Lightning Arrestor, etc.
802.11b card ($155) Software (free)

Engenius Prism 2.5, Our networking
200mW software based on
Click
Total: $685 224

Takes a user about 45 minutes to install on a flat roof
Software and Auto-Configuration
Linux, routing software, DHCP server, web server
Automatically solve a number of problems
Allocating addresses
Finding a gateway between Roofnet and the Internet
Choosing a good multi-hop route to that gateway
Addressing
Roofnet carries IP packets inside its own header format and routing
protocol
Assign addresses automatically
Only meaningful inside Roofnet, not globally routable
The address of Roofnet nodes
Low 24 bits are the low 24 bits of the nodes Ethernet address
High 8 bits are an unused class-A IP address block
The address of hosts
Allocate 192.168.1.x via DHCP and use NAT between the Ethernet and
Roofnet 225
Software and Auto-Configuration
Gateway and Internet Access

A small fraction of Roofnet users will share their wired
Internet access links
Nodes which can reach the Internet
Advertise itself to Roofnet as an Internet gateway
Acts as a NAT for connection from Roofnet to the Internet
Other nodes
Select the gateway which has the best route metric
Roofnet currently has four Internet gateways
226
Evaluation
Method
Multi-hop TCP
15 second one-way bulk TCP transfer between each pair of Roofnet
nodes
Single-hop TCP
The direct radio link between each pair of routes
Loss matrix
The loss rate between each pair of nodes using 1500-byte broadcasts
Multi-hop density
TCP throughput between a fixed set of four nodes
Varying the number of Roofnet nodes that are participating in
routing
227
Evaluation
Basic Performance (Multi-hop TCP)
The routes with low hop-count have much higher
throughput
Multi-hop routes suffer from inter-hop collisions
228
Evaluation
Basic Performance (Multi-hop TCP)

TCP throughput to each node from its chosen gateway
Round-trip latencies for 84-byte ping packets to estimate interactive
delay
No problem in
interactive sessions
Evaluation
Link Quality and Distance (Single-hop TCP, Multi-hop TCP)
Most available links are between 500m and 1300m and 500 kbits/s
(most cases)
Srcr
Use almost all of the links faster than 2 Mbits/s and ignore majority of
the links which are slower than that
Fast short hops are the best policy
a small number of links a few hundred meters long with throughputs
of two megabits/second or more, and a few longer high-throughput
links
Evaluation
Link Quality and Distance (Multi-hop TCP, Loss matrix)
Median delivery probability is 0.8
1/4 links have loss rates of 50% or more

802.11 detects the losses with its ACK mechanism and resends
the packets
meaning that Srcr often uses links
with loss rates of 20% or more.
231
Evaluation Comparison against communication over a direct
radio link to a gateway (Access-point Network)
Architectural Alternatives
Maximize the number of additional nodes with non-zero throughput to
some gateway
Ties are broken by average throughput
For small numbers of gateways, multi-

hop routing improves both
connectivity and throughput.
Comparison of multi-hop and single-hop Comparison of multi-hop and single-hop

architectures, with optimal" choice of gateways. architectures with random gateway choice.
Evaluation
Inter-hop Interference (Multi-hop TCP, Single-hop TCP)
Concurrent transmissions on different hops of a route collide and
cause packet loss
The expected multi-hop

throughputs are mostly
higher than the
measured throughputs.
233
Roofnet Summary
The networks architectures favors
Ease of deployment
Omni-directional antennas
Self-configuring software
Link-quality-aware multi-hop routing
Evaluation of network performance
Average throughput between nodes is 627kbits/s
Well served by just a few gateways whose position is determined
by convenience
Multi-hop mesh increases both connectivity and throughput
234
Roofnet Link Level Measurements
Analyze cause of packet loss
Neighbor Abstraction
Ability to hear control packets or No Interference
Strong correlation between BER and S/N
RoofNet pairs communicate
At intermediate loss rates
Temporal Variation
Spatial Variation
neighbor abstraction is a
poor approximation of reality
235
Lossy Links are Common
236
Delivery Probabilities are Uniformly
Distributed
237
Delivery vs. SNR
238
SNR not a good predictor
Is it Bursty Interference?
May interfere but not impact SNR measurement
239
Two Different Roofnet Links
Top is typical of bursty interference, bottom is not
Most links are like the bottom
240
Is it Multipath Interference?
Simulate with channel emulator
241
A Plausible Explanation
Multi-path can produce intermediate loss rates

Appropriate multi-path delay is possible due to long-links
242
Key Implications
Lack of a link abstraction!
Links arent on or off sometimes in-between
Protocols must take advantage of these intermediate quality

links to perform well
How unique is this to Roofnet?

