Enabling broadcast communications in presence of jamming via probabilistic pairing

Computer Networks 116 (2017) 33–46

Contents lists available at ScienceDirect

Computer Networks journal homepage: www.elsevier.com/locate/comnet

Enabling broadcast communications in presence of jamming via probabilistic pairing Roberto Di Pietro a,b, Gabriele Oligeri c,∗ a

Nokia Bell Labs, Paris, France Università di Padova, Math Department, Padova, Italy c KINDI Center for Computing Research, Qatar University, Doha, Qatar b

a r t i c l e

i n f o

Article history: Received 28 March 2016 Revised 12 February 2017 Accepted 15 February 2017 Available online 16 February 2017 Keywords: Jamming mitigation Wireless networks Broadcast communications

a b s t r a c t This paper presents a thorough analysis of Freedom of Speech (FoS): a lightweight, fully distributed, and probabilistic protocol that assures the delivery of a message to be broadcast notwithstanding the presence of a jammer. FoS enjoys several features when compared to competing schemes: (i) it requires each node to store only N symmetric pairwise keys; (ii) node joining and node eviction require just minimal intervention on the already operating nodes; and, finally, (iii) it is overall highly efficient in terms of required computation and message exchange. We provide a detailed theoretical analysis of our solution supported by extensive simulations considering different operating scenarios: we start from a simplified network assumption of one only transmitter that wants to broadcast a message and we subsequently move to a realistic scenario where nodes that have received the message act themselves as a proxy. We propose a theoretical framework to model the protocol performance starting by a benign scenario (no jamming activities). Later, we extend the model to more hostile environments considering firstly a jammer with no knowledge of the nodes’ secret keys (external jammer) and subsequently, a jammer aware of a fraction of the nodes’ secret keys (internal jammer). The experimental results do confirm our theoretical analysis and show the overall viability of our solution. In particular, FoS outperforms competitor solutions for deployment scenarios characterized by even a moderated degree of node volatility. © 2017 Published by Elsevier B.V.

1. Introduction In recent years, wireless communications have become the enabling technology for the majority of the communication infrastructures and solutions, e.g., mobile phones networks, vehicular networks, wearable networks and SCADA systems. In such architectures, preventing legitimate communication among devices by using a malicious radio transmitter (jamming) [1] can be very harmful, in particular for critical infrastructures such as airports, hospitals, power plants, etc. While jamming was originally a warfare technology adopted to prevent enemy communications, nowadays it is a cheap to implement ready-to-use technology, due to the advent of software defined radios (SDRs) [2], which are also becoming more and more

∗

Corresponding author. E-mail addresses: [email protected], [email protected] (R. Di Pietro), [email protected], [email protected] (G. Oligeri). http://dx.doi.org/10.1016/j.comnet.2017.02.010 1389-1286/© 2017 Published by Elsevier B.V.

powerful and cheap. SDRs represent the enabling technology to easily and quickly implement virtually any communication system via software, while being an unprecedented opportunity for researchers and developers, SDRs are also a potential threat for all the critical functionalities relying on wireless technologies. Jamming is an effective Denial of Service (DoS) attack for wireless channels [3,4]. The act of jamming is as simple as effective: an adversary (ADV ), generates a continuous noise-signal with sufficient high power in the proximity of a wireless network [5,6]. As a result, the jammer and the sender signals collide at the receiver, and the communication between the transmitter and the receiver is disrupted. Many recent papers have highlighted the simplicity and the effectiveness of jamming. In [7], authors investigate different jamming techniques in order to find the most effective one against OFDM modulation scheme. Similarly, in [8] authors propose a study of the jamming effectiveness against multiple-inputmultiple-output (MIMO) antenna systems. In [9], authors show

34

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

the effectiveness of jamming on vehicular networks being able to completely block the communications even with low power levels of jamming. Over the past years, many techniques have been developed in order to thwart jamming attacks. Preliminary work focused on spread spectrum techniques: Direct Sequence Spread spectrum (DSSS) [10], Frequency Hopping Spread Spectrum (FHSS) [11], and Chirp Spread Spectrum (CSS) [12]. All the previous techniques need a network-wide shared secret in order to generate the same spreading sequences, hopping patterns, or timing of pulse, respectively. The above solutions are ineffective when an adversary is able to compromise a subset of the network devices. Indeed, after compromising a device, the adversary acquires the necessary information (secrets) to successfully target the network communications. An interesting solution that avoids network-wide secrets was introduced in [13]. There, the authors proposed an Uncoordinated DSSS (UDSSS): network nodes do not need any shared secrets, but the spreading sequence is randomly chosen from a public dictionary. In fact, the sender spreads the message with a random sequence and sends it to the receiver. In turn, the receiver records the signal on the channel and de-spreads it by applying all the sequences from the public dictionary using a trial-and-error-method. This solution turns out to be effective but not efficient: the sender needs to re-transmit the message many times and the receiver has a high computational and communication overhead. Finally, authors in [14] introduced the Time Delayed Broadcast Scheme (TDBS): the broadcast communication is achieved by means of a sequence of unicast communications—sometimes assisted by proxies. The solution relies on long frequency hopping sequences that are pre-loaded in each node belonging to the network before nodes deployment. Our contribution: In this paper we provide a complete solution (Freedom of Speech - FoS) to mitigate jamming in broadcast communications. In particular, we consider first a baseline scenario where an elected node wants to broadcast a message to all its neighbors, and a second, more realistic scenario, in which we consider a network where each of the nodes that have received the correct message, contribute to the broadcast process acting as a proxy. For both the above scenarios, we proved FoS to be robust to two kinds of adversaries: the external adversary and the internal adversary. Both of them are able to randomly jam a subset of the communication frequencies, but the latter has also the capability of disclosing the secrets of a subset of the network nodes. Therefore, it can leverage these secrets to enhance the effectiveness of its jamming activity. Moreover, we provide a theoretical framework for the analysis of the protocol performance in both the benign and jammed scenario and also extensive simulation results that confirm our theoretical findings. Finally, we compare FoS against a competing stateof-the-art solution, and we show that while FoS is overall viable for a wide range of system parameters, it outperforms the competition for deployment scenarios where nodes have an even moderated degree of volatility. Paper organization: Next section surveys related work in the area; Section 3 introduces both the communication model and the adversarial model, while Section 4 provides a deep analysis of the TDBS protocol. Section 5 introduces FoS, while Sections 6 and 7 show the performance of FoS in the non-cooperative and cooperative scenarios, respectively, with a few highlights in Section 8. Finally, Section 9 presents a detailed comparison between FoS and TDBS (this latter one representing the state-of-the-art solution for the given context), and Section 10 reports some concluding remarks.

2. Related work In [15], authors showed that even considering an ADV with a cheap hardware it is easy to choose a location and a power level so that it can effectively corrupt either a bit or a whole packet. In [16], authors proposed a Randomized Differential DSSS (RD-DSSS) scheme to achieve anti-jamming broadcast communication without shared keys. In fact, traditional anti-jamming techniques, such as FHSS and DSSS, require that senders and receivers share a secret key in order to communicate with each other. Such a technique turned out to be ineffective if the adversary learns the shared key from a compromised or malicious receiver, since it can disrupt the reception at normal receivers. RD-DSSS encodes each bit of data using the correlation of unpredictable spreading codes. Nevertheless, RD-DSSS has a not-negligible computational and storage overhead that makes it unfeasible for resource-constrained devices. Authors in [17], proposed an Uncoordinated Frequency Hopping (UFH) scheme where, in order to achieve jamming resistance, both the sender and the receiver randomly choose the communication channel for message transmission without coordination. The successful reception of a packet is achieved when the two nodes reside at the same frequency (channel) during the same time slot. Nevertheless, UHF needs that the nodes are able to store few megabytes of data and can efficiently perform ECC-based public key cryptography. In [18] authors further improved the performance of UFH based communication. They jointly consider adaptive frequency hopping and power control and pose these two techniques into an uniform framework. They introduced online learning theory for decision making based on the history of channel variations. Data communication becomes a power game between the sender and the jammer, each one trying to beat the other one by transmitting a signal with a power level greater than the opposite side. The successful reception of packets depends on the link budgets of the senderreceiver pair, jammer-receiver pair, and the signal-to-noise ratio at the receiver side. In [19], authors present a code-controlled frequency hopping scheme to mitigate jamming. By exploiting the redundancy provided by the block coding, the receiver can retrieve the hopping pattern without a priori knowledge and by leveraging an integrated decoding-and-encoding process, it can also perform partial jamming detection. In [20], authors propose to transmit an ID sequence along with the information stream. The ID sequence is generated through a cryptographic algorithm using the shared secret between the transmitter and the receiver. It is then exploited by the receiver for effective signal detection and extraction. Authors prove the solution to be robust under jamming and effective disguised jamming. Another frequency hopping technique is proposed in [21]. Authors combine frequency hopping and transmission rate adaptation to design a model for a power-constrained reactive-sweep jammer who aims at degrading the throughput of the wireless link. A cooperative anti-jamming technique has been proposed in [22]. Authors investigated a cooperative anti-jamming scheme designed to enhance the quality of links degraded by jammers. To achieve this objective, users are allowed to cooperate at two levels. First, they cooperate to optimally regulate their channel access probabilities so that jammed users gain a higher share of channel utilization. Second, users leverage multiple-input single-output cooperative communication techniques to enhance the throughput of jammed links. In [23] and [24], authors propose a generalized version of the existing iterative water-filling algorithm whereby the users and the jammer update their power allocations in a greedy manner. Indeed, authors considered a scenario in which K users and a jammer share a common spectrum of N orthogonal tones. Both the

