Cooperative transmission is an emerging wireless communication technique that improves wireless channel capacity through multiuser cooperation in the physical layer. It is expected to have a profound impact on network performance and design. However, cooperative transmission can be vulnerable to selfish behaviors and malicious attacks, especially in its current design. In this paper, we investigate two fundamental questions Does cooperative transmission provide new opportunities to malicious parties to undermine the network performance? Are there new ways to defend wireless networks through physical layer cooperation? Particularly, we study the security vulnerabilities of the traditional cooperative transmission schemes and show the performance degradation resulting from the misbehaviors of relay nodes. Then, we design a trust-assisted cooperative scheme that can detect attacks and has self-healing capability. The proposed scheme performs much better than the traditional schemes when there are malicious/selfish nodes or severe channel estimation errors. Finally, we investigate the advantage of cooperative transmission in terms of defending against jamming attacks. A reduction in link outage probability is achieved.
1. Introduction
Multiple antenna systems, such as Multiple-Input-Multiple-Output (MIMO), can create spatial diversity by taking advantage of multiple antennas and significantly increase the wireless channel capacity. However, installation of multiple antennas on one wireless device faces many practical obstacles, such as the cost and size of wireless devices. Recently, cooperative transmission has gained considerable research attention as a transmit strategy for future wireless networks. Instead of relying on the installation of multiple antennas on one wireless device, cooperative transmission achieves spatial diversity through physical layer cooperation.
In cooperative transmission, when the source node transmits a message to the destination node, the nearby nodes that overhear this transmission will "help" the source and destination by relaying the replicas of the message, and the destination will combine the multiple received waveforms so as to improve the link quality. In other words, cooperative transmission utilizes the nearby nodes as virtual antennas and mimics the effects of MIMO for achieving spatial diversity. It is well documented that cooperative transmission improves channel capacity significantly and has a great potential to improve wireless network capacity [1, 2]. The research community is integrating cooperative transmission into cellular, WiMAX, WiFi, Bluetooth, ultra-wideband (UWB), ad hoc, and sensor networks. Cooperative transmission is also making its way into standards; for example, IEEE WiMAX standards body for future broadband wireless access has established the 802.16j Relay Task Group to incorporate cooperative relaying mechanisms [3].
Anzeige
The majority of work on cooperative transmission focuses on communication efficiency, including capacity analysis, protocol design, power control, relay selection, and cross layer optimization. In those studies, all network nodes are assumed to be trustworthy. Security threats are rarely taken into consideration.
(i)
It is well known that malicious nodes can enter many wireless networks due to imperfectness of access control or through node compromising attack. In cooperative transmission, the malicious nodes have chances to serve as relays (i.e., the nodes help the source node by forwarding messages). Instead of forwarding correct information, malicious relays can send arbitrary information to the destination.
(i)
Cooperative transmission can also suffer from selfish behavior. When the wireless nodes do not belong to the same authority, some nodes can refuse to cooperate with others, that is, not working as relay nodes, for the purpose of saving their own resources.
(i)
In cooperative transmission, channel information is often required to perform signal combination [1‐3] and relay selection [4‐7] at the destination. The malicious relays can provide false channel state information, hoping that the destination will combine the received messages inadequately.
This paper is dedicated to studying the security issues related to cooperative transmission for wireless communications. Particularly, we will first discuss the vulnerabilities of cooperative transmission schemes and evaluate potential network performance degradation due to these vulnerabilities. Then, we propose a distributed trust-assisted cooperative transmission scheme, which strengthens security of cooperative transmission through joint trust management and channel estimation.
Instead of using traditional signal-to-noise ratio (SNR) or bit-error-rate (BER) to represent the quality of relay channels, we construct the trust values that represent possible misbehavior of relays based on beta-function trust models [8, 9]. We then extend the existing trust models to address trust propagation through relay nodes. A distributed trust established scheme is developed. With a low overhead, the model parameters can propagate through a complicated cooperative relaying topology from the source to the destination. In the destination, the information from both the direct transmission and relayed transmissions is combined according to the trust-based link quality representation. From analysis and simulations, we will show that the proposed scheme can automatically recover from various attacks and perform better than the traditional scheme with maximal ratio combining. Finally, we investigate possible advantages of utilizing cooperation transmission to improve security in a case study of defending against jamming attacks.
Anzeige
The rest of the paper is organized as follows. Related work is discussed in Section 2. In Section 3, the system model and attack models are introduced. In Section 4, the proposed algorithms are developed. Finally, simulation results and conclusions are given in Sections 5 and 6, respectively.
2. Related Work
Research on cooperative transmission traditionally focuses on efficiency. There is a significant amount of work devoted to analyzing the performance gain of cooperative transmission, to realistic implementation under practical constraints, to relay selection and power control, to integrating physical layer cooperation and routing protocols, and to game-theory-based distributed resource allocation in cooperative transmission. For example, the work in [4] evaluates the cooperative diversity performance when the best relay is chosen according to the average SNR and analyzes the outage probability of relay selection based on instantaneous SNRs. In [5], the authors propose a distributed relay selection scheme that requires limited network knowledge with instantaneous SNRs. In [6], cooperative resource allocation for OFDM is studied. A game theoretic approach for relay selection has been proposed in [7]. In [10], cooperative transmission is used in sensor networks to find extra paths in order to improve network lifetime. In [11], cooperative game theory and cooperative transmission are used for packet forwarding networks with selfish nodes. In [12], centralized power allocation schemes are presented under the assumption that all the relay nodes help others. In [13], cooperative routing protocols are constructed based on noncooperative routes. In [14], a contention-based opportunistic feedback technique is proposed for relay selection in dense wireless networks. In [15], the users form coalitions of cooperation and use MIMO transmission. Traditional cooperative transmission schemes, however, assume that all participating nodes are trustworthy.
Trust establishment has been recognized as a powerful tool to enhance security in applications that need cooperation among multiple distributed entities. Research on trust establishment has been performed for various applications, including authorization and access control, electronic commerce, peer-to-peer networks, routing in MANET, and data aggregation in sensor networks [8, 16‐20]. As far as the authors' knowledge, no existing work on trust is for cooperative transmission. In fact, not much study on trust has been conducted for physical layer security.
