A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad ...

A Misbehavior-Tolerant Multipath Routing Protocol for
Wireless Ad hoc Networks
Hanie Sedghi, MohammadReza Pakravan, MohammadReza Aref
Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran
h.sedghi@ee.sharif.edu pakravan@sharif.edu aref@sharif.edu
I. ABSTRACT
Secure routing is a major key to service maintenance in ad hoc networks. Ad hoc nature exposes the network to several
types of node misbehavior or attacks. As a result of the resource limitations in such networks nodes may have a tendency to
behave selfishly. Selfish behavior can have drastic impacts on network performance. We have proposed a Misbehavior-
Tolerant Multipath Routing protocol (MTMR) which detects and punishes all types of misbehavior such as selfish behavior,
wormhole, sinkhole and grey-hole attacks. The protocol utilizes a proactive approach to enforce cooperation. In addition, it
uses a novel data redirection method to mitigate the impact of node misbehavior on network performance. The proposed
scheme promises establishing a safe route if network graph remains connected after eliminating the misbehaving nodes. We
have implemented the proposed protocol in a simulation environment and have evaluated its performance in typical network
configurations to demonstrate its resilience to node misbehavior.
III. CONCLUSION
The proposed protocol addresses several types of node misbehavior in ad hoc networks. Previously proposed schemes are
of two types: ones who only use network overview and the others who only take care of security issues and fail to notice the
whole network picture. The first advantage of our scheme is that it considers both aspects. It can therefore detect and punish
misbehaviors: selfish attacks, wormhole, sinkhole, grey-hole and data repetition and modification in forwarding phase.
Moreover, in contrast to credit-based methods, several reputation-based methods and various previously suggested schemes,
our solution does not need a center or a prior trust among nodes which makes it more suitable for ad hoc environment.
Moreover, it does not require additional added complexity of extra hardware such as GPS or a precise global clock required
by some other methods. Reputation-based methods share the goal to reduce the throughput of selfish nodes. Having reached
this aim for all types of misbehavior addressed in this paper, we also introduced adaptive data redirection with a low
overhead to minimize the impact of such adversaries on network throughput and service availability. The major advantage is
that misbehavior detection and data redirection is performed with minimum data loss. The strict confronting method used,
reduces the opportunity of the misbehaving nodes to use network resources which leads to a higher incentive to cooperate and
Quick Response Code
Access this article online
Website: www.ijrws.org
ISSN
Citation
H. Sedghi, M.R. Pakravan , M.R. Aref, “A Misbehavior-Tolerant Multipath Routing
Protocol for Wireless Ad hoc Networks,” International Journal of Research in Wireless
Systems (IJRWS), Vol. 2, No. 2, pp. 6-15, June, 2013
ISSN: 2320 - 3617
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 6

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
I. INTRODUCTION
Wireless ad-hoc networks are becoming increasingly
popular with a diverse range of applications. In many ad-hoc
networks, nodes act as a source, destination or router of
information. Therefore, a packet may pass multiple hops, being
forwarded by interim nodes acting as routers, to reach its
destination. If some nodes within an ad-hoc network do not
route properly, due to reasons such as selfishness, the network
cannot function as expected. Therefore, misbehavior of nodes
can severely impact proper operation of the network.
Ad hoc nature of the network implies that there are no
infrastructures or central control system in the network. Also,
nodes have limited radio range, computational power and
battery power. This makes such networks vulnerable to several
attacks such as wormhole, sinkhole, grey hole, impersonation,
flooding, misleading routes and selfish attacks [1].
Wormhole attack is believed to be one of the most severe
active attacks. Attacks performed by malicious nodes who
deliberately try to harm network performance are called
active. Wormhole is the creation of a tunnel between two
colluding nodes linked through a private network connection.
This exploit allows them to short-circuit the normal flow of
routing messages by falsifying the widely-used hop count
metric [2].
One prominent idea for detecting a wormhole was based
on packet leashes [3]. This scheme needs authenticating either
an extremely precise timestamp or location information
combined with a loose timestamp. Therefore it is not
applicable in ad hoc networks. Another approach uses hash
chain and public key infrastructure to detect a wormhole [4].
As a result of ad hoc nature, a CA (Certificate Authority) is
not an easily applicable assumption. Therefore public key
infrastructure implementation is a challenge. Moreover, the
scheme falsely accuses all benign nodes that happen to be on
the same route as the wormhole.
In many types of ad hoc networks, nodes have limited
energy and computational power. Therefore, nodes will benefit
from executing algorithms that keep their resources to
themselves and that may result a selfish behavior in the
network. Selfish nodes may not participate in routing data
packets that does not belong to them, saving their resources. A
game-theoretic approach to encourage energy sharing for
packet forwarding is proposed in [5]. Selfish behavior
introduces a type of denial of service (DoS) attack. In addition
to denial of service, selfish behavior results in route loss, data
loss, throughput reduction and in the worst case, network
decomposition. It should be noted that, in comparison with
other known attacks, this attack is not performed by nodes that
have the tendency to hurt network, namely malicious nodes. It
is done by normal nodes who behave rationally to save their
resources. Considering the mentioned threats, it is of high
importance to mitigate these types of misbehavior.