Cards designed for indoor environments used outdoors
243
Outline
Overview
MAC
Routing
Wireless TCP
Wireless security
244
Taking Advantage of Broadcast
Opportunistic forwarding (ExOR)
Network coding (COPE)
245
Initial Approach: Traditional Routing
packet packet
A B
packet src dst
Identify a route, forward over links 246

Abstract radio to look like a wired link
Radios Arent Wires
A B
123 45566 src dst
Every packet is broadcast 247

Reception is probabilistic
Exploiting Probabilistic Broadcast
packet
A B
src dst
packet
Decide who forwards after reception

Goal: only closest receiver should forward 248
Challenge: agree efficiently and avoid duplicate transmissions
Why ExOR Might Increase Throughput
src N1 N2 N3 N4 N5 dst
75%
50%
25%
Best traditional route over 50% hops: 3(1/0.5) = 6 tx

Throughput 1/# transmissions
ExOR exploits lucky long receptions: 4 transmissions
249
Assumes probability falls off gradually with distance
Why ExOR Might Increase Throughput
N1
N2
src dst
N3
N4
Traditional routing: 1/0.25 + 1 = 5 tx

ExOR: 1/(1 (1 0.25)4) + 1 = 2.5 transmissions
250
Assumes independent losses
Comparing ExOR
Traditional Routing:
One path followed from source to destination
All packets sent along that path
Co-operative Diversity:
Broadcast of packets by all nodes
Destination chooses the best one
ExOR:
Broadcast packets to all nodes
Only one node forwards the packet
Basic idea is delayed forwarding
251
ExOR Batching
rx: 40
0
rx: 57
85
N2 tx: 0
tx:
100
9 tx: 57 -23 N4 rx: 22
0
src 24 dst
rx: 88
99 rx: 53
23
N1 N3 tx: 23
tx: 8
Challenge: finding the closest node to have rxd

Send batches of packets for efficiency
Node closest to the dst sends first
Other nodes listen, send remaining packets in turn 252
Repeat schedule until dst has whole batch
Reliable Summaries
contains the sender's best
guess of the highest priority
tx: {2, 4, 10 ... 97, 98}
node to have received batch map: {1,2,6, ... 97, 98, 99}
each packet
N2 N4
src dst
N1 N3
The remaining forwarders transmit tx: {1, 6, 7 ... 91, 96, 99}
in order, but only send packets which were
not acknowledged in the batch maps of
batch map: {1, 6, 7 ... 91, 96, 99}
higher priority nodes.
Repeat summaries in every data packet 253

Cumulative: what all previous nodes rxd
This is a gossip mechanism for summaries
Priority Ordering
N2 N4
src dst
N1 N3
Goal: nodes closest to the destination send first

Sort by ETX metric to dst
Nodes periodically flood ETX link state measurements
Path ETX is weighted shortest path (Dijkstras algorithm)
Source sorts, includes list in ExOR header
254
Using ExOR with TCP
Client PC TCP TCP Web Server
Node Gateway
Proxy ExOR Batches (not TCP) Web
Proxy
ExOR
Batching requires more packets than typical TCP window 255

Summary
ExOR achieves 2x throughput improvement
ExOR implemented on Roofnet
Exploits radio properties, instead of hiding them
256
Outline
Opportunistic forwarding (ExOR)
Network coding (COPE)
257
Background
Famous butterfly example:
All links can send one message per unit of time

Coding increases overall throughput 258
Background
Bob and Alice
Relay
Require 4 transmissions
259
Background
Bob and Alice
Relay
XOR
XOR XOR
Require 3 transmissions
260
Coding Gain
Coding gain = 4/3
1 1+3
261
Throughput Improvement
UDP throughput improvement ~ a factor 2 > 4/3 coding gain
1 1+3
262
Coding Gain: more examples
2
1 5
3 Opportunistic Listening:
Every node listens to all
4 packets
It stores all heard
1+2+3+4+5 packets for a limited
time
Without opportunistic listening, coding [+MAC] gain=2N/(1+N) 2.

