Journal of Network and Computer Applications 34 (2011) 535–541

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

1084-80

doi:10.1

$This� Corr

E-m

abansal

szhong@

journal homepage: www.elsevier.com/locate/jnca

A reputation system for wireless mesh networks using network coding$

Tingting Chen, Ankur Bansal, Sheng Zhong �

Computer Science and Engineering Department, State University of New York, Buffalo, Amherst, NY 14260, USA

a r t i c l e i n f o

Article history:

Received 31 March 2010

Received in revised form

19 November 2010

Accepted 17 December 2010Available online 29 December 2010

Keywords:

Wireless mesh networks

Network coding

Reputation system

45/$ - see front matter & 2010 Elsevier Ltd. A

016/j.jnca.2010.12.016

work was supported by NSF CNS-0845149 a

esponding author. Tel.: +1 716 645 3180x107

ail addresses: tchen9@buffalo.edu (T. Chen),

5@buffalo.edu (A. Bansal), szhong@buffalo.ed

cse.buffalo.edu (S. Zhong).

a b s t r a c t

Using network coding, wireless mesh networks can significantly improve their performance. However,

since many wireless mesh networks have user contributed devices as their nodes, to guarantee the

cooperation of such selfish nodes is a highly challenging problem. In this paper, we study how to stimulate

selfish nodes to cooperate in wireless mesh networks using network coding. We propose a simple,

practical reputation system that rewards cooperative behavior in routing and packet forwarding and

penalizes non-cooperative behavior. Simulation results verify that our reputation system is very efficient

and that it effectively stimulates cooperation.

& 2010 Elsevier Ltd. All rights reserved.

1. Introduction

Internet is a huge source of information today. A solution toprovide universal access to the internet is to have many wirelessaccess points at different parts of the city. Installing these manyaccess points is expensive. Wireless mesh networks are multi-hopsystems in which wireless devices (mesh nodes) assist each other intransmitting packets through the network. Mesh node providesdata transport and routing functionalities and any mesh nodeconnected to wired internet function as mesh gateway. In awireless mesh network, only one node needs to be physicallywired to an access point, this gives an advantage over traditionalwireless networks where we need multiple wireless access points.However, as the number of nodes in the network increase, wirelessmesh networks suffer throughput limitation.

Network coding (Ahlswede et al., 2000; Jaggi et al., 2005; Li et al.,2003; Koetter and Medard, 2003; Katti et al., 2006) can significantlyimprove the performance of wireless mesh networks. With networkcoding intermediate nodes compute and send new encoded packetsfrom the packets that they have heard instead of forwarding the samepackets as received. The most popular encoding method is randomlinear combination (e.g. in Chachulski et al., 2007). Intelligent linearcombination of packets by nodes explores the broadcast nature ofwireless networks and thus can increase throughput when multiplenodes can hear same packets in the network. But since many wirelessmesh networks have user contributed devices as their nodes, thecooperation of such selfish nodes is a must.

ll rights reserved.

nd CCF-0915374.

; fax: +1 716 645 3464.

u,

Forwarding neighbor’s messages consumes resources like band-width, so selfish users in the wireless mesh networks have a strongmotive to deviate from the routing and packet forwarding proto-cols. In wireless networks with network coding, selfish nodes mayreport untruthful link rates so that by routing results they will beasked to transmit fewer packets than they should be. Selfish nodesmay also simply skip some packets not forwarding them, eventhough they are required by the routing protocol.

In this paper our goal is to stimulate cooperations in network codingsystems in both routing and packet forwarding procedures. Since thecredit-based systems (Anderegg and Eidenbenz, 2003; Zhong et al.,2003; Buttyan and Hubaux, 2000) that involve distributing the credits(tokens or money and thus introducing much overhead to the net-work), we take the approach of reputation systems. Reputation systems(Buchegger and Boudec, 2004, 2005; Mundinger and Boudec, 2006)assign ratings to the participating entities (nodes in our case) innetworks. Every forwarding node keeps a check on the behavior of theother forwarding nodes and assigns reputation values accordingly.Once the reputation value goes down to a certain degree, themisbehaving node is penalized based on its low reputation value.However, the existing reputation systems cannot be applied to wirelessnetworks with network coding, because nodes cannot easily decidewhether their neighbors forward packets as required since packets areall newly computed and different. In this paper, our contributions canbe summarized as follows (a) to the best of our knowledge we are thefirst ones to stimulate cooperation of the nodes in the network codingsystems by reputation systems and (b) our algorithm is very efficientand can effectively detect misbehaving nodes and prevent the systemthroughput from degradation.