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

users and the jammer have limited power budgets. The goal of each user is to allocate its power across the N tones in such a way that maximizes the total sum rate that he/she can achieve, while treating the interference of other users and the jammer’s signal as additive Gaussian noise. The jammer, on the other hand, wishes to allocate its power in such a way that minimizes the utility of the whole system; that being the total sum of the rates communicated over the network. Game theoretic models are considered in [25]. Indeed, authors studied games with two types of players: selfish and malicious transmitters. Each type is characterized by a utility function depending on throughput reward and energy cost. In particular, they focused on the setting where the transmitters have incomplete information regarding other transmitters’ types, modeled as probabilistic beliefs. Authors identified conditions in which the throughput improves with increasing type uncertainty and introduce Bayesian learning mechanisms to update the type beliefs in repeated games. In [26], authors proposed SiG, an anti-jamming communication protocol that allows a party to deliver a message in the presence of a combined reactive and proactive jammer. Although the proposed solution allows to communicate in the presence of an unprecendented powerful adversary, SiG might be not efficient in a scenario with many nodes. Authors in [14] proposed TDBS, the time-delayed broadcast scheme: a broadcast communication is divided (delayed) in a sequence of multiple unicast communications. They analyzed a simplified approach (single unicast) which has been further extended to the assisted broadcast, where all the nodes cooperate in order to achieve the broadcast of the message. The protocol does not need a network wide secret, but just pair-wise secrets (frequency hops) shared among the nodes of the network. All the frequencies used for the operating period of the network are pre-loaded before the network deployment and assigned to the nodes according to the 1factorization problem in complete graphs [27]. A subsequent contribution [28] from the same authors extends the preliminary idea to dynamic groups by considering join and leave procedures. The solution still involves that the newly added node must unicast one frequency hopping sequence (previously computed by the CA) to each deployed node. Although the solution significantly improves the original idea, it requires a training phase (that is blocking for participant nodes) and a significant bandwidth overhead to broadcast the new sequence to the neighborhood, while it does not provide any improvement on memory occupation. Finally, a preliminary version of the proposed solution appeared in [39], where the authors sketched the solution, introduced a simple scenario, and reported some preliminary results of the protocol. 3. System model In this section we define both the communication and the adversarial model. 3.1. Communication model Coherently with the literature, we consider a full visibility network scenario, i.e., each node is able to communicate with any other node in the network. We assume the network being formed by the node set N = [n0 , . . . , nN ]. Fig. 1 shows the communication scenario considered in this paper: the reference node n0 wants to broadcast a message to all its N neighbors. We assume the message can be delivered to ni (i ∈ [1, N]), either via a direct transmission, i.e., one-hop communication, or by leveraging other nodes, i.e., multi-hop communication. As an example, n0 can deliver the message to n4 directly, or through n3 , or even with a multi-hop communication, i.e., n0 → n1 → n2 → n4 .

35

n2 k12

n1

k25

k24

n3

k13 k01

k23

k34

k02 k03

k35

k14

n4

k04

n0

k54

k05

n5 Fig. 1. Full visibility network with 6 nodes. Table 1 Notation summary. F A pA ni , nj kij N Nc Ns Nr N |·| c || H(·)

Number of radio frequencies Number of jammed frequencies Jammed fraction of the radio spectrum Nodes involved in the communication process Shared secret between ni and nj Set of the network nodes Set of the compromised nodes Set of the transmitting candidates Set of the nodes that have already received the message Number of network nodes, i.e., |N | Size of the set Number of compromised nodes Concatenation operator Cryptographic hash function

We assume each node pair ni − n j shares a pre-loaded secret key kij [29,30]. Moreover, we assume each node is equipped with a radio, and the communication channel is constituted by one out of F different frequencies, i.e., F ∈ [ f1 , . . . , fF ]: each communication could be performed on a different frequency, and therefore up to min{F ,  N+1 2 } parallel communications are possible. If two communications occur at the same time over the same frequency, we assume both communications are jammed—i.e. no information is exchanged. In the following, we consider Bluetooth as the reference technology; therefore, we set F = 79 and N = 32 [31]. We assume that the peers are loosely time-synchronized [32,33] and that the time t is divided into slots, i.e., t : [t0 , . . . , t∞ ]. In each time-slot a device can perform (at most) one communication. We consider two different broadcast scenarios: non-cooperative and cooperative. In the non-cooperative scenario, an elected node broadcasts a message by multiple unicast transmissions to all of its neighbors; in the cooperative scenario all the nodes participate to the broadcast process and help the sender to deliver the message once they have received it. Table 1 resumes the notation used throughout this paper. 3.2. Adversarial model We envisage an adversary that has only goal to disrupt as many communications as possible, that is, to reduce as much as possible the spreading of the information to be broadcast. In order to achieve the above goal, ADV resorts to jamming: it transmits a high power radio signal on A target frequencies preventing any communication on such frequencies, i.e., the signal-tonoise ratio at any of the radio receivers is so low that it is not

36

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

possible to retrieve the actual transmitted message. In the following, we refer to the A different random frequencies from the set A

F , as FA ← − F . Therefore, we envisage a powerful adversary with a $

full network coverage capable of jamming A different random frequencies at the same time, with A < F (note that with A = F no communication can occur). Hence, the fraction of the radio spectrum that is jammed by the adversary ADV is pA = AF . As an example, let us recall the simple scenario depicted in Fig. 1. Moreover, let us assume that during the same time-slot there are three pairs communicating, i.e., n0 − n1 at frequency f6 , n2 − n3 at frequency f3 and, finally, n4 − n5 at frequency f8 . We assume that ADV is able to jam three different frequencies: f1 , f6 , and f9 . In such a case, ADV prevents only one communication; the one between n0 and n1 —indeed, f6 ∈ fA . In the following, we consider two different types of adversary: the external jammer and the internal jammer. The former jams A different random frequencies at each round. The latter firstly discloses the secrets of |Nc | out of the N nodes in the network, and then it jams the frequencies used by that |Nc | nodes; eventually, if it still has availability of jamming frequencies, i.e., the number of frequencies used by the |Nc | nodes is less than A (taking a conservative stance, we assume A ≥ |Nc |), it randomly selects other target frequencies in the available radio spectrum. Definition. We define a node ni as compromised when all its secrets and in particular all the kij with j ∈ {[0, . . . , N] \ i} have been disclosed to the adversary. Further, both the node’s behavior and its memory remain unchanged after the compromise. The above assumption about node’s behavior is consistent with the literature [14,34–36], In particular, this hypothesis is necessary to guarantee the adversary to stay stealthy during its malicious activities: in fact, the adversary can acquire the secrets belonging to the nodes but does not change the node’s behaviour; otherwise, its activity might be detected by some of the available techniques [37]. The broadcast process is considered successful when all the not-compromised nodes have received the message. We observe that while the external jammer does not leverage any networkinternal information, the internal jammer can leverage all the secrets of the |Nc | compromised nodes, hence amplifying its jamming capabilities. 4. Analysis of the time-delayed broadcast scheme In this section we first introduce the fundamentals of the TimeDelayed Broadcast Scheme (TDBS) and later we detail on its advantages and its limitations. Many solutions have been proposed in the literature in order to mitigate jamming attacks. Authors in [14] proposed the so-called Time-Delayed Broadcast Scheme, hereafter TDBS. In this scheme the broadcast communication is performed by multiple sequential unicast transmissions using different frequencies. In this way, given a radio channel with F frequencies, and assuming that ADV is able to jam up to A different frequencies, the network experiences at least F − A successful transmissions (i.e., transmissions that are not jammed) at each time slot. This feature is assured by the properties of a complete graph [27]. However, note that while F − A transmissions are not jammed, the amount of useful transmitted information can be lower. Indeed, some channels among the F − A could be used to communicate with nodes that have already received the transmitted information in a previous time-slot. That is, even if the communication is successful—i.e., not jammed, that communication does not help in advancing the broadcast. However, thanks to the properties of complete graphs, eventually the message will be delivered to all the nodes.