3. System Model, Attack Models, and Requirements on Defense
In this section, we first describe the cooperative transmission system model, then investigate the different attack models, and finally discuss the general requirements on the design of defense mechanisms.
3.1. Cooperative Transmission System
As shown in Figure 1, the system investigated in this paper contains a source node , some relay nodes , and a destination node . The relays can form single hop or multihop cooperation paths. The relay nodes might be malicious or selfish. We first show a simple one-hop case in this subsection, and the multihop case will be discussed in a later section.
Figure 1
Cooperative transmission system model.
×
Cooperative transmission is conducted in two phases. In Phase 1, source broadcasts a message to destination and relay nodes . The received signal at the destination and the received signal at relay can be expressed as
(1)
(2)
In (1) and (2), represents the transmit power at the source, is the path loss between and , and is the path loss between and . and are fading factors associated with channel and channel , respectively. They are modeled as zero mean and unit variance complex Gaussian random variables. is the transmitted information symbol with unit energy. In this paper, without loss of generality, we assume that BPSK is used and . and are the additive white Gaussian noises (AWGN) at the destination and the relay nodes, respectively. Without loss of generality, we assume that the noise power, denoted by , is the same for all the links. We also assume the block-fading environment, in which the channels are stable over each transmission frame.
When there is no relay, the transmission only contains Phase 1 and is referred to as direct transmission. In direct transmission, without the help from relay nodes, the SNR at the destination is
(3)
In Phase 2, relay nodes send information to the destination at consecutive time slots. After the destination receives the information from the source node and all relay nodes, which takes at least time slots where is the number of relays, the destination combines the received messages and decodes data.
We examine the decode-and-forward (DF) cooperative transmission protocol [1, 2], in which the relays decode the source information received in Phase and send the information to the destination in Phase . Recall that relay receives signal from the source node . Let denote the data decoded from . Relay then reencodes , and sends it to the destination. Let denote the received signal at the destination from relay . Then,
(4)
where is the transmit power at relay , is the path loss between and , is the fading factor associated with channel , which is modeled as zero mean and unit variance Gaussian random variable, and is the AWGN thermal noise with variance .
3.2. Attack Models and Requirements on Defense
As discussed in Section 1, for cooperative transmission, we identify the following three types of misbehavior.
(i)
Selfish Silence. There are selfish nodes that do not relay messages for others in order to reserve their own energy.
(ii)
Malicious Forwarding. There are malicious nodes that send garbage information to the destination when they serve as relays.
(iii)
False Feedback. Malicious nodes report false channel information to make the destination perform signal combination inadequately.
Can security vulnerability in cooperative transmission be fixed? To answer this question, we take a closer look at the fundamental reasons causing security vulnerability.
First, cooperation among distributed entities is inheritably vulnerable to selfish and malicious behaviors. When a network protocol relies on multiple nodes' collaboration, the performance of this protocol can be degraded if some nodes are selfish and refuse to collaborate, and can be severely damaged if some nodes intentionally behave oppositely to what they are expected to do. For example, the routing protocols in mobile ad hoc networks rely on nodes jointly forwarding packets honestly, and the data aggregation protocols in sensor networks rely on sensors all reporting measured data honestly. It is well known that selfish and malicious behaviors are major threats against the above protocols. Similarly, since cooperative transmission relies on collaboration among source, relay and destination nodes, it can be threatened by selfish and malicious network nodes.
Second, when the decision-making process relies on feedback information from distributed network entities, this decision-making process can be undermined by dishonest feedbacks. This is a universal problem in many systems. For example, in many wireless resource allocation protocols, transmission power, bandwidth and data rate can all be determined based on channel state information obtained through feedbacks [5, 7, 11]. In cooperative transmission, the relay selection and signal combination process depend on channel state information obtained through feedbacks.
Third, from the view point of wireless communications, traditional representation of channel state information cannot address misbehavior of network nodes. In most cooperative transmission schemes, information about relay channel status is required in relay selection and transmission protocols. However, the traditional channel state information, either SNR or average BER, only describes the features of physical wireless channel, but cannot capture the misbehavior of relay nodes.
The above discussion leads to an understanding on the primary design goals of the defense mechanism. A defense mechanism should be able
(i)
to provide the distributed network entities a strong incentive to collaboration, which suppresses selfish behaviors,
(ii)
to detect malicious nodes and hold them responsible,
(iii)
to provide the cooperative transmission protocols with accurate channel information that (a) reflects both physical channel status as well as prediction on likelihood of misbehavior and (b) cannot be easily misled by dishonest feedbacks.
4. Trust-Based Cooperative Transmission
In this section, we first provide basic concepts related to trust evaluation in Section 4.1. Second, we discuss the key components in the proposed scheme, including the beta-function-based link quality representation and link quality propagation, in Section 4.2. Then, the signal combining algorithm at the destination is investigated in Section 4.3. Next, we present the overall system design in Section 4.4, followed by a discussion on implementation overhead in Section 4.5.
4.1. Trust Establishment Basic
Trust establishment has been recognized as a powerful tool to secure collaboration among distributed entities. It has been used in a wide range of applications for its unique advantages.
If network entities can evaluate how much they trust other network entities and behave accordingly, three advantages can be achieved. First, it provides an incentive for collaboration because the network entities that behave selfishly will have low trust values, which could reduce their probabilities of receiving services from other network entities. Second, it can limit the impact of malicious attacks because the misbehaving nodes, even before being formally detected, will have less chance to be selected as collaboration partners by other honest network nodes. Finally, it provides a way to detect malicious nodes according to trust values.
The purpose of trust management matches perfectly with the requirements for defending cooperative transmission.
Designing a trust establishment method for cooperative transmission is not an easy task. Although there are many trust establishment methods in the current literature, most of them sit in the application layer and few were developed for physical/MAC layer communication protocols. This is mainly due to the high implementation overhead. Trust establishment methods often require monitoring and message exchange among distributed nodes. In physical layer, monitoring and message exchange should be minimized to reduce overhead. Therefore, our design should rely on the information that is already available in the physical layer.
While the detailed trust establishment method will be described in a later section, we introduce some trust establishment background here.