The rest of the paper is organized as follows. The related work isdescribed in Section 2. Section 3 describes the network model andthe reputation system, we consider in the paper. The detaileddesign of our algorithm is described in Section 4. We verify the

T. Chen et al. / Journal of Network and Computer Applications 34 (2011) 535–541536

effectiveness and efficiency of our algorithm in Section 6. The lastSection, Section 7 concludes the paper.

2. Related work

A simulation study presented in Michiardi and Molva (2002)showed that the performance of multi-hop wireless networkseverely degrades in face of selfish node’s misbehavior. Theprevious work (Anderegg and Eidenbenz, 2003; Zhong et al.,2003; Buttyan and Hubaux, 2000; Buchegger and Boudec, 2002;Mahajan et al., 2005; Marti et al., 2000) on this problem has beenstudied in traditional wireless networks that do not use networkcoding. There are based on two main approaches, the reputationapproach and the credit approach.

Reputation based algorithms to avoid misbehavior in thewireless networks have been proposed (Buchegger and Boudec,2002; Mahajan et al., 2005; Marti et al., 2000). Marti et al. (2000)introduced two tools watchdog, which determines misbehavingnodes and pathrater, which is used to avoid the defective (selfish)nodes while forwarding messages. The simulation results show17–27% increase in the throughput. Buchegger and Boudec (2002)proposed CONFIDANT as a solution to mitigate the routing behaviorof the selfish nodes. Their solution detects and isolates misbehav-ing nodes. Mahajan et al. (2005) proposed anonymous neighborverification (ANV) to isolate the selfish nodes from the network.

There exist incentive-compatible solutions in wireless networks toforward messages (Anderegg and Eidenbenz, 2003; Zhong et al., 2003;Buttyan and Hubaux, 2000). Anderegg and Eidenbenz (2003) proposedAD hoc-VCG, where misbehaving will not do any good in fact reportingtrue costs (for forwarding packets) will benefit nodes. Zhong et al.(2003) proposed Sprite, A Simple, Cheat-Proof, Credit-Based System,where each selfish node loses credit if it cheats. The results show anincrease in throughput which overcomes the loss introduced due to theoverhead involved in distributing the credit. To prevent users tomisbehave in the network, Buttyan and Hubaux (2000) introduced atamper proof hardware at each node to deduct or give credit to nodes.

The misbehavior of the nodes in the wireless mesh network usingnetwork coding, has been studied in Wu et al. (2008) and Chen andZhong (2010). Wu et al. (2008) use a credit approach to provideincentives to honestly measure and report link loss probability andprove that their routing protocols guarantee that following theprotocol is to the best of the nodes’ interest. As far as we know,there is no reputation system proposed for wireless mesh networkusing network coding. In this paper, we propose a simple, practicalreputation system for wireless mesh networks that rewards coop-erative behavior and penalizes non-cooperative behavior. By simple

we mean that our reputation system does not have very complicatedoperations and thus is very efficient (with less overhead) comparedwith incentive schemes. Computing resources are precious for thenetwork users especially for mobile/wireless networks users. Conse-quently, it is important to remain the reputation system lightweightto make it practical in its application. Compared with the existingutility-based incentive schemes, our reputation system does notrequire extra cryptographic operations for each packet transmitted inthe network, and thus it saves computing resources for the participat-ing nodes. Compared with credit-based solutions such as Andereggand Eidenbenz (2003), Zhong et al. (2003), Buttyan and Hubaux(2000) which involve significant overheads, our work is much moreefficient, but still provides strong incentives for nodes to cooperate.

3. Network model and system architecture

In this section, we describe the network model that we use in thispaper and the basic concepts and architecture of our reputation system.

3.1. Network model

We consider a wireless mesh network with a set of nodes. Thewireless links between the nodes are lossy. For any two nodes vj

and vi, we denote the link from vj to vi as (vj, vi), and the lossprobability of (vj, vi) as eji. If packets sent by vj can be received by vi

with non-zero probability, i.e., ejio1, we say that vj and vi areneighbor nodes. We denote the set of neighboring nodes of vi as Nvi

.To be concrete, we assume that the wireless mesh network is

using network coding system MORE (Chachulski et al., 2007). Notethat our reputation system is not only restricted to MORE(Chachulski et al., 2007). Instead, it can be applied or easilyextended to a wide variety of systems using network coding, inwhich loss probability is used in the routing protocol, e.g., MIXIT(Katti et al., 2008) and ExOR (Biswas and Morris, 2005). We willfurther explain this at the end of Section 4.2 after introducing howto calculate the reputation values in our reputation system.

