974 Wireless Networks Based on WiFi and Related Technologies HYHUQHWZRUNWRSRORJ\FKDQJHVVLJQL¿FDQWO\2Q the other hand, reactive or on-demand routing protocols learn and maintain active routes only. When a new route is needed for a new connection, source of the connection broadcasts, network- wide, a route request (RREQ). The intended destination responds by a route reply (RREP) containing the path information. This process is called route discovery. To minimize the number of transmissions and speedup route discovery, the intermediate nodes that have the requested route may respond to a RREQ. The two most commonly used transport pro- tocols are user datagram (UDP) and transmis- sion control (TCP) protocols. For compatibility reasons, an ad hoc wireless network must support these protocols. However, TCP is tuned for use on wired networks and does not work well for multihop wireless networks. Despite several years of research, the perfor- mance of current multihop wireless networks is unpredictable. To illustrate the performance issue, we present in Figure 1 the overall network throughput of an 8-node ad hoc network with 7 constant bit rate (CBR) connections, representa- WLYHRIYRLFHRYHU,3WUDI¿FRYHU8'3WUDQVSRUW layer (Boppana, 2006). Even though nodes are stationary, the performance varies widely with time, owing to noise and interference caused by transmissions in the network. Mobility makes it harder to sustain perfor- mance in an ad hoc wireless network. To illustrate the performance issues further, we simulated a 50-node mobile ad hoc network in a 1,000 m x P ¿HOG X V L Q J W K H Q V Q H W ZRU N V L P X O DW RU )D O O & Varadhan, 1997). Each node has a transmis- sion range of 250 m and nodes move in random directions with an average speed of 10 m/s (22.5 miles/hour) and a top speed of 20 m/s. We used a 2 Mbps channel rate for easier analysis. (The current WiFi technology provides various channel rates ranging from 1 Mbps to 54 Mbps, though in practice, the higher rates are used only when the communication nodes are close to each other.) Figure 1. Throughput of a wireless ad hoc network with stationary nodes. The vertical bars indicate throughputs over 1-second intervals. The horizontal line indicates the throughput averaged thus far. The ad hoc network is built using off-the-shelf Linksys 54G routers reprogrammed with Linux operating system. Ad hoc on demand distance vector (AODV) routing protocol is used to discover and maintain routes. 975 Wireless Networks Based on WiFi and Related Technologies First, we illustrate the available bandwidth (BW) for a connection without taking any conten- tion or interference for wireless channels (Dyer, 2002). The available BW is based on the number RIKRSVUHTXLUHGWRUHDFKIURPDVSHFL¿HGVRXUFH node to its destination node. Next, we present performance of this network XQGHU&%5WUDI¿FORDG:HYDULHGWKHORDGIURP Figure 2. Capacity of a single transport-layer connection in a simulated ad hoc network. Owing to the nature of shared transmission space, the capacity of a connection varies inversely proportional to the number of hops from sender to receiver. Figure 3. Packet delivery rates of various ad hoc network routing protocols 976 Wireless Networks Based on WiFi and Related Technologies very low to very high, gradually, and measured the performance of the network. We simulated four recent routing protocols: destination sequenced distance vector (DSDV) (Perkins, 2000), adaptive distance vector (ADV) (Boppana & Konduru, 2001), ad hoc on demand distance vector (AODV) (Perkins, Belding-Royer, & Das, 2003), and dynamic source routing (DSR) (Johnson, Maltz, & Hu, 2003). The delivery rate (fraction of in- jected packets that are delivered to destinations) for this network with various routing protocols is indicated in Figure 3. DSDV and ADV are proactive routing protocols and AODV and DSR are on demand routing protocols. Two variants of ADV are shown based on the amount of time a packet is buffered within a node when there is no route. It is clear that the ability of a mobile ad hoc QHWZRUNWRGHOLYHUGHSHQGVJUHDWO\RQWKHWUDI¿F load, type of routing protocol used, and choice of parameter values (such as buffer time). Despite these performance issues, ad hoc networks are likely to be the dominant form of local area networks used in future for several reasons. • Technology