When node can observe node 's behavior, node establishes direct trust in node based on observations. For example, in the beta-function-based-trust model [9], if node observes that node has behaved well for times and behaved badly for times, node calculates the direct trust value [9] as . The beta-function based trust model is widely used for networking applications [18, 20], whereas there are other ways to calculate direct trust mainly for electronic commerce, peer-to-peer file sharing, and access control [8, 17].
Trust can also be established through third parties. For example, if and have established a trust relationship and and have established a trust relationship, then can trust to a certain degree if tells its trust opinion (i.e., recommendation) about . This phenomenon is called trust propagation. Trust propagation becomes more complicated when there is more than one trust propagation path. Through trust propagation, indirect trust can be established. The specific ways to calculate indirect trust values are determined by trust models [8].
Finally, building trust in distributed networks requires authentication. That is, one node cannot easily pretend to be another node in the network.
No matter whether trust mechanism is used or not, the physical layer control messages need to be authenticated, when there is a risk of malicious attack. In this work, we assume that the messages are authenticated in cooperative transmission using existing techniques [21, 22].
4.2. Trust-Based Representation of Link Quality
The beta-function trust model is often used to calculate whether a node is trustworthy or not in networking applications. For example, node has transmitted packets to node . Among them, node received packets with SNR greater than a certain threshold. These transmissions are considered to be successful. The transmission of other packets is considered to be failed. That is, there are successful trials and failed trials. It is often assumed that the transmission of all packets are independent and a Bernoulli distribution with parameter governs whether the transmissions succeed or fail. (This is true with ideal interleavers.) Under these assumptions, given and , the parameter follows a beta distribution as
(5)
It is well known that has mean and variance as
(6)
In the context of trust establishment, given and values, the trust value is often chosen as the mean of , that is, . This trust value represents how much a wireless link can be trusted to deliver packets correctly. In addition, some trust models introduce confidence values [23]. The confidence value is often calculated from the variance of . The confidence value represents how much confidence the subject has in the trust value.
Due to the physical meaning of the trust values and the close tie between trust and the beta function, we use the beta function to represent the link quality in this paper. This is equivalent to using trust and confidence values to describe the link quality.
Since an interleaver is often employed in the transceiver and noise is independent over time, we can justify that successful transmission of different packets is independent if the interleaver is carefully selected to be greater than the coherence time of the channel. As a result, we justify the use of the beta distribution. Compared with traditional frame error rate (FER), BER and SNR, the trust-based link quality representation has both advantages and disadvantages. As an advantage, the trust-based link quality can describe the joint effect of wireless channel condition, channel estimation error, and misbehavior of relay nodes. On the other hand, the trust-based link quality cannot describe the rapid changes in channel conditions because the and values need to be collected over multiple data packets. Thus, it is suitable for scenarios with slow fading channels or high data rate transmission, in which channel condition remains stable over the transmission time of several packets.
4.3. Signal Combination at Destination
In this Section, we discuss how to utilize trust-based link quality information in the signal combination process. In Section 4.3.1, we discuss how the signal is combined at the waveform level. In Section 4.3.2, we extend our solution to the multihop case. Finally, we investigate how the proposed solution can defend against the bad-mouthing attack in Section 4.3.3.
First, from [24], the BER of BPSK in Rayleigh fading can be given by a function of SNR as
(7)
where is the SNR. Here FER has one-to-one mapping with BER as , where is the frame length. (Notice that other modulations can be treated in a similar way.) So in the rest of paper, we only mention BER. To simplify analysis, we assume that error control coding is not used in this paper. The design of the proposed scheme, however, will not be affected much by coding schemes. When coding is used, the BER expression in (7) will change. Depending on different coding systems such as Hamming code, RS code or convolutional code, the BER performance would be different. The BER would be reduced at the same SNR, or in other words, to achieve the same SNR, the required SNR will be reduced. So the reliability of the links due to the channel errors can be improved. On the other hand, coding is a way to improve reliability, but cannot address untrustworthy nodes. The proposed scheme will work for both coded and uncoded transmissions.
4.3.1. Waveform Level Combination
In traditional cooperative transmission schemes, maximal ratio combining (MRC) [24] is often used for waveform level combination. Specifically, for the case of a single-hop relay, remember that is the signal received from the direct path and is the signal received from the relay. Under the assumption that the relay can decode the source information correctly, the MRC combined signal with weight factor is
where and are SNR of direct transmission and relay transmission, respectively. When channel decoding errors and nodes' misbehavior are present, the MRC is not optimal any more. This is because the received signal quality is not only related to the final link to the destination, but also related to decoding errors or misbehavior at the relay nodes.
In the proposed scheme, we use the beta function to capture the channel variation as well as relay misbehavior. This requires a new waveform combination algorithm that is suitable for trust-based link quality representation.
We first consider the case of one single-hop relay path. Depending on whether or not the relay decodes correctly, using derivation similar to MRC [24], the combined SNR at the destination for BPSK modulation can be written as
(10)
If the relay decodes correctly, the relayed signal improves the final SNR; otherwise, the SNR is reduced. Notice that here is the weight for the direction transmission and is the weight for the relay transmission.
Let represent the link quality of the source-relay channel. We set the goal of signal combination to be maximizing the SNR at the destination after combination by finding the optimal weight vector for combination. That is,
(11)
By differentiating the right-hand side of (11), we obtain the optimal combination weight factor as
(12)
where is the mean of the relay's successful decoding probability or the mean of . Obviously, .
When the relay decodes perfectly, that is, , we have
(13)
which is the same as that in MRC. When , we have zero-divide-zero case in (12). In this case, we define , since the relay decodes incorrectly and forwards independent data. As a result, the weight for the relay should be zero, and the system degrades to direct transmission only.
For the case of multiple single-hop relay paths, we assume that each relay has link quality , SNR , and weight . Recall that the link quality report from the relay is , where equals to the number of successfully transmitted packets between the source and relay and equals to the number of unsuccessfully transmitted packets between the source and relay . The mean of the beta function for relay is denoted by and calculated as . The overall expected SNR can be written as
(14)
where indicates whether relay decodes correctly, and
(15)
Equation (14) employs the probability and conditional SNR in (10). In this case, the optimal can be calculated numerically by minimizing (14) over parameter . Some numerical methods such as the Newton Method [25, 26] can be utilized. Note that this optimization problem may not be convex. Achieving global optimum needs some methods such as simulated annealing [25, 26].