Most ad hoc networks are composed of individual nodes all
having the same priority. Therefore, preventing selfishness can
be reached by enforcing cooperation [6]. These methods can be
divided to credit-based methods and reputation-based methods.
Credit-based methods use economic incentives to encourage
packet forwarding. Cooperation is a service that can be
evaluated and charged. They use a virtual currency which is
implemented by either a tamper-proof hardware -virtual money
- or a virtual bank. When a node wants to send a packet, it
needs to have the money required by intermediate nodes [7],
[8], [9]. Reputation-based methods are based on building
reputation amongst nodes. Packet forwarding increases node
reputation. Only nodes having good reputation can send their
data in the network and the route having the highest reputation
is chosen. Therefore selfish nodes are punished and isolated
[10] [11] [12] [13] [14]. These methods use two types of
information: reputation information received from other nodes
and first hand information which is the knowledge acquired by
monitoring neighbors' behavior [6], [12]. Some reputationbased
schemes use the idea of watchdog and pathrater [13].
Another approach introduced recently, is a proactive
cooperation mechanism to detect and punish selfish power off
[15]. The method cannot detect more sophisticated selfish
attacks like selfishness type II that will be introduced shortly.
We propose a robust multipath routing protocol which
detects all types of wormhole and selfishness known so far
with low data loss. Utilizing a proactive approach, we apply
the idea of reputation which is updated based on first hand
information and a simple but thorough method for earning and
losing it. Proposed routing protocol uses an adaptive rerouting
method to prevent complex misbehavior impacts, and also
guarantees establishing a safe route if network graph remains
connected after eliminating misbehaving nodes. We have
implemented the protocol in a simulation environment and
have evaluated its behavior in realistic network scenarios.
The proposed method has the following salient features:
1. It is simple and does not require a trusted third party, prior
trust among nodes, GPS, precise clock and similar
requirements which add to the system complexity.
2. It can detect and bypass wormholes, sinkholes and greyholes
successfully with a low overhead.
3. It can accurately detect and re-act properly to both types of
known selfish node behaviors. Most papers have not been
completely successful in addressing both types.
4. It uses first hand information which are obtained by a node
itself and that prevents issues that could arise from rumor
spreading.
5. Wormhole or selfish nodes neighbors are not wrongly
accused.
6. It does Dynamic Rerouting with minimum data loss to
defend network performance against data packet drop
attacks.
7. It does multipath routing to decrease rerouting overhead
and achieves that with far less overhead compared to ideas
applied before.
8. It works well under congestion or link failures, temporary
or long-lasting.
9. It can be easily implemented on a 802.11 MAC.
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 7

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
As a side improvement, we design a slightly more
intelligent TCP, which fortifies our system greatly while
defending against wormhole attack and makes our idea to
outperform all existing protocols.
The remainder of this paper is organized as follows: Part
two gives an overview of considered attacks and their impacts
on network. Misbehavior-Tolerant Multipath Routing (MTMR)
protocol is introduced in part three. In part four we prove some
of MTMR properties. Part five defines simulation software,
scenarios and results. Finally we conclude the paper in part six.
II. CONSIDERED ATTACKS
A. Wormhole
Wormhole is the creation of a tunnel between two colluding
nodes linked through a private network connection. The
colluding nodes pretend to be neighbors while they are far
from each other. Therefore, if a routing protocol exploits hopcount
metric, wormhole will always be interesting and
selected to be on the routes. The attraction of network traffic
to wormhole is regarded as if wormhole is short circuiting
network traffic. Hop-count is a common metric used by most
routing protocols. A wormhole pair can disrupt on average
32% of all communications across the network [4]. Most
proposed routing protocols have no means to detect
wormholes or rely on not applicable or unfair ideas. The worst
case attack happens when colluding nodes forward route
discovery messages but refuse to forward data packets. This
subtle misbehavior drastically degrades network performance.
B. Selfishness
Selfish behavior addressed so far, can be classified into two
categories that are called selfishness type I and II. In the type I
selfish behavior, the selfish node does not participate in route
discovery process to avoid being on the route. This behavior
has also been named selfish power off. In the type II selfish
behavior, the selfish node participates in route discovery phase,
forwarding the control packets it receives but refuses to
forward data packets. In addition, a node may change its
behavior based on its remaining power, to act as a benign node
first and change to being selfish based on its remaining power.
Form our algorithm perspective; this will not make the process
more complicated. A detailed explanation follows shortly.
Selfish behavior degrades fairness in the network. Benign
nodes consume their power in processing and forwarding
packets of other nodes. In contrast, selfish nodes ignore other
packets to keep their power to themselves. Moreover,
selfishness makes benign nodes consume more energy.
Considering selfishness type I, benign nodes will participate in
more routes. If data retransmission is an issue in upper layers,
Selfishness type II makes benign nodes forward more data
packets. This includes the source node and intermediate nodes
on a route that contains a selfish node type II.
C. Sinkhole and Grey-hole
In the sinkhole attack, the attacker spreads wrong routing
information to attract network traffic to itself and discards the
received traffic. A more complex form is the grey-hole attack,
where the colluder forwards routing messages but discards
data packets to keep its false route.
Wormhole and Selfish attacks can have devastating effects
on the performance of ad hoc networks which can be
classified as a Denial of Service Attack. They can lead to
network decomposition. Selfish power off may lead to failure
in discovering a route. Wormhole and Type II selfishness
attacks decrease packet delivery ratio drastically. Sinkhole and
grey-hole can be considered as moderate wormhole attacks.
