Mitigating Control-Channel Jamming Attacks in                        Multi-channel Ad Hoc Networks                        ...
noit itrap                                         A                         B                              A             ...
eral slots. They also showed that the BBK assignment leadsto the identification of a threshold number of compromised       ...
any of them can be used for our purposes. We further as-                  Definition 3. Evasion Ratio ER–The evasion ratio...
lortnoc                  lortnoc                                                           lennahc                 lennahc...
Figure 4: Hopping sequence generation for L = 12 and K = 8. The control channel sequence c is interleavedwith the random s...
Algorithm 1 Single Compromised Node Identification                      6.2 Compromise of Multiple NodesScheme             ...
Algorithm 2 Multiple Compromised Nodes Identification                       to communicate with each node by also randomly ...
Expected Evasion Delay as a function of L, M                                                   Expected Evasion Ratio as a...
PDF of the Hamming distance for L=100, K=5                                             Expected Hamming distance as a func...
Compromised Nodes vs. Uncompromised nodes                                Compromised Nodes vs. Uncompromised nodes        ...
Mitigation of control channel jamming
Upcoming SlideShare
Loading in …5

Mitigation of control channel jamming


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mitigation of control channel jamming

  1. 1. Mitigating Control-Channel Jamming Attacks in Multi-channel Ad Hoc Networks Loukas Lazos, Sisi Liu, and Marwan Krunz Dept. of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USA {llazos, sisimm, krunz}@ece.arizona.eduABSTRACT [1]. Due to their increased performance compared to single-We address the problem of control-channel jamming attacks channel networks, they are being integrated into various net-in multi-channel ad hoc networks. Deviating from the tra- work architectures, such as mobile ad hoc, vehicular, sen-ditional view that sees jamming attacks as a physical-layer sor, wireless local area, mesh, and cognitive radio networks.vulnerability, we consider a sophisticated adversary who ex- However, the increased capacity of multi-channel networksploits knowledge of the protocol mechanics along with cryp- can be translated into actual throughput only if critical net-tographic quantities extracted from compromised nodes to work functions such as channel allocation and routing aremaximize the impact of his attack on higher-layer functions. efficiently coordinated. These functions are collaborativelyWe propose new security metrics that quantify the abil- coordinated by exchanging messages on a broadcast chan-ity of the adversary to deny access to the control channel, nel known as the control channel. In this work, we defineand the overall delay incurred in re-establishing the con- the control channel as a frequency band used to broadcasttrol channel. We also propose a randomized distributed messages for coordinating network functions.scheme that allows nodes to establish a new control channel From a security point of view, convergence on a preas-using frequency hopping. Our method differs from classic signed control channel constitutes a single point of failure.frequency hopping in that no two nodes share the same hop- An adversary can severely degrade the network performanceping sequence, thus mitigating the impact of node compro- by launching a Denial of Service (DoS) attack on the con-mise. Furthermore, a compromised node is uniquely identi- trol channel, thus negating any gain due to the availability offied through its hop sequence, leading to its isolation from multiple data channels. One of the simplest DoS attacks isany future information regarding the frequency location of the jamming of the communication medium. In this attack,the control channel. an adversary interferes with the set of frequency bands used for communication by transmitting a continuous jamming signal [2], or several short jamming pulses [3]. Tradition-Categories and Subject Descriptors ally, jamming attacks have been analyzed and addressed asC.2.0 [Computer - Communication Networks]: Gen- a degradation in performance at the physical layer. How-eral—Security and Protection ever, a sophisticated adversary can intelligently utilize jam- ming to attack higher-layer functionalities and deny network availability at a very small energy cost [3, 4].General Terms In fact, it was shown that jamming the control channel inSecurity GSM networks reduces the required power for performing a DoS attack by several orders of magnitude in [4,5]. Control-Keywords channel jamming is particularly devastating for wireless ad hoc networks due to their cooperative nature. In such net-Jamming, Denial of Service, Control channel, Ad hoc net- works, the majority of network functions, including neigh-works, Multi channel bor discovery and authentication, clustering, multiple access control, and routing, are actualized through the coopera-1. INTRODUCTION tion of all hosts in the network. Hence, control messages Multi-channel wireless networks utilize several orthogo- exchange among nodes within the same vicinity is frequent.nal frequency bands to eliminate interference between par- 1.1 Problem Motivationallel transmissions and hence, improve the network capacity The impact of control-channel jamming in ad hoc net- works can propagate way beyond the physical jamming range of an adversary, defined as the area within which packetsPermission to make digital or hard copies of all or part of this work for are corrupted due to jamming. A sophisticated adversarypersonal or classroom use is granted without fee provided that copies are can combine control-channel jamming with his knowledgenot made or distributed for profit or commercial advantage and that copies of protocol specifics to impact different network layers. Asbear this notice and the full citation on the first page. To copy otherwise, to an example, consider the implementation of a reactive rout-republish, to post on servers or to redistribute to lists, requires prior specific ing protocol [13,14] in multi-channel networks. Assume thatpermission and/or a fee.WiSec’09, March 16–18, 2009, Zurich, Switzerland. nodes use a predefined control channel to broadcast route re-Copyright 2009 ACM 978-1-60558-460-7/09/03 ...$5.00. quest (RREQ) messages for the purpose of route discovery. 169
