IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.11, November 2009 1 Manuscript received November 5, 2009 Manuscript revised November 20, 2009 MAC Layer Misbehavior on Ad Hoc Networks N. Nagel, R. Shokranian, and J. L. Bordim University of Brasilia, Campus Universitário, Asa Norte, 70910-900 Brasilia, DF, Brazil Summary One of the major challenges in ad hoc networks is to ensure nodal collaboration. Nevertheless, collaboration may lead to undesired results when nodes can exploit their siblings for their own benefits. Until recently, the research community focused on ensuring nodal cooperation at the network layer. In this work we focus on node behavior at the Medium Access Control (MAC) sublayer. More specifically, in this work focus on mechanisms to evaluate nodal activity and verify whether a node is adhering to the protocol rules or not. We show that misconduct at the MAC layer can have serious implications in terms of throughput. Our main contribution is a mechanism that enables nodes to monitor neighboring activity and assess their conduct based on the observed data. Key words: Misbehavior, Collaborative Computing, Trust, Reputation, Ad hoc networks. 1. Introduction Wireless networks have grown and developed in the last decades. They can now be found in offices, hospitals, and in the houses of millions of people. Although they are present in our daily life, most of them are dependent of a centralized infrastructure. Ad hoc networks are formed by mobile autonomous devices that are capable of configuring among them to form a network without the help of a fixed infrastructure. The creation of a network became easy and has a low cost. Ad hoc networks also demand for more specialized routing algorithms and efficient means to deal with medium access, which requires elaborated solutions. Ad hoc networks inherits most of the traditional wireless networks problems, such as interference, low reliability, low bandwidth, high influence of the environment for the correct functionality of the network, limited resources in terms of battery and processor power, and low service coverage [3]. Since the transmission distance of the nodes is limited, communication among nodes which are outside the radio range of each other is possible only if there is cooperation. In such context, cooperation means that each node must relay data to other nodes, which implies in more battery and processor power usage. As the resources are limited, cooperation can be expensive, and this can cause some nodes to have a selfish behavior. A selfish node may cooperate when it is somehow rewarded. Such nodes are also termed as misbehaving nodes. A misbehaving node uses the knowledge of the underline protocols for their own benefits. In a cooperative environment, such behavior can have serious impacts on the entire network [11]. Thus, it is important to identify misbehaving nodes and define mechanisms to prevent and deal with them. It is worth noting that a malicious node, in contrast, uses the knowledge of the underline protocols for wrongdoing actions. The ad hoc network dynamics and the lack of infrastructure discard the use of centralized mechanisms for control access, authentication, or even traffic control. Such schemes, must therefore, be implemented in a distributed way. There are many proposals that use cryptography for safe routing. However these proposals are limited and do not consider the lack of infrastructure and resources [10]. Another option is the use of reputation and trust systems, similar to Ebay [9]. These schemes can be applied to ad hoc networks to prevent misbehavior and stimulate node cooperation [2, 4, 8, 13]. However, reputation systems need to be robust to identify and prevent network service degradation. Until recently, the research community was concerned in observing nodal behavior at the network layer. This was achieved by checking whether or not a node was correctly forwarding packets [6]. However, a misbehaved node can act not only in the network layer but also in other layers. This paper is focuses on studying this problem of misbehavior at the Medium Access Control (MAC) sublayer. When a node wishes to use the channel, it must wait a random time before transmitting, known as backoff. This period is generated randomly and independently for each node with the aim to prevent collisions. It is possible that a misbehaving node does not respect the minimum Contention Window (CW) and, as a result, transmits more than the expected. Although there are other works in this direction, as it shall be discussed in Section 2, none of them deal with the amount of information a node has to gather in order to have a higher confidence in classifying a neighboring node as a misbehaving node. In other words, this work attempts to estimate the amount of data one has to collect in order to better judge its neighbors' conduct. Obviously, the more data one collects the better the accuracy will be. In this work we are interested in answering the following question. What is the minimum