III. MTMR PROTOCOL
We propose a misbehavior-tolerant multipath routing
protocol. Two major approaches are introduced in MTMR.
First of all a proactive cooperation enforcement method is used
to detect and punish misbehaviors and reward cooperation.
Secondly, an adaptive data redirection method is used to
mitigate offender's impact on network performance.
A. Cooperation enforcement
Cooperation enforcement is based on local measurements.
In addition to a noticeable reduction in transmission and
processing overhead, this approach makes network resilient to
several attacks such as rumor spreading. Every node monitors
its one-hop neighbors' relevant transmissions and based on
their cooperation traces (CT), decides whether to cooperate
with them or not. This routine is performed before routing
decisions.
The scheme is based on 5 basic operations.
A table for keeping the traces: Each node maintains a table
for its neighbors. The table contains node identity and the
corresponding CT of its neighbors as shown in table1. Traces
decrease in time so that a node who behaves well temporarily
cannot take advantage of the given reputation for the rest of its
presence in the network.
2) A cooperation decision procedure: Received packet is
processed and forwarded if and only if sender cooperation trace
is not zero.
3) A procedure to give CTs. We apply different strategies
for adding or removing CTs based on packet type.
Control Packets: If a node receives a control packet from a
neighbor who is not the packet source, it shows the
corresponding neighbor is cooperating, so the receiver
increases the neighbor's CT.
Data packets: Whenever a node forwards a data packet to a
neighbor, it keeps track of the behavior of its neighbor. If the
next hop forwards the packet, it is granted CT and if it refuses
to forward the packet, its CT is reset. It should be noted that
this observation is performed by adding the sent packets to a
buffer. Each buffer entry has a timer assigned to it. Packets
forwarded by neighbors (which in wireless medium can be
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 8

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
received by the source as well as the next hop) are compared to
buffer entries. If the forwarded packet is in the buffer, the entry
is removed and the neighbor is granted a CT. On the other
hand, if the timer is reset, it shows neighbor misbehavior and
neighbor CT is reset. This approach fortifies the protocol
against attacks that modify or repeat data packets in forwarding
phase. The key idea is that if the misbehaving node changes or
repeats the data packet, the new packet is not in the sender's
buffer and the offender does not gain CT for that. In addition, if
the offender does not forward the original packet at all, after
corresponding buffer entry’s timer is expired, its CT is reset.
CT is the key for acceptance in network. According to the
cooperation decision procedure, if a node's CT is zero, the
neighbor will not cooperate with it and such a node is
punished. Considering nodes' limited resources, punishment
entices such misbehaving nodes to act well.
Granting CT is achieved by increasing node’s CT by size of
packet cooperation value if the node is already in CT table, or
by adding the neighbor to the CT table and giving it a CT equal
to packet cooperation value in the other case. Different packet
types have different cooperation values.
4) A procedure to reset CTs: as mentioned above, CTs are
decreased in time and reset if an offence is noticed. Therefore
occasions may occur when parts of the network CTs have
decreased in time and become zero. In such cases, a deadlock
happens.
5) A deadlock solution: Occasions may occur when a node
or a part of network cooperation traces are expired. In this
situation a deadlock occurs. To avoid this, when a source node
detects a deadlock (by having its RREQ expired without
receiving a RREP), it sets a Cooperation Request (CR) flag in
its RREQ packet and broadcasts the RREQ. A neighbor
detecting the flag from a source gives it a temporary CT and
increases the counter for its credit requests, CR counter. A
granted CT’s value is less than forwarding packet CTs.
Moreover for each neighbor there is a limit on the number of
CRs a node reacts to.‍CR flag is placed at RREQ packet's first
hop field. The reason is that, this field is used in AOMDV [16]
protocol but is not used in MTMR protocol.
Table I. Cooperation Trace table
Neighbor ID CT CR Counter
N1 170 0
N5 300 2
… … …
It should be noted that MTMR is fair and every node has
the chance to join network by forwarding packets for others.
Since cooperation enforcement procedure is performed before
routing, edge nodes (i.e. nodes that are located at networks
borders or are rarely chosen to be on a route) can gain CT by
forwarding RREQs before duplicates are ignored by routing
procedure. Therefore, border nodes and malfunction nodes are
treated fairly. If some nodes are subject to some errors in MAC
layer, this fairness helps them too.
B. Multipath Routing and Data Redirection
In order to minimize the impact of node misbehavior on
network performance, it is not enough to punish offenders. It is
needed to defend benign nodes throughput by finding safe
routes. In order to reach this goal, we include a connection
discovery phase in the protocol. A connection is a safe path
without any misbehaving nodes. Connection discovery phase
has two parts: route discovery and data redirection. Our
multipath routing protocol is based on AOMDV (Ad hoc Ondemand
Multipath Distance Vector) [16] but there are major
differences. Like all other on-demand routings, when a source
node wants to establish a connection, it broadcasts a Route
Request packet (RREQ). Every node receiving a fresh copy of
RREQ, updates its routing table with a new path to the source,
and then searches its routing table to find a path to the
destination. If a path is not found, it rebroadcasts the RREQ
packet. Whenever a route to the destination is found or RREQ
packet arrives at the destination, a Route Reply packet (RREP)
is generated and sent to the source node. Unlike the AOMDV
protocol who only finds at maximum three routes to the
destination and sends back RREP on those discovered routes,
we broadcast RREP packet to some hops. This is done so that
nodes surrounding the discovered route get the information
about destination whereabouts. This modification is of great
importance to implement the data redirection method.