  2. 2. noit itrap A B A B QERR R n j n ni i edon re m maj noitats esab edo n re m maj noitats esab edon re m maj (a) (b) (c)Figure 1: (a) The adversary jams route requests (RREQ) broadcasted by node ni on the control channel, (b)the adversary partitions the network into two components A and B, by deploying multiple jamming devices,so nodes in A cannot alert their base station regarding the jamming attack, (c) the adversary forces all trafficfrom A to B to pass through the link ni , nj .Consider a jammer that attacks only RREQ messages, in nearby nodes. Assuming perfect random sequence gener-order to partition the network or to route traffic through ators, we analytically evaluate the expected delay until aspecific paths. In Figure 1(a), we show how the adversary control channel is re-established and the expected fractioncan jam RREQ messages so that node ni is unable to dis- of time that the control channel is available. We verify ourcover routes to any destination. In Figure 1(b), the adver- analytic results via extensive simulations.sary deploys jamming devices along a cut in the network The remainder of this paper is organized as follows: Inwhich partition the network into two components A and B. Section 2 we present related work. In Section 3 we presentIn Figure 1(c), the jamming attack is intended to divert traf- network and adversarial models, state our problem, and de-fic to a particular link, thus forcing all traffic from A to B to fine new security metrics for the jamming attack. Sectionflow through that link. This attack is similar to the sinkhole 4, describes our proposed control channel architecture. Inattack [12], in which a node attracts surrounding traffic by Section 5, we present our randomized distributed scheme foradvertising the shortest route to a particular set of destina- re-establishing the control channel. The analytical evalua-tions. Once traffic is diverted, the adversary can control the tion of the performance of our scheme is presented in Sectionflow of traffic from A to B by compromising a single node 7. In Section 8, we summarize our contributions.(either ni or nj ). Note that a jamming attack that targets therouting function cannot be prevented by existing secure rout-ing protocols, as such protocols consider jamming outside thescope of their adversarial model [11]. Similar intelligent at- 2. RELATED WORKtacks against the control channel can be launched on critical When treated only as a physical-layer attack, jamming isnetwork functionalities in other protocol layers. For exam- often mitigated by employing spread spectrum techniquesple, the adversary may choose to jam the request-to-send [2, 15]. If the pseudo-random noise (PN) sequence used to(RTS) and clear-to-send (CTS) messages at the MAC layer spread the information is kept secret, the adversary has toso that the medium access delay is significantly increased. expend a disproportionate amount of energy compared toThe critical vulnerability in all described attacks is the fact the sender to successfully jam a signal. The typical process-that although the network is multi-channel, nodes use a pre- ing gain of anti-jamming techniques utilizing spread spec-assigned common channel to exchange control messages. trum communications is in the range of 20 to 30 dB [2, 15]. Unfortunately, spread spectrum communications can pro- vide anti-jamming protection only to the extent that the PN1.2 Our Contributions sequence remains secret. Once this sequence is revealed, a In this paper, we address the problem of control-channel jamming adversary can deny communications by using veryjamming in multi-channel wireless ad hoc networks. We con- little energy. This can be particularly devastating for thesider a sophisticated adversary who exploits knowledge of control channel, which is by design a broadcast channel.protocol mechanics along with cryptographic quantities ex- Hence, a large number of nodes are synchronized to thetracted from compromised nodes to maximize the impact of same sequence. The compromise of any node reveals thehis attack in higher layers. New security metrics are defined control-channel hopping sequence to the adversary.that quantify the adversary’s ability to localize and deny le- The problem of control channel jamming in the presencegitimate nodes access to the control channel. We develop a of node compromise was previously addressed in the con-randomized distributed channel establishment scheme that text of GSM networks [4, 5]. In such networks, multipleallows nodes to establish a new control channel using fre- control channels are implemented over specified frequencyquency hopping. Under our scheme, network nodes are able bands and time slots, so that any subscriber can listen toto temporarily construct a control channel until the jammer them. Chan et. al. proposed the replication of control infor-is removed from the network. Our scheme differs from clas- mation over multiple control channels according to a binarysical frequency hopping in that the communicating nodes encoding based key (BBK) assignment [4]. Assuming thatare not synchronized on the same hopping sequence, but the adversary can jam only one channel in a given time slot,each node follows a unique hopping sequence. This leads the authors derived the necessary conditions to guaranteeto unique identification of the set of compromised nodes by control channel access to all users within a period of sev- 170
  3. 3. eral slots. They also showed that the BBK assignment leadsto the identification of a threshold number of compromised K L K=nodes. Tague et. al. proposed the probabilistic assignment 2of cryptographic keys to network users so that nodes can ldiscover the location of the control channels with certain e n nprobability. Their method allows for graceful degradation a h cin the control channel secrecy as a function of the number 2 L 2=of compromised nodes, as opposed to the threshold approach 1in [4]. Both methods in [4, 5] consider a server-client model 1 1=L iwhere base stations are assumed to be secure. The use of jamming to impact higher-layer functionalities 1 tols 2 tols tols i e m itwas studied in [3, 16, 17, 19–23, 25]. Xu et. al. addressedthe problem of detecting physical-layer and MAC-layer DoS Figure 2: The location Li of the control channel onattacks [17]. They proposed frequency hopping to avoid jam- slot i is defined by the frequency fi . The controlming, but assumed that all cryptographic quantities are se- channel is dynamically allocated in orthogonal fre-cure (no node compromise) [17]. They also proposed the quencies over different time slots.use of spatial retreats to avoid communication within thejammed area. Formal measures for detecting jamming at-tacks in wireless networks were introduced in [18]. Xu et. assumed to be capable of slowly hopping between differental. also proposed a timing-based low bit rate covert chan- frequencies. For simplicity, we assume that one frequencynel in the presence of jamming [24]. This channel maps the hop can occur at every time slot. Moreover, several mes-inter-arrival times of corrupted packets into bits. sages may be exchanged during one slot, i.e., the time that Liu et. al. proposed an architecture called SPREAD to a host resides on one frequency can be larger than the du-mitigate the impact of smart jammers that target multiple ration of one message.layers [20]. SPREAD alternates between a multitude of pro- The network uses a broadcast control channel. A mes-tocols at each layer, thus increasing the uncertainty of the sage sent over this channel can be heard by any node withinadversary with respect to the protocol mechanics. Cagalj the communication range of the transmitting node. Theet. al. proposed wormhole-based anti-jamming techniques control channel “location” Li is defined as the frequencyfor sensor networks [21]. Using a wormhole link, sensors fi ∈ {1, ..., K} used for control-channel access at slot i. Inwithin a jammed region establish communications outside Figure 2, we show the dynamic location of the