pis: a practical incentive system for multihop wireless...

4012 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 59, NO. 8, OCTOBER 2010

PIS: A Practical Incentive System forMultihop Wireless Networks

Mohamed Elsalih Mahmoud and Xuemin (Sherman) Shen, Fellow, IEEE

Abstract—In multihop wireless networks (MWNs), the mobilenodes usually act as routers to relay other nodes’ packets to enablenew applications and enhance network performance and deploy-ment. However, selfish nodes may not cooperate and make use ofthe cooperative nodes to relay their packets, which has a negativeeffect on network fairness, security, and performance. Incentivesystems implement micropayment in the network to stimulate theselfish nodes to cooperate. However, micropayment schemes haveoriginally been proposed for Web-based applications; therefore, apractical incentive system should consider the differences betweenWeb-based applications and cooperation stimulation. In this pa-per, first, these differences are investigated, and a payment modelis developed for the efficient implementation of micropaymentin MWNs. Second, based on the developed payment model, anincentive system is proposed to stimulate the nodes’ cooperationin MWNs. Third, a reactive receipt submission mechanism isproposed to reduce the number of submitted receipts and pro-tect against collusion attacks. Extensive analysis and simulationsdemonstrate that our incentive system can secure the paymentand reduce the overhead of storing, submitting, and processingpayment receipts significantly, which can improve the system’spracticality due to the high frequency of low-value paymenttransactions.

Index Terms—Cooperation stimulation, incentive systems,packet drop attack, selfish mobile nodes.

I. INTRODUCTION

THE INTEREST in multihop wireless networks (MWNs),such as the mobile ad hoc network, the vehicular ad

hoc network, the multihop cellular network, and the wirelessmesh network, has significantly been increasing [1]–[3]. Inthese networks, the traffic originating from a node is usu-ally relayed through other nodes to the destination. Multihoprelaying can extend the communication range using limitedtransmit power, improve area spectral efficiency, and enhancethe network throughput and capacity [4], [5]. Moreover, thesenetworks can be deployed more readily and at low deploymentcost in developing or rural areas. However, due to involvingautonomous nodes in packet relay, the routing process suffersfrom new security challenges that endanger the practical imple-mentation of MWNs.

Manuscript received May 4, 2010; revised July 9, 2010; accepted July 19,2010. Date of publication August 3, 2010; date of current version October 20,2010. The review of this paper was coordinated by Dr. L. Chen.

The authors are with the Centre for Wireless Communications, Departmentof Electrical and Computer Engineering, University of Waterloo, Waterloo,ON N2L 3G1, Canada (e-mail: [email protected]; [email protected]).

Color versions of one or more of the figures in this paper are available onlineat http://ieeexplore.ieee.org.

Digital Object Identifier 10.1109/TVT.2010.2062549

Most existing routing protocols assume that the nodes ofMWN are willing to relay other nodes’ packets. This assump-tion is reasonable in disaster recovery and military applicationsbecause the nodes belong to a single authority and pursue acommon goal, but it may not hold for civilian applications,where the nodes are autonomous and aim to maximize theirwelfare. Although proper network operation requires the nodesto collaborate, collaboration consumes their valuable resources,such as energy and computing power, which stimulates thenodes to behave selfishly. Therefore, in civilian applications,selfish nodes are not voluntarily interested in cooperation with-out sufficient incentive and make use of the cooperative nodesto relay their packets, which has a negative effect on networkfairness, performance, and security. The fairness issue ariseswhen selfish nodes take advantage of the cooperative nodeswithout any contribution to the network, and the cooperativenodes are unfairly overloaded because the network traffic isconcentrated through them. The selfish behavior also signifi-cantly degrades the network performance, which may result infailure of the multihop communication [6], [7].

Reputation-based and incentive systems [8], [9] have beenproposed to enforce and stimulate node cooperation, respec-tively. In reputation-based systems, each network node usuallymonitors the transmissions of its neighbors to make sure that theneighbors forward the others’ traffic, and thus, selfish nodes canbe identified and punished. In incentive systems, forwardingother nodes’ packets is a service and not an obligation, so thecommunicating nodes pay credits (or virtual currency) to theintermediate nodes to relay their packets. However, reputation-based systems [10], [11] suffer from essential problems thatmay discourage implementing them practically. First, to mon-itor the transmissions of its neighbors, a network node usuallyworks in the promiscuous mode that is not efficient becausethe node uses the full power transmission instead of adaptingthe transmission power according to the distance separating thetransmitter and the receiver [12]. Furthermore, the directionalantennas [13] that can improve the network capacity due to re-ducing the interference area make monitoring difficult. Second,reputation-based systems do not achieve fairness because thehigh-contribution nodes are not compensated, and the nodes arepunished when they do not cooperate, no matter how they havepreviously contributed to the network. For example, althoughthe nodes situated at the network center relay more packets thanthose at the periphery, they are not compensated. Third, thesesystems suffer from unreliable detection of the selfish nodesand false accusation of the honest nodes because it is difficultto differentiate between a node’s unwillingness and incapabilityto cooperate, e.g., due to low resources or network congestion.

0018-9545/$26.00 © 2010 IEEE

MAHMOUD AND SHEN: PIS: A PRACTICAL INCENTIVE SYSTEM FOR MULTIHOP WIRELESS NETWORKS 4013

TABLE IPROPERTIES OF WEB-BASED APPLICATIONS AND

COOPERATION STIMULATION

Moreover, the assumption that the transmitted packets by anode can be received by all the nodes in its neighborhoodcannot be ensured, e.g., due to packet collision [14]. Finally,reputation-based systems have not considered the possibilitythat selfish nodes can collude with each other to boost theirreputations to maximize their welfare.

Incentive systems are better for MWNs because, in additionto cooperation stimulation, the systems can achieve fairnessby charging or rewarding credits to balance between a node’scontributions and benefits. A node’s contribution can be relay-ing other nodes’ packets or paying credits, whereas a node’sbenefit can be relaying its packets or earning credits. More-over, since the network nodes pay for relaying their packets,incentive systems can discourage resource exhaustion attack,where malicious nodes exchange bogus packets to exhaust theintermediate nodes’ resources. Incentive systems can also beused for charging future services of mobile networks [15], [16]because communication sessions may occur without involvingan infrastructure, and mobile nodes may roam among differentforeign networks. In other words, by using an incentive system,the network nodes can pay all parties involved in its communi-cation without contacting distant home location registers.

However, the practicality of the existing incentive sys-tems is questionable because they impose significant overheadcost. Micropayment schemes [17]–[19] are electronic paymentschemes for frequent and low-value payments. The schemeswere originally designed for Internet electronic commerce ap-plications to take advantage of the high volume of viewers byoffering content for low price. Examples of the applications in-clude buying data or news, listening to a song, playing an onlinegame, and reading an article in a journal [20]. To efficiently im-plement such scheme in MWNs, the differences between Web-based applications and cooperation stimulation should be takeninto account. These differences are summarized in Table I.

For Web-based applications, a transaction usually containsone customer and one merchant, and the merchants’ numberis low, and their identities are known before the transactionis held. For cooperation stimulation, each transaction usuallycontains two customers (the source and the destination nodes)and multiple merchants (the intermediate nodes), the mer-chants’ number is large because any network node can workas a merchant (or packet relay), and the merchants’ identitiesare known only at the transaction (session) time due to thenodes’ mobility. Moreover, the relation between a customerand a merchant is usually short due to the network’s dynamic

topology. The nodes are involved in low-value transactions veryfrequently because once a route is broken, which is frequentlydue to the nodes’ mobility and channel impairment, a newtransaction should be held to reestablish the route. In wirelessnetworks, the nodes have low resources, such as energy andstorage area, as compared with the computers’ resources inWeb-based applications. Although security is important in allpayment applications, attacks can be launched easier in Web-based applications because it is easier to launch attacks acrossthe Internet than tampering devices.

In this paper, first, we develop a payment model that takesinto account the features of cooperation stimulation, whichcan improve the practical implementation of micropaymentin MWNs. Second, based on the developed payment model,we propose a practical incentive system (PIS) to stimulatethe nodes’ cooperation in MWN. Since the communicationsessions may occur without involving an infrastructure, thecommunicating nodes issue digital receipts to the intermediatenodes, which submit the receipts to the accounting center (AC)to claim their payment. The conclusive point for the practicalimplementation of incentive systems is the receipts’ submissionand process overhead due to the high frequency of low-valuetransactions. In other words, submitting a large number ofreceipts implies significant communication and computationoverhead and implementation difficulty because the cost ofreceipt submission and process may exceed the transactionvalue. Therefore, in our incentive system, instead of generatinga receipt per packet or group of packets, one fixed-size receiptis generated per session regardless of the number of transmittedpackets. Moreover, a receipt size can significantly be reducedby attaching the hash of the nodes’ signatures instead of thesignatures, and different receipts can be aggregated together toa smaller size receipt.

Our third contribution is proposing a reactive receipt sub-mission mechanism to reduce the number of submitted andprocessed receipts and to protect against collusion attacks. Inour incentive system, a receipt contains payment data for all theintermediate nodes; therefore, it is sufficient to submit one copyto clear the receipt. However, it is not secure to trust one node tosubmit the receipt because it may collude with the communicat-ing nodes (payers) in order to not submit the receipt to increasetheir welfare. The mechanism is a reactive one because unlikethe Preventive mechanism [21], which requires submitting alarge number of redundant receipts to fail the collusion attacks,our mechanism submits an incomparable number of redundantreceipts to identify the colluding nodes, and the number ofunsubmitted receipts can be limited probabilistically. Extensiveanalysis and simulations demonstrate that our incentive systemcan secure the payment and significantly reduce the number ofsubmitted and processed receipts, particularly at high packet-transmission rate, which can improve the system’s practicalitydue to the high frequency of low-value transactions.

The remainder of this paper is organized as follows:Section II reviews the related work. Section III presents thesystem models. Section IV proposes our incentive system.Security analysis and performance evaluation are provided inSections V and VI, respectively, followed by conclusion inSection VII.


II. RELATED WORK

The existing incentive systems can be classified into twocategories: 1) tamper-proof device (TPD) and 2) central-bank-based systems. In TPD-based incentive systems [22]–[26], aTPD is installed in each device to manage its credit account andsecure its operation. In central-bank-based incentive systems[21], [27]–[34], a centralized unit called the AC stores andmanages the nodes’ accounts.

In Nuglets [22], the self-generated and forwarding packetsare passed to the node’s TPD to decrease and increase its creditaccount, respectively. Two payment models, called the packetpurse model (PPM) and the packet trade model (PTM), havebeen proposed. In the PPM, the source node pays for relaying itspackets by loading some credits in each packet before sendingit, each forwarding node acquires the amount of credits thatcover the packet’s forwarding cost, and the packet is dropped ifit runs out of credits. In the PTM, each intermediate node runsauctions to sell the session packets to the following node onthe route, and the destination node pays the total cost. In secureincentive protocol [23], after receiving a packet, the destinationnode sends a payment RECEIPT packet to the source node toissue a REWARD packet, which increments the credit coun-ters of the intermediate nodes. In cooperation and accountingstrategy for hybrid wireless networks (CASHnet) [24], [25], foreach transmitted packet, the source node’s traffic-credit accountstored in the node is charged, and a signature is attached. Uponreceiving the packet, the destination node’s traffic-credit ac-count is also charged, and a digitally signed ACK packet is sentback to increase the helper-credit accounts of the intermediatenodes. Users regularly visit service points to buy traffic creditsfor real money and/or convert helper credits to traffic credits.

Centralized-bank-based incentive systems can be classifiedinto coin- and receipt-based systems. In coin-based incentivesystems [27], a network node buys electronic coins from theAC before being involved in a session to pay for relayingits packets. In receipt-based incentive systems [21], [28]–[34],the communicating nodes issue receipts (or payment proofs)to the intermediate nodes that submit the receipts to the ACto update their accounts, i.e., a network node communicatesfirst and pays later. In [27], each node on a communicationsession buys packets from the upstream node and sells themto the downstream node. The packets’ buyer and seller contactthe AC to get deposited coins and submit the coins to claim thepayment, respectively; therefore, the session’s nodes contact theAC in each session.

In [28], the source node appends a token to each transmittedpacket, and each intermediate node uses its secret key to checkwhether the token corresponds to a winning ticket. Winningtickets are submitted to the AC to reward the winning nodes.In a security flaw, colluders can collect and exchange tokens tobe checked in each node to steal credits. Since the nodes arerewarded only for winning tickets, fairness issue arises when anode is not adequately compensated for its cooperation. In ourearlier work [29], instead of submitting payment receipts to theAC, each node submits a smaller size activity report containingits alleged charges and rewards in different sessions, and the ACuses a reputation system to identify the cheating nodes. How-

ever, due to the nature of the reputation systems, some honestnodes may falsely be identified as cheaters, and colluding nodesmay manage to steal credits. In [30], an incentive system hasbeen proposed for a hybrid ad hoc network, but the base stationis involved in every communication session, which may lead tosuboptimal routes when the communicating nodes reside in thesame cell.

In Sprite [31], the source node signs the full path identitiesand appends its signature to each transmitted message. In Spriteand an enforceable incentive scheme for wireless networks us-ing network coding (INPAC) [32], the intermediate and destina-tion nodes compose receipts and submit them to the AC to claimthe payment. In Express [33], the source node generates a hashchain for every intermediate node IDK by iteratively hashingrandom value (VS) S times to obtain a final hash value V0.The source node commits to the hash chain by digitally signingV0 and sending the signature to IDK . Each time IDK relays apacket, the source node releases the preimage of the last senthash value, where V1 is released first, V2 second, and so on.Payment nonrepudiation is achievable because the hash func-tion is one way, i.e., only the source node can generate the hashchain. The source, intermediate, and destination nodes composereceipts and submit them to the AC. However, each node hasto generate and store a large number of hash chains due tothe large number of probable relays (P2 in Table I). In Sprite,INPAC, and Express, only the source node pays, regardlessof how the destination node benefits from the communication.Moreover, since an intermediate node is rewarded for everysuccessfully relayed packet even if it does not reach the destina-tion, all the session nodes submit the receipts because a node’spacket forwarding is considered successful if its next node onthe path reports a valid receipt. We call this receipt submissionmechanism All-Submitters because all the intermediate nodessubmit all the receipts. In Sprite, INPAC and Express, signif-icant communication and computation overhead are implieddue to submitting and processing a large number of receipts,because a receipt is generated per packet and submitted by allthe nodes on the session.

In [34], an incentive system has been proposed for an ad hocnetwork that is used to connect the nodes to the Internet. Foreach packet, the source node appends a signature to the full pathidentities, and the destination node signs a receipt and sends itto the last intermediate node to submit to the AC. Since a receiptcontains payment data for all the intermediate nodes, one copyof the receipt is submitted to claim the payment for all theintermediate nodes, which we call the One-Submitter receiptsubmission mechanism. However, the proposed system doesnot handle collusion attacks, e.g., the communicating nodescan communicate freely, and the intermediate nodes are notrewarded when the last intermediate node colludes with thepayers in order to not submit the receipts.

In double signature cheque mechanism (DSC) [21], insteadof generating a hash chain for each intermediate node likeExpress, one hash chain of size S is generated to pay for all theintermediate nodes on a session. A receipt contains paymentdata for all the intermediate nodes and at most S packets. Areceipt for X packets contains the root hash value (V0) andthe last released hash value (VX−1). The number of transmitted


packets is computed from the number of hashing operations tomap VX−1 to V0. A new receipt is generated when S packets aresent or when the route is broken. Furthermore, since a receiptcontains payment data for all the intermediate nodes, a Preven-tive receipt submission mechanism has been proposed to reducethe number of submitted receipts and prevent a collusion attack.In this mechanism, each intermediate node submits a number ofrandomly chosen receipts that guarantee submitting a minimumnumber of unrepeated receipts probabilistically. The mecha-nism is a preventive mechanism because it aims to prevent theeffectiveness of the collusion attack by submitting redundantreceipts, i.e., even if some colluding nodes do not submit thereceipts, they may be submitted by other nodes; therefore,a minimum number of unrepeated receipts can be submittedunder a collusion attack. Increasing the number of submittedreceipts by each node increases the robustness against a collu-sion attack but with additional redundant receipts.

III. SYSTEM MODELS

A. Network and Communication Models

The considered MWN includes AC, mobile nodes, and basestations in some types of MWNs. The AC stores and managesthe nodes’ credit accounts and generates private/public key pairand certificate with unique identity for each node to participatein the network. Once the AC receives a receipt (proof ofpayment), it updates the relevant nodes’ accounts and identifiesand revokes the misbehaving nodes.

An on-demand routing protocol, such as dynamic sourcerouting [35] and ad hoc on-demand distance vector (AODV)[36], is implemented to establish an end-to-end communicationsession between the source and the destination nodes. Thesource node’s packets may be relayed in several hops by theintermediate nodes to the destination. The network nodes cancontact with the AC at least once during a time interval, whichcan be in the range of a few days. This connection can occur viabase stations, Wi-Fi hotspots, or wired networks (e.g., Internet).During this connection, a network node renews or revokes itscertificate, submits the payment receipts, and purchases creditsby real money.

B. Threat and Trust Models

Since the mobile nodes are autonomous, we assume that anattacker has full control on his mobile node, and thus, he canchange its operation and infer the cryptographic data. Attackerscan work individually or collude with each other under thecontrol of one attacker to launch sophisticated attacks. Attack-ers are rational in the sense that they misbehave when theycan achieve more benefits than behaving honestly. Specifically,attackers attempt to steal credits, pay less, and communicatefreely. The base stations and the mobile nodes are probableattackers because they are motivated to misbehave to increasetheir welfare. However, the AC is fully trusted because it is im-possible to realize secure payment between two entities withouta trusted third party [37]. For the trust models, the networknodes fully trust the AC to perform billing and auditing cor-rectly, but the AC trusts no node or base station in the network.

Fig. 1. Payment model’s parties and relations.

C. Payment Model

1) Parties and Relations: The payment model containsthree basic parties: 1) the customer or the communicatingnodes; 2) the merchant or the intermediate nodes; and 3) thebank or the AC. Fig. 1 portrays the relations among the differentparties in our payment model. The operations among theseparties can be divided into three phases: 1) Certificate Issuing;2) Payment; and 3) Redemption. In the Certificate Issuingphase, a customer has to register with the bank to create anaccount, and the bank issues a short-lifetime certificate, e.g., for7–10 days. A customer periodically contacts the bank to renewhis certificate and pay for the services (packet relay) he receivedfrom the merchants. In the Payment phase, a customer’s cer-tificate enables him to issue digital receipts to transact withmerchants without involving the bank, i.e., customers minetheir own electronic coins without the need of direct verificationby the bank. In the Redemption phase, a merchant claimsits payment by submitting its transactions’ receipts. The ACverifies the receipts and clears them by rewarding the merchantsand charging the customers. This payment architecture has twoimportant properties that can improve the practical implementa-tion of micropayment in MWNs: no need for TPD and flexiblepayment.

a) No need for TPD: The TPD-based incentive systems[22]–[25] may not find widespread acceptance for the fol-lowing reasons. First, the assumption that the TPD cannot betampered is neither secure nor practical for MWNs. Attackerscan communicate freely in an undetectable way if they couldcompromise the TPDs [38] because the communications aredecentralized, and the network nodes are autonomous. More-over, a small number of trusted manufactures can make thenetwork devices, which is too restrictive for civilian networks.Second, a network node cannot communicate if it does not havesufficient credits. Unfortunately, the nodes at the network edgecannot gain as many credits as the nodes at other locations be-cause they are less frequently selected by the routing protocol.Furthermore, the credit distribution has a direct impact on thenetwork performance, e.g., if a small number of nodes have alarge ratio of network credits, the network performance signif-icantly degrades because the rich nodes are not motivated tocooperate, and the poor nodes cannot initiate sessions. Finally,since credits are cleared in real time, the network performance


significantly degrades if the network nodes do not have enoughcredits. Credits are lost normally because the total charges arenot necessarily equal to the total rewards [26], e.g., the sourcenode is charged full payment after sending a packet, but someintermediate nodes might not be rewarded when the route isbroken. In [23], a compensation mechanism is used to changethe packet-relaying price proportionally to the nodes’ speed toavoid the network credit decline. However, the compensationmechanism has to avoid credit inflation and depletion. Forcredit inflation, the nodes are rich and thus unmotivated tocooperation, whereas for credit depletion, the nodes are poorand incapable of initiating communication. The design of adecentralized compensation mechanism to stabilize the amountof credits in the network is difficult, particularly in large-scalenetworks.

In our payment model, the AC can convert credits to realmoney and sell credits for real money. This motivates the richnodes to cooperate, enables the nodes that cannot gain creditsbecause they are less frequently selected by the routing protocolto communicate, improves credit distribution, and protects thenetwork from credit decline.

b) Flexible payment: There are two ways to manageelectronic payment: online and offline payment. For onlinepayment, a merchant verifies the payment sent by a customerwith the bank before serving the customer, and for offlinepayment, a merchant serves the customer without involving thebank at the transaction time, i.e., instead of interacting with thebank in each transaction, merchants accumulate the paymentsand redeem them in batch later. The payment managementcan also be classified into credit (or postpaid) and debit (orprepaid) payment. For credit payment, customers are servedfirst and charged later, e.g., customers issue receipts to themerchants that submit them to the bank to redeem the payment;therefore, a customer’s account will not be debited until receiptsare processed. For debit payment, the customers’ accounts arecharged before they