Source responds to the first received RREP packet. The
ones coming afterwards are only used for updating routing
tables. After receiving the route reply packet, source checks the
first entry in the routing table for the desired destination. It also
checks the corresponding next hop CR, if the CR is not zero;
source forwards the packet to the specified next hop.
Otherwise, the second best next hop is analyzed and so on.
This approach is followed by the intermediate nodes as well.
A fresh copy is a copy of a RREQ/RREP that has not been
received from the same neighbor before. Utilizing this
definition along with sequence number and hop count assures
loop freedom.
If the discovered route contains a disobedient node, data
packets will be retransmitted and redirected. In order to avoid
loop in data redirection phase, data packets contain a sequence
number. Sequence number also informs the intermediate node
that the copy is a fresh copy, here, a retransmitted data packet.
Considering mentioned procedures, data redirection is a
straightforward decision. Any node receiving a fresh data
checks its routing table and finds the first benign neighbor, i.e.
the neighbor that owns a CR, and forwards the packet to it. If
such a neighbor is not found, the node sends back the last data
packet to the previous hop. In addition to optimizing data
redirection, this operation prevents previous hop from falsely
accusing the specified node. And hence, prohibits selfish
spread. Selfish spread is the act of accusing benign nodes when
they have no access to secure paths and thus do not forward
packets. Several misbehavior detection mechanisms such as [4]
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 9

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
suffer from this imperfection. Moreover, this algorithm assures
stopping the data transmission in case of congestion or when
the attack is so severe that the network is decomposed. As can
be seen, this abrupt redirection fortifies the system against the
third type of selfishness.
This strategy promises minimum data loss. The reason is
that, even if a misbehaving node exists on the path and it has a
fake cooperation trace as a result of a CR, as soon as it drops
the first data packet, previous hop is informed. Previous hop
then resets the CT of misbehaving node and will not send the
next data packet through the discovered misbehaving node.
IV. MTMR PROPERTIES
We introduce 6 properties of MTMR and provide heir
proofs.
Property I: If MTMR discovers a route between a source
and its destination, the path is secure, i.e. it does not include
misbehaving nodes.
Proof I: Obviously, misbehaving nodes do not cooperate in
forwarding control or data packets. Therefore, considering
route discovery and connection discovery phase, selfish nodes
type I will not be on the discovered route. Moreover, if a node
is selfish type II, wormhole or sinkhole, it will be bypassed in
rerouting of connection discovery phase. Consequently, only
the nodes that forward data and ACK packets as well as
RREQ and RREP packets can participate in a MTMR
connection. Applying indirect proof, suppose that a
misbehaving node resides on a MTMR route, therefore, it will
at least ignore forwarding data packets or drops data packets.
Noting the operation of MTMR as explained before, such a
node can not be included in an MTMR path. This
contradiction completes the proof.
Property II: If MTMR discovers a route between source and
destination, then at least one path exists from the source to the
destination in the induced graph which is made by removing
misbehaving nodes.
Proof II: It can be easily deduced from property I that a
MTMR-discovered path does not include misbehaving nodes.
Therefore, the path that MTMR has discovered remains in the
induced graph which is made by removing misbehaving nodes
and it will not be cut. Hence, the statement is true.
Property III: For every intermediate ad hoc node, MTMR
protocol checks all of its neighbors once.
Proof III: MTMR protocol strategy is as follows: If the
intermediate node is connected to the destination, the source
sends data to this node until the node tells the previous hop
that it has processed all paths and cannot find a path to reach
the destination. Therefore, the intermediate node rejects the
data packet by returning it to the previous hop.
After receiving a data packet towards the destination (D),
intermediate node chooses the next hop specified by its table
index for D. It always checks next hop CR before forwarding
the packet. If the next hop specified by the table does not have
a CR, the next table entry is checked and so on. If the
intermediate node checks all the entries and does not find a
benign next hop, it gives back the data packet. We apply
inductive reasoning to show that. As induction assumption,
suppose that if intermediate node is destination's k-th level
neighbor (i.e. it is k-hop away from destination), all of its
neighbors will be checked. Now consider the intermediate
node of level k+1. Because of our limited directive flooding,
all of this node's table entries for D are of level k. (Limited
directive flooding means that in flooding phase, every node
forwards the received RREQ/RREP to all its neighbors except
the node that had flooded that packet in the previous step).
According to induction assumption, all the neighbors for a
node of level k are checked and finally that node sends a
return message to the k+1-th level node .This way, the k+1-th
level neighbor checks all its neighbors.
Property IV: MTMR does not process any route twice.
Proof IV: Since routes are processed solely by nodes that
participate in them, if a route is processed twice it means there
exists an intermediate node that has checked a specific
neighbor twice. According to property III such a case is not
possible. Since source node can be considered the last
intermediate node (from destination side), it can be easily
concluded from induction that there is no such probability for
the source node too.