Fig. 2. Non-cooperative Time-Delayed Broadcast Scheme (TDBS-NC): the reference node n0 delivers the message with consecutive unicast transmissions.

Fig. 3. Cooperative Time-Delayed Broadcast Scheme (TDBS-C): the reference node n0 delivers the message to all its neighbors both directly and via the other nodes in the network.

We distinguish two different TDBS schemes[14]: the noncooperative TDBS, hereafter TDBS-NC, and the cooperative TDBS, hereafter TDBS-C. TDBS-NC. In the baseline communication scenario, the broadcast operation is performed —in a benign scenario— by at least N sequential unicast communications between the reference node n0 and all the other nodes, i.e., {n1 , . . . , nN }. If ADV is present, jammed communications are repeated in future time slots. As an example, consider Fig. 2 where the reference node n0 wants to diffuse a message to the other 5 nodes, i.e., {n1 , . . . , n5 }. We assume that ADV is able to jam 2 (gray boxes) out of the 5 available frequencies (on the y axis) per time-slot. During the first time slot, n0 transmits to n4 (n0 → n4 ), but the subsequent communication is successfully jammed by ADV , i.e., n0 → n1 . The following successful communications are n0 → n5 and n0 → n2 up to time slot t4 , while time slots t5 and t6 are used to re-transmit the previous jammed communications, i.e., n0 → n1 and n0 → n3 . TDBS-C. With this solution each node in the network behaves like a proxy. Therefore, each node that has received the message can help the node n0 to further spread it. Fig. 3 shows the (possible) behavior of TDBS-C with 6 nodes, i.e., {n0 , . . . , n5 }, 5 available frequencies, and ADV being able to jam 2 frequencies per timeslot (grey boxes). We observe that each node is involved in up to 1 communication per time slot, i.e., the node’s radio cannot perform multiple communications on multiple frequencies. Therefore, the maximum numberof concurrent communications in the net  work sums up to min( N2 , F ), where N2 is the number of links involving disjoint nodes. Generally speaking, TDBS-C performs always better than TDBS-NC, due to the contribution in the message spreading provided by the nodes that have received the message in some previous time slot. 4.1. TDBS: PROs and CONs TDBS turns out to be an effective solution to jamming attacks. It relies neither on the existence of jamming-immune control channels for coordinating the broadcast, nor on network-wide shared

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

Fig. 4. TDBS frequency assignment based on 1-factorizations: 4 nodes and 2 frequencies.

secrets. Although frequency hopping sequences might be considered as pre-loaded secrets, they represent a better solution with respect to on-line generated frequencies from pre-shared secret seeds: in fact, in the latter scenario, an internal jammer can easily disrupt the overall network by simply compromising only one node of the network. The main issue of TDBS relies on the pairing process. In the following, we refer to the pairing process as the sequence of computations and communications that allow two peers in the network to agree on a specific frequency, that will be subsequently used for the communication of the message. The TDBS pairing process is performed off-line, i.e., before node deployment. Each node is pre-loaded with a pseudo-random sequence of frequencies such that, at each time-slot, there exists only one pair of nodes that tunes on a specific frequency. As an example, let us consider Fig. 4: we assume a network constituted by N = 4 nodes and F = 2 frequencies. Each node is pre-loaded with a frequency pairing sequence, e.g., n0 with {1, 2, 2, . . . }, n1 with {1, 1, 1, . . . }, n2 with {2, 2, 1, . . . }, and finally, n3 with {2, 1, 2, . . . }. The frequency assignment is performed by mapping to the 1factorization problem. In fact, assuming the nodes as vertices of a graph and communications as edges, 1-factorization realizes a series of perfect matches (1-factor), which span all the edges of a complete graph [27]. This solution guarantees that: (i) hoping sequences are pseudo-random; (ii) compromise of a subset of nodes (insiders) limits the information leakage relevant to the sequences of uncompromised nodes; and, (iii) every node has the same opportunity to perform a broadcast (fairness). Nevertheless, TDBS pairing process presents two major issues. Memory occupation. Pseudo-random frequency sequences have to be pre-loaded on each node before the deployment of the network. Each node consumes exactly one frequency per timeslot and therefore, in order to guarantee long-lasting robustness to ADV jamming activity, the nodes have to be pre-loaded with large frequency sequences that turns out to occupy a large part of the node’s storage, as detailed later. Node joining. Pairs in TDBS are pre-computed during the offline phase. Therefore, the protocol is “static” —with respect to the network pairs— and cannot deal with the join of a new node: a new node joining the network involves a new computation of all the 1-factorizations for all the network pairs, and therefore, all the pseudo-random frequency sequences must be invalidated and recomputed. Further, for each node, the (large) set of frequencies has to be uploaded on the node itself. We highlight that the preliminary TDBS solution has been subsequently improved in [28] to take into account node join and leave procedures. Nevertheless, also in this case, the newly added node has to distribute a pre-computed frequency hopping sequence to all its neighbors introducing both a network delay—since the neighbor nodes experience a blocking sync—and a significant amount of bandwidth overhead. Moreover,

37

the solution still suffers from a high memory occupation to store the frequencies that will be used during the node lifetime. Node eviction. We use the term “node eviction” to refer to the situation whenever a node is not contributing anymore to the further spread of a message. In this case, the same considerations expressed for node joining apply, even if in this case it could be possible not to intervene to change all the pre-loaded frequencies on each node. Indeed, the protocol would continue working, while incurring in some extra overhead—the frequencies associated to evicted nodes will be used; a communication that does not help in advancing the spread of the message. Moreover, to keep using the frequencies associated to evicted nodes could constitute a problem for the confidentiality of the message—it could be delivered to an ADV that is in possession of that frequencies—, but it would not prevent authorized nodes to eventually receive the message. In the following, we introduce our solution: Freedom of Speech (FoS). At glance, FoS works by moving the pairing process from the off-line phase to the on-line phase, adopting a new probabilistic pairing algorithm that does not need to store long pseudo-random frequency sequences. Hence, FoS enables a very efficient deployment, as well as eviction, of new nodes in the network. Both the theoretical analysis and the extensive simulation campaign support the quality and viability of our findings. In the next sections, we compare FoS with the current state of the art solution by adopting two metrics introduced by [14,28]: the broadcast delay, i.e., the time to broadcast a message to all the nodes in the network and the broadcast progress, i.e., the fraction of the nodes that has already received the message. 4.2. Simulation setup We implemented the FoS protocol as a GNU Octave standalone function. While the software accepts several configurations and parameters, in this paper we strive to identify only the relevant ones, such as: • N = 32. We considered a full-visibility broadcast scenario of 32 nodes. • F = 79. The number of frequencies available for the node communications has been set to 79 as in [14]. This makes FoS and the results of this paper readily compatible and consistent with the Bluetooth technology. • Number of runs: each scenario configuration has been run 512 times in order to guarantee the maximum significance of the results. For each scenario, we are also reporting the quantile 5, 50 and 95 by means of errorbars highlighting the result variability—and its significance. Moreover, we observe that the solution proposed in this paper is agnostic from the underlying technology. FoS can actually be implemented on top of any wireless radio technology and it does not require any specific physical layer feature. Nevertheless, given the full visibility scenario, we envisage that FoS can be particularly suitable in IoT environments where the nodes are resource constrained and always connected to the network. Finally, in the next sections, we will present the results for all the configurations in terms of time slots without referring to any specific technology: this way, our results can be immediately instantiated to any technology by changing the value of the parameters. 5. Two step probabilistic pairing: peer selection and frequency tuning Freedom of Speech (FoS) is based on a two steps network-wide (on-node) process: selection of the potential communicating parties and frequency tuning.