With opportunistic listening, coding gain + MAC gain
COPE (Coding Opportunistically)
Overhear neighbors transmissions
Store these packets in a Packet Pool for a short time
Report the packet pool info. to neighbors
Determine what packets to code based on the info.
Send encoded packets
To send packet p to neighbor A, XOR p with packets already known

to A. Thus, A can decode
But how can multiple neighbors benefit from a single transmission?
Opportunistic Coding
Bs queue Next hop
P4 P1
P1 A
C P2 C
P3 C
P4 P3 P2 P1
P4 D
B
Coding Is it good?
D P1+P2 Bad (only C can
A decode)
P1+P3 Better coding (Both A
P4 P3 P3 P1 and C can decode)
P1+P3+P4 Best coding (A, C, D
can decode)
Packet Coding Algorithm
When to send?
Option 1: delay packets till enough packets to code with
Option 2: never delaying packets -- when theres a
transmission opportunity, send packet right away
Which packets to use for XOR?
Prefer XOR-ing packets of similar lengths
Never code together packets headed to the same next hop
Limit packet re-ordering
XORing a packet as long as all its nexthops can decode it
with a high enough probability 266
Packet Decoding
Where to decode?
Decode at each intermediate hop
How to decode?
Upon receiving a packet encoded with n native packets
find n-1 native packets from its queue
XOR these n-1 native packets with the received packet to extract the
new packet
267
Prevent Packet Reordering
Packet reordering due to async acks degrade TCP performance
Ordering agent
Deliver in-sequence packets immediately
Order the packets until the gap in seq. no is filled or timer expires
268
Summary of Results
Improve UDP throughput by a factor of 3-4
Improve TCP by
wo/ hidden terminal: up to 38% improvement
w/ hidden terminal and high loss: little improvement
Improvement is largest when uplink to downlink has

similar traffic
Interesting follow-on work using analog coding

269
Reasons for Lower Improvement in
TCP
COPE introduces packet re-ordering
Router queue is small smaller coding opportunity
TCP congestion window does not sufficiently open up
due to wireless losses
TCP doesnt provide fair allocation across different flows
270
Outline
Overview
MAC
Routing
Wireless TCP
Wireless security
271
Overview
Understand
Attacks
Stimulate Detect
cooperation Attacks
Defend
272
Attacking Wireless Networks
273
Attack 1: CSMA Selfish Behaviors
Carrier sense: When a node wishes to transmit a packet, it
first waits until the channel is idle
Backoff Interval: used to reduce collision probability
When transmitting a packet, choose a backoff interval
in the range [0,cw]: cw is contention window
Count down the backoff interval when medium is idle
Count-down is suspended if medium becomes busy
When backoff interval reaches 0, transmit
IEEE 802.11 DCF: contention window cw is chosen
dynamically depending on collision occurrence 274
Binary Exponential Backoff
When a node faced a transmission failure, it increases the

contention window
cw is doubled (up to an upper bound)
When a node successfully completes a data transfer, it restores

cw to Cwmin
cw follows a sawtooth curve
275
Attack 1: CSMA Selfish Behaviors
Use smaller backoff window