Property V: Data packets follow the same path as RREQ
packets.
Proof V: This is due to the fact that intermediate nodes
direct their routing tables as RREQ packets are flooded in the
network.
Property VI: MTMR processes loop-free routes.
Proof VI: Considering the utilized strategy in route
discovery phase, RREQ packets do not follow loops. The
reason is that MTMR uses loop avoidance mechanisms such
as SQN (Sequence Number) and limited directive flooding.
Therefore, as a result of property V, data packets do not follow
loops.
V. SIMULATION
Credit-based methods may not be appropriate for ad hoc
nature. That is due to the fact that ad hoc networks lack
infrastructure and certificate distribution centers. Therefore,
ideas based on virtual currency or virtual bank will be difficult
to implement in such networks. Moreover, there is no
guarantee that intermediate nodes receive source money. It has
been verified that if node density is not low, AODV [17]
based multipath routing protocols (such as AOMDV) achieve
a better performance and less routing overhead than DSR [18]
based multipath routing protocols [19]. Data redirection has
only been applied in [12] and it is based on DSR. Therefore,
since MTMR is based on AODV, it uses a very low routing
overhead compared to previously introduced schemes.
Moreover, it uses a multipath routing method which is an
efficient method in networks facing link breakage or mobility
[16]. It also imposes less monitoring and processing load to
the neighbor nodes compared to some watchdog based
protocols [12], in which every node has to monitor all
neighbors' traffic even when not addressed to it. Proactive
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 10

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
cooperation mechanism used in [15] can only detect selfish
power off. Proposed scheme does not use a threshold for
detection. Threshold-based decisions [14] give misbehaving
nodes the opportunity to use network resources.
Therefore, to inspect proposed scheme behavior, MTMR is
compared to defenseless scenario, AOMDV routing protocol.
This is to inspect the pros and cons of intended misbehavioraware
routing.
We have designed a new network simulator named MARS:
MAnet Routing Simulator to investigate the performance of
the proposed protocol in realistic network scenarios. MARS is
written in Visual C++ programming language and is designed
for comparing different mobile ad hoc networks routing
protocols. For the physical layer we used two-dimensional
ground model and MAC layer is based on 802.11b. MARS
benefits from a visual environment. Various network topology
and node behavior parameters can be chosen by user. Packet
exchange can be verified during simulation. Different paths
traced by packets are shown with different colors.
As stated in [16], AOMDV discovers "link-disjoint" paths.
Rerouting is triggered in case of link breakage and considering
the routing overhead, the best number for discovered paths is
three. If the transport layer uses TCP protocol, it stops packet
retransmission after 5 consecutive unacknowledged data
packets [20].
MTMR to ITAOMDV as well as AOMDV in case of
wormhole attack.
Figure 1 One Traffic scenario, AOMDV protocol failure in case of one
selfish node type II
Figure 2 One Traffic scenario, MTMR success in detecting and bypassing the
selfish node type II
A. Overview
First consider the network shown in figure 1. Network
consists of 50 randomly positioned nodes. Node 6 is traffic
source and node 30 is the destination. Both routing protocols
are investigated: In case of AOMDV protocol if only one
selfish node type II is present in the route, it will ignore all
data packets and the source will not be aware of that. This is
shown in figure1. Node 8 is the selfish node. Packet
transmission is stopped by TCP after 5 consecutive
unacknowledged data packets. RREQ traces are shown in
blue. RREP, data and Ack packets traces are shown with
yellow, pink and green consecutively.
Figure 2 shows how MTMR reacts to the defined scenario.
Node 18 detects the selfish node after it drops the first data
packet and redirects the consequent data packets to node 39.
As mentioned before, increasing the number of selfish node
does not cause failure in discovering a safe route provided that
network graph containing source and destination remains
connected after eliminating selfish nodes.
B. Wormhole Detection
We propose a cross layer approach to improve AOMDV's
performance in case of wormhole attack. Generally, if the
transport layer uses TCP protocol, it hinders data
retransmission when 5 packets are timed out. We design a
more intelligent TCP that triggers redirection in case of 5
consecutive unacknowledged packets. We call this cross layer
design, Intelligent TCP AOMDV (ITAOMDV). We compare
The considered sample network consists of 50 nodes
randomly placed over a 100*100 m 2 area. Each node has a
transmission range of 10 m. Each traffic session is assumed to
contain 1000 data packets. We define Packet Delivery Ratio
(PDR) as number of Ack. packets divided by number of
generated data packets and we use it as the comparison
benchmark. If no benign path exists between source and
destination, MTMR refuses to send any data packets and we set
PDR=0. Moreover, we assume that transport layer prohibits
AOMDV from sending more than 5 unacknowledged packets.
A Randomly placed wormhole is added to the network. All
traffics attracted to the wormhole were taken into account for
different wormhole locations. The simulation is repeated 20
times. Table 2 shows the simulation results. Note that, in our
proposed protocol, failure detection and data redirection is
performed at the network layer, while AOMDV and
ITAMODV execute one of the tasks (if any) at a higher layer.
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 11

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
Therefore, as a rule of thumb, our proposed protocol reacts to
failures faster than AOMDV and its intelligent version,
ITAOMDV.