38

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

Algorithm 1: Node ni broadcasts the message as a sequence of unicast transmissions. INPUT: msg.

Fig. 5. Node selection example: the nodes are selected for the communication when the ball is thrown in the bin 0 out of the m = 5 existing ones. The pairing 1 . happens with probability m

The selection of the communicating nodes is performed according to the following probabilistic model: at each time slot t, a ball is randomly placed in one out of m bins. The nodes are paired when the ball hits a specific bin, e.g., the bin 0 in Fig. 5. Let ni and nj be two nodes belonging to N , kij be a shared secret between ni and nj , m ∈ N+ , and finally, let t be the current time-slot. A candidate pair ni − n j is selected for communication at time-slot t, if:

H ( ki j

|| t ) == 0 (mod m )

(1)

where H(◦) is a cryptographically secure hash function such as SHA-2 [38] and ◦ || ◦ represents the concatenation operator.

let H (· ) be a cryptographic hash function. let N be the set of nodes in the network. let Nr be the set of nodes that have already received the message. let Ns be the set of nodes scheduled for receiving the message. let t be the time slot counter. let ki j be the secret shared between the node i and j. let F be the overall number of transmission frequencies. /* Initialization phase. t = 1; Nr = {}; Ns = {}; /* Repeat until msg is received by everyone while |N \Nr | > 0 do /* Search for potential receivers. for j in N \Nr do if H (ki j || t ) == 0 (mod m ) then /* Add the jth node to the Ns set. Ns ← j; end end if |Ns | > 0 then /* Select a random receiver from Ns .

*/

*/

*/

*/

*/

$

Definition. We refer to node ni (nj ) as a candidate node for the communication at time t, if ni (nj ) has not received the message yet, and there exists a kij that satisfies Eq. (1) with i ∈ N, j ∈ N and i = j. At each time slot, the probability that the pair ni − n j is se1 lected for the communication is m . The value of m is empirically chosen such that the number of transmitting candidates, hereafter |Ns |, guarantees that on average each node is involved in one communication, i.e., m = |N|. Fig. 6 resumes how m affects the system performance: when m is high, just a few pairs ni − n j are selected for the communication by Eq. (1), and therefore the network experiences an aggregated low bandwidth. Conversely, when m is low, many kij satisfy Eq. (1), and therefore the network experiences many conflicts, i.e., each node is involved in multiple pairing processes. Moreover, even assuming m = |N|, given the probabilistic nature of the protocol, it is still possible to have conflicts. In such a case, the sender node experiencing multiple selections from Eq. (1), it randomly chooses among those ones just one neighbour (it has not communicated to already) discarding the others. Each pair selected using Eq. (1) chooses the communication frequency according to the following equation:

f = H ( ki j

|| t ) (mod F )

(2)

The previous equation guarantees that the same pair, at each time slot, select the same frequency, and that such a frequency is randomly selected over the available F. Moreover, we observe that Eq. (2) might lead to multiple selections of peers. In the next sections, we provide a throughout analysis of this phenomenon and its impact on the performance of the protocol. Finally, we highlight that our solution does not require preloaded sequences of frequencies, indeed frequencies are randomly chosen at run-time with the probabilistic computation given by Eq. (2). This also mitigates the overhead due to new nodes joining the network: FoS only requires to update the network with N keys— assigning exactly one key to each node.

j← − [1, . . . , |Ns |] ; /* Select the communication frequency. f = H (ki j || t ) (mod F ) ; /* Send the message to j at frequency f . send(msg, f ) ; /* Wait for ack; if not received, assume

*/

*/

the message is jammed

*/

if receive(ack) then /* Add j to Nr and clear Ns . Nr ← j; end Ns = {}; t = t + 1; end else wait for the next time slot; end end

*/

6. Non-cooperative broadcast In this section we consider the simplified scenario where, at any time slot, there is up to one transmitter node ni that wants to deliver the message to all the other nodes in the network. Algorithm 1 shows how node ni broadcasts a message by means of (at least) N unicast communications. After the initialization phase, ni checks if there are nodes that are still missing the message, i.e., |N \Nr | > 0, where N is the set of network nodes and Nr is the set of nodes that have already received the message, respectively. Node ni selects the candidate nodes for the next communication among the nodes that have not yet received the message, i.e., N \Nr . Candidate nodes are selected according to Eq. (1) and added to the Ns set. If no nodes are selected for the communication, the protocol waits for the next time slot. Otherwise, ni selects a random node among Ns , i.e., nj , and chooses the transmission frequency according to Eq. (2). Finally,

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

39

Fig. 6. Possible effects on m on link establishment.

the message is sent to nj by transmitting on the selected frequency f, and eventually, nj is added to the Nr set. Note that, by construction, f is the same for the communicating nodes and it is computed in a distributed way. Firstly, we observe that while several candidates can be selected for the communication, i.e., different kij might solve Eq. (1), only one node (nj ) is (randomly) selected as a possible receiver at each time slot. Secondly, we highlight that the current communication is considered as successful only if the peer acknowledges the packet reception: if the ack packet is not received by the sender due to a packet loss event or a successfully jamming activity, the current communication is considered by the sender as not successful and it will be probabilistically rescheduled in the future —i.e., the selected receiver is not removed from Ns . Finally, without loss of generality, we assume that if the message and the ack transmissions do not fit in the current time slot, the pair assumes the communication failed. Definition. We define broadcast progress, hereafter B (t ), the fraction of the network nodes that have already received the message at time slot t. In the following, we derive a general equation for the broadcast progress that will be instantiated for the different scenarios we will consider later on. Let R(t) be the random variable that takes on the value 1 when node nj receives the message from ni at time slot tˆ, i.e., R(t > tˆ) = 1, otherwise R(t ) = 0. In order to compute the broadcast progress, we observe that the probability for a node nj to receive the message at time slot t = tˆ, assuming each time slot as independent, is given by:

P(R(t = tˆ) = 1 ) = 1 −

tˆ−1 

P(R(t ) = 0 )

t=0

Now, recalling that ni has N candidate links for the communication, and leveraging the linearity of the mean, the normalized number of the performed communications between ni and the other nodes in the network after t time slots, that is the broadcast progress, can be computed as:

B (t ) =

N 1 P(R(t ) = 1 ) N j=1

= 1−

t 

P (R (k ) = 0 )

(3)

k=1

Definition. We define broadcast delay, hereafter τ B , the minimum slot time t = τB for which the broadcast progress B (t ) reaches the value 1 −  , i.e., B (t ≥ τB ) ≥ 1 −  for an arbitrary  > 0.

Table 2 Notation summary for the random variables. pA B (t ) R(t ) = {0, 1} S (t ) = {0, 1} S (t ) = {0, 1}

τB

Fraction of the radio spectrum being jammed Broadcast progress Random variable taking the value 1 when node n0 receives the message at time slot t, otherwise 0. Random variable taking the value 1 when k0j satisfy Eq. (1), otherwise 0. Random variable taking the value 1 when node nj is randomly chosen by ni , otherwise 0. Broadcast delay

We consider two different network models, and for each of them we provide the performance analysis in terms of broadcast progress assuming the following scenarios: 1. Baseline scenario: n0 is the only transmitter in the network. 2. Realistic scenario: each of the nodes in the network may act as a transmitter after the network deployment. In the baseline scenario, the transmitter node is determined prior to the network deployment, and therefore, all the nodes belonging to the network are aware of the identity of the transmitting source. Conversely, in the realistic scenario, each of the nodes may act as a transmitter after the network deployment. Nevertheless, we stress that in both the above cases, we are still assuming that the broadcast process is accomplished by means of a non-cooperative strategy, i.e., the transmitting source implements the broadcast process by means of a sequence of unicast communications to its neighbors without relying on the help of others nodes (proxies). Table 2 resumes the notation for the random variables used throughout this section. 6.1. Baseline scenario: node n0 acts as the only transmitting source In this section, we consider a simplified networking model constituted by a sole transmitting source selected prior to the network deployment. In this scenario, node n0 acts as the only transmitter, while the rest of the network, i.e., nodes N \ n0 act as the receivers. At each time slot, both the transmitter n0 and the receivers nj with j ∈ {1, . . . , N} solve Eq. (1) and search for a candidate pair n0 − n j to communicate and later, following Eq. (2), they select the frequency to use to communicate. In the following, we derive a closed formula for the broadcast progress in this scenario. We start our analysis by observing that node nj might not receive the message at time t either because it has not been selected by Eq. (1) or because it has been selected but (due to multiple selections) node n0 chooses another node to