Transmit with you should not
Attacker gets more bandwidth
Cause collisions to others
276
Attack 2: Jamming
jammer
I cant
decode
my data
277
Attack 3: Injecting Bogus Information
278
Introduction
Traditionally, Denial of Service (DoS) attacks involve filling
receiving buffers and/or bringing down servers
In the wireless domain, DoS is more fundamentally linked with
the medium
MAC misbehavior or
Preventing nodes from even communicating (i.e., jamming)
279
Roadmap
Advanced
Detection
Mechanisms
Basic
Detection
Mechanisms
Jamming
Models
280
What is a Jammer?
A jammer is purposefully trying to interfere with
the physical transmit/receive
281
Jammers -- Hardware
Cell phone jammer unit
Block every cellular phone!!!
Signal generator
Conventional devices
282
Goal of Jammer
Interference
Prevent a sender from sensing out packets
Prevent a receiver from receiving legitimate packets
How to measure their effectiveness:
Packet Send Ratio (PSR):
Ratio of actual # of packets sent out versus # of packets
intended
Packet Delivery Ratio (PDR):
Ratio of # of successfully delivered packets versus # of packets
sent out
Measured at sender [ACKs] or receiver [CRC check]
283
Jammer Attack Models
Normal MAC protocol: Jammer:
Need to Need to
send m send m
Is No
Is No
channel Backoff channel Backoff
idle? idle?
Yes Yes
start to start to
send m send m
Jamming Models
Constant Jammer
Continuously emits radio signal (random bits, no MAC-etiquette)
Deceptive Jammer
Continuously sends regular packets (preamble bits) without gaps
in transmission
Targeting sending
Random Jammer
Alternates between sleeping and jamming states.
Takes energy conservation into consideration
Reactive Jammer:
Reacts to a sent message
Targeting reception;
285
Harder to detect
Constant Jammer
-60
CBR
-80
-60
-100 CBR
-80
-60
-100 MaxTraffic
-80
-60
-100 MaxTraffic
-80
-60
-100 Constant Jammer
-80
-60
(dBm)
-100 Constant Jammer

-80
(dBm)
-60
-100
RSSI
Deceptive Jammer
-80
-60
RSSI
-100 Deceptive Jammer

-80
Constant Jammer - continually emits a radio
-60
-100 signal (noise).
Reactive Jammer
-80
-60
The device will not wait for the channelReactive
to beJammer
idle before
-100
-80
transmitting.
-60
-100
Can disrupt even signal strength comparison
Random Jammer
protocols
-80
-60 . Random Jammer
-100
-80
0 200 400 600 800 1000 1200 1400 1600
-100 sample sequence number
0 200 400 600 800 1000 1200 1400 1600
sample sequence number
Deceptive Jammer -60
CBR
-80
-100
-60
-60 MaxTraffic
-80 CBR
-80
-100
-100
-60
-60 Constant Jammer
-80
MaxTraffic
RSSI (dBm) RSSI (dBm)
-80
-100
-60
-100
-80
Constant Jammer
-80
-100
-60
-100 Reactive Jammer
-80
Deceptive
-100
-80
-60
Jammer - constantly injects regular packets
Deceptive Jammer
-60
with no gap between packets. A normal
-100
-80
device
Random will
Jammer
-60
remain
-100 in the receive state and cannot switch
0 200 400 600 800 1000 1200 Reactive
1400
to the send
Jammer
1600
-80
state
-100
because of the sample
constant stream
sequence number of incoming packets.
-60
Random Jammer
-80
-100
0 200 400 600 800 1000 1200 1400 1600
-100
-60
MaxTraffic
-80
Random Jammer -100

-60
-80
Constant Jammer
RSSI (dBm)
-100
-60
-80 CBR
-80
-100
-100
-60
-60 Reactive Jammer
-80
-80
MaxTraffic
-100
-100
-60
-60
Random
ConstantJammer
Jammer
-80
-80
RSSI (dBm)
-100
-100
0
-60 200 400 600 800 1000 1200 1400 1600
-80 sample sequence number Deceptive Jammer
-100
-60
Random
-80 Jammer - alternates between sleeping and
Reactive Jammer
-100
jamming.
-60 Can act as constant or deceptive when
Random Jammer
jamming.
-80 Takes energy conservation into consideration.
-100
0 200 400 600 800 1000 1200 1400 1600
-60
CBR
-80
Reactive Jammer -100

-60
-80
MaxTraffic
-100
-60
-60 Constant Jammer
-80
RSSI (dBm)
CBR
-80
-100
-100
-60
-80 MaxTraffic
-80
-100
-100
-60
-60
Reactive
Constant Jammer
Jammer
-80
-80
RSSI (dBm)
-100
-100
-60
-60
Deceptive
Random Jammer
Jammer
-80
-80
Reactive
-100
-100
-600 Jammer
200 400
- other
600
three
800
are active
1000 1200
this is1600
1400
not. It
stays
-80 quiet until there is activity
sample on theReactive
sequence number Jammer
channel. This
-100
targets
-60 the reception of a message. This style does not
Random Jammer
conserve
-80
energy however it may be harder to detect.
-100
0 200 400 600 800 1000 1200 1400 1600
Basic Jamming Detection
What attributes will help us detect jamming?
Signal strength (PHY-layer detection)

