The carrier-sense multiple-access with collision avoidance (CSMA/CA) protocol relies on the random deferment of packet transmissions for contention resolution and efficient use of the communication channel that is shared among many terminals (i.e., nodes) in a network. This contention resolution typically is based on cooperative protocols, such as IEEE 802.11 distributed coordination function (DCF), which is a popular protocol for wireless networks.
The operation of the DCF protocol is based on time multiplexing access of the terminals to the network, and it is assumed that all the terminals in the network will obey the protocol guidelines. However, the pervasive nature of wireless networks together with the requirement for flexible and readily reconfigurable protocols has resulted in wireless network devices becoming easily programmable. Wireless interface software, such as MadWifi for the Atheros chipsets (http://madwifi.org/) or the ipw series for the Intel PRO/Wireless chipsets (e.g. http://ipw2100.sourceforge.net/), can be easily modified and the protocol parameters can be changed by users so that one particular network terminal is capable of deviating from legitimate operation of a network transmission protocol in order to gain an advantage over other network terminals (i.e., referred to as selfish misbehavior), or to disrupt the network operation (i.e., referred to as malicious misbehavior).
Therefore, it is necessary to have a mechanism to detect when a network terminal is deviating from legitimate operation under the protocol rules. Unfortunately, detecting such deviation is difficult due to the random operation of the CSMA/CA protocol and the nature of the wireless medium itself, where network channel impairment and interference make network conditions appear different for different terminals.
Deviation from legitimate protocol operation in wireless networks has received considerable attention. Most of the current research focuses on malicious misbehavior, in which terminals do not obey the protocols with the sole objective of disrupting the operation of the network, even to the deviating terminal's own determent. Malicious misbehaviors of this kind are often referred to as denial-of-service (DoS) attacks.
While malicious misbehavior is abundant, it is usually limited to a small percentage of users. Selfish misbehavior, on the other hand, is employed by users who wish to increase their own share of the common network transmission resources.
Selfish misbehaviors on network terminals are often analyzed in the framework of game theory, as such terminals compete to maximize their own utilities, such as allowed bandwidth, for example. An example of selfish misbehavior involves a network terminal refusing to forward data packets on behalf of other hosts to conserve energy. Another example of selfish misbehavior involves a user knowingly modifying protocol parameters to allow a network terminal to obtain unfair access to a network communication channel, such as a greater data transmission bandwidth, for example.
Selfish misbehavior has been studied in various scenarios in different communication layers and under several mathematical frameworks. Most notably, a heuristic set of conditions has been proposed for testing the extent to which Medium Access Control (MAC) protocol parameters have been manipulated. The heuristic nature of this method limits its application to specific protocols and the technique can be compromised by any terminal that knows those conditions.
A modification to the IEEE 802.11 MAC protocol has been proposed to detect selfish misbehavior. This approach assumes a trustworthy receiver, which assigns to a sender a back-off value to be used. Relying on the receiver and modifying the IEEE 802.11 protocol are drawbacks to this approach. In another approach, a detection framework has been employed to analyze the instance of theoretical worst-case attacks. This approach is more robust. However, no operational method to detect misbehavior is offered.
The prompt detection of misbehaving network terminals is a significant security issue. It has been shown that an IEEE 802.11 DCF can be designed with complete stability (i.e., free of misbehavior) if a way to detect terminals that deviate from the IEEE 802.11 protocol can be found. See Toledo, Alberto Lopez, et al., “Adaptive Optimization of IEEE 802.11 DCF Based on Bayesian Estimation of the Number of Competing Terminals,” IEEE Transactions in Mobile Computing, Volume 5, No. 9, pp 1283-1296, September 2006.