developments will make the basic WiFi protocol robust and improve nominal speeds further (Varshney, 2003). Recently, evolving WiFi technology based on MIMO antennas is shown to sustain higher data rates than a fast ethernet. • Extensive ongoing research on networking software will result in better routing and transport protocols that will exhibit better performance characteristics (Boppana & Zheng, 2005; Desilva, 2004; Dyer, 2002). • There are no alternatives to mobile ad hoc networks for military combat situations. In fact, Department of Defense (DoD) is one of the early and largest funding agencies for research in this area. • Wireless networks streaming audio and v i d e o w i l l b e u b i q u i t o u s i n c o n s u m e r h o m e s . Ad hoc networks are particularly attractive because they require no new wiring and satisfy location and space constraints easily (IEEE CCNC, 2006). Already, many con- sumers with high-speed broadband access have a WiFi-based network (in infrastructure mode using one access point or in multihop mode using additional WiFi extender de- vices) connecting multiple laptops wirelessly within their homes. Apple’s Airport Express is a commercial product designed to stream audio over WiFi channels. The newer WiFi technology based on IEEE 802.11n or the ultra wideband (UWB) wireless technology will likely be used for high-resolution video streaming due to higher BW offered by this technology. However, UWB will be used to complement WiFi networks rather than replace them. • WiFi based ad hoc networks are the start - ing point to other types of networks, such as RFID networks and vehicular ad hoc networks (VANETs) (IEEE CCNC, 2005). In the next two sections, we address twin GH¿FLHQFLHVRIDGKRFQHWZRUNVSUHGLFWDEOHSHU- formance and security. First, we describe how to make the performance of WiFi networks robust, and then how to address some of the security issues that require attention in wireless networks. MIXED WIRELESS NETWORKS Given the weaknesses of ad hoc wireless networks, the area covered by them tends to be small. Instead, PL[HGQHWZRUNVFRQVLVWLQJRI¿[HGLQIUDVWUXFWXUH nodes and mobile user nodes are suitable for a medium-range network spanning, for example, a metropolitan area (Boppana & Zheng, 2005). Point-to-point wired, cellular, or WiMAX (based on the IEEE 802.16 standard (IEEE 802.16, 2004) for metropolitan area wireless networks) wireless OLQNVDPRQJ¿[HGQRGHVDQGZLUHOHVVOLQNVIRU all nodes can be used for connectivity. These 977 Wireless Networks Based on WiFi and Related Technologies networks take advantage of reliability and high bandwidth of wired infrastructure backbone, and ÀH[LELOLW\DQGORZFRVWRIZLUHOHVVOLQNVXVLQJDG hoc networking concepts. Because these networks make use of ad hoc networking, there is no need IRU¿[HGQRGHVWRFRYHUDOOWKHGHVLUHGDUHD,ID ¿[HGQRGHLVXQDYDLODEOHDVDQHLJKERUDPRELOH node can send its data through other mobile nodes WRWKHGHVWLQDWLRQRUWRWKHQHDUHVW¿[HGQRGH We illustrate this with an example network shown in Figure 4. This network has several mobile nodes that can communicate only via WiFi links and several relatively stationary nodes (denoted, infrastructure nodes) with point-to-point (p2p) links among them. A network of this type can provide multiple paths among user nodes. For example, node 8 in the upper left portion of the network can go through 12 and 13 or A and C to reach node 16. Ad hoc routing is used in cases when a user node is not near an infrastructure node. For example, node 10 can reach node 4 via node 6. With the advent of new technologies, it is feasible to design such mixed networks. The WiFi is a popular short haul (for distances less WKDQPZLUHOHVVOLQNSURWRFRO7KH¿[HGLQ- frastructure nodes and p2p links among them are QRWGLI¿FXOWWRVHWXS7KHSSOLQNVFDQEHZLUHG links or long-haul wireless links. For example, the new IEEE 802.16 (IEEE 802.16, 2004) is an example of long-haul (for distances less than 10 Km) wireless link protocols. The infrastructure QRGHVFDQEHDOUHDG\H[LVWLQJ¿[HGQRGHVFRQ- nected via p2p links (for example, access points connected to the Internet), or semi-permanent nodes that remain stationary for a few hours )LJXUH $PL[HGQHWZRUNZLWKPRELOHXVHUDQG¿[HGLQIUDVWUXFWXUH QRGHV GHQRWHG E\ FLUFOHV DQG diamonds, respectively. The infrastructure nodes are interconnected by point-to-point links, denoted by dashed lines, for infrastructure support and to provide multiple paths. All nodes are capable of using a common wireless technology, such as WiFi. The radio range of infrastructure nodes is indicated by a circular shaded region. 