As stated before, discarding only one data packet is enough
for a misbehavior-aware node, i.e. a node following MTMR
protocol, to redirect the data stream. On the other hand, if the
first hop is changed during data redirection, since wormhole
has advertised a low hop count, the new first hop may try the
wormhole. Therefore the average data loss for traffics attracted
to a wormhole is a little higher than 1. The strict data
redirection property of the MTMR algorithm leads to reliable
detection of all misbehaving nodes. Noting that in the
simulation scenarios, there is only one wormhole and since our
proposed protocol checks all available next hops in case of a
data packet drop, the data redirection is completely successful.
(Assuming that wormhole node is not the only neighbor of the
source).
Focusing on AOMDV's row we see that, TCP prohibits
sending data after 5 unsuccessful tries. Therefore, if a traffic is
attracted to wormhole, packets will be lost and TCP stops the
traffic after five timeout packets. As a result, PDR would be
zero and data loss would be the same 5.
If we consider Intelligent TCP AOMDV, both failure
detection and data redirection are triggered by TCP. Since
AOMDV discovers link-disjoint paths, if there is only one
wormhole present in the network, the second path will not use
that link and data loss will be 5. But according to figure 3, this
performance degrades drastically when the number of
wormholes increases. The reason is that AOMDV at maximum
finds three link-disjoint paths. Therefore, if three wormhole
pairs exist near the desired traffic, they will be chosen by
AOMDV and data redirection fails after ITAOMDV tries all of
them. On the contrary, since proposed protocol considers all
existing paths, it has the chance to find a safe route at the
fourth attempt.
Proposed
protocol
AOMDV
ITAOMDV
Table II. Wormhole Detection
Failure
Detection
Data
Redirection
Average
PDR
Network
layer
Transport
layer
Transport
layer
Network
layer
Average
Data Loss
0.99867 1.3
No 0 5
Transport
layer
0.78324 5
Next, we analyze network average PDR when more than
one wormhole pair exists in the network. Previously- defined
random network is analyzed for different number of wormhole
pairs and random locations. For a specific number of wormhole
pairs, the results are averaged for 10 different wormhole
locations and network traffics. Network PDR is illustrated in
figure 3. It can be seen that ITAOMDV is more resilient to
wormhole attack than traditional AOMDV. Obviously our
proposed scheme outperforms both AOMDV versions and
provides a much better performance against wormhole attacks.
Figure 4 compares data loss rate of three protocols in case
of wormhole attack. It can be easily deduced that the proposed
solution minimizes data loss. For ITAOMDV and AOMDV,
there is a tradeoff between PDR and data loss. ITAOMDV
sustains network performance by reducing PDR deprivation,
but this benefit results in a higher data loss rate compared to
AOMDV. It can be concluded that the proposed protocol
outperforms the previous protocols and prohibits misbehaving
nodes from degrading network performance.
Network Packet Delivery Ratio
1
0.98
0.96
0.94
0.92
0.9
0.88
0.86
0.84
0.82
Figure 3
Figure 4
Network PDR in presence of wormhole pairs
0.8
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
Data loss
100
90
80
70
60
50
40
30
20
10
Proposed protocol
ITAOMDV
AOMDV
No. of wormhole pairs
Data loss in case of wormhole attack
Proposed protocol
ITAOMDV
AOMDV
0
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
No. of wormhole pairs
C. Performance of Benign nodes
We utilize the same random network mentioned before
with 10 traffics initiated randomly between 10 randomly
selected pairs. Each traffic stream contains 1000 data packets.
Randomly selected selfish nodes are added to the network.
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 12

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
Since 20 nodes are selected to participate in benign traffic pairs
and there are 50 nodes in the network, selfish nodes can be up
to 60% of network nodes.
Two attacks are simulated. In the first case, network is
subject to selfish attack type II, the second shows network
behavior in the presence of a more complex attack in which
selfish nodes are of both types. Each attack is simulated 30
times.
Figure 5 shows the PDR of the considered traffic streams. It
is obvious that MTMR prohibits selfish behavior from
degrading network performance.
Figure 5 shows that MTMR is more resilient to complex
attack and outperforms AOMDV in presence of both attacks.
Selfish nodes are chosen from nodes not included in traffic
pairs, this clarifies why curves do not reach zero even if all
remaining nodes are selfish. Some path may solely consist of
nodes participating in traffic pairs. Therefore, curves ending
area depends on network topology and the choice of traffic
pairs.
As stated before, a type I selfish node reduces number of
discovered paths. Therefore, as can be seen in figure 5, adding
selfishness type I results in a better PDR in low selfish node
density and a worse PDR in high density scenarios. An
increase in the PDR is due to removing some paths that contain
selfish node type II as well as selfish node type I. The
performance degradation is caused by selfish nodes type I
removing selfish type II-free paths.
Packet Delivery Ratio considering avoided streams
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
Figure 5 PDR, selfish II & complex attack
MTMR selfish II attack
AOMDV selfish II attack
MTMR complex attack
AOMDV complex attack
MTMR versus AOMDV
0
0 10 20 30 40 50 60
% of selfish nodes
Every security implementation has a cost. The cost for
detecting and punishing selfishness in addition to keeping
network performance is higher number of RREP transmissions.