The MORE system works as follows. Each node i periodicallymeasures the eji for each of its neighbors via ping probes. Usingmethods similar to link state protocols (Bicket et al., 2005), the lossprobabilities are distributed to other nodes in the network. Usingthe loss probabilities, each node can compute a forwarder list basedon the ETX distance (De Couto et al., 2003), if it wants to send a fileto a destination node. The source node breaks up the files that itwants to send in batches where each batch has K native packets. Foreach batch the source node sends out K coded packets. Each codedpacket is a random linear combination of the K native packets. Eachpacket header stores the batch ID, the forwarder list and therandom coefficients used to generate the coded packet fromthe natural packets. Nodes listen to all transmissions. Whenhearing a message, a node vi checks whether it is in the forwarderlist and whether this packet is linearly independent from allpackets vi has received for the same batch. If so, it makes ti (whichis precomputed based on link loss probabilities) transmissions of arandom linear combination of all packets for the same batchincluding the one just received. When the destination node hasreceived K linearly independent packets for the same batch, itdecodes them and sends an acknowledgement to the source node.For more details of the MORE system, please refer to Chachulskiet al. (2007).

3.2. System architecture

In this paper, our goal is to guarantee that in wireless meshnetworks using MORE, by our reputation system, the nodes areencouraged to cooperatively follow both routing and packetforwarding protocols. The overall architecture of our reputationsystem consists of wireless nodes in the network among which datapackets are transmitted using network coding, and an offlinecentral authority. Our reputation system is in a distributed fashionin that the central authority does not maintain real-time reputationinformation of each node. Instead, by offline we mean that eachnode can only connect to the central authority periodically. Thecentral authority is mainly used for key setup and administratingthe misbehaving node (e.g., help removing nodes that are con-sistently misbehaving).

4. Design of reputation system for MORE

In this section, we present our distributed reputation system forMORE. Our reputation system not only gives nodes’ incentives tohonestly follow the routing protocol, but also monitors the packetforwarding of the nodes, enforcing them to behave cooperativelywhen forwarding packets for others.

T. Chen et al. / Journal of Network and Computer Applications 34 (2011) 535–541 537

4.1. Overview

Our reputation system for MORE consists of four components,namely, neighbor monitoring, reputation value computation, pun-ishment and security enhancement.

Basically, each node vi observes the packet forwarding beha-viors of its neighbor nodes and maintains a real-time reputationtable of its neighbor nodes. When the reputation value of anyneighbor node vj is below a certain threshold, vi punishes vj by notforwarding the future packets whose source is vj. Meanwhile, vi

submits a report of such event with evidences to the centralauthority when vi connects to it. The central authority can takefurther actions towards a misbehaving node such as removing itfrom the network, if consistent reports about it have been received.

The major difficulty of designing such a system is to define areputation value function for each node, so that both its routing andpacket forwarding behaviors are reflected. Moreover, since insystems using network coding, the cooperative forwarding beha-vior is no longer as simple as store-and-forward, we need tocarefully design a novel reputation value function so that onlyfaithfully following the routing and packet forwarding protocolscan maintain a good reputation in the system.

4.2. Reputation value

Recall that for each node vi, it needs to participate in bothrouting and packet forwarding in the system using network coding.In particular, vi periodically sends the link loss probability eji, foreach of its neighbor nodes vj, to other nodes; For each packet whoseforwarder list contains vi, vi should make ti transmissions. Thereputation value function should be designed to measure howfaithfully vi performs the fore-mentioned two types of behaviors.Therefore, our reputation value function of vi that vk maintains hastwo parts, as shown in Eq. (1):

Rki ¼

1PjANvi

euji�X

b

logjK � zið1�euikÞ�Nbikj ð1Þ

8jANvi, euji is the loss probability that vi reports and is known by

each node in the system, before data packets transmission starts.1

In Eq. (1), b is the batch ID. K is the number of linearly independentpackets in each batch. Nb

ik is the number of linearly independentpackets in batch b that vk actually receives from vi.

zi is the number of transmissions that vi should make, for eachpacket sent from source to destination. Thus K � zi is the number oflinearly independent packet transmissions that vi should make fora batch of packets sent from source to destination. Since ð1�euikÞ isthe success rate of the link from vi to vk, K � zið1�euikÞ is the numberof linearly independent packets in batch b that vk should receivefrom vi if vi faithfully follows the packet forwarding protocol. Wenote that zi is different from ti. In fact,

ti ¼ziP

j4 izjð1�eujiÞ,

whereP

j4 izjð1�eujiÞ is the number of linearly independent packetsthat vi receives for each packet sent from source to destination. Werefer readers to Chachulski et al. (2007) for further explanations onhow zi can be precomputed before the data packets are transmitted.Here we assume that zi is preknown to each node in the system.