As a summary, the waveform level combination is performed in the following four steps.
(i)
For each path, the destination calculates values based on the relays' report on their link quality.
(ii)
The second is maximizing the SNR (equivalent to minimizing BER) in (14) to obtain the optimal weight factors. If there is only one relay path, the optimal weight factor is given in (12).
(iii)
The third step is calculating the combined waveform using (8).
(iv)
The fourth step is decoding the combined waveform .
4.3.2. Extension to Multiple-Hop Relay Scenario
In the previous discussion, we focus on the one-hop relay case, in which the relay path is source-relay-destination. Next, we extend our proposed scheme to multiple such relay paths.
It is noted that the relay path may contain several concatenated relay nodes. An example of such relay path is , where is the source node, is the destination, and are two concatenated relay nodes. This scenario has been studied in [27, 28].
To make the proposed scheme suitable for general cooperative transmission scenarios, we develop an approach to calculate the link quality through concatenation propagation. In particular, let represent the link quality between and , and represent the link quality between and . If we can calculate the link quality between and , denoted by , from , , , , we will be able to use the approach developed in Section 4.3.1, by replacing with . Then, represents the link quality of the relay path, which is in this example.
Next, we present the link quality concatenation propagation model for calculating . Let denote the probability that transmission will succeed through path . The cumulative distribution function of can be written as
(16)
Since it is very difficult to obtain the analytical solution to (16), we find a heuristic solution to approximate the distribution of . Three assumptions are made.
First, even though the distribution of the concatenated signal is not a beta function, we approximate the distribution of as a beta distribution . Let , , and represent the (mean, variance) of distribution , , and , respectively. The mean and variance of the beta distribution are given in (6).
Second, we assume . Recall that , and represent the probability of successful transmission along path , , and , respectively. When the path is , the packets are successfully transmitted from to only if the packets are successfully transmitted from to and from to .
Third, we assume . The third assumption means that the noises added by two concatenated links are independent and their variances can be added together.
With the above assumptions, we can derive that
(17)
In order to validate the accuracy of the proposed approximation, we have examined a large number of numerical examples by varying and . We have seen that the proposed heuristic approximation is a good fit. One such example is illustrated in Figure 2, which shows the probability density functions of and . Here , , , and . The means that the two beta functions are and , respectively. Figure 2 also shows the distribution of in (16) obtained numerically, and its approximation (i.e., ) calculated from (17). By using concatenation of the beta functions, the proposed signal combining approach can handle the multihop relay scenario.
Figure 2
Link quality propagation.
×
4.3.3. Defense against Bad-Mouthing Attack
In the bad-mouthing attack, the relay node does not report accurate link quality between itself and the source node. Instead, the relay node can report a very high link quality, that is, large value and very small value. As a consequence, the value calculated by the destination will be much higher than it should be. Then, the weight factor calculated in (12) will be larger than it should be. That is, the information from the lying relay is given a large weight. As a result, the bad-mouthing attack can reduce the BER performance. To overcome this problem, Algorithm 1 is developed.
Algorithm 1: Defense against bad-mouthing attack.
() The destination compares , which is the BER estimated using (7) and (12), and ,
which denotes the BER observed from real communications.
() ifthen
() if there is only one relay node then
() this relay node is marked as suspicious
() else
() for each relay node do
() excluding this relay node, and then performing BER estimation and signal combination
() if the difference between the newly estimated BER and is smaller than then
() mark this relay as suspicious, and send a warning report about this node to others.
() endif
() end for
() end if
() For each suspected relay, adjust the value used in optimal weight factor calculation as ,
where is a small positive number (e.g., choosing ), is the current mean value of the link quality,
and is the value after adjustment.
() end if
In this algorithm, the destination monitors the BER performance of the cooperative communication. That is, after performing signal combination and decoding, the destination can learn that the decoded messages have errors based on an error detection mechanism. On the other hand, the destination can estimate BER performance from (7) and (12). The detection of bad-mouthing attack is based on the comparison between observed BER (denoted by ) and the estimated BER (denoted by ), as demonstrated in Algorithm 1. In addition, and can be determined through a learning process.
It is important to point out that Algorithm 1 detects more than the bad-mouthing attack. Whenever the value does not agree with the node's real behavior, which may result from maliciousness or severe channel estimation errors, Algorithm 1 can detect the suspicious node.
Additionally, the bad-mouthing attack is not specific for the proposed scheme. The traditional MRC method is also vulnerable to the bad-mouthing attack in which false channel state information is reported.
4.4. Trust-Assisted Cooperative Transmission
Cooperative transmission can benefit greatly from link quality information, which describes the joint effect of channel condition and untrustworthy relays' misbehavior. Figure 3 illustrates the overall design of a trust-assisted cooperative transmission scheme.
Figure 3
Overview of trust-assisted cooperative transmission.
×
In the proposed scheme, each node maintains a cooperative transmission (CT) module and a trust/link quality manager (TLM) module. The basic operations are described as follows.
(i)
In the CT module, the node estimates the link quality between itself and its neighbor nodes. For example, if node sends node a total of packets and received packets correctly, node estimates the link quality between and as . The estimated link quality information (LQI) is sent to the TLM module. Since the link quality information is estimated directly from observation, it is called direct LQI.
(ii)
The trust record in the TLM module stores two types of the link quality information. The first type is direct LQI, estimated by the CT module. The second type is indirect LQI, which is estimated by other nodes.
(iii)
Each node broadcasts its direct LQI to their neighbors. The broadcast messages, which are referred to as link quality reports, can be sent periodically or whenever there is a large change in the LQI.
(iv)
Upon receiving the link quality reports from neighbor nodes, one node will update the indirect LQI in its trust record. The indirect LQI is just the direct LQI estimated by other nodes.
(v)
In the TLM module, the links with low quality are detected. Let denote the link quality. The detection criteria are
(18)
The first condition means that the trust value is lower than a certain threshold. The second condition means that there is a sufficient number of trials to build this trust. Or, in other words, the confidence in the trust value is higher than a threshold. This detection will affect relay selection. Particularly, if node detects that the link quality between and has low quality, should not be chosen as a relay between and other nodes. This detection will also affect signal combination. Particularly, if node detects that the link quality between and has low quality, should not use the signal received from in signal combination, even if has been working as a relay for node .