control chan-the jammed area to notify the network operator of the pres- nel over time and frequency.ence of a jammer. Wood et. al. studied proactive tech- To facilitate coordination, the network is assumed to beniques for detecting and mapping jammed areas in sensor clustered with each cluster having a clusterhead (CH). Sev-networks [25]. McCune et. al. proposed methods for de- eral methods are available for node clustering [9] and CHtecting DoS attacks against sensor network broadcasts [23]. selection [28] in wireless ad hoc networks. Clustering andFinally, Li. et. al. provided a game theoretic formulation for CH selection issues have also been considered in a hostileoptimal jamming and anti-jamming strategies at the MAC environment [29–31]. We assume that prior trust has beenlayer in wireless sensor networks [19]. established between the nodes of the network using one of Strasser et. al. proposed an uncoordinated frequency several available methods [8, 32, 33]. The integrity, confi-hopping (UFH) scheme for establishing shared secret keys dentiality, and freshness of communications within a clus-between devices that do not share any prior secrets in the ter is preserved using appropriate cryptographic methods.presence of a jammer [26]. The common principle between These methods either employ symmetric cryptography, orUFH and our scheme is that nodes do not hop using the use resource-efficient asymmetric cryptography. For exam-same hopping sequence. However, in our scheme, hopping ple, the CH can share a cluster key with all nodes in a clustersequences are designed to implement the control channel, and a pairwise key with each node individually [8]. Alter-while in UFH hopping sequence are purely random. Slater natively, elliptic curve cryptography-based encryption andet. al. improved the communication efficiency of the UFH digital signatures can be used to preserve the confidentialityscheme using Merkle trees, distillation codes, and erasure and integrity of the exchanged messages [34].coding [27]. 3.2 Adversarial Model3. MODEL ASSUMPTIONS AND The goal of the adversary is to deny the availability of the control channel for the maximum possible period of time. In PROBLEM STATEMENT order to do so, the adversary is capable of jamming a sin- gle frequency in any given slot over a communication range3.1 Network Model Rmax , with the ability of switching frequencies at every slot. We consider a multi-channel ad hoc network that oper- All messages received by any node within the range of theates over K orthogonal frequency channels. We will use jamming device at the jammed frequency are assumed to bethe terms frequency, frequency channel, or simply channel “irrecoverably” corrupted, i.e., corrupted messages cannotinterchangeably to denote a frequency band over which com- be recovered using error correction techniques [35]. Net-munication takes place. Each node is equipped with a single work nodes are assumed capable of detecting the jamminghalf-duplex transceiver. Hence, a node can only listen to or attack if they are within the range Rmax of the jammer andtransmit over one channel at a time. We further consider a are tuned to the frequency blocked by the jammer. Sev-time-slotted system for communication. Network nodes are eral methods are available for jamming detection [18], and 171
  4. 4. any of them can be used for our purposes. We further as- Definition 3. Evasion Ratio ER–The evasion ratio issume that the adversary can physically compromise network defined as the fraction of time that the control channel isdevices and recover all content of their memory, including available for communication, in the presence of the jammer.cryptographic quantities and channel hopping sequences. Let N be the number of nodes using frequency fi as the ER indicates the overall success of the adversary in block-control channel and that are located within the communica- ing the control channel over a period T of interest. Notetion range Rmax of a jammer. Suppose the jammer blocks that such blocking occurs not only due to jamming, but alsofrequency fi . We address the problems of: (a) re-establishing due to the delay in re-establishing the control channel.the control channel in the absence of any coordination chan-nel and in the presence of node compromise, and (b) identi- 4. CONTROL CHANNELfying the compromised node(s). The problems addressed are particularly challenging be- ARCHITECTUREcause the jamming attack is no longer treated as an outside Control messages in wireless ad hoc networks are eitherattack on the physical layer. Instead, the adversary is as- intended to the one hop neighborhood (e.g., RTS/CTS mes-sumed to be capable of obtaining necessary cryptographic sages), or are intended to several neighborhoods (e.g., RREQquantities via node compromise. Furthermore, the adver- messages), in which case they are relayed in a multi-hopsary can exploit any information recovered from compro- fashion. In both cases, there is no particular benefit to usemised nodes to predict the future locations of the control the same channel for control in all one-hop neighborhoodschannel, thus denying access to it. of the network. In fact, allocating different control chan- nel to adjacent neighborhoods increases the control chan-3.3 Anti-Jamming Metrics nel throughput due to the reduction in interference between Several metrics were previously proposed to evaluate the such neighborhoods. Moreover, allocating the control chan-effectiveness of a jammer in impacting the throughput of nel on a single frequency has the following significant disad-the network. Xu et. al. introduced the metrics of packet vantages in case of a jamming attack: (a) a single long-rangesend ratio (PSR) and packet delivery ratio (PDR). The PSR transmission can jam the control channel in multiple neigh-is defined as the ratio of successfully sent packets, over the borhoods, (b) the control channel re-establishment processnumber of packets intended to be sent at the MAC layer. has to be coordinated network wide, thus incurring signif-The PDR is defined as the ratio of successfully delivered icant resource overhead and delay, and (c) even if spreadpackets over the number of sent packets [18]. However, these spectrum communications are used, the compromise of ametrics are not representative of the effectiveness of a sophis- single node reveals the commonly used PN sequence.ticated jammer that only targets the control channel. For The impact of long-range jamming attacks can be sig-example, even if the PDR is low, the jammer may be suc- nificantly reduced by varying the spatial and temporal fre-cessful in redirecting traffic over a link of his own choosing, quency allocation of the control channel. Such a designas we showed in Figure 1(c). To capture the effectiveness of would also reduce the delay and communication overheadthe adversary in denying the control channel, we define the of the control channel re-establishment process, since it re-following security metrics. quires only local coordination. To mitigate the impact of jamming, we adopt a dynamic control channel allocation Definition 1. Evasion Entropy Ei –Let Xi be a ran- strategy, whereby each cluster establishes and maintains itsdom variable that denotes the location of the control channel own control