The first half of Eq. (1), reflects how node vi behaves in therouting procedure. The idea is that we encourage each node toreport its link loss probabilities as low as possible, but not lowerthan the true loss probabilities measured (in Section 4.4, we will

1 The way how loss probabilities are disseminated in the network is beyond the

scope of this paper.

discuss how to prevent selfish nodes from reporting lower prob-abilities than truthful ones). With higher values of 1=

PjANvi

euji, theprobability of being mis-judged due to the measuring error of linkloss probabilities, will be smaller. We show our analysis result inTheorem 1.

The second half of Eq. (1),P

blogdjK � zið1�euikÞ�Nbikje is based on

the difference between the number of linearly independent packetsthat vi should have transmitted according to routing results and thenumber of the actually transmitted, in all batches. The bigger thedifference is, the lower reputation value vi can obtain.

Theorem 1. With alarm threshold t (i.e., if Rki ot, vk will consider vi as

misbehaving and send a report), for any link loss rate eji, we consider its

relative measuring error as dji, then after B batches, the measuring

error will have enough accumulative effect on Rki and thus cause a false

positive. The expected value of Bpð1=P

jANvieuji�tÞ.

Proof. We first calculate the error propagation of link loss rates onRk

i . Here we assume that vi only has source as its upstream node.The error propagation calculation for the nodes of other types issimilar, for ease of presentation, we omit the redundant descrip-tion. We also assume that node i faithfully follow the packetforwarding protocol. Due to measurement errors or change ofnetwork condition, the reported link loss probabilities may not bethe same when the data packet is actually transmitted. Therefore,K � zið1�euikÞ may not be equal to Nb

ik even if i is cooperative inforwarding packets. According to Chachulski et al. (2007),

zi ¼ð1�esiÞ

Qjo iesj

1�Q

jo ieij:

Assuming that any two link loss probabilities are linearly inde-pendent from each other, the relative error of K � zið1�euikÞ com-pared to Nb

ik is ð2P

jo id2ijþd

2siÞ

1=2. Hence the absolute error ofK � zið1�euikÞ�Nb

ik is Nbik � ð2

Pjo id

2ijþd

2siÞ

1=2. Let p denote the prob-ability that Nb

ik � ð2P

jo id2ijþd

2siÞ

1=2leq1. Then the expected error foreach batch on Rk

i is

Eb ¼ pþð1�pÞlog Nbik � 2

Xjo i

d2ijþd

2siÞ

1=2

0@

3777

2666

1A:

0@

Therefore, after a certain number (denoted by B) of batches, a

false positive may occur. The expected number of B is

B ¼

1PjANvi

euji�t

pþð1�pÞlogðdNbik � ð2

Pjo id

2ijþd

2siÞ

1=2eÞ: &

Clearly, Bpð1=P

jANvieuji�tÞ. Theorem 1 shows that with higher

values ofP

jANvieuji, node vi is less likely to be mis-judged (a false

positive) by its downstream node. Therefore, each node has theincentive to report its link loss probabilities as low as possible.

Combining the result of Theorem 1 and the technique we use toguarantee that each node has no means to report a link lossprobability lower than its true value, as described in Section 4.4, ourreputation system encourages that each node honestly reportstheir link loss probabilities in the routing procedure.

Now we discuss how our reputation system can be extended toother network coding systems. From Eq. (1), we can see that tocompute the reputation values in our reputation system, we needto know the number of transmissions that vi should make, and thelink loss probabilities. In other network coding systems, zi iscomputed using different methods. For example, in Katti et al.(2008) zi is computed dynamically at each hop based on theprobability for the downstream neighbor to receive the symbol.However, in most existing network coding systems, no matter whatformula is used, the number of transmissions that each node should

T. Chen et al. / Journal of Network and Computer Applications 34 (2011) 535–541538

make is specified by the system, in order to achieve high through-puts. Therefore, although in the implementation, we use theformula to calculate zi as described in MORE, our reputationsystems can be widely applied to many other network codingsystems like Katti et al. (2008) and Biswas and Morris (2005).

4.3. Monitoring and punishment

As we have mentioned, each node in the system maintains areputation value for each of its neighbors. For any batch, if node vk

detects that the number of linearly independent packets receivedfrom vi does not equal to the number required by MORE, it makes anevent record with the information of the misbehaving node,source-destination nodes, batch number and timestamp. Aftereach batch, it incrementally updates the reputation values of allits neighbors.

When the reputation value of vi maintained by vk is below a pre-set threshold t, vk punishes vi by not forwarding packets whosesource is vi. In addition to that, vk sends all event records of vi to vk’sneighbor nodes as evidences (we call them alarm messages), so thatvk’s neighbors will not record vk as misbehaving when vk ispunishing vi in the future. Whenever vk has the connectivity tothe central authority, it reports vi as misbehaving node and submitsall the event records about vi that it has collected. In order toprevent too many false positives caused by accumulative effects ofmeasuring errors (as discussed in Theorem 1.), we increase thereputation values of all nodes in the system by a constant amountDeach time when the reputation system has run for a period P.