One of the achieved gains is a significant reduction in data loss;
number of generated but not received data packets. Number of
control packet transmissions is shown in figure 6. It can be
seen that MTMR has higher number of RREP transmissions.
Figure 7 compares protocols' data loss in case of complex
attack.
Figure 6 AOMDV & MTMR (RREQ+RREP) transmissions considering
complex attack
No. of (RREQ+RREP) transmissions
Data loss
5000
4500
4000
3500
3000
2500
2000
1500
1000
500
1000
MTMR versus AOMDV
0
0 10 20 30 40 50 60
900
800
700
600
500
400
300
200
100
% of selfish nodes
MTMR
AOMDV
Figure 7 Data loss, protocols are subject to complex attack
MTMR versus AOMDV
MTMR
AOMDV
0
0 10 20 30 40 50 60
% of selfish nodes
Another impact of misbehaving nodes is increasing the
power consumption of benign nodes. In order to investigate
the trade off for selfish-aware routing, we compare number of
sent bits for specified traffics. Sent bytes consist of control
packets and data retransmissions. IP standard
recommendations are used as a reference for data packet size.
This is shown in figure 8. Sent bytes are divided by 100,000
bytes.
It is obvious that MTMR outperforms AOMDV in terms of
sent bytes per traffic. This means reaching the routing security
goals discussed before does not increase nodes' sent bytes
when network is subject to selfish attacks. But also decreases
transmission power loss per traffic. Moreover, simulation
results demonstrate that in contrast to defenseless protocol,
MTMR sent bytes do not increase when number of selfish
nodes increases. The reason is that our defense scheme
obstructs data loss and control overheads (control packets)
occupy a considerably smaller amount than data payload.
Therefore, although MTMR has higher number of control
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 13

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
packet transmissions, its lower data loss results in a noticeable
reduction in sent bytes.
same as the data illustrated in table 2. Simulation results
confirm this claim. We avoid repetition due to space limits.
Normalized Sent Bytes
10
9
8
7
6
5
4
3
2
1
Figure 8 Sent bytes considering complex attack
MTMR versus AOMDV
MTMR
AOMDV
0
0 10 20 30 40 50 60
D. Punishment
In this scenario, we use the same network with 10 traffic
streams that are initiated between 10 randomly selected benign
pairs. We also include 10 randomly selected selfish nodes.
Each traffic contains 1000 data packets. Random traffics
having selfish nodes as source and/or destination are added to
the network. Each simulation is repeated 30 times to be
averaging over randomness.
In order to show punishment property of MTMR, we define
the benchmark "Selfish Attempt Success Ratio" as the ratio of
successful data deliveries to the number of tries to send the
packets. This is effectively equal to the ratio of received ACK
packets to the initiated data packets for selfish nodes. The
lower the SASR, the lower the chance for selfish nodes to have
a successful data connection and therefore, the more severe the
punishment. Figure 9 compares SASR in MTMR and AOMDV
protocols. It can be easily concluded that MTMR significantly
punishes selfish nodes.
In a network with selfish nodes, it is desirable to have a
higher PDR for benign nodes compared to selfish nodes.
Therefore, we can consider "Benign to Selfish PDR" as a point
of reference showing punishment of selfish nodes. Figure 10
shows the value of this benchmark in both protocols as
percentage of selfish nodes increases. It can clearly be seen
that MTMR performs better than AOMDV.
E. Sinkhole and Grey-hole
% of selfish nodes
Noting the definitions, from the perspective of a MTMR
node, a selfish node type II, a sinkhole, a grey-hole and a
wormhole node all represent the same behavior. They forward
routing packets but discard data packets. Therefore, all these
misbehaviors will face the same reaction by benign nodes.
Hence, simulation results for all these cases will be the same.
Namely, they will all be punished according to the same
curve, and sinkhole and grey-hole detection will be about the
Selfish Attempt Success Ratio
Benign to Selfish PDR
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
Figure 9 Selfish nodes Attempt Success Ratio
0
0 2 4 6 8 10 12 14 16 18 20
Figure 10 MTMR versus AOMDV, Benign to Selfish PDR
6
5
4
3
2
1
MTMR
AOMDV
MTMR versus AOMDV
Number of selfish connections
MTMR versus AOMDV
Acknowledgment
This work is partially supported by Cryptographic Chair of
Iran National Science Foundation (INSF) under contract No.
84/5193 and Iran Telecommunication Research Center (ITRC)
under contract No. T/500/20961 in Information Systems and
Security Lab (ISSL) Electrical Engineering Department of
Sharif University of Technology.
VI. REFERENCES
AOMDV
MTMR
0
0 10 20 30 40 50 60
% of selfish nodes
[1] C. Karlof, D. Wagner, "Secure routing in wireless sensor networks:
attacks and countermeasures," in IEEE International Workshop on
Sensor Network Protocols and Applications, 2003, pp. 113-127.
[2] S. Basagni, M. Conti, S. Giordano and I. Stojmenovic, Mobile Ad hoc
Networking. IEEE Press, 2004.
[3] A. Perrig, Y-C Hu, and D. B. Johnson, "Wormhole Protection in
Wireless Ad Hoc Networks," Dept. of Computer Science, Rice
University, Technical Report TR01-384.