40

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

Fig. 7. First order approximation of P(R(t ) = 0 ).

communicate to . Therefore, the probability P(R(t ) = 0 ) that node nj does not receive the message at the time slot t, yields:

P(R(t ) = 0 ) = P(S (t ) = 0 ) + P(S (t ) = 1 ∧ S (t ) = 0 )

(4)

where S (t) is the random variable that takes on the value 1 when k0j satisfies Eq. (1) at time t and S (t) is the random variable that takes on the value 1 when node nj is randomly chosen by ni among the nodes that satisfy Eq. (1) — that is when multiple collisions occur. Firstly, we observe that the probability that node nj has not been selected at a given time slot t does not depend on that time slot value and yields, from Eq. (1):

P(S (t ) = 0 ) = 1 −

1 m

(5)

Nevertheless, P(S (t ) = 1 ∧ S (t ) = 0 ) is strongly time-dependent. In order to ease the discussion, we provide a first order approximation of the latter probability. To reach this goal let us start by considering Fig. 7. That is, we evaluate P(R(t ) = 0 ) at t = 0 and t = τB , and interpolate the two points with a straight line P (R(t ) = 0 ) as a first order approximation. The probability P(R(0 ) = 0 ) that node nj does not receive the message at time t = 0 can be computed recalling Eq. (4), yielding:

P(R(0 ) = 0 ) = P(S (0 ) = 0 ) + P(S (0 ) = 1 ∧ S (0 ) = 0 ) where P(S (0 ) = 0 ) is given by Eq. (5) while P(S (0 ) = 1 ∧ S (0 ) = 0 ) is the probability that node nj has been selected but it does not receive the message because node n0 has chosen another node to communicate to, yielding:

P(S (0 ) = 1 ∧ S (0 ) = 0 ) =

N  

P (S (0 ) = 1 )



P(S (0 ) = 0 )



k=2

where k is the number of nodes solving Eq. (1). By observing that P(S (0 ) = 0 ) = 1 − 1/k, the previous equation can be rewritten as:

P(S (0 ) = 1 ∧ S (0 ) = 0 ) =

 N   1 k k=2

m

1−

where we have considered all the possible

1 m

N  k

N−k N k − 1 k

k (6)

combinations of k

1 m

the broadcast process is almost accomplished; hence, multiple receiver candidates are unlikely to be generated and the probability to deliver a message only depends on the probability to select the neighbour by means of Eq. (1), yielding:

P(R(t ≥ τB ) = 0 ) ≈ P(S(t → ∞ ) = 0 ) = 1 −

τB = −N ln( )

(8)

For instance, substituting  = and N = 32, it yields τ B ≈ 147. Errorbars in Fig. 8 show the quantile 5, 50, and 95 computed over 512 simulations according to the non-cooperative scenario where node n0 acts as the only transmitting source, while the dashed line depicts Eq. (3) with the linear approximation of P(R(t ) = 0 ) as shown in Fig. 7. We observe that the broadcast delay approximation τ B ≈ 147 is consistent with the simulation results, i.e., when t ≥ 147 the broadcast process is almost accomplished. 10−2

6.2. Realistic scenario: each node acts as a transmitting source We consider a realistic scenario consisting of N nodes where each one acts also as a source for a message to be broadcast. We assume the node ni as a generic transmitting source and we refer to the node nj as one of the network neighbors that has to receive the message. Recalling Eq. (3), it yields:

B (t ) = 1 −



P(R(t ) = 0 ) = 1 −



1 − P(R(t ) = 1 )



(9)

t

In order to evaluate the probability for nj to receive the message from ni , i.e., P(R(t ) = 1 ), we need to define two new random variables. Let C(t) be a random variable that takes on the value 1 if the link ni − n j is a candidate for the communication at time t, and 0 otherwise. Let also X(t) be the random variable that counts how many kix and kyj , with x, y ∈ [0, N − 1], x = i and y = j, respectively, solve Eq. (1) at round t. Therefore, X(t) counts how many candidate links are elected by the nodes ni and nj at time t. The probability P(R(t ) = 1 ) can be computed as:

P(R(t ) = 1 ) = P(C (t ) = 1 ∧ X (t ) = 1 ) + . . . . . . + P(C (t ) = 1 ∧ X (t ) = 2N − 1 )

(7)

Now, recalling the definition of broadcast delay τ B , i.e., the minimum τ B such that B (t ≥ τB ) ≥ 1 −  , we assume that when t ≥ τ B ,

1 m

Finally, in order to estimate τ B , we substitute Eq. (7) in Eq. 1 τB (3) obtaining B (t = τB ) = 1 − (1 − m ) = 1 −  , yielding:

t

1 conflicting links, with 2 ≤ k ≤ N, with probability m , and the N − k links that have not been selected by Eq. (1). We stress that Eq. (6) holds only for t = 0, in fact the probability P(S (t ) = 1 ∧ S (t ) = 0 ) tends to zero when t → ∞: asymptotically, the number of conflicting candidates tends to zero because all the nodes have already received the message, and therefore Eq. (4) becomes:

P(R(t → ∞ ) = 0 ) ≈ P(S (t → ∞ ) = 0 ) = 1 −

Fig. 8. Broadcast progress as a function of the time in the baseline scenario: Errorbars show quantile 5, 50, and 95 computed over 512 simulations (N = 32,  = 10−2 ), while the dashed line represents the average trend (Eq. (3)) with the linear approximation of P(R(t ) = 0 ) as depicted in Fig. 7.

=

2 N−3 k=1

P(C (t ) = 1 ∧ X (t ) = k )

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

41

network is N = 32. Conversely, the performance of the two broadcast protocols are slightly different at the beginning of the broadcast process: in the baseline scenario, the probability to correctly deliver a message is P(R(0 ) = 1 ) ≈ 0.02 (given by Eq. (4)), while in the realistic scenario, P(R(0 ) = 1 ) ≈ 0.012 (given by Eq. (15)): concurrent candidate links (less frequent in the baseline scenario) almost halve the performance of the realistic scenario at the beginning of the broadcast process. 6.3. Jamming resilience

Fig. 9. Broadcast progress as a function of the time in the realistic scenario: Errorbars show quantile 5, 50 and 95 computed over 512 simulations (N = 32,  = 10−2 ), while the dashed line represents the average trend (Eq. (12)).

As in the previous case, P(R(t ) = 1 ) has a strong time dependency and therefore we provide a first order approximation P (R(t ) = 1 ) by interpolating two points, i.e., P(R(0 ) = 1 ) and P(R(τB ) = 1 ), respectively. The probability P(R(0 ) = 1 ) that the link ni − n j experiences a communication at t = 0 yields (details can be found in Appendix):

P (R (0 ) = 1 ) =

2 N−3

P(C (0 ) = 1

| X ( 0 ) = k )P ( X ( 0 ) = k )

(10)

k=1

where P(C (0 ) = 1 | X (0 ) = k ) is the probability that the link ni − n j is a candidate when k candidate links have already been chosen from Eq. (1) at round t = 0, while P(X (0 ) = k ) is the probability that nodes ni and nj select exactly k candidates for the message communication. Now, we observe that, while at the beginning (t = 0) the numbers of potentially receiver candidates for ni sums up to |N \Nr | = |N |, as the broadcast progresses, i.e. as times goes by, ni will experience only a few candidate receivers, i.e., |N \Nr | ≈ 1. In fact, according to Algorithm 1 when t → ∞, |Nr | ≈ |N |, and |Ns | ≈ 1. Therefore, having multiple candidates will be an unlikely event and 1 the only candidate link (chosen with probability m ) will be selected for the communication, yielding:

P(R(t → ∞ ) = 1 ) =

1 m

(11)

As in the previous scenario, we make the grounded assumption that when the broadcast delay τ B is reached, then the broadcast process is almost accomplished. Therefore, Eq. (11) can be approximated as follows:

P(R(t ≥ τB ) = 1 ) ≈

1 m

Finally, recalling Eq. (9) and approximating P(R(t ) = 1 ) with a first order approximation P (R(t ) = 1 ) between the points P(R(0 ) = 1 ) and P(R(τB ) = 1 ) as depicted above, it yields:



B (t ) = 1 − 1 − P (R(t ) = 1 )

t

(12)

Fig. 9 shows the performance of 512 runs of the Algorithm 1, when N = 32. Errorbars show the quantile 5, 50, and 95 associated to the broadcast progress while dashed line represents Eq. (12). We highlight that in both the baseline and the realistic scenario, when t ≥ τ B , the probability to experience a communication is about 1 P(R(t ≥ τB ) = 1 ) ≈ m ≈ 0.031, when the number of nodes in the

We recall that ADV can jam A random frequencies out of the F allowed for the communication; hence, the probability for a given communication to be jammed results pa = AF , with pa ∈ [0.1, 0.9]. In the following analysis, we consider only the realistic scenario proposed in Section 6.2, i.e., all the nodes belonging to the network are involved in a broadcast process. Moreover, we consider two different adversarial models: the external and the internal jammer. The external jammer simply jams A out of the F available frequencies. Conversely, the internal jammer acquires a subset of the network nodes’ secrets and it leverages such a knowledge to increase its chances to disrupt the communications. Moreover, the adversarial model we are considering in this work does not involve any change to the node’s behaviour, i.e., the adversary does not interfere with the current algorithms and protocols run by the node. This behavior, also assumed by related works [14,28,34–36,39], guarantees the adversary to stay hidden and undetected by the network hence delaying the adoption of possible countermeasures. External jammer. Recalling Eq. (3) and pa as the fraction of the spectrum that is jammed, the broadcast progress can be computed as:

B (t ) = 1 −



(1 − P(R(t ) = 1 ) · (1 − pa ))

(13)

t

Since we are interested in obtaining an approximation for the broadcast delay when the broadcast process is almost accomplished (t ≥ τ ), Eq. (13) can be rewritten as:

B (t ≥ τ ) ≈ 1 −



(1 − P(R(t ≥ τB ) = 1 ) · (1 − pA ))

t

Recalling that P(R(t ≥ τB ) = 1 ) ≈

B (t ≥ τ ) ≈ 1 −

 t

1 m

from Eq. (11), it yields:





1 1 − pA 1− · ( 1 − pA ) = 1 − 1 − m m

t

The broadcast delay TB can be derived analogously to Eq. (8) substituting B = 0.99 and m = N = 32, yielding:

TB ≤ −

N ln(1 − B ) 1 − pA

(14)

Errorbars in Fig. 10(a) show the quantile 5, 50, and 95 associated to the broadcast delay TB (Eq. (14)) computed over 512 simulations (N = 32,  = 10−2 ). In particular, we plot the time to reach a broadcast progress B (t ) equal to 0.97 (that is, roughly one node out of the 32 has not received the message yet) as a function of the jammed fraction of the radio spectrum, i.e., pA ∈ [0.1, 0.9]. Dashed line in Fig. 10(a) depicts Eq. (14). For example, assuming ADV jams 50% of all the frequencies, the broadcast delay requires (with respect to pA = 0) about 331 − 147 = 184 more time slots. Internal jammer. The internal jammer plays a twofold role: we assume ADV has previously disclosed the secret keys of a set c = {0, 8, 16, 24} of nodes in the network (with N = 32), while retaining further jamming capabilities. In this scenario, ADV firstly jams the frequencies related to the keys it is in possession of, then if it has enough jamming power, it random chooses other frequencies — remind that this behavior correspond to an ADV that wants to be stealthy, as discussed in Section 3.2.

42

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

Fig. 10. Non-cooperative broadcast scenario: (a) Broadcast delay as a function of the jamming probability with an external jammer and (b) with 8, 16 and 24 compromised nodes by an internal jammer.

Fig. 11. An example of cooperative broadcast run by 6 nodes.

Fig. 10(b) shows the broadcast delay TB as a function of the fraction of the jammed radio spectrum pA when the number of compromised nodes varies among c = [0, 8, 16, 24]. The lines in Fig. 10(b) represent the median value (quantile 50) of 512 simulations (N = 32,  = 10−2 ). We highlight that the disclosed secrets from the compromised nodes do not affect the broadcast process of the non-cooperative scenario. In fact, the knowledge of the secrets kij belonging to the compromised nodes Nc do not help to increasing the jamming effectiveness on the remaining not compromised nodes: the disclosed secrets can only be exploited to disrupt the communications of the compromised nodes.

Fig. 12. Cooperative broadcast: broadcast progress as a function of the time slots.

{n0 , n2 , n4 , n5 }, and the message is sent to the last node n3 by n2 . Fig. 12 shows the quantile 5, 50, and 95 related to the broadcast progress of a network of N = 32 nodes with F = 79 available frequencies. We observe that the broadcast process is accomplished within about 23 time slots, i.e., TB = 23.

7. Cooperative broadcast 7.1. Jamming resilience In this section we assume Algorithm 1 is run by all the nodes in the network and not just by only node ni as presented in previous sections. Therefore we assume ni is the initiator of the broadcast process while all the other nodes can possibly participate to the broadcast process by acting as proxy: in the following, we refer to this communication model as the cooperative broadcast. At each round t, the network nodes are parted into the nodes Nr that have already received the message, and the nodes Ns that still have to receive the message. Moreover, all the nodes belonging to Nr participate to the broadcast process. Initially, Nr = {ni } and Ns = ∅, therefore, during the first time slot, the transmission will be performed by ni only. Fig. 11 shows an example scenario with 6 nodes. At t = 1, the only node participating to the broadcast is n0 : it sends the message to n2 . During the second time slot, both n0 and n2 participate to the broadcast by spreading the message to other 2 nodes, i.e., n4 and n5 . Finally, at the third time slot, the broadcast process is fully accomplished, in fact the transmitting nodes are Nr =

We assume ADV is able to jam a fraction pa of the radio spectrum pA ∈ [0.1, 0.9], i.e., given F frequencies, ADV is able to jam A different frequencies such that the probability for a random frequency to be jammed is pA = AF . External jammer. The behaviour of the external jammer in the cooperative scenario is the same as in the non-cooperative scenario: at each round, ADV picks A random frequencies and jams them. All the pairs that have been jammed by ADV reschedule the transmission in the future. Solid line in Fig. 13 shows the quantile 50 computed over the broadcast delay of 512 simulations. We observe that our protocol is able to accomplish the broadcast process with about 38 time slots when ADV is able to jam the 50% of the available frequencies. Further, when pA = 0.9, our protocol needs less than 250 time slots. Internal jammer. We assume that ADV has been also able to disclose the secrets of c ∈ [8, 16, 24] nodes among the N = 32 deployed sensors. In particular, the adversary was able to disclose

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

43

Table 3 Broadcast delays for the different scenarios and adversarial configurations with N = 32 nodes and F = 79 frequencies. Broadcast type

Non Cooperative

Scenario

Baseline

Realistic

Adversary type

No ADV

No ADV

Broadcast delay

147

147

Cooperative

External pa = 0.9 1672

Internal c = [8, 16, 24] 1900

Baseline

Realistic

No ADV

No ADV

×

23

External pa = 0.9 220

Internal c = [8, 16, 24] [250, 350, 675]

the internal and the external adversarial models. We recall that the number of nodes, whose secrets have been disclosed, does not affect the delay of the non-cooperative broadcast in the realistic scenario with an internal adversary: the broadcast delay is about 1900 time slots when c ∈ [8, 16, 24] because the disclosed secrets from the compromised nodes do not help at all the adversary to increase the effectiveness of its jamming activity on the remaining nodes which secrets have not been compromised. Conversely, compromised nodes affect the cooperative scenario, in fact although they are not considered in the target set of the broadcast process, their number significantly affects the broadcast delay: compromised nodes do not help in the proxy relay.