We summarize the monitoring and punishment operations inthe reputation system in Fig. 1.

In the reputation system, it may happen that nodes makeuntruthful reports about their neighbors especially their upstreamnodes. To tackle this problem, we distinguish two cases of thischeating behavior: (1) When there are multiple neighbors for eachnode and there is no collusion among the cheating downstreamnodes. In this case, one single false alarm will be detected andfiltered, since all neighbors of each node can hear the packets sentfrom it and the honest neighbor nodes will not generate alarms;(2) When there is only one neighbor for some node or several nodescollude to generate false alarms. It is more challenging to deal withthis case. Basically, we have two approaches. One is proactive andthe other is relatively passive. (A). We agree with the author thatevery node has its incentive in how to behave in the reputation

Fig. 1. Reputation system operations on each node vk.

systems and we can model it using game theory. Several existingworks (e.g., Chen and Zhong, 2010) have proposed solutions, whichwe can adopt in our system. For example, to prevent nodes fromcheating that the upstream nodes have sent fewer packets thanthey actually did, we can introduce a mechanism which allowsupstream nodes to monitor and punish their downstream nodes.Because reputation systems aim to achieve desirable stable statusin a long term, nodes have enough time to learn from theirbehavior. In this way, a game between the two neighbor nodescan be established. By carefully designing the monitoring andpunishment scheme, we can find a Nash-equilibrium for the game,in which neither the upstream nor downstream nodes will cheat.(B) Since the false alarm problem is not only for network codingsystems, we can also adopt the existing relatively passive methodsused in previous work (e.g. Buchegger and Boudec, 2004) to lessenthe negative effect of false alarms, e.g., by timeout and subsequentrecovery or revocation lists of nodes that have behaved well for aspecified period of time.

4.4. Security enhancement

In this subsection, we enhance the security of the routingprocedure. In particular, we propose a cryptography based methodto guarantee that each node cannot cheat when measuring the linkloss probabilities. It is crucial to make sure that the link lossprobabilities reported by the nodes are correct, since the routingdecisions for the network coding systems are made based on theseprobabilities. If nodes can easily report false probabilities, they willbe asked by the system administrator to make less transmissionsthan they should do, and thus the system throughput will beharmed. Since we have motivated the nodes to report lower linkloss probabilities to obtain higher reputation values, as defined inEq. (1), in this subsection we focus on making sure that the nodes donot report the link loss probabilities lower than their truthfulvalues. In this way, we can guarantee that nodes always report thecorrect probabilities as they obtain.

In the network coding systems, link loss probabilities aremeasured using probing methods (i.e., nodes send a number oftesting packets to their neighbors and count how many packets canbe received by each of their neighbors.). To guarantee that eachnode cannot obtain a link loss probability lower than its truthfulvalue, we certificate each testing packet used in routing.

We assume that the central server has a private key ks, and eachnode in the network has the public key kp corresponding to ks.When a node vi is joining a network using network coding, thecentral authority lets the new node know kp and issues vi groups ofshort messages with the central authority’s signature, which areused in testing the link loss probabilities. In particular, each groupof short messages is for testing loss probabilities of one link. In eachgroup, the number of messages is a constant number T. Each shortmessage is of the format ðvi,GroupID,mID,Sigks

ðvi,GroupIDÞÞ, wheremID is a unique ID of this short message, and Sigks

ðvi,GroupID,mIDÞ

is the signature of the central authority.When testing the link loss probability between vi and vk, node vi

sends the short messages in the same group to vk, once for eachmessage. On receiving one test packet, vk verifies the signature ofthe central server using the public key kp, and further checkswhether the vi in the message matches the sender ID of the packets.In addition, vk checks whether it has received mID before. If so, thistest message will not be counted as valid message, and vk sendsreports of this cheating behavior to other nodes and centralauthority. Since vi does not know which packets will be deliveredto vk, it will not take the risk of sending the same packet more thanonce, in order to get a lower link loss probability.

Security Enhancement Scheme

When joining the network

Receive from the central server:

a) public key kp

b) T short messages for eachneighbor

When testing link loss probabilities

1. Node vi sends out T messages toneighbor vk.2. vk verifies the signatures in themessages using kp.3. vk calculates the loss probabilityof the link between vi and vk.

Fig. 2. Security enhancement scheme.