The selection of and affects () how fast the cooperative transmission scheme can recover from malicious attacks and () how much we tolerate the occasional and unintentional misbehavior. Through our simulations and experience from previous work on trust management [20, 29], we suggest to set between and and between and . In future work, these thresholds can change dynamically with channel variation.
(i)
When some malicious nodes launch the bad-mouthing attack, the link quality reports may not be truthful. The CT model adopts the method discussed in Section 4.3.3 to detect suspicious nodes. The information about the suspicious nodes is sent to the TLM module. If a node has been detected as suspicious for more than a certain number of times, the TLM module declares it as a lying node and the CT module will exclude it from future cooperation.
(ii)
Finally, when the node is the destination node, the node will take link quality information from the trust record and perform signal combination using the approach described in Section 4.3.1.
4.5. Implementation Overhead
The major implementation overhead of the proposed scheme comes from the transmission of link quality reports. This overhead, however, is no more than the overhead in the traditional cooperative transmission schemes. In the traditional schemes to optimize the end-to-end performance, the destination needs to know the channel information between the source node and the relay nodes. Channel state information needs to be updated as frequently as the link quality reports, if not more frequently. Thus, the proposed scheme has equal or lower communication overhead than the traditional schemes.
Besides the communication overhead, the proposed scheme introduces some additional storage overhead. The storage overhead comes from the trust record. Assume that each node has neighbors. The trust record needs to store direct LQI and indirect LQI. Each LQI entry contains at most two IDs and (, ) values. This storage overhead is small. For example, when and each LQI entry is represented by 4 bytes, the storage overhead is about 440 bytes. This storage overhead is acceptable for most wireless devices.
All calculations in the TLM model and CT module are simple except the optimization problem in (14). This optimization problem is easy to solve when the number of relays is small, since the complexity for the programming method (such as Newton) to solve (14) is about to the power of the number of relays [25, 26]. When there is only one relay, the closed form solution has been derived.
4.6. Comparison to MRC
In this subsection, we summarize the qualitative difference between the traditional cooperative transmission scheme and the proposed scheme.
In traditional schemes, such as MRC, the destination estimates the link quality (in terms of SNR or BER) between the relay nodes and the destination. This link quality is used when the destination performs signal combination.
The traditional schemes, however, have one problem. That is, the destination does not know the link quality between the source node and the relay node, which can be affected by () channel estimation errors and decoding errors at the relay node and/or () malicious behaviors of the relay.
To solve this problem, the relay node can be asked to () estimate the link quality between the relay and the source node and () send the estimated link quality to the destination.
However, the problem still exists when the relay node is malicious. The malicious relay nodes can send false channel information to the destination (i.e., conduct the bad-mouthing attack). Furthermore, malicious relay nodes can manipulate the channel estimation. For example, between the relay and the destination, if the destination only estimates SNR, the malicious relay can maintain high SNR by sending wrong information with high power. Here, wrong information does not mean garbage information, but meaningful incorrect information.
On the other hand, the proposed scheme uses trust-based link quality representation, allows link quality propagation along relay paths, and has a way to handle the bad-mouthing attack. It can handle decoding errors at relay, as well as misbehaving and lying relay nodes. As we will show in Section 5, the proposed scheme has significant performance advantage over the MRC.
5. Simulation Results
In order to demonstrate the effectiveness of the proposed scheme, we set up the following simulations. The transmission power is dBm, thermal noise is dBm, and the propagation path loss factor is . Rayleigh channel and BPSK modulation with packet size are assumed. The source is located at location (in meters) and the destination is located at location . All relays are randomly located with left bottom corner at and top right corner at . The unit of distance and location information in this paper is 1 meter.
Each node estimates the link quality between itself and its neighbors periodically. This time period is denoted by . The value of is chosen according to the data rate. should be long enough such that a few packets are transmitted during this time. For the time axis in the figures, one time unit is .
Recall that the link quality reports are sent when relay nodes observe significant change in their link quality. For example, the significant change can be of the previous link quality. In the experiments, each relay node sends out one link quality report at the beginning of the transmission. For the malicious relay, when it starts to send garbage messages, it will not honestly report its link quality changes. Instead, it either does not broadcast any link quality report, or sends a false link quality report. In the 2nd case, we say that it launches the bad-mouthing attack.
5.1. Pure Channel Estimation Error
In Figure 4, we show the average BER at the destination for three schemes: direct transmission without using relay nodes, traditional decode-and-forward cooperative transmission using MRC combining, and the proposed scheme. Recall that the traditional MRC does not consider the possible decoding errors at the relay. The relay moves from location to . Compared with the direct transmission (i.e., no relay), the two cooperative transmission schemes can achieve better performance with a wide range of locations. We also see that the performance of MRC cooperative transmission degrades when the relay is very close to the destination because the source to relay channel is not good and channel estimation errors can occur at the relay. The MRC scheme has a minimum at around 180–190. The proposed scheme considers the relay's error in the receiver and therefore yields better performance than the traditional MRC.
Figure 4
Comparison among the proposed schemes, cooperative transmission using MRC, and direction transmission.
×
5.2. Selfish Node and Malicious Node
In this set of simulations, there are relays. The link quality (mean value ) is shown in Figure 5 and the average SNR at the destination is shown in Figure 6. At time , one relay starts to send the opposite bits (i.e., sending 1 (or 0) if receiving 0 (or 1)). This could be due to severe channel estimation error or maliciousness. Obviously the destination's performance drops significantly. According to Algorithm 1, the value of this malfunctioning or malicious relay is reduced. Within time slots, the destination recognizes the misbehaving relay because its value has been reduced for a certain number of times continually. Then, the destination reduces its weight to zero. As a result, the messages from the misbehaving relay will not be used in the signal combination process. The other relays' values, which might be affected by the misbehaving relay, will recover gradually after more packets are transmitted correctly. At time , another node leaves the network due to mobility or simply stops forwarding anything (i.e., selfish behavior). It takes about time slots for the destination to remove this relay.
Figure 5
Trust value (i. e., value) over time with estimation error and untrustworthy relays (attacks at time 10 and time 50).
Figure 6
Average SNR over time with estimation error, malicious and selfish behavior (attacks at time 10 and time 50).
×
×
Several important observations are made.