Carrier sense (MAC layer detection)
Packet Delivery Ratio
Detects all jamming models
Differentiates jamming from congestion
Cannot differentiate jamming from node failure, battery loss,
departure, etc.
290
Detection 1: Analyzing Signal Strength
How can we use Signal Strength to detect Jamming?
Signal strength distribution may be affected by the

presence of a jammer
Each device should gather its own statistics to make its

own decisions on the possibility of jamming
Establish a base line or build a statistical model of normal

energy levels prior to jamming of noise levels.But how??
291
Two Methods for Signal Strength
1. Basic Average and Energy Detection
We can extract two statistics from this reading, the average signal
strength and the energy for detection over a period of time
2. Signal Strength Spectral Discrimination
A method that employs higher order crossings (HOC) to calculate the
differences between samples
This method is practical to implement on resource constrained
wireless devices, such as sensor nodes
292
Experiment Setup
Involving three parties: Receiver B
Normal nodes: Sender A
Sender A
Receiver B
Jammer X
Parameters
Four jammers model dAB
Distance dXB
Let dXB = dXA
Fix dAB at 30 inches
dXA
Power
PA = PB = P X = -4dBm
Jammer X
Signal Strength
CBR: 20 packets per second
The average values for the
constant jammer and the
MaxTraffic source are roughly
equal
The constant jammer and
deceptive jammer have
roughly the same average
values
The signal strength average
from a CBR source does not
differ much from the reactive
jammer scenario
These results suggest that we
may not be able to use simple
statistics such as average
signal strength to identify
jamming
Signal-Strength: Higher Order Crossing
We can not distinguish the reactive or random jammer from normal
traffic
A reactive or random jammer will alternate between busy and idle in the
same way as normal traffic behaves
HOC will work for some jammer scenarios but are not powerful enough
to detect all jammer scenarios
Not working well.
295
Detection 2: Analyzing Carrier Sensing Time
A jammer can prevent a legitimate source from sending out
packets channel might appear constantly busy to the
source
Keep track of the amount of time it spends waiting for the
channel to become idle (carrier sensing time)
Compare it with the sensing time during normal traffic
operations to determine whether it is jammed
Only true if MAC protocol employs a fixed signal strength
threshold to determine whether channel is busy
Determine when large sensing times are results of jamming
by setting a threshold
Threshold set conservatively to reduce false positive 296
Detection 2: Analyzing Carrier Sensing Time
It detects the Constant 297

Hard to detect a reactive jammer and Deceptive Jammer
Detection 3: Analyzing Packet Delivery Ratio
How much PDR degradation can
be caused by non-jamming, Receiver
normal network dynamics, such
as congestion? (PDR 78%)
A jammer causes the PDR drop
significantly, almost to 100%
A simple threshold based on PDR
is a powerful statistic to
determine Jamming vs.
congestion
PDR can not differentiate non-
aggressive jamming attacks from
poor channel quality
298
MaxTraffic
Sender
Basic Statistics Summary
Both Signal Strength and Carrier Sensing time can

only detect the constant and deceptive jammer
Neither of these two statistics is effective in

detecting the random or the reactive jammer
PDR is a powerful statistic to determine Jamming