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 14

A Misbehavior-Tolerant Multipath Routing Protocol for Wireless Ad hoc Networks
[4] M. Khabbazian, H. Mercier and V. Bhargava, "Severity analysis and
countermeasure for the wormhole attack in wireless ad hoc networks,"
IEEE Transaction on Wireless Communications, vol. 8, pp. 736-745,
2009.
[5] M. Janzamin, M.R. Pakravan and H. Sedghi, "A Game-Theoretic
Approach for Power Allocation in Bidirectional Cooperative
Communication," in Wireless Communications and Networking
Conference (WCNC), Sydney, Australia, 2010, pp. 1-6.
[6] F. Marias, P. Georgiadis, D. Flitzanis and K. Mandalas, "Cooperation
enforcement schemes for MANETs: A survey," Journal of Wireless
communications and mobile computing, vol. 6, p. 319–332, 2006.
[7] S. Zhong, J. Chen, and Y.R. Yang, "Sprite: A simple, cheat-proof, creditbased
system for mobile ad-hoc networks," IEEE INFOCOM, vol. 3, no.
30, p. 1987–1997, Mar. 2003.
[8] L. Anderegg, S. Eidenbenz, "Ad hoc- VCG: A truthful and cost-efficient
routing protocol for mobile ad hoc networks with selfish agents," in
IEEE MOBICOM, Sept. 2003, p. 245–259.
[9] Y. Wang, V. Giruka and M. Singhal, "Truthful multipath routing for ad
hoc networks with selfish node ," Journal of parallel and distributed
computing, vol. 68, pp. 778-789, 2008.
[10] P. Michiardi, R. Molva, "Core: a collaborative reputation mechanism to
enforce node cooperation in mobile ad hoc networks," in Proceedings of
the IFIP TC6/TC11 Sixth Joint Working Conference on Communications
and Multimedia Security: Advanced Communication, September 2002,
pp. 107-121.
[11] M. Rafaei, V. Srivastava and M. Eltoweissy, "A Reputation-based
mechanism for isolating selfish nodes in ad hoc networks," in IEEE
MobiQuitous, 2005, pp. 3-11.
[12] N. Jiang, K. A Hua and M. Tantaoui, "Collaboration Enforcement and
adaptive data redirection in mobile ad hoc networks using only first-hand
experience," in IFIP, 2005, pp. 227-238.
[13] S. Marti , T. J. Giuli , Kevin Lai , Mary Baker, "Mitigating routing
misbehavior in mobile ad hoc network," in 6th annual international
conference on Mobile computing and networking, August 2000, pp. 255-
265.
[14] B. Wang, S. Soltani, J. Shapiro and P. Tan, "Local detection of selfish
routing behavior in ad hoc networks," in Proceedings of 8th international
symposium of parallel architectures, algorithms and networks, 2005.
[15] T. Suzuki, A. Khan and W. Takita, "Proactive cooperation mechanism
against selfish power off for mobile ad hoc networks," IEICE
transactions on communications, vol. E90-B, no. 10, pp. 2702-2711, Oct.
2007.
[16] M.K. Marina, S.R. Das, "Ad hoc on-demand multipath distance vector
(AOMDV) routing," in International Conference on Network
Protocols(ICNP), 2001, pp. 14-23.
[17] C. E. Perkins,E.M.Royer and S.R. Das, "Ad Hoc On-Demand Distance
Vector Routing," in IEEEWorkshop on Mobile Computing Systems and
Applications (WMCSA), 1999, pp. 90-100.
[18] D.B. Johnson, D.A. Maltz, "Dynamic source routing in ad hoc wireless
networks," Mobile Computing, pp. 153-181, 1996.
[19] Georgios Parissidis, Vincent Lenders, Martin May, Bernhard Plattner,
"Multi-path routing protocols in wireless mobile ad hoc networks: A
quantitative comparison," in 6th International Conference on Next
Generation Teletraffic and Wired/Wireless Advanced Networking
NEW2AN 2006, May, 2006.
[20] W. R. Stevens, TCP/IP Illustrated: The Protocols. Addison-Wesley,
1994, vol. 1.
Short Biography with photograph
Hanie Sedghi received her B.Sc. and M.Sc. in Electrical Engineering from Sharif University of Technology in 2007 and 2009
respectively. She is currently a PhD Student in Electrical Engineering Department University of Southern California. Her
research interests include Network optimization, wireless networks and Learning in networks.
Mohammad Reza Pakravan received his B.Sc. in Electrical Engineering from Tehran University. He received is M.Sc. and
his PhD from university of Ottawa. He is currently Associate professor at Sharif University of Technology. His research
interests are Data Networking Protocols, Optical Communications, Cooperative Communications, Cognitive Radio
Systems, Cross Layer Optimization, Wireless Ad Hoc and Sensor Networks.
Mohammad Reza Aref received a bachelor's degree in electronics engineering from the University of Tehran, and the
master's and Ph.D. degrees in electrical and communication engineering from Stanford University in 1975, 1976 and 1980,
respectively. His PhD dissertation was on the information theory of networks, supervised by Prof. Thomas M. Cover. He
introduced and analyzed deterministic relay networks which is later termed by Aref Networks. He is currently professor in
electrical engineering department, Sharif University of Technology. His research interests are Information Theory and
Security.
International Journal of Research in Wireless Systems (IJRWS), Volume 2, Issue 2, June (2013) 15