(1)
When there are malicious relays, the SNR at the destination drops significantly. In this case, the performance of traditional cooperative transmission is even worse than that of direct transmission. This can be seen by comparing the dashed line and solid line around time 10 in Figure 6.
(2)
When the proposed scheme is used, the value maintained by the destination can capture the dynamics in the relay nodes. As shown in Figure 5, the value of the malicious node rapidly drops to zero, and the value of the selfish node drops quickly too. The values of honest nodes will be affected at the beginning of the attack, but can recover even if the attack is still going on.
(3)
The trust-assisted cooperative transmission scheme results in higher SNR at the destination, compared with the noncooperative (direct) transmission scheme, except during a very short time at the beginning of the attacks.
We can see that the cooperative transmission in its original design is highly vulnerable to attacks from malicious relays. The proposed scheme can greatly reduce the damage of malicious attacks, and partially maintain the performance advantage of cooperative transmission.
5.3. Jamming Attack
The usage of relay nodes provides opportunities to the attackers. This is a disadvantage of cooperative transmission from the security point of view. On the other hand, we discover that cooperative transmission (if used properly) can benefit security in wireless networks.
Intuitively, wireless networks are subject to physical layer Denial of Service (DoS) attacks, such as jamming. Relay nodes provide spatial diversity in wireless transmission. A message (or waveform) arrives at the destination through multiple physical channels and paths. As a result, the destination may have a better chance to receive the source node's message in cooperative transmission than in traditional transmission, when some channels are jammed. Therefore, we study the performance of the proposed cooperative transmission scheme against wireless jamming attacks.
One jammer is randomly located within the square. An outage is reported if the SNR at the destination is lower than a threshold of dB, under which the link is not reliable. Figure 7 shows the outage probability versus jamming power. When using the proposed cooperative transmission scheme, the outage probability is reduced compared with the direct transmission case. In the example of relays, when the jamming power is mW, which is twice the source transmission power, more than 10% of packets are still correctly received at the destination. Even with 2 relays, there is an obvious reduction in the outage probability.
Figure 7
Outage probability versus jamming power.
×
Figure 8 shows that the outage probability decreases as the number of relays increases. For example, to achieve 50% outage with jamming power mW, relay nodes are needed. We can see that cooperative transmission can effectively reduce the outage probability, when the jamming power is comparable to the regular transmission power.
Figure 8
Outage probability versus the number of relays in the proposed scheme.
×
In Figure 9, the jammer moves from to with power mW. We see that the location of the jammer plays a vital role in the attack. If the jammer is far away from the destination, the proposed scheme can significantly reduce the effect of jamming. For example, with 10 relays and jammer location at , the performance is almost the same as that of no jammer case. However, if the jammer is very close to the destination, the proposed scheme can only improve the performance slightly.
Figure 9
Outage probability versus jammer's location.
×
In both Figures, we see that the proposed cooperative transmission scheme can reduce link outage probability. This is the advantage of cooperative transmission from the security point of view.
5.4. Bad-Mouthing Attack
In this simulation, one relay is located at (1000,100). Since the relay is far from the source, the source-relay link quality is bad. The relay sends honest link quality reports at the beginning. Then at time , the relay launches the bad-mouthing attack by telling the destination that its link to the source is perfect. As a result, the destination gives higher weight to the signal forwarded by the relay. Since the relay's signal is not perfect, the BER performance at the destination degrades a lot, even lower than that in the direct transmission. Using the detection method in Section 4.4, the destination realizes that it is under attack and suspects the relay's link quality report at time . Then the destination reduces the value of the relay until the analytical BER agrees with the observed BER.
Figure 10 shows the average BER of four schemes: direct transmission, the proposed scheme without attack, the proposed scheme under the bad-mouthing attack, and the traditional MRC scheme. Three observations are made. First, without the bad-mouthing attack, the proposed scheme yields a much lower BER than the direct transmission. Second, at the beginning of the bad-mouthing attack, the proposed scheme can have worse performance than the direct transmission. Third, the proposed scheme can recover from the bad-mouthing attack after a period of time.
Figure 10
Bad-mouthing attack and self-healing.
×
6. Conclusions
In this paper, we investigate the security issues related to cooperative transmission from three angles: () vulnerabilities analysis of traditional cooperative transmission schemes; () design of the trust-assisted cooperative transmission scheme that is robust against attacks; and () illustration of the potential advantage of physical layer cooperation against wireless jamming attacks.
In particular, it is demonstrated that the security vulnerabilities of traditional cooperative transmission significantly damage the performance. The proposed trust-assisted cooperative transmission scheme can handle relays' misbehavior as well as channel estimation errors. The core idea of this scheme has four parts. First, the wireless link quality is described by trust values in the format of the beta function. This solves the problem that traditional SNR-based and BER-based channel information cannot accurately describe channel quality under attacks. Second, based on the properties of the beta function, we develop a method to calculate the link quality over multiple hops. Third, the trust-based link quality information is used to perform signal combination at the destination. Fourth, the bad-mouthing attack is detected by comparison between theoretical BER and observed BER. The proposed scheme can be implemented in a fully distributed manner and has low implementation overhead. Compared with the traditional cooperative transmission schemes, which are vulnerable to attacks, the proposed scheme can maintain the performance advantage over the direct transmission under various attacks. Additionally, compared with the direct transmission, the proposed scheme can reduce the damage caused by wireless jamming attacks, when the jamming power is comparable to the regular transmission power. This is the advantage of physical layer cooperation from the security point of view.
Acknowledgments
Some ideas and results in this manuscript appear in an earlier conference paper published in IEEE Globecom 2007. This work is supported by NSF CNS-0910461, NSF CNS-0905556, and NSF CNS-0831315.