978 Wireless Networks Based on WiFi and Related Technologies and have p2p links implemented using a dif- ferent wireless technology. More importantly, elaborate design and implementation to ensure FRPSOHWHJHRJUDSKLFDOFRYHUDJHE\¿[HGQRGHV is not necessary, since gaps in the coverage can be managed using ad hoc networking, provided there is enough node density. 7RVHHWKHSHUIRUPDQFHEHQH¿WVRIPL[HG networks, we simulated a 60-node network in a P;P¿HOG:HXVHGWKH*ORPRVLP network simulator (Zeng, Bagrodia, & Gerla, 7KHUHDUHRU¿[HGQRGHVDQGWKH remaining nodes are mobile with speeds ranging from 1 to 29 m/s. The nominal WiFi link speed is 2 Mbps, and p2p links are full-duplex 2 Mbps. 7KH¿[HGQRGHVDUHSODFHGLQDJULGSDWWHUQDQG RQO\DGMDFHQW¿[HGQRGHVDUHFRQQHFWHGWRHDFK other by a p2p link. We used ADV and AODV as the routing protocols for the pure ad hoc network WKHQHWZRUNZLWK¿[HGQRGHVDQGADV static $'96PRGL¿HGYHUVLRQRI$'9WRWDNHDGYDQ- tage of p2p links where possible, for the other two networks. ADVSnF indicates the performance of mixed network with n¿[HGQRGHV7KHGHOLYHU\ rates are given in Figure 5. (See Boppana & Zheng, 2005 for more information.) $GGLQJDIHZSSOLQNVOLQNVZLWK¿[HG nodes) improves the delivery rate and overall SHUIRUPDQFH RI WKH QHWZRUN VLJQL¿FDQWO\ ,W LV even more illustrative to see the delivery rate, throughput, and packet latencies of a 1,000-node network in a 6 Km u 6 Km area. There are 0, 9, RU¿[HGQRGHVSODFHGLQDJULGSDWWHUQZLWK RQ O\ D GMD F H QW¿ [H G QRG H V FRQ Q H F W H GE\ SS O L Q N V 7KHQHWZRUNZLWK¿[HGQRGHVGHQRWHVWKHSXUH ad hoc network. These results clearly illustrate the performance EHQH¿WVRIXVLQJGLIIHUHQWOLQNWHFKQRORJLHVLQD mostly WiFi based ad hoc network. They also offer unique business opportunities (Markoff, 2006). • Mixed networks are easy to set up since the number of stationary nodes required is small (2.5% in the 1,000-node network example). Owing to the use of ad hoc networking con- cepts, they are not likely to suffer the irksome gaps that are common in cellular networks. In fact, the existing cellular networks can be improved using these techniques. Several cellular networking companies are actively pursuing this type of networks to comple- ment cellular networks. Figure 5. Performance of 60-node mixed and pure ad hoc networks 979 Wireless Networks Based on WiFi and Related Technologies Figure 6. Delivery rates of 1,000-node mixed networks Figure 7. Throughput of 1,000-node mixed networks Figure 8. Packet latencies for 1,000-node mixed networks 980 Wireless Networks Based on WiFi and Related Technologies • They lower the cost of setting up a met- ropolitan area network to the extent that citywide organizations, such as municipal government agencies or delivery service companies, can set up their own mixed network to provide wireless broadband ac- cess without having a telecom company as the carrier. SECURITY IN WIRELESS NETWORKS Besides performance, security is an important issue in wireless ad hoc networks. The traditional security issues on the Internet are keeping data FRQ¿GHQWLDO DQG XQDOWHUHG 7KH PRVW FRPPRQ solution is to encrypt the data by the source ap- plication and decrypt it by the destination applica- tion (Schneier, 1996). Intermediate nodes cannot examine the contents and cannot alter it without being detected by the destination. Since only some applications need it, this is implemented as an end-to-end solution (that is, the host comput- ers or applications at both ends of a connection invoke and manage the security features). These techniques are also applicable to secure data communication on wireless networks. In this section, we address a different type of security problem: crippling the network with false route information (Hu, Perrig, & Johnson, 2002; Marti, Giuli, Lai, & Baker, 2000; Zhou & Haas, 1999;). These attacks are on the control WUDI¿FUDWKHUWKDQGDWDWUDI¿F:LUHOHVVQHWZRUNV are more susceptible to this type of attack than wired networks for two reasons: (a) physical access to a network port is not necessary with wireless networks, (b) peer dissemination of routing information and network topology leads to highly leveraged, hard to detect hacker attacks on wireless networks. The issue of unauthorized access to network can be addressed using wire- less link-level encryption and decryption (wire- less protected access or WPA) and server-based authentication (Varshney, 2003). We describe the second issue in detail. 