channel. In this design, it is sufficient to ensureat slot i. We define the evasion entropy as: that different clusters in the network can receive broadcast control messages from members of their own cluster, and Ei = H(Xi |Xi−1 , Xi−2 , . . . X0 ) that nodes at the border of multiple clusters are aware ofwhere H(X|Y ) is the conditional entropy of random variable the multiple control channels used.X given random variable Y : In Figure 3(a), we show the implementation of the control channel using a single frequency. All nodes within the range def H(X|Y ) = Pr[x] Pr[x|y] log2 Pr[x|y] of the jammer are denied access to the control channel. In x y Figure 3(b), we show the use of multiple frequencies to im- plement the control channel. CHs are responsible for the es-where by Pr[x] we abbreviate the probability Pr[X = x] and tablishment and maintenance of the control channel withinby Pr[x|y] we abbreviate the conditional probability Pr[X = their clusters. The impact of the jammer is now confined tox|Y = y]. clusters within Rmax that use the jammed frequency. We now describe the process of maintaining the control channel The evasion entropy characterizes the capability of the within a cluster, in the presence of a jammer.adversary to successfully determine the future location ofthe control channel given all previously observed locationsand any knowledge that it may have acquired due to node 5. CONTROL CHANNEL MAINTENANCEcompromise. In the worst case, the adversary can determin- Consider a single cluster with each node being within oneistically predict the location of the control channel (Ei = 0), hop from the CH. Suppose the current control channel iswhile in the best case, all previous information is indepen- jammed by an adversary. The main idea behind our schemedent of the future control channel location (Ei = H(Xi )). is to have each node of the cluster hop between channels in a pseudo-random fashion, following a unique hopping se- Definition 2. Evasion Delay D–The evasion delay is quence not known to other nodes. This way if the jam-defined as the time between the successful jamming of the mer captures the hopping sequence of a compromised node,control channel and the re-establishment of a new one. this node can be uniquely identified. Once the compromised 172
  5. 5. lortnoc lortnoc lennahc lennahc R R m m xa xa edon krowten re m maj edon krowte n re m maj rotanidrooc (a) (b)Figure 3: (a) The adversary blocks all control messages within Rmax by jamming the control channel locatedon a single frequency band, (b) The control channel is allocated in different frequencies within each cluster.The impact of the jammer is now confined to those clusters within Rmax that use the jammed frequency. 1node has been identified, the CH updates the hopping se- = k] = K . Sequence c represents the control channel.quences of all nodes in the cluster except the compromisedone. Hence, the effectiveness of a jammer that exploits 3. Generate a random position vector v = {v(1), . . . ,knowledge from compromised nodes becomes equivalent to v(M )}, of length M , where v ∈ {1, . . . , L + M }, and 1the effectiveness of a jammer that randomly hops between Pr[v(i) = k] = L+M , with v(i) = v(j) ∀i = j.channels. Note that our method is not a permanent solutionfor the control channel allocation, nor can it permanently be 4. Insert element c(i) after element sj (v(i)) on all se-used for data communications due to its high communica- quences sj , 1 ≤ j ≤ n to generate new sequencestion overhead and delay. Rather, our scheme temporarily mj , 1 ≤ j ≤ n.restores a control channel until the jammer and any com-promised nodes are removed from the network. In Figure 4, we show an example of the generation of The hopping sequences assigned to various cluster nodes the hopping sequences for three nodes. In step 1, three se-are specially designed so these nodes overlap in frequency quences s1 , s2 , and s3 of length L = 12 are generated, withonly a fraction of time, thus implementing the broadcast sj (i) ∈ f1 , . . . , f8 . In step 2, a control-channel hopping se-control channel. However, the slots where the control chan- quence c of length M = 5 is generated with c(i) ∈ f1 , . . . .f8 .nel is located are not revealed to the cluster nodes. Given In step 3, vector v indicates the five slots where the con-the uncertainty in the control channel location, control in- trol channel is interleaved. In step 4, the sequences m1 , m2 ,formation is replicated in multiple slots until the control and m3 are generated. They overlap in five slots which im-channel is accessed. Our scheme consists of three phases: plement the control channel. Note that since the mj ’s are(a) generation of hopping sequences, (b) assignment of hop- generated by the random interleaving of the sequence c withping sequences, and (c) update of hopping sequences. the sequences sj , 1 ≤ j ≤ n, they are also random and in- dependent of any other randomly generated sequence. Note5.1 Generation of Hopping Sequences that the sequences mj , 1 ≤ j ≤ n are not independent of By design, the hopping sequences assigned to nodes over- each other, since c is interleaved in specific slots on all se-lap only in a pre-defined number of slots, thus implement- quences. In the following section, we describe the method ofing the broadcast control channel in the cluster. In order assigning the hopping sequence to each node in the protect the secrecy of the control channel, the hoppingsequences must satisfy the following properties: (a) high in- 5.2 Hopping Sequence Assignmentvasion entropy Ei ; knowledge of previous hops does not re- The hopping sequences are generated by the CH and as-veal any information about future ones, (b) independence; signed to each node via secure pairwise communication, ac-knowledge of one sequence does not reveal any information cording to the cryptographic methods employed in the net-regarding another, (c) high minimum Hamming distance; work. For example, if each node nj shares a pairwise sym-when interpreted as codewords, the sequences should have metric key KCH,nj with CH [8], the CH can protect thea high Hamming distance so that a compromised node can confidentiality of mj by encrypting it with KCH,nj . Alter-be uniquely identified. To construct a hopping sequence of natively, if public key cryptography is employed, the CH canlength L + M, where M is the number of slots implementing encrypt the sequence mj with the public key of node nj , al-the control channel, the following steps are executed: lowing only node nj that holds the corresponding private key to perform decryption. 1. Generate n random hopping sequences sj , 1 ≤ j ≤ n, Furthermore, the authenticity of the source must be en- of length L, where n denotes the number of nodes in sured to prevent an adversary from assigning arbitrary se- the cluster other than the CH. For each sequence sj = quences to the cluster nodes. In the case of symmetric key {sj (1), . . . , sj (L)} where sj (i) ∈ {1, . . . , K}, we have cryptography, knowledge of the symmetric key verifies the Pr[sj (i) = k] = K . 1 identity of the CH, assuming that the CH itself is not com- promised. In the case of asymmetric cryptography, the CH 2. Generate a random hopping sequence c = {c(1), . . . , must digitally sign each message containing a sequence mi . c(M )}, of length M , where c ∈ {1, . . . , K}, and Pr[c(i) The digital signature also verifies that the message has not 173