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 2.0 International License (https://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
, some relay nodes
, and a destination node
. The relays can form single hop or multihop cooperation paths. The relay nodes might be malicious or selfish. We first show a simple one-hop case in this subsection, and the multihop case will be discussed in a later section. 
broadcasts a message to destination
and relay nodes
. The received signal
at the destination
and the received signal
at relay
can be expressed as
represents the transmit power at the source,
is the path loss between
and
, and
is the path loss between
and
.
and
are fading factors associated with channel
and channel
, respectively. They are modeled as zero mean and unit variance complex Gaussian random variables.
is the transmitted information symbol with unit energy. In this paper, without loss of generality, we assume that BPSK is used and
.
and
are the additive white Gaussian noises (AWGN) at the destination and the relay nodes, respectively. Without loss of generality, we assume that the noise power, denoted by
, is the same for all the links. We also assume the block-fading environment, in which the channels are stable over each transmission frame.
time slots where
is the number of relays, the destination combines the received messages and decodes data.
and send the information to the destination in Phase
. Recall that relay
receives signal
from the source node
. Let
denote the data decoded from
. Relay
then reencodes
, and sends it to the destination. Let
denote the received signal at the destination from relay
. Then,
is the transmit power at relay
,
is the path loss between
and
,
is the fading factor associated with channel
, which is modeled as zero mean and unit variance Gaussian random variable, and
is the AWGN thermal noise with variance
.
can observe node
's behavior, node
establishes direct trust in node
based on observations. For example, in the beta-function-based-trust model [9], if node
observes that node
has behaved well for
times and behaved badly for
times, node
calculates the direct trust value [9] as
. The beta-function based trust model is widely used for networking applications [18, 20], whereas there are other ways to calculate direct trust mainly for electronic commerce, peer-to-peer file sharing, and access control [8, 17].
and
have established a trust relationship and
and
have established a trust relationship, then
can trust
to a certain degree if
tells
its trust opinion (i.e., recommendation) about
. This phenomenon is called trust propagation. Trust propagation becomes more complicated when there is more than one trust propagation path. Through trust propagation, indirect trust can be established. The specific ways to calculate indirect trust values are determined by trust models [8].
has transmitted
packets to node
. Among them, node
received
packets with SNR greater than a certain threshold. These transmissions are considered to be successful. The transmission of other packets is considered to be failed. That is, there are
successful trials and
failed trials. It is often assumed that the transmission of all
packets are independent and a Bernoulli distribution with parameter
governs whether the transmissions succeed or fail. (This is true with ideal interleavers.) Under these assumptions, given
and
, the parameter
follows a beta distribution as
has mean
and variance
as
and
values, the trust value is often chosen as the mean of
, that is,
. This trust value represents how much a wireless link can be trusted to deliver packets correctly. In addition, some trust models introduce confidence values [23]. The confidence value is often calculated from the variance of
. The confidence value represents how much confidence the subject has in the trust value.
and
values need to be collected over multiple data packets. Thus, it is suitable for scenarios with slow fading channels or high data rate transmission, in which channel condition remains stable over the transmission time of several packets.
is the SNR. Here FER has one-to-one mapping with BER as
, where
is the frame length. (Notice that other modulations can be treated in a similar way.) So in the rest of paper, we only mention BER. To simplify analysis, we assume that error control coding is not used in this paper. The design of the proposed scheme, however, will not be affected much by coding schemes. When coding is used, the BER expression in (7) will change. Depending on different coding systems such as Hamming code, RS code or convolutional code, the BER performance would be different. The BER would be reduced at the same SNR, or in other words, to achieve the same SNR, the required SNR will be reduced. So the reliability of the links due to the channel errors can be improved. On the other hand, coding is a way to improve reliability, but cannot address untrustworthy nodes. The proposed scheme will work for both coded and uncoded transmissions.
is the signal received from the direct path and
is the signal received from the relay. Under the assumption that the relay can decode the source information correctly, the MRC combined signal with weight factor
is
and
are SNR of direct transmission and relay transmission, respectively. When channel decoding errors and nodes' misbehavior are present, the MRC is not optimal any more. This is because the received signal quality is not only related to the final link to the destination, but also related to decoding errors or misbehavior at the relay nodes.
is the weight for the direction transmission and
is the weight for the relay transmission.
represent the link quality of the source-relay channel. We set the goal of signal combination to be maximizing the SNR at the destination after combination by finding the optimal weight vector for combination. That is,
is the mean of the relay's successful decoding probability or the mean of
. Obviously,
.
, we have
, we have zero-divide-zero case in (12). In this case, we define
, since the relay decodes incorrectly and forwards independent data. As a result, the weight for the relay should be zero, and the system degrades to direct transmission only.
, SNR
, and weight
. Recall that the link quality report from the relay
is
, where
equals to the number of successfully transmitted packets between the source and relay
and
equals to the number of unsuccessfully transmitted packets between the source and relay
. The mean of the beta function for relay
is denoted by
and calculated as
. The overall expected SNR can be written as
indicates whether relay
decodes correctly, and
and conditional SNR in (10). In this case, the optimal
can be calculated numerically by minimizing (14) over parameter
. Some numerical methods such as the Newton Method [25, 26] can be utilized. Note that this optimization problem may not be convex. Achieving global optimum needs some methods such as simulated annealing [25, 26].
values based on the relays' report on their link quality.
using (8).
.
, where
is the source node,
is the destination,
and
are two concatenated relay nodes. This scenario has been studied in [27, 28].
represent the link quality between
and
, and
represent the link quality between
and
. If we can calculate the link quality between
and
, denoted by
, from
,
,
,
, we will be able to use the approach developed in Section 4.3.1, by replacing
with
. Then,
represents the link quality of the
relay path, which is
in this example.
. Let
denote the probability that transmission will succeed through path
. The cumulative distribution function of
can be written as
. Three assumptions are made.
as a beta distribution
. Let
,
, and
represent the (mean, variance) of distribution
,
, and
, respectively. The mean and variance of the beta distribution are given in (6).
. Recall that
,
and
represent the probability of successful transmission along path
,
, and
, respectively. When the path is
, the packets are successfully transmitted from
to
only if the packets are successfully transmitted from
to
and from
to
.
. The third assumption means that the noises added by two concatenated links are independent and their variances can be added together.
and
. We have seen that the proposed heuristic approximation is a good fit. One such example is illustrated in Figure 2, which shows the probability density functions of
and
. Here
,
,
, and
. The means that the two beta functions are
and
, respectively. Figure 2 also shows the distribution of
in (16) obtained numerically, and its approximation (i.e.,
) calculated from (17). By using concatenation of the beta functions, the proposed signal combining approach can handle the multihop relay scenario.
value and very small
value. As a consequence, the
value calculated by the destination will be much higher than it should be. Then, the weight factor calculated in (12) will be larger than it should be. That is, the information from the lying relay is given a large weight. As a result, the bad-mouthing attack can reduce the BER performance. To overcome this problem, Algorithm 1 is developed.