vs. congestion
It can not account for all network dynamics
299
Solution: Consistency Checks
PDR is relatively good
Normal scenario:
High signal strength high PDR
Low signal strength low PDR
Low PDR in real life
Poor channel quality
Jamming attacks high signal strength
Consistency check
Look at transmissions from neighbors
If at least one neighbor has high PDR
If all have low PDR check signal strength high I am being
jammed! 300
Location-Based Consistency Check
Concept:
Close neighbor nodes high PDR
Far neighbor nodes lower PDR
If all nearby neighbors exhibit low PDR
jammed!
301
PRD/Signal Strength Consistency
PDR< Threshold
No
Yes
Sample Signal
Not
Strength
Jammed
PDR Yes
consistent
with SS
No
Jammed
Results
Observed Normal
relationships
High signal strength yields
a high PDR
Low signal strength yields
a low PDR
Jammed scenario: a high
signal strength but a low
PDR
The Jammed region has
above 99% signal
strength confidence
intervals and whose PDR
303
is below 65%
What Happens After Detection??
This work has identified jamming models and described a
means of detection
Prevention? Reaction?
Channel surfing and spatial retreats
SSCH
304
Our Jammers
MAC-layer Jammer
Mica2 Motes (UC Berkeley)
8-bit CPU at 4MHz
512KB flash, 4KB RAM
916.7MHz radio
OS: TinyOS
Disable the CSMA
Keep sending out the preamble
PHY-layer Jammer
Waveform Generator
Tune frequency to 916.7MHz
305
Escaping From Jamming Attacks
Channel Surfing
Utilize frequency hopping if a node detects that it is being
jammed it just switches to another channel
Inspired by frequency hopping techniques, but operates at the link
layer
System Issues: Must have ability to choose multiple
orthogonal channels
Practical Issue: PHY specs do not necessarily translate into correct
orthogonal channels
Example: MICA2 Radio recommends: choose separate channels
with a minimum spacing of 150KHz but..
306
Throughput VS. Channel Assignment
Sender sends the packet as fast as it
can
Receiver counts the packet and
calculates the throughput
The radio frequency of the sender
and receiver was fixed at 916.7MHz
Increased the interferers
communication frequency by 50kHz
each time
When the Jammers communication
frequency increases to 917.5MHz,
there is almost no interference
307
Is Channel Surfing Feasible??
308
Escaping From Jamming Attacks
Orthogonal channels
The fact is that we need at least 800KHz to escape the
interference
Therefore, explicit determination of the amount of
orthogonal channels is important
Channel Surfing
Target: maximize the delay before the attacker finds the new
channel
Solution: use a (keyed) pseudo-random channel assignment
between nodes
309
Escaping from Jamming Attacks
Spatial Retreats:
If a node is jammed move spatially (physically) to another
location
When a node changes location, it needs to move to a new
location where it can avoid being jammed but minimize
network degradation
Sometimes a spatial retreat will cause a network partition
Two different strategies to defend against jamming
Channel-surfing: changing the transmission frequency to a
range where there is no interference from the attacker
Spatial retreat: moving to a new location where there is no
interference 310
Jammers will be Punished
A man skilled in the operation of commercial wireless
Internet networks was sentenced for intentionally bringing
down wireless Internet services across the region of
Vernal, Utah.
Ryan Fisher, 24, was sentenced to 24 months in prison to
be followed by 36 months of supervised release, and to
pay $65,000 in restitution.
In total, more than 170 customers lost Internet service,
some of them for as long as three weeks
311
Sustaining Cooperation in
Multi-Hop Wireless Networks
312
Motivation
Free riding in multi-hop wireless networks
less contribution to the group
consume more than their fair share of a resource
Routing protocols assume that nodes are well behaved
Need for a system which discourages
selfish behavior
313
Problem Definition
B can avoid these forwarding loads in two distinct

ways:
Forwarding level : drop packets for forwarding from A
Routing level : refuse to send routing messages that
acknowledge connectivity with A 314
Assumptions
Nodes Selfish but not Malicious
Most nodes in the system are cooperative
Omni-directional radio transmitters and antennas
Nodes have unforgeable ID
315
Catch !!
Enforcement based mechanism to discourage free-riding

through
Fear of punishment !
316
Main Idea
317
Problems in doing this??
Distinguishing between Selfish nodes and Transmission errors
Announcing the presence of free-rider to all, even if he/she is
your only link to the outside world
318
Power of Anonymity
The goal is to use cooperative nodes to monitor for the