7KHDWWDFNVRQFRQWUROWUDI¿FRUURXWLQJSUR- WRFROFDQEHFODVVL¿HGLQWRWZRFDWHJRULHV • Denial of service (DoS) or resource consum - ing attack • Falsifying routes and dropping/delaying data packets :H ¿ U V WGH V F U LE H W K H L PSDFWRIW K H' R6DW W D FN In a routing protocol such as AODV, route dis- coveries depend on network-wide dissemination FDOOHGÀRRGLQJRI55(4FRQWUROSDFNHWVIURPD source node seeking route to its destination node. A RREQ broadcasted by a source is rebroad- casted by its neighbors to their neighbors. This is repeated until the destination receives a copy of this RREQ and responds with an RREP control packet that establishes the route between source and destination. A single RREQ broadcasted by a source node results in up to (n-1) additional broadcast transmissions in the wireless network, where n is the number of nodes in the network. This feature can be exploited by a malicious node to launch highly leveraged denial-of-service at- tacks in mobile ad hoc networks. These malicious nodes behave like the normal nodes in all aspects except that they initiate frequent control packet ÀRRGV7KLVLVKDUGWRGHWHFWVLQFHDQ\QRUPDOQRGH with frequently broken routes could legitimately initiate frequent route discoveries. Figure 9 shows the loss of throughput in a 100-node mobile ad hoc network with AODV as the routing protocol and one malicious node initiating routing attacks. Even 1 RREQ/s by the malicious node causes measurable drop in throughput (Desilva & Boppana 2005). Fortunately, a simple and inexpensive solution WRWKLVSUREOHPH[LVWV8VLQJVWDWLVWLFDOSUR¿OLQJ of control activity of other nodes, each node can independently determine overactive nodes and effectively shut them off from causing permanent damage to network performance (Desilva & Bop- 981 Wireless Networks Based on WiFi and Related Technologies pana 2005). With this solution implemented, the performance of the network under attack is shown in Figure 10. Regardless of the attack rate, the normal network throughput is sustained. The other type of security attack on routing protocol is based on falsifying routes by the mali- cious node in order to place itself in the path of an active route. This often involves the malicious node claiming a better route than any other node to reach a destination. Data packets received on this route are dropped or delayed arbitrarily by the malicious node. This type of attack is called the blackhole attack. The impact of such attacks can be severe on network performance. Figure 9. Loss of throughput with bogus route discoveries by a malicious node in a 100-node mobile ad hoc network. The offered CBR load to network is kept constant at 300, 400, or 500 Kbps, and the throughput achieved is measured as a function of attack rate by the malicious node. The attack rate of zero RREQs/second denotes the normal network. )LJXUH(IIHFWLYHQHVVRIVWDWLVWLFDOSUR¿OLQJLQWKHH[DPSOHDGKRFQHWZRUNXQGHU'R6DWWDFN 982 Wireless Networks Based on WiFi and Related Technologies Figure 11 illustrates the impact of a blackhole DWWDFN E\ ¿YH PDOLFLRXV QRGHV LQ D QRGH network with AODV routing protocol. The mali- cious nodes send false RREPs in response to 1% of RREQs they hear. The detection of such an attack is expensive. The proposed solutions to mitigate such at- tacks use hashing and symmetric cryptographic techniques (Hu et al. 2002; Zhou & Haas 1999). This makes the solution even more expensive than the attack itself since each control packet PXVWEHYHUL¿HG)XUWKHUUHVHDUFKLVQHHGHGWR GHYHORSHI¿FLHQWVROXWLRQVWRWKHVHGDPDJLQJEXW low frequency attacks. RFID WIRELESS NETWORKS Several organizations, including Wal-Mart and Proctor & Gamble (P&G), are currently testing and deploying UDGLRIUHTXHQF\LGHQWL¿FDWLRQ (RFID) technology in their supply chains. In ad- dition, the Department of Defense has mandated that its suppliers tag their products at the pallet level using RFID tags. The potential advan- tages of RFID technology in the supply chain are numerous. RFID technology has the ability to provide up-to-the-minute information on sales of items, and thus can