  6. 6. Figure 4: Hopping sequence generation for L = 12 and K = 8. The control channel sequence c is interleavedwith the random sequences s1 , s2 , and s3 , at the locations indicated by the M -long vector v, leading to sequencesof length L + M = 17. The control channel is implemented in a total of five slots.been tampered with while in transit, thus guaranteeing mes- 6.1 Compromise of a Single Nodesage integrity. In the symmetric key case, message integrity Once the control channel is denied, nodes start hoppingcan be ensured with the use of a Message Authentication according to their pre-assigned hopping sequences. How-Code [37]. Finally, the freshness of each message can be ever, if the jammer compromises one of the nodes nj , it canensured with the use of a time stamp to avoid replays of obtain the corresponding hopping sequence mj . By jammingold messages that can lead to de-synchronization of cluster frequencies according to mj , the adversary can deny the con-nodes from the common control channel. trol channel within the cluster, even if it does not know the slot locations of the control channel. However, following the5.3 Hopping Sequence Update unique sequence mj reveals the identity of the compromised The hopping sequences assigned to various nodes need to node nj . The identification is based on the following propo-be updated either periodically or on demand. Such an up- sition:date is needed because: (a) the hopping sequences have afinite period, (b) a node compromise may have taken place, Proposition 1. The expected Hamming distance E[d(mjand (c) the CH is rotated. Although in Section 5.1 we have , m )] between two random sequences mj and m , as a func-assumed that the generated sequences are perfectly random, tion of their length X isin practice PN sequences are used. It is well known that a K −1PN sequence of length L and linear span S can be recon- E[d(mj , m )] = X. (1) Kstructed using 2S consecutive known samples [38]. Hence,the hopping sequences need to be updated before the jam- Proof. The proof is a direct consequence of the random-ming adversary is able to reconstruct them. Note that the ness and independence of the sequences mj and m . Basedadversary can only monitor one channel at any one slot and on the sequence generation process outlined in Section 5.1, 1cannot predict the channel location in the next hop. Hence, Pr[mj (i) = k] = K , ∀i. Since the two sequences mj , m areit is very hard to collect consecutive samples of a PN hop- assumed to be independent and random, they differ at slotping sequence, unless a node is compromised. i with probability, Besides the need to periodically update the hopping se- K −1quences due to the finite linear span, the CH updates these Pr[mj (i) = m (i)] = . (2) Ksequences in case a node compromise has been detected. The Equation (2) denotes the probability of success in a BernoulliCH engages in secure pairwise communication with each of trial, where the success is defined as the event of rollingthe uncompromised nodes and assigns a new hopping se- two K-faceted dice and obtaining a non-matching dice out-quence to each one. To update an uncompromised node nj , come. Let the Hamming distance between the two sequencesthe CH executes the following steps: be denoted by the random variable S. The event of hav- 1. Synchronize with the hopping sequence of the uncom- ing a Hamming distance equal to d is equivalent to hav- promised node nj . ing d successes in X trials, i.e., the Hamming distance is binomially distributed. Hence, the expected value of S is 2. Assign a new sequence mj to node nj , using frequency E[S] = E[d(mj , m )] = K−1 X. K mj (i), where i is the current slot. If channel mj (i) is jammed, repeat until the assignment is confirmed. Proposition 1 states that the expected rate of increase Note that the adversary does not know the hopping se- of the Hamming distance between two random sequences is K−1quences of uncompromised nodes and hence, it cannot pre- K . If the adversary has not compromised any node and isvent the assignment of new sequences. The case of CH com- hopping according to a random sequence mjam , the Ham-promise which reveals all hopping sequences to the adversary ming distance between mjam and any of the assigned se-(and puts the CH under its control), is addressed through quences mj , 1 ≤ j ≤ n increases at the rate of K−1 . On KCH rotation, as detailed in Section 6.3. Once a CH rotation the other hand, if mjam is a subset of the sequence mj of ahas occurred, the new CH updates the hopping sequences of compromised node nj , the Hamming distance between mjamall cluster nodes. and mj is expected to be significantly lower (although the adversary may be aware of mj , he may choose to follow only6. IDENTIFICATION OF COMPROMISED a subset of it to avoid being identified). The CH can exploit this observation to identify the compromised node. NODES One of the challenges in identifying the compromised node, In this section, we describe how we can identify compro- is the half-duplex limitation of the receiver. The CH canmised nodes, based on their assigned hopping sequences. only listen to one channel at any slot. Since the CH is 174
  7. 7. Algorithm 1 Single Compromised Node Identification 6.2 Compromise of Multiple NodesScheme When multiple nodes are compromised, the jammer can 1: Initialize : significantly reduce the number of slots jammed for denying 2: d(mj , mjam ) = 0, ∀j; the control channel, by jamming only the channel locations 3: j = 1; i = 0; CN ← ∅ common to all compromised hopping sequences. Without 4: while J ==FALSE do loss of generality, assume that nodes {n1 , . . . , nq } q < n are 5: for x = 1, x ≤ X, x + + do compromised. The adversary can compute a new hopping 6: if mj (i) NOT JAMMED then sequence mjam consisting of all the channel locations com- 7: d(mj , mjam ) = d(mj , mjam ) + 1 mon to hopping sequences m1 , . . . , mq . The expected length 8: end if of mjam is given by Proposition 2. 9: if d(mj , mjam ) < K−1 x − δx && x > th then K10: J =TRUE Proposition 2. The expected length E[X] of a sequence11: CN → n mjam , consisting of the channel locations common to the12: break compromised hopping sequences m1 , . . . , mq is13: else q14: i++ 1 E[X] = M + L. (3)15: end if K16: end for17: if J ==TRUE then Proof. The q compromised sequences have at least M18: break locations in common, corresponding to the M locations of19: else the control channel sequence c, interleaved with each se-20: j++ quence s1 , . . . , sq . Furthermore, for the random sequences21: end if s1 , . . . , sq , the expected number of matching channel loca-22: end while tions can be computed as follows. For a slot i, we can define23: return CN the event that all q hopping sequences match as the outcome of a Bernoulli trial with probability of success equal to q 1 Pr[s1 (i) = s2 (i) = . . . = sq (i)] = . (4)not aware of the hopping sequence mjam , it cannot know Kin advance which frequencies to monitor. However, the CHis aware of all hopping sequences mj of the nodes within The number of successes in multiple independent slots isits cluster. Hence, it can periodically listen to any one a