T. Chen et al. / Journal of Network and Computer Applications 34 (2011) 535–541 539

Finally vk counts the number of valid test packets of the samegroup sent from vi, and calculates the eik dividing the number by T.Then vk disseminate eik to other nodes in the network. Since foreach link, the number of test packets is fixed, and the receiving nodecannot forge the test packets which are signed by the central server,in this way, we guarantee that the link loss probabilities measuredin the system are no smaller than their truthful values.

We summarize the security enhancement scheme in Fig. 2.

5. Complexity analysis

In this section, we analyze the complexity of our reputationsystem, and discuss some important implementation issues.

As we have mentioned above, the reputation system consists offour components: neighbor monitoring, reputation value compu-tation, punishment and security enhancement.

In the neighbor monitoring component, when receiving onepacket, each node updates the number of packets received from theupstream node. Suppose a node has N upstream nodes. So duringthe transmissions of each batch, the time spent in the neighbormonitoring component is N � K � Tu, Tu is the time to update thepacket number and K is the number of packets in each batch.

In the reputation value computation, in worst cases the timeneeded is NðTcprþTrþTcÞ for each batch of packets, where Tcpr is thetime to compare the number of packets that an upstream nodeshould send in a batch and the number of packets actually received.Tr is the time to make an event record and Tc is the time to calculatethe new reputation value.

The major overhead in the punishment component goes togenerating, sending out and processing alarm messages. The nodewho is reporting the cheating behavior of one of its upstream nodesneeds to collect the event records and send out the alarm messagetogether with the event records. Note that the alarm messagesshould be authenticated by attaching the digital signature of thealarm sender to guarantee the integrity of the alarm messages.Correspondingly, when a neighbor of the reporting node receivesan alarm message, it verifies the signature first and then check outthe content of the alarm.

The security enhancement scheme requires more cryptographicoperations than the other three components. If a node has N

upstream neighbors, the time to calculate the link loss probabilitiesin the security enhancement scheme is NðT � TvþtcÞ, where Tv is thetime to verify one testing short message using the public key of thecentral server and tc is the time to calculate one link lossprobability. Note that although the security enhancement schemeis the most time-consuming part in our reputation system, it isfinished before the sessions start and thus it does not add anyoverhead to the data transmissions.

6. Evaluations

In this section we perform our experiments to show that ourreputation system can effectively detect misbehaving nodes andprevent system throughput from further degradation, and it is veryefficient as well.

6.1. Experiment setup

We implement our reputation system for MORE in SlimSim. Theexperiments are carried out on a Linux operating system (Ubuntu)with 1.9 GHz Intel processors and 2 GB of memory. We haveassumed 30 nodes in the wireless mesh network. All the nodesare assigned random positions at the starting of the experiment.The link loss probabilities between nodes are assumed to be afunction of distance between nodes. So the nodes with shorterdistance between them are given lower link loss value than the twonodes whose distance is more. We set transmission power levels at20 dBm.

The source and destination are assumed randomly at thestarting of the experiment. The shortest path between the sourceand the destination is calculated depending upon the link lossprobabilities between the nodes. The packets transmitted areassumed to be of 32 bytes. For every packet transmitted by thesource, the intermediate nodes in the forwarding list checkwhether the packet is innovative. On being innovative nodesencode this packet with the already received packets and forwardit. Every intermediate node makes zi transmissions to make surethat at least one node receives this new packet. Once the destina-tion receives all the necessary packets to decode the packets fromthe present batch, it sends an acknowledgement for the presentbatch. In our reputation system, we set the reputation valuethreshold tk

i ¼23 rk

i , where rki ¼ 1=

PjANvi

euji is the initial reputationvalue of i.

6.2. Results on effectiveness

We have performed two kinds of experiments in the subsection toshow the effectiveness of our system to prevent throughput degrada-tion in presence of misbehaving nodes. By misbehaving, we mean thatnodes intentionally drop packets not destined to them. With ourreputation system, after the misbehaving nodes are detected weassume that they become honest in the following transmissions.

The first experiment compares the system throughput of threecases: (1) when all nodes are honest, (2) with our reputation system inpresence of misbehaving nodes, (3) without our reputation system.Figure 3 shows the cumulative distribution function (CDF) of theachieved throughput taken over 100 flows between source anddestination. (Source and destination are randomly assumed at the

0 50 100 150 2000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Green−> Without Incentives

Blue −> Honest Nodes

Red −> Our Protocol

Throughput (pkts/sec)

Cum

ulat

ive

Frac

tion

Of F

low

s

0 50 100 150 2000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Blue −> Honest Nodes

Red −> Our Protocol

Green−> Without Incentives

Throughput (pkts/sec)

Cum

ulat

ive

Frac

tion

Of F

low

s

Fig. 3. CDF of the unicast throughput for 100 flows. (a) 20% misbehaving nodes.

(b) 40% misbehaving nodes.