give an accurate picture of the inventory levels. This accuracy may lead to reduction in inventory levels, thus causing a reduction in inventory costs. RFID technology )LJXUH,PSDFWRIEODFNKROHDWWDFNRYHUWLPHQDQRGHPRELOHDGKRFQHWZRUN7KHUHDUH¿YH malicious nodes sending false RREPs to 1% of RREQs they hear. The attack starts at 200 seconds and VWRSVDWVHFRQGV7KHWUDI¿FORDGLV.ESV7KHWZRWKLFNOLQHVDWDQGVHFRQGSHULRGV indicate the start and end of the attack. Vertical bars indicate delivery rates for 5-second periods. The jagged horizontal line indicates the average network throughput from the most recent event—start of simulation, start of attack, or end of attack. 983 Wireless Networks Based on WiFi and Related Technologies at the pallet level has the potential to automate the distribution of goods in the supply chain between manufacturing plants, warehouses, and retail stores of different organizations, which in turn might reduce labor costs. RFID tags allow companies to identify all items, thus cutting down losses from lost or misplaced inventory. For the purposes of this section, we assume the supply chain is comprised of the manufacturer, distributor, retailer, and the consumer. As an item with an RFID tag moves from one location to an- other location in the supply chain, it may be read at several different locations in the supply chain. :HGH¿QHDQRFID transaction t o be a n e ve n t t h a t corresponds to the reading of an RFID tag by an RFID reader. Each RFID transaction generates data including the RFID tag (EPC), the reader id, and other relevant pieces of information. The transition of an item with an RFID tag from the manufacturer to the consumer is depicted in Figure 12. In this paper, we assume that the RFID tags are applied at the item, case, and pal- let level. For some items, this hierarchy-items in cases and cases in pallets-may not be applicable, and for some items this hierarchy may need to be changed. However, the discussion in this chapter can be readily extended to other hierarchies. As an item is manufactured, an RFID tag is placed on the item, which generates the item creation RFID transaction at the manufacturing facility. Placing an item into a case, placing the case into a pallet, as well as loading a pallet into a delivery truck generate different RFID transactions at the manufacturing facility. At the distributor’s warehouse, placing the pallet into a warehouse shelf, and loading the pallet onto a delivery truck (to be delivered to the retail store) generate RFID transactions. In a retail store, events such as shelf replenishment, movement of an item from one shelf to another (possibly because of item misplacement), and sale of an item gener- ate RFID transactions. At the consumer’s home, a futuristic model suggests that the consumer’s refrigerator (or the storage area if the item does not need to be refrigerated) will be equipped with an RFID tag reader; this results in RFID transac- tions being generated when an item is placed in the refrigerator and when an item is taken out of Figure 12. Transition of an item from the manufacturer to the consumer in the supply chain and the relevant RFID transactions RFID Transactions (12) Item placement/read in the shelf or refrigerator (13) Shelf or refrigerator replenishment RFID Transactions (1) Item creation (2) Item load into a case (3) Case load into a pallet (4) Pallet load into a delivery truck Consumer’s House RFID Transactions (5) Pallet placement in the warehouse (6) Pallet load into a delivery truck RFID Transactions (7) Pallet unload in the retail store (8) Unpacking of a pallet (9) Unpacking of a case in the retail store (10) Item placement/read in the retail store shelf (11) Point of sale Retail Store Distributor’s Warehouse Manufacturing Facility . 974 Wireless Networks Based on WiFi and Related Technologies HYHUQHWZRUNWRSRORJFKDQJHVVLJQL¿FDQWO2Q the other hand, reactive or on-demand routing protocols learn and maintain active routes only demand distance vector (AODV) routing protocol is used to discover and maintain routes. 975 Wireless Networks Based on WiFi and Related Technologies First, we illustrate the available bandwidth. with various routing protocols is indicated in Figure 3. DSDV and ADV are proactive routing protocols and AODV and DSR are on demand routing protocols. Two variants of ADV are shown based on