repetition of independent Bernoulli trials which yields aof them and compute their Hamming distance relative to random variable S that is binomially distributed. Hence,the jammer’s sequence. To do so, the CH need only know the expected number of successes, i.e., the expected number 1 qif channel mj (i) was jammed at each monitored slot i. If of matches in q randomly generated sequences is K Lmjam (i) = mj (i) the Hamming distance d(mj , mjam ) re- yielding an overall expected length for mjam as in (3).mains the same. Otherwise, the Hamming distance increasesby one. We now describe the steps for the identification of Proposition 2, shows that when q nodes are compromised,the compromised node. The pseudo-code of the identifica- the adversary can reduce its overhead for denying the control 1 qtion scheme is shown in Algorithm 1. channel by 1 − K L slots, on average. Note that the adversary cannot differentiate between the M locations that 1 q realize the control channel and the K L locations that 1. Synchronize to the hopping sequence mj of a randomly match due to the sj ’s. Hence, the adversary must jam all selected node nj and initialize d(mj , mjam ) = 0. channel locations common to the compromised sequences to deny access to the control channel. 2. For each slot i, if mj (i) is not jammed, d(mj , mjam ) = To identify the compromised nodes, the CH correlates the d(mj , mjam ) + 1. known sequences mj 1 ≤ j ≤ n, to the control channel lo- cations that are jammed. Let the CH follow a monitoring 3. If d(mj , mjam ) < E[d(mj , mjam )] − δX , after some hopping sequence mCH which is a concatenation of subse- sufficient number of slots X > th, node nj is compro- quences from the mj ’s: mised. mCH = m1 (1 : t)||m2 (t + 1 : 2t)|| . . . ||mn ((n − 1)t + 1 : nt), 4. Randomly pick another node n and repeat steps 1-3 for a duration of X slots. where t is the time period that each node nj is monitored. The CH keeps a matrix In Algorithm 1, if the computed Hamming distance falls A = {ajk |ajk ∈ {0, 1}}J×K , (5)below the expected Hamming distance, by a margin of δxthen the compromised node has been successfully identified. where each row j corresponds to node nj and each columnThe parameter δx is computed based on the variance of the k corresponds to the kth slot detected as jammed. NoteHamming distance given by K−1 X, where X is the number K2 that only slots of the sj ’s are taken into account in the con-of slots monitored. Note that this process is repeated for struction of matrix A. All locations of the control channelall nodes in a random round robin manner. When a node is are ignored since, if jammed, they do not contribute to themonitored for a second time, the CH combines the results identification of the compromised nodes. For the matrix A,from the first monitoring round, to evaluate the status of ajk = 1 if the kth jammed slot is in mj , and ajk = 0 other-the node. wise. 175
  8. 8. Algorithm 2 Multiple Compromised Nodes Identification to communicate with each node by also randomly hoppingScheme among the available channels. The steps of the hopping se- 1: Initialize : quence assignment are as follows: 2: A = 0, W = 0, j = 1, j =FALSE, CN ← ∅ 3: v, n; //v vector of control channel slot positions 1. CH randomly hops between frequencies. 4: mCH = m1 (1 : t)||m2 (t + 1 : 2t)|| . . . ||mn ((n − 1)t + 1 : nt) 2. At each slot, the CH attempts to assign a new hopping 5: while J ==FALSE do sequence mj to a randomly selected node nj , until nj 6: if mCH (i) JAMMED && i ∈ v then / verifies reception of mj . 7: ajk = 1, W (j) = W (j) + 1 ∀i, ∃ mCH (i) = mj (i), i + + 3. Step 2 is repeated until all cluster nodes are assigned 8: end if new hopping sequences, except the previous CH. 9: if i > th1 // sufficient sampling then10: sort(W) // sort weights in descending order In the performance analysis section, we analytically char-11: find j, ∃ W (A(j)) − E[W (A(j)) > δq acterize the overall delay in case of a CH compromise, and12: end if also quantify criteria for identifying the compromise of the 1q13: if W (1) AND W (2) AND...AND W (q) > k qt − δq CH. then14: J = T RU E, CN = [n1 . . . nq ]15: end if 7. PERFORMANCE ANALYSIS16: end while In this section, we analyze the performance of our pro-17: return CN posed scheme with respect to the anti-jamming metrics in- troduced in Section 3.3. Considering each row A(j) as a codeword, the CH com- 7.1 Resistance Under No Node Compromiseputes the weight W (A(j)) of each codeword and ranks the Let us first examine the case where the jammer has notweights in descending order. The weight W (C) of a binary yet compromised any node, but tries to guess the location ofcodeword C is defined as the number of ones in the code- the control channel. When no node has been compromised,word. The compromised nodes are expected to have a signif- knowledge of previous control channel locations does not re-icantly larger weight than all other nodes and their weight veal any information about future ones, due to the randomwill be of the same order. In fact, if q nodes are compro- hopping sequence generation. In this case, the evasion en-mised, the expected weight for each codeword A(j) is tropy for any slot i is equal to q 1 Ei = H(Xi |Xi−1 , Xi−2 , . . . X0 ) = H(Xi ) = log2 K bits. E[W (A(j))] = qt, (6) K Note that so far we have not made any assumption aboutwhere we have computed E[W (A(j))] over the qt slots that the jamming strategy of the adversary when no node hascompromised nodes were monitored. The CH identifies the been compromised. Because Ei = H(Xi ), the adversary hasset of nodes with high weights and compares those weights no gain in favoring one channel over another. The jammingwith the expected weight as expressed in (6). If the weight strategy that maximizes the probability of denying access toof a codeword is larger than the expected weight by some the control channel is expressed by the following proposition. 1 qmargin δq , i.e., W (A(j)) ≥ K qt − δq , the correspondingnode nj is identified as compromised. The parameter δq is Proposition 3. When no node is compromised, the ad-a tolerance margin related to the variance of W (A(j)). The versary maximizes the probability of denying access to thepseudo-code for the identification of multiple compromised control channel by randomly hopping between channels, onnodes is shown in Algorithm 2. every slot.6.3 Compromise of the Clusterhead Proof. Since the hopping sequences are random, they If the adversary compromises CH, it obtains all sequences form an i.i.d. process that follows the uniform , 1 ≤ j ≤ n, the corresponding sequences mj as well as c Due to the independence of the channel location betweenand v. Hence, the adversary is aware of the hopping sched- slots, at any slot i there is an equal probability that a chan-ules of all nodes within the cluster. Using the knowledge nel k ∈ {1, . . . , K} is selected. Hence, the adversary cannotof c and v, the adversary can deny control-channel access increase its success in guessing the channel location moreto all legitimate nodes by jamming only the control channel than the success of a random guess. In fact, based on thelocations. To escape from this deadlock, the role of the CH asymptotic equipartition property, the only sequences thatis periodically rotated among the nodes within the cluster. are probable for a sequence length sufficiently large, are Alternatively, a CH rotation can be triggered if the con- those sequences that belong to the typical set, i.e., thosetrol channel is denied for a prolonged period of time, in- sequences that approach the uniform distribution in prob-dicating the compromise of the CH. In this case, cluster ability [39]. Hence, the adversary has the best chance innodes start to randomly hop between channels, using self- matching a random hopping sequence, by picking a sequencegenerated random sequences. The new CH assigns a new from the typical set, i.e., another random sequence.hopping sequence to each node via secure pairwise commu-nication. However, the CH is not aware of the random hop- We now characterize the expected evasion delay E[D],ping sequences of the cluster nodes. Hence, the CH attempts when the jammer follows a random hopping sequence. 176