presence of free-riders and to isolate them
Two problems
Distinguish them
Signal all of the free-riders neighbor
319
Solution..
Anonymous Challenge and Watchdogs
To distinguish deliberate packet dropping from wireless errors
Anonymous Neighbor Verification
To inform all other testers of the free-rider to isolate him
320
Anonymous Challenges
A watchdog is used
All Testers regularly but unpredictably send an anonymous
challenge to Testee for it to rebroadcast
A cryptographic hash of a randomly generated token
Even a selfish testee must depend on at least one of its
testers to forward its packets if it is to stay connected
Any tester, without hearing the rebroadcast of its
challenge Flag Testee as a Free Rider, refuses to
forward packets
321
Once free-rider is detected, other testers must
also be informed
Challenge: the only path must be via the testee
Anonymous neighbor verification (ANV) sub-
protocol is defined
322
First phase ANV Open
Each tester sends cryptographic hash of a random token to the
testee to rebroadcast
All others take note
Second phase ANV Close
If satisfied, release token to testee for it to rebroadcast
If senders dont receive tokens for all hash messages
infer that testee is free riding
323
Evaluation
15 PCs equipped with 802.11b
Operating in the ad-hoc mode
Diameter is between 3 and 5
hops
Length of one epoch is set to
one minute
There are 15 anonymous ACM
messages per epoch
324
Evaluation
325
Evaluation
Three nodes: the second one acts as free-rider
The number of epochs required to detect free-riders in the
testbed versus the fraction of packets a free-rider dropped
Each point is the

average of 10
experiments
326
Evaluation
327
Average Time to Isolation (ATI)

Conclusion
Catch sustains cooperation with autonomous p nodes
No central authority required unlike reputation/incentive
based schemes
No restrictions on workload, routing protocols or node
objectives
Isolates freeriders rather quickly
No false positives
328

Chapter3 Wireless

Uploaded by

Copyright:

Available Formats

Chapter3 Wireless

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter3 Wireless

Uploaded by

Copyright:

Available Formats

Wireless and Mobile

Cellular Networks (hierarchical systems) WLAN / Mesh networks

Challenges: two or more users can access the same channel

Transmit and pray

Transmit and pray Can collisions still occur?

Listen before you talk

Collisions can still occur:

Keep listening to channel

The signal is identical at Tx and Rx

The TRANSMITTER can detect if and

Both observations do not hold for

Signal not same at different locations

Signal reception based on SINR

SignalOfIn terest ( SoI )

Critical fact #1: Interference is receiver driven while CSMA is 41

avoid data frame collisions completely

C switches to channel 1 and transmits RTS

What if each user only has one radio???? 51

[so04] J. So and N. Vaidya, Multichannel MAC for Ad Hoc

Source node S floods Route Request (RREQ)

Each node appends own identifier when forwarding RREQ

Represents a node that has received RREQ for D from S 72

Represents transmission of RREQ 73

[X,Y] Represents list of identifiers appended to RREQ

Node H receives packet RREQ from two neighbors:

Node C receives RREQ from G and H, but does not forward

Nodes J and K both broadcast RREQ to node D

Node D does not forward RREQ, because node D 77

Destination D on receiving the first RREQ, sends a Route Reply

RREP is sent on a route obtained by reversing the route

RREP includes the route from S to D on which RREQ was

If unidirectional (asymmetric) links are allowed, then RREP may

Node S on receiving RREP, caches the route included in the

When node S sends a data packet to D, the entire route is

Intermediate nodes use the source route included in a packet

Node X on receiving a Route Request for some node D can

Use of route cache

With passage of time and host mobility, cached routes may

An illustration of the adverse impact on TCP will be discussed

Route caching can further reduce route discovery overhead

A single route discovery may yield many routes to the

This problem can be eased if some mechanism to purge

For some proposals for cache invalidation, see

How to reduce the scope of the route request flood ?

How to reduce redundant broadcasts ?

Expected Zone is determined as a region that is expected to

Route requests limited to a Request Zone that contains the

Y = location of node D at current

r = (t1 - t0) * estimate of Ds speed

Request zone explicitly specified in the route request

Each node must know its physical location to determine

If route discovery using the smaller request zone fails to find a

Rest of route discovery protocol similar to DSR

Modified request zone may be determined using more

Alternative approach: A node X forwards a route request

The motivation is to attempt to bring the route request

The closeness property is defined without using physical

Path locality heuristic: Look for a new path that contains at

Old route is piggybacked on a Route Request