) The destination compares
, which is the BER estimated using (7) and (12), and
,
) if
then
) if there is only one relay node then
) this relay node is marked as suspicious
) else
) for each relay node do
) excluding this relay node, and then performing BER estimation and signal combination
) if the difference between the newly estimated BER and
is smaller than
then
) mark this relay as suspicious, and send a warning report about this node to others.
) end if
) end for
) end if
) For each suspected relay, adjust the
value used in optimal weight factor calculation as
,
is a small positive number (e.g., choosing
),
is the current mean value of the link quality,
is the value after adjustment.
) end if
) and the estimated BER (denoted by
), as demonstrated in Algorithm 1. In addition,
and
can be determined through a learning process.
value does not agree with the node's real behavior, which may result from maliciousness or severe channel estimation errors, Algorithm 1 can detect the suspicious node.
sends node
a total of
packets and
received
packets correctly, node
estimates the link quality between
and
as
. The estimated link quality information (LQI) is sent to the TLM module. Since the link quality information is estimated directly from observation, it is called direct LQI.
denote the link quality. The detection criteria are
detects that the link quality between
and
has low quality,
should not be chosen as a relay between
and other nodes. This detection will also affect signal combination. Particularly, if node
detects that the link quality between
and
has low quality,
should not use the signal received from
in signal combination, even if
has been working as a relay for node
.
and
affects (
) how fast the cooperative transmission scheme can recover from malicious attacks and (
) how much we tolerate the occasional and unintentional misbehavior. Through our simulations and experience from previous work on trust management [20, 29], we suggest to set
between
and
and
between
and
. In future work, these thresholds can change dynamically with channel variation.
neighbors. The trust record needs to store
direct LQI and
indirect LQI. Each LQI entry contains at most two IDs and (
,
) values. This storage overhead is small. For example, when
and each LQI entry is represented by 4 bytes, the storage overhead is about 440 bytes. This storage overhead is acceptable for most wireless devices.
to the power of the number of relays [25, 26]. When there is only one relay, the closed form solution has been derived.
) channel estimation errors and decoding errors at the relay node and/or (
) malicious behaviors of the relay.
) estimate the link quality between the relay and the source node and (
) send the estimated link quality to the destination.
dBm, thermal noise is
dBm, and the propagation path loss factor is
. Rayleigh channel and BPSK modulation with packet size
are assumed. The source is located at location
(in meters) and the destination is located at location
. All relays are randomly located with left bottom corner at
and top right corner at
. The unit of distance and location information in this paper is 1 meter.
. The value of
is chosen according to the data rate.
should be long enough such that a few packets are transmitted during this time. For the time axis in the figures, one time unit is
.
of the previous link quality. In the experiments, each relay node sends out one link quality report at the beginning of the transmission. For the malicious relay, when it starts to send garbage messages, it will not honestly report its link quality changes. Instead, it either does not broadcast any link quality report, or sends a false link quality report. In the 2nd case, we say that it launches the bad-mouthing attack.
to
. Compared with the direct transmission (i.e., no relay), the two cooperative transmission schemes can achieve better performance with a wide range of locations. We also see that the performance of MRC cooperative transmission degrades when the relay is very close to the destination because the source to relay channel is not good and channel estimation errors can occur at the relay. The MRC scheme has a minimum at around 180–190. The proposed scheme considers the relay's error in the receiver and therefore yields better performance than the traditional MRC.
relays. The link quality (mean value
) is shown in Figure 5 and the average SNR at the destination is shown in Figure 6. At time
, one relay starts to send the opposite bits (i.e., sending 1 (or 0) if receiving 0 (or 1)). This could be due to severe channel estimation error or maliciousness. Obviously the destination's performance drops significantly. According to Algorithm 1, the
value of this malfunctioning or malicious relay is reduced. Within
time slots, the destination recognizes the misbehaving relay because its
value has been reduced for a certain number of times continually. Then, the destination reduces its weight to zero. As a result, the messages from the misbehaving relay will not be used in the signal combination process. The other relays'
values, which might be affected by the misbehaving relay, will recover gradually after more packets are transmitted correctly. At time
, another node leaves the network due to mobility or simply stops forwarding anything (i.e., selfish behavior). It takes about
time slots for the destination to remove this relay.
value) over time with estimation error and untrustworthy relays (attacks at time 10 and time 50).
value maintained by the destination can capture the dynamics in the relay nodes. As shown in Figure 5, the
value of the malicious node rapidly drops to zero, and the
value of the selfish node drops quickly too. The
values of honest nodes will be affected at the beginning of the attack, but can recover even if the attack is still going on.
dB, under which the link is not reliable. Figure 7 shows the outage probability versus jamming power. When using the proposed cooperative transmission scheme, the outage probability is reduced compared with the direct transmission case. In the example of
relays, when the jamming power is
mW, which is twice the source transmission power, more than 10% of packets are still correctly received at the destination. Even with 2 relays, there is an obvious reduction in the outage probability.
mW,
relay nodes are needed. We can see that cooperative transmission can effectively reduce the outage probability, when the jamming power is comparable to the regular transmission power. 
to
with power
mW. We see that the location of the jammer plays a vital role in the attack. If the jammer is far away from the destination, the proposed scheme can significantly reduce the effect of jamming. For example, with 10 relays and jammer location at
, the performance is almost the same as that of no jammer case. However, if the jammer is very close to the destination, the proposed scheme can only improve the performance slightly. 
, the relay launches the bad-mouthing attack by telling the destination that its link to the source is perfect. As a result, the destination gives higher weight to the signal forwarded by the relay. Since the relay's signal is not perfect, the BER performance at the destination degrades a lot, even lower than that in the direct transmission. Using the detection method in Section 4.4, the destination realizes that it is under attack and suspects the relay's link quality report at time
. Then the destination reduces the
value of the relay until the analytical BER agrees with the observed BER.
) vulnerabilities analysis of traditional cooperative transmission schemes; (
) design of the trust-assisted cooperative transmission scheme that is robust against attacks; and (
) illustration of the potential advantage of physical layer cooperation against wireless jamming attacks.