4 5 60

10

20

30

40

50

60

70

80

90

100

Thro

ughp

ut (p

kts/

sec)

Number Of hops Between Source and Destination

Blue −> Honest Node

Green−> Our Protocol

Red −> Without Incentives

4 5 60

10

20

30

40

50

60

70

80

90

100

Red −> Without Incentives

Green−> Our Protocol

Blue −> Honest Node

Number Of hops Between Source and Destination

Thro

ughp

ut (p

kts/

sec)

Fig. 4. Average throughput with different numbers of hops between source and

destination. (a) 20% misbehaving nodes. (b) 40% misbehaving nodes.

2 Because so far there is no reputation systems proposed for network coding

systems as far as we know, we choose a well known reputation protocol CONFIDANT

to conduct comparison.

T. Chen et al. / Journal of Network and Computer Applications 34 (2011) 535–541540

starting of each experiment.) For misbehaving nodes we havecalculated throughput for two cases (a) 20% nodes are misbehaving(Fig. 3(a)) and (b) when 40% nodes are misbehaving (Fig. 3(b)). As wecan see, in both Fig. 3(a)) and (b), system throughput suffers from non-cooperation of nodes. With our reputation system, throughput isclearly improved in the presence of misbehaving nodes.

In the second set of experiments (Fig. 4(a) and (b)) we measure theaverage throughput by varying the number of hops between sourceand destination. Figure 4(a) describes the result obtained for bothhonest and malicious cases. As expected, as the number of hops goeslarge between source and destination, the average throughput goesdown. As shown, our results show an improvement of 10–28%throughput when compared with MORE (Chachulski et al., 2007)that does not provide incentives. Similar results can be seen inFig. 4(b) when there are 40% misbehaving nodes in the system. InFig. 4(a), we can also observe that the throughput gap between thispaper’s protocol and without incentives is larger in the 20% mis-behaving nodes case than in the 40% misbehaving nodes case. Onereason that can explain this result is that when there are moremisbehaving nodes in the network, there are more cheating eventsrecords made and submitted by fewer honest nodes. So it takes longertime to detect the cheating nodes. Therefore, the increase ofmisbehaving nodes can reduce the efficiency of our protocol.

We have also conducted comparison experiments with anotherreputation system CONFIDANT (Buchegger and Boudec, 2002)2 onthe average throughputs with different numbers of hops betweensource and destination. The results are shown in Fig. 5. As we cansee, when there are misbehaving nodes (either 20% or 40%) in thenetwork, the system has higher average throughputs with ourreputation system than using the CONFIDANT protocol. The reasonis that CONFIDANT protocol is designed for the networks withoutusing network coding. As a result, the cooperative and cheatingforwarding behaviors in the network coding systems can not beeffectively identified. Therefore CONFIDANT protocol can barelyincrease the system throughput when misbehaving nodes appear.

6.3. Results on efficiency

Last set of experiment is on the overhead of our reputationsystem. In particular, we compare the time taken to update the

4 5 60

10

20

30

40

50

60

70

80

90

100

Number of Hops between Source and Destination

Thro

ughp

ut (p

kts/

sec)

Our ProtocolCONFIDANT ProtocolNo Reputation System

4 5 60

10

20

30

40

50

60

70

80

Number of Hops between Source and Destination

Thro

ughp

ut (p

kts/

sec)

Our ProtocolCONFIDANT ProtocolNo Reputation System

Fig. 5. Comparison with CONFIDANT protocol on average throughput with different

number of hops between source and destination. (a) 20% misbehaving nodes.

(b) 40% misbehaving nodes.

Table 1Overheads of our system compared with the incentive scheme in Chen and Zhong

(2010).

Our system Incentive scheme in

Chen and Zhong (2010)

Average time for processing a packet 1.45 ms 0.03 ms

Average time for making a report 0.78 ms 0.32 ms

Total overheads in entire session 2.91 s 0.11 s

T. Chen et al. / Journal of Network and Computer Applications 34 (2011) 535–541 541

reputation values with the time taken for regular network codingoperations. For a packet of 32 bytes, the time taken to update onereputation value by any node varies between 5 and 9 ms after thetransmissions of one batch finish. This amount of time is trivialcompared to the time taken to process the packet (i.e., find whetherthe packet is innovative and then making a new packet out of it)which varies between 115 and 120 ms.

To further demonstrate the efficiency of our reputation system,we calculate total overhead in an entire session which consists of1000 packets, and compare the overhead of our reputation systemwith the overhead of an incentive scheme for network coding asdescribed in Chen and Zhong (2010). The results are presented inTable 1. The overhead is much lower than that of credit-basedincentive schemes, since credit-based incentive scheme need tocompute and attach a digital signature to each received indepen-dent packet for payment purposes while our reputation systemdoes not require cryptographic operations when receiving packets.Therefore, our reputation system is much more efficient thancredit-based incentive schemes.