  9. 9. Expected Evasion Delay as a function of L, M Expected Evasion Ratio as a function of L, M, K 14 Delay (slots) 0.7 K=3 K=4 12 K=5 K=10 0.6 10 Evasion Ratio E[D] in slots 0.5 8 6 0.4 4 0.3 2 0 0.2 0 0.2 0.4 0.6 0.8 0.3 0.4 0.5 0.6 0.7 0.8 M/(L+M) ratio M/(L+M) ratio (a) (b) MFigure 5: (a) The expected evasion delay as a function of the ratio L+M . As M increases, control channel slots Moccur more frequently, thus reducing the evasion delay, (b) ER as a function of L+M for different values of K.The availability of a larger number of channels K decreases the ability of the jammer to guess the locationof the control channel. Proposition 4. The expected evasion delay E[D] in re- p increases, the control channel occurs more frequently andestablishing the control channel when no node has been com- hence E[D] decreases. We now compute the evasion ratiopromised is: ER, for the case of a random jammer. 1 − p − (L + 1)(1 − p)L+1 + L(1 − p)L+2 E[D] = , (7) Proposition 5. The expected evasion ratio E[ER] in the p presence of a random jammer, when no node has been com-where p = M . promised is: L+M M (K − 1) Proof. Consider position vector v = (v(1), . . . , v(M )) E[ER] = . (10)indicating the slot positions of the control channel. The K(L + M )delay until the control channel is re-established is equal to Proof. Out of the L + M frequency hops, only M ofthe lowest slot position in v. For each position v(i), Pr[v(i) = them implement the control channel. To evaluate ER, we Mk] = L+M . The evasion delay is equal to one, if position one are interested in determining the fraction of these M con-is not selected while position two is selected. Similarly, D trol channel locations that are not successfully jammed byis equal to two if positions one, and two are not selected a random jammer. Consider the random sequence c =but position three is selected. In the general case, the event (c(1), . . . , c(M )) implementing the control channel, and letD = q occurs when the first q slots are not selected while cjam = (mjam (v(1)), . . . , mjam (v(M ))) denote the hoppingslot q + 1 is selected. This event occurs with probability: sub-sequence of the adversary for only the positions indi- L q M cated by position vector v. Since cjam is a sub-sequence of Pr[D = q] = = (1 − p)q p. (8) a random sequence, it is also random. The number of slots L+M L+M where the sequences c and cjam do not match is equal toThe evasion delay resembles the geometric probability with their Hamming distance d(c, cjam ). According to Propo-the distinct difference that it takes values only up to D = L, sition 1, the expected Hamming distance for two randomsince in a sequence of finite length (L + M ) we are bound sequences of length M is K−1 M. Dividing this number by Kto have M slots assigned to the control channel. Computing the total number of slots in each hopping sequence yieldsthe expectation of D yields: the expected value of the evasion ratio. L i L M Note that in the calculation of the evasion ratio, we have E[D] = i (9) i=1 L+M L+M neglected the event of a common channel location to all se- L i quences sj , 1 ≤ j ≤ n. This event occurs with probability M L 1 n 1 n = i K , leading to a total of K L occurrences, which is L+M i=0 L+M negligible when K and n are sufficiently large. In Figure 5(b), we show the average value of the evasion ration E[ER] 1 − p − (L + 1)(1 − p)L+1 + L(1 − pL+2 M as a function of the ratio L+M and for varying values of = . p M the number of channels K. As the ratio L+M increases, more control channel slots are available for the same value of L and hence, the adversary has a smaller probability of In a similar manner, we can calculate the expected de- successfully jamming a particular slot. Furthermore, as Klay for the re-occurrence of the control channel. In Figure increases the probability of the adversary guessing the con-5(a), we show E[D] as a function of p. We observe that as trol channel decreases, leading to higher values of E[ER]. 177
  10. 10. PDF of the Hamming distance for L=100, K=5 Expected Hamming distance as a function of L,K E[D] as a function of compromised nodes 6 10 K=5 900 K=2 K=2 K=5 K=5 0.09 3×std = 12 K=10 800 K=10 5 0.08 10 Expected Hamming distance 700 0.07 600 E[D] (in slots) 0.06 Probability p 4 500 10 0.05 400 0.04 3 300 10 0.03 0.02 200 2 0.01 100 10 0 0 20 40 60 80 100 0 200 400 600 800 1000 1 1.5 2 2.5 3 3.5 4 4.5 5 Hamming distance Length of Sequence L # of compromised nodes (a) (b) (c)Figure 6: (a) The pmf of the Hamming distance between two random sequences of length 100, (b) theexpected Hamming distance as a function of the sequence length for different K. Error margins denote 99%confidence intervals. The evasion delay as a function of the number of compromised nodes for varying K.7.2 Resistance Under Node Compromise In Figure 6(c), we show the expected evasion delay as a All hopping sequences of the compromised nodes are re- function of the number of compromised nodes q for differentvealed to the adversary. By following any of the compro- values of K. As K and q increase K q th grows exponentiallymised hopping sequences or the intersection of them, the large, thus becoming the dominant factor in the evasion de-adversary can deny access to the control channel to any le- lay.To avoid such large values of delay, the CH can con-gitimate node. Hence, under node compromise, the evasion struct the hopping sequences using only a smaller subset ofentropy and the evasion ratio are equal to zero. The quantity the available channels.of interest in this case is the expected evasion delay which For evaluating the ability of the CH to identify the setis related to the delay until the set of compromised nodes is of compromised nodes, we have simulated Algorithm 2, andidentified, and new sequences sequences are assigned to the compared the weights of the compromised nodes with thoseset of uncompromised nodes in the cluster. of the uncompromised ones. In Figure 7(a), we show the The CH identifies compromised nodes by matching the weight W (A(j)) of a single compromised node compared toadversary’s hopping sequence mjam with the sequences of the maximum weight of all uncompromised nodes, as a func-the compromised nodes. According to Algorithm 1, when tion of K, for a sequence length of L = 5, 000. We observea single node is compromised, the Hamming distance d(mj , that the compromised node has a