9. Comparison with TDBS Fig. 13. Cooperative broadcast: broadcast progress as a function of the time slots.

the secret kij belonging to the above nodes without changing the node’s behavior. Subsequently, in order to stay stealthy and maximize its effectiveness, we assume ADV firstly targets the communication frequencies of the compromised nodes and then it randomly chooses the remaining frequencies to jam till its budget of jammable frequencies is reached. Dashed lines in Fig. 13 depict the quantiles 50 of 512 simulations associated to the broadcast delay TB as a function of the jamming probability pA when the number of compromised nodes spans between c = 8 and c = 24. Contrary to the results related to the internal jammer for the non-cooperative scenario, the broadcast delay decreases when the number of compromised nodes is smaller: this is due to the fact that more non-compromised nodes can help in the broadcast process to spread the message all over the network. 8. Discussion Table 3 resumes all the scenarios and adversarial configurations taken into account in this work. We have considered two types of broadcast: the non cooperative and the cooperative. The former is characterized by only one transmitting source that implements a broadcast communication by subsequent unicast transmissions while, in the later case, each node of the network acts as a proxy to help the source to deliver the message. For each of the previous configurations, we considered two scenario: a simplified model (baseline) where the source is a-priori known, and a more realistic scenario where each of the nodes may initiate a broadcast transmission. Given the above network and scenario configurations, we considered two different adversarial model: the external and the internal. While the former just jams a fraction of the radio spectrum, the latter increases its jamming effectiveness due to its ability of having disclosed a subset of the secrets of the network. We consider the broadcast delay for all the above cases: in particular, in order to ease the discussion, we assume the adversary is able to jam the 90% of the spectrum, i.e., pa = 0.9, for both

In this section we compare FoS with the state of the art solution TDBS [14] considering the two previously introduced network models: the non-cooperative and the cooperative scenarios. Fig. 14 shows the comparison between FoS and TDBS in the non-cooperative (a), and in the cooperative scenario (b), respectively. We considered a network of N = 32 nodes and F = 79 frequencies with a fixed number of nodes c = 16 whose secrets have been disclosed for both the scenarios. We observe that TDBS outperforms FoS in both cases, although in the cooperative scenario the performance are similar when the jamming probability is low, i.e., pa < 0.5. We stress that TDBS is optimal due to its deterministic way to compute the hopping frequencies. Nevertheless, as stated before, TDBS turns out to be impractical or even not adaptable in many situations. As a concrete example, let us consider a realistic deployment scenario adopting the bluetooth technology as suggested in [14]. Bluetooth features a slot duration of 635 μ s and therefore it performs 1600 hops per second [40]. Now, in order to store one frequency hop value, assuming a channel constituted by F = 79 frequencies, we need at least log2 (79 ) = 7 bits, therefore the protocol consumes 11.2 Kbits per second in terms of frequency hop values. As depicted in Fig. 15, this might be impractical for long-lasting unattended networks, e.g., to guarantee the jamming robustness for the first 24 h, more than 900 Mb of storage are needed. As for the storage requirements of FoS, we highlight how our proposal requires to store on each of the node only N seeds, e.g., assuming each kij needs 128 bits of storage, each node has to reserve an overall storage capacity of 498B when the number of nodes in the network is N = 32. TDBS is also affected by another important issue. As said before, frequency hop values might be either loaded before the network deployment [14] or subsequently by the newly added node [28], and therefore node joining and leaving implies the re-distribution of the frequency hop values to all the nodes in the network. Now, recalling the above considerations on the amount of memory needed for the hop sequences, TDBS turns out to be difficult to deploy in dynamic and bandwidth constrained networks. Conversely, FoS needs to re-distribute just one seed per node, e.g., given a new node n|N |+1 , the new seed ki,|N |+1 has just to be delivered to all the |N | nodes belonging to the network.

44

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

Fig. 14. Comparison between FoS and TDBS in the non-cooperative scenario (a), and in the cooperative scenario (b): broadcast delay as a function of the jamming probability assuming c = 16 compromised nodes in a network of N = 32 nodes and F = 79 frequencies.

are also planning to implement our solution in a small network of Software Defined Radios (SDRs).

Acknowledgements The authors would like to thank the Associate Editor and the anonymous referees for the suggestions that substantially improved the quality of the paper.

Appendix

Fig. 15. Amount of requested storage as function of the time (days), FoS vs TDBS with Bluetooth (F = 79, N = 32): while FoS requires a constant amount of memory equal to 496 B, TDBS consumes 11.2 Kbps, and it turns out to be impractical in long lasting communications.

10. Conclusions This work presents a detailed analysis of Freedom of Speech (FoS): a lightweight probabilistic protocol for thwarting broadcast jamming in wireless networks. We have compared FoS against a state of the art solution. Results show that FoS performs roughly equally well than competing solutions in realistic scenarios —where ADV behaves as an internal jammer able to disclose the secrets of up to half of the nodes in the network and jams up to half of the available frequencies. Further, we highlight that FoS provides a very efficient procedure for node join and node eviction operations, while the overhead in terms of memory and computation is always almost negligible; each node needs to store just a pair-wise secret key for each of the nodes in the network and computations sum up to only a few hashes per time slot. On the contrary, its competitor requires several order of magnitude more memory (972 Mb versus just 498 B for a realistic scenario) and, moreover, its flexibility when nodes either join or leave the network is quite limited. The paper also opens some novel research directions; for instance: optimality for system parameters has to be derived yet, as well as the overall network communication capacity. Future works will consider different topologies and in particular performance and metrics related to a local visibility network. We

In this section we derive the probability P(R(0 ) = 1 ) that node ni transmits to nj with n j ∈ N \ ni during the first time slot (t = 0). We observe from Fig. A.16(a) that both the nodes ni and nj have potentially |N | − 1 nodes to deliver the message. In fact, when t = 0, |Nr | = 0 and all the nodes are potential receivers for the message. Therefore, when t = 0, the number of potentially conflicting links involving nodes ni and nj sums up to N − 1 + N − 2, i.e., N − 1 different links from ni and N − 2 from nj , yielding:

P (R (0 ) = 1 ) =

2 N−3

P(C (0 )

| X ( 0 ) = k )P ( X ( 0 ) = k )

k=1

Fig. A16. A model for computing P(R(0 ) = 1 ).

(15)

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46

The probability that the link ni − n j is chosen when X (0 ) = k candidate links have been selected, yields:

P(C (0 )

1

| X (0 ) = k ) = k+1  k+1  2

(16)

2

where we have considered a balanced distribution of the candidates. As a simple example, we consider Fig. A.16(b), where X (0 ) = 6, and therefore, the probability P(C (0 ) | X (0 ) = 6 ) that ni − n j is 1 chosen by both ni and nj turns out to be 14 · 13 = 12 . As for the second term of the sum in Eq. (15), it yields:

P (X (0 ) = k ) =

 1 k  m

1 1− m

2N−3−k 2N − 3 k

(17)

where we have considered all the possible (2N−3 k ) combinations of k 1 conflicting links with probability m and 2N − 3 − k links that have not been selected by Eq. (1). References [1] R.A. Poisel, Modern Communications Jamming Principles and Techniques, 2nd, Artech House, Inc., Norwood, MA, USA, 2011. [2] A.M. Wyglinski, D.P. Orofino, M.N. Ettus, T.W. Rondeau, Revolutionizing software defined radio: case studies in hardware, software, and education, IEEE Commun. Mag. 54 (1) (2016) 68–75, doi:10.1109/MCOM.2016.7378428. [3] M. Dehghan, D. Goeckel, M. Ghaderi, Z. Ding, Energy efficiency of cooperative jamming strategies in secure wireless networks, IEEE Trans. Wireless Commun. (99) (2012) 1–5. [4] D.J. Thuente, B. Newlin, M. Acharya, Jamming vulnerabilities of IEEE 802.11e, in: Military Communications Conference, 2007. MILCOM 2007. IEEE, 2007, pp. 1–7. [5] SESP, http://www.sesp.com. [6] R.D. Pietro, G. Oligeri, Jamming mitigation in cognitive radio networks, network, IEEE 27 (3) (2013) 10–15. [7] S. Amuru, R.M. Buehrer, Optimal jamming against digital modulation, IEEE Trans. Inf. Forensics Secur. 10 (10) (2015) 2212–2224, doi:10.1109/TIFS.2015. 2451081. [8] Q. Liu, M. Li, X. Kong, N. Zhao, Disrupting mimo communications with optimal jamming signal design, IEEE Trans. Wireless Commun. 14 (10) (2015) 5313– 5325, doi:10.1109/TWC.2015.2436385. [9] Y.O. Basciftci, F. Chen, J. Weston, R. Burton, C.E. Koksal, How vulnerable is vehicular communication to physical layer jamming attacks? in: Vehicular Technology Conference (VTC Fall), 2015 IEEE 82nd, 2015, pp. 1–5, doi:10.1109/ VTCFall.2015.7390968. [10] H. Wang, J. Guo, Z. Wang, Evaluation of security for DSSS under repeater jamming, in: Communications, 2007. ICC ’07. IEEE International Conference on, 2007, pp. 5525–5530. [11] K. Pelechrinis, C. Koufogiannakis, S. Krishnamurthy, Gaming the jammer: is frequency hopping effective? in: Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, 2009. WiOPT 2009. 7th International Symposium on, 2009, pp. 1–10. [12] Y. Lee, T. Yoon, S. Yoo, S.Y. Kim, S. Yoon, Performance analysis of a CSS system with M-ary PSK in the presence of jamming signals, in: Vehicular Technology Conference, 2009. VTC Spring 2009. IEEE 69th, 2009, pp. 1–5. [13] C. Pöpper, M. Strasser, S. Capkun, Jamming-resistant broadcast communication without shared keys, in: USENIX Security Symposium, 2009, pp. 231–248. [14] S. Liu, L. Lazos, M. Krunz, Thwarting inside jamming attacks on wireless broadcast communications, in: Proceedings of the fourth ACM Conference on Wireless Network Security, WiSec ’11, ACM, New York, NY, USA, 2011, pp. 29–40. [15] L. Sang, A. Arora, Capabilities of low-power wireless jammers, in: INFOCOM, 2009, pp. 2551–2555. [16] Y. Liu, P. Ning, H. Dai, A. Liu, Randomized differential dsss: jamming-resistant wireless broadcast communication, in: INFOCOM, 2010, pp. 695–703.

45

[17] M. Strasser, C. Pöpper, S. Capkun, M. Cagalj, Jamming-resistant key establishment using uncoordinated frequency hopping, in: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP ’08, IEEE Computer Society, Washington, DC, USA, 2008, pp. 64–78. [18] K. Xu, Q. Wang, K. Ren, Joint UFH and power control for effective wireless anti-jamming communication, in: INFOCOM, 2012, pp. 738–746. [19] H. Wang, L. Zhang, T. Li, J. Tugnait, Spectrally efficient jamming mitigation based on code-controlled frequency hopping, IEEE Trans. Wireless Commun. 10 (3) (2011) 728–732, doi:10.1109/TWC.2011.010411.10 0 057. [20] L. Zhang, J. Ren, T. Li, Jamming mitigation techniques based on message-driven frequency hopping, in: Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE, 2009, pp. 1–6, doi:10.1109/GLOCOM.2009.5425642. [21] M. Hanawal, M. Abdel-Rahman, M. Krunz, Joint adaptation of frequency hopping and transmission rate for anti-jamming wireless systems, IEEE Trans. Mob. Comput. (99) (2015), doi:10.1109/TMC.2015.2492556. 1–1 [22] L. Zhang, Z. Guan, T. Melodia, Cooperative anti-jamming for infrastructure-less wireless networks with stochastic relaying, in: IEEE INFOCOM 2014 - IEEE Conference on Computer Communications, 2014, pp. 549–557. [23] R.H. Gohary, Y. Huang, Z.Q. Luo, J.S. Pang, A generalized iterative water-filling algorithm for distributed power control in the presence of a jammer, IEEE Trans. Signal Process. 57 (7) (2009a) 2660–2674. [24] R.H. Gohary, Y. Huang, Z.Q. Luo, J.S. Pang, A generalized iterative water-filling algorithm for distributed power control in the presence of a jammer, in: 2009 IEEE International Conference on Acoustics, Speech and Signal Processing, 2009b, pp. 2373–2376. [25] Y.E. Sagduyu, R. Berry, A. Ephremides, Mac games for distributed wireless network security with incomplete information of selfish and malicious user types, in: Game Theory for Networks, 2009. GameNets ’09. International Conference on, 2009, pp. 130–139. [26] R.D. Pietro, G. Oligeri, Silence is golden: exploiting jamming and radio silence to communicate, ACM Trans. Inf. Syst. Secur. 17 (3) (2015) 9:1–9:24. [27] W. Wallis, One-Factorizations, Kluwer Academic Publisher, 1997. [28] S. Liu, L. Lazos, M. Krunz, Time-delayed broadcasting for defeating inside jammers, IEEE Trans. Dependable Secure. Comput. 12 (3) (2015) 351–365. [29] R. Anderson, H. Chan, A. Perrig, Key infection: smart trust for smart dust, in: Proceedings of the 12th IEEE International Conference on Network Protocols, ICNP ’04, IEEE Computer Society, Washington, DC, USA, 2004, pp. 206–215. [30] P. Barsocchi, G. Oligeri, C. Soriente, Shake: Single Hash Key Establishment for Resource Constrained Devices, Ad Hoc Networks, Elsevier, 2013, pp. 288–297. 11 [31] E. Ferro, F. Potortì, Bluetooth and Wi-Fi wireless protocols: a survey and a comparison, IEEE Wireless Commun. 12 (1) (2005) 12–26. [32] J. Elson, D. Estrin, Time synchronization for wireless sensor networks, in: Proceedings of the 15th International Parallel & Distributed Processing Symposium, IPDPS ’01, IEEE Computer Society, Washington, DC, USA, 2001, p. 186. [33] S. Ganeriwal, C. Pöpper, S. Capkun, M.B. Srivastava, Secure time synchronization in sensor networks, ACM Trans. Inf. Syst. Secur. 11 (2008) 23–35. [34] R.D. Pietro, G. Oligeri, C. Soriente, G. Tsudik, Securing mobile unattended WSNs against a mobile adversary, in: Reliable Distributed Systems, 2010 29th IEEE Symposium on, 2010, pp. 11–20. [35] G. R. Di Pietro Oligeri, C. Soriente, G. Tsudik, United we stand: intrusion resilience in mobile unattended WSNs, IEEE Trans. Mob. Comput. 12 (7) (2013) 1456–1468. [36] R.D. Pietro, G. Oligeri, C. Soriente, G. Tsudik, Intrusion-resilience in mobile unattended WSNs, in: INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1–9. [37] A. Francillon, C. Castelluccia, Code injection attacks on harvard-architecture devices, in: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS ’08, ACM, New York, NY, USA, 2008, pp. 15–26. [38] D.E. Eastlake, P.E. Jones, US Secure Hash Algorithm 1 (SHA1). [39] R.D. Pietro, G. Oligeri, Freedom of speech: thwarting jammers via a probabilistic approach, in: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec ’15, ACM, New York, NY, USA, 2015, pp. 4:1–4:6. [40] Approved draft standard for information technology– telecommunications and information exchange between systems– local and metropolitan area networks– specific requirements part 15.1reva: Wireless medium access control (mac) and physical layer (phy) specifications for wireless personal area networks (wpans) replaced by IEEE 802.15.1-2005, IEEE Std P802.15.1/D6 (2004).

46

R. Di Pietro, G. Oligeri / Computer Networks 116 (2017) 33–46 Prof. Dr. Roberto Di Pietro is Security Research Group Head at Nokia Bell Labs and an Associate Professor of Computer Science at University of Padova, Italy. His main research interests include security and privacy for wireless systems, cloud and virtualization security, security and privacy for distributed systems, applied cryptography, computer forensics, and role mining for access control systems. He has published 160+ scientific contributions over these topics, receiving 4500+ citations. He was awarded a Chair of Excellence (2011–2012) from University Carlos III, Madrid.

Gabriele Oligeri is a research assistant professor at KINDI Center for Computing Research at Qatar University. He has been previously with University of Trento and University of Roma Tre as a Research Engineer. He received his Ph.D. in Information Engineering from the Engineering Ph.D. school “Leonardo da Vinci” of the University of Pisa. His research interests include security and privacy in distributed systems.