7. Conclusion

In this paper we propose a simple reputation system for thewireless mesh networks in which neighboring nodes keep a checkon the behavior of the forwarding nodes and punish the misbehav-ing nodes if the reputation value is below a certain threshold. Theresults from the experiments show that our system can effectivelydetect misbehaving nodes in the system and saving the throughputfrom degradation. Moreover, it is very efficient.

References

Ahlswede R, Cai N, Li SR, Yeung RW. Network information flow. IEEE Transactions onInformation Theory 2000;46(4):1204–16.

Anderegg L, Eidenbenz S. Ad Hoc-VCG: a truthful and cost-efficient routing protocolfor mobile ad hoc networks with selfish agents. In: Proceedings of ACMMOBICOM; 2003.

Bicket J, Aguayo D, Biswas S, Morris R. Architecture and evaluation of an unplanned802.11b mesh network. In: Proceedings of ACM MOBICOM; 2005.

Biswas S, Morris R. Opportunistic multi-hop routing for wireless networks. In:Proceedings of ACM SIGCOMM ’05, Philadelphia, PA, August 2005.

Buchegger S, Boudec J-YL. Performance analysis of the CONFIDANT protocol:cooperation of nodes fairness in dynamic ad-hoc NeTworks. In: Proceedingsof ACM MobiHoc; 2002.

Buchegger S, Boudec J-YL. A robust reputation system for peer-to-peer and mobilead-hoc networks. P2PEcon, Cambridge, MA, USA: Harvard University; 2004.

Buchegger S, Boudec J-YL. Self-policing mobile ad-hoc networks by reputationsystems. IEEE Communications Magazine, 2005;July:101–7.

Buttyan L, Hubaux J-P. Enforcing service availability in mobile ad-hoc WANs. In:Proceedings of ACM MobiHoc. IEEE Press; 2000. p. 87–96.

Chachulski S, Jennings M, Katti S, Katabi D. Trading structure for randomness inwireless opportunistic routing. In: Proceedings of ACM SIGCOMM; 2007.

Chen T, Zhong S, INPAC: an enforceable incentive scheme for wireless networksusing network coding. In: INFOCOM 2010; 2010. p. 1828–1836.

De Couto DSJ, Aguayo D, Bicket J, Morris R. A high-throughput path metric for multi-hop wireless routing. In: Proceedings of ACM MOBICOM; 2003.

Jaggi S, Sanders P, Chou PA, Effros M, Egner S, Jain K, Tolhuizen L. Polynomial timealgorithms for multicast network code construction. IEEE Transactions onInformation Theory 2005;51(6):1973–82.

Katti S, Katabi D, Balakrishnan H, Medard M. Symbol-level network coding forwireless mesh networks. In: Proceedings of ACM SIGCOMM; 2008.

Katti S, Rahul H, Hu W, Katabi D, Medard M, Crowcroft J. XORs in the air: practicalwireless network coding. In: Proceedings of ACM SIGCOMM’ 06. Pisa, Italy;September 2006.

Koetter R, Medard M. An algebraic approach to network coding. IEEE/ACMTransactions on Networking 2003;11(5):782–95.

Li SR, Yeung RW, Cai N. Linear network coding. IEEE Transactions on InformationTheory February 2003;49(2).

Mahajan R, Rodrig M, Wetherall D, Zahorjan J. Sustaining cooperation in multi-hopwireless networks. In: NSDI, 2005.

Marti S, Giuli TJ, Lai K, Baker M. Mitigating routing misbehavior in mobile ad hocnetworks. In: Proceedings of ACM MobiCom; 2000.

Michiardi P, Molva R. Simulation-based analysis of security exposures in mobile adhoc networks. European Wireless Conference; 2002.

Mundinger J, Boudec J-YL. Reputation in self-organized communication systems andbeyond. In: Proceedings of the 2006 workshop on interdisciplinary systemsapproach in performance evaluation and design of computer and communica-tions systems. New York, NY, USA: ACM Press; 2006. p. 3.

SlimSim – The Wireless Network Coding Network Simulator,/http://cs.anu.edu.au/�aaron/sim.phpS.

Wu F, Chen T, Zhong S, Erran Li L, Richard Y. Incentive-compatible opportunisticrouting for wireless networks. In: Proceedings ACM MOBICOM. San Francisco,CA, USA; September 14–19, 2008.

Zhong S, Chen J, Yang YR. Sprite: a simple, cheat-proof, credit-based system formobile ad-hoc networks. In: Proceedings of IEEE INFOCOM; 2003.