consistently higher weight,mjam ) from a compromised hopping sequence mj is signifi- compared to all uncompromised nodes.cantly smaller than E(d(mk , mjam ), where nk is an uncom- In Figure 7(b), we show the percentage difference in wei-promised node. In Figure 6(a), we show the pmf of the Ham- ght between the compromised sequences and the maximumming distance of a random sequence from any other random weight of all uncompromised ones, for different number ofsequence. In Figure 6(b), we show the expected Hamming compromised nodes and for varying values of K. We ob-distance as a function of the length of the sequence and the serve that the weight of the compromised nodes is consis-set of available channels K, with the error margins denot- tently higher than the maximum weight of all uncompro-ing 99% confidence intervals. We observe that the event of mised nodes by at least 50%, allowing the identification ofnode compromise can be easily identified since the expected the set of nodes that are compromised.Hamming distance between two random hopping sequencesfall within very confined margins. 7.3 Resistance Under CH Compromise In the case of q compromised nodes, the weight of each 1 q When the CH is compromised, the adversary knows thecompromised node is expected to be K qt, where t is the hopping schedules of all cluster nodes as well as the locationstime that each of the q compromised nodes is monitored. Let of the control channel. Hence, both the evasion entropy Ei ,the number of jammed slots required for the identification and the evasion ratio ER are equal to zero. The evasionof the compromised nodes be th. The CH needs to monitor delay D is equal to the sum of three components: (a) thechannels according to mCH for an average time of qt = K q th time until the compromise of the CH is detected by clusterslots, in order to observe th jammed ones. Upon identifica- nodes, denoted by D1 , (b) the delay of assigning new hop-tion of the compromised nodes, the CH must assign new ping sequences to each cluster, denoted by D2 , and (c) thehopping sequences to the remaining (n − q) uncompromised delay for re-establishing the control channel, denoted by D3 .nodes, yielding an additional delay of (n − q) slots. Once The cluster nodes consider the CH compromised when ERsequences are assigned a delay equal to the first occurrence is below a threshold value for an extended period of time.of the control channel under a random jammer, is incurred. The value of D1 is the expected evasion delay in the case ofThe total expected evasion delay is: node compromise, as calculated in the previous section, i.e., the required time for an uncompromised CH to re-establish E[D] = K q th + (n − q) the control channel when q nodes are compromised. D1 can 1 − p − (L + 1)(1 − p)L+1 + L(1 − p)L+2 obtain large values for clusters with large number of nodes, + . if the number of compromised nodes is large. In such a case, p 178
  11. 11. Compromised Nodes vs. Uncompromised nodes Compromised Nodes vs. Uncompromised nodes 450 3000 K=4 Weight of comp. node 400 K=5 Maximum weight of uncomp. nodes K=10 2500 350 Weight % increase 2000 300 250 Weight 1500 200 1000 150 100 500 50 0 0 2 4 6 8 10 12 14 2 3 4 5 # of compromised nodes # of compromised nodes (a) (b)Figure 7: (a) The weight of compromised nodes compared to the maximum weight of uncompromised onesas a function of the number of compromised nodes, (b) the percentage weight increase when a node iscompromised as a function of the number of compromised nodes, for varying K.the delay D1 hits an upper bound equal to the periodic is upper-bounded be the period of the CH rotation, thus re-CH rotation time. Once the CH is rotated, an additional ducing the delay under large number of compromised nodes.delay D2 occurs until the new CH is able to assign hopping Note that once a CH rotation is performed, the previous CHsequences to all nodes. The expected delay E[D2 ] is given becomes a compromised node of the cluster and hence, canby the following proposition. be identified by the new CH at a much shorter time. Proposition 6. The expected delay E[D2 ] until the newCH has assigned new hopping sequences to all cluster nodes 8. CONCLUSIONis equal to: We addressed the problem of control-channel jamming in 2 multi-channel ad hoc networks, under node compromise. We K proposed a randomized distributed channel establishment E[D2 ] = (n − 1). (11) K −1 scheme that allows nodes to select a new control channel Proof. After the CH rotation, each node is hopping ac- using frequency hopping. Our method differs from classi-cording to a self-generated hopping sequence. Let mj be cal frequency hopping in that the communicating nodes arethe self-generated sequence of cluster node nj , mCH be the not synchronized to the same hopping sequence. Instead,random hopping sequence of CH, and mjam be the hopping each node follows a unique hopping sequence. We showedsequence of the jammer. Let the CH attempt to commu- that our scheme can uniquely identify compromised nodesnicate with node nj , on consecutive slots. This process is through their unique sequence and exclude them from thea repetition of Bernoulli trials with probability of success network. We evaluated the performance of our scheme basedequal to on the newly proposed metrics of evasion entropy, evasion 1 K −1 K −1 delay, and evasion ratio. Our proposed scheme can by uti- Pr[mj = mCH , mj = mjam ] = = , (12) lized as a temporary solution for the control channel re- K K K2 establishment until the jammer and the compromised nodesThe number of slots until the first success is geometrically are removed from the network. K2distributed with an expected number of trials equal to K−1 .The CH has to repeat the same process for all (n-1) clus-ter nodes (the compromised CH is excluded from the hop- Acknowledgmentsping sequence update process) and hence, the expected delay This research was supported by the National Science Foun-E[D2 ] until all cluster nodes have received a new hopping dation (under grant CNS-0721935), BAE, Raytheon, and K2sequence is equal to K−1 (w − 1). Connection One (an I/UCRC NSF/industry/university con- sortium). Any opinions, findings, conclusions, or recommen- Once the new hopping sequences are assigned, the ad- dations expressed in this paper are those of the author(s)versary’s success in jamming the control channel becomes and do not necessarily reflect the views of NSF.equivalent to that of a random jammer. An additional de-lay E[D3 ] is incurred until a slot implementing the control 9. REFERENCESchannel occurs in the new hopping sequences. This delay isequal to the evasion delay in the case of a random jammer. [1] P. Kyasanur, and N. H. Vaidya, “Capacity ofDelays E[D2 ], E[D3 ] are negligible compared to the delay multi-channel Wireless Networks: Impact of NumberE[D1 ], since E[D1 ] is exponentially growing with the num- of Channels and Interfaces,” in Proc. of MobiCom,ber of compromised nodes, while E[D2 ], E[D3 ] are constant 2005.delays. Hence, the expected value of the evasion delay under [2] M. K. Simon, J. K. Omura, R. A. Scholtz, and B. K.CH compromise approximates the expected evasion delay as Levitt, “Spread Spectrum Communicationscalculated in (11) for the maximum value of q. Again, E[D3 ] Handbook,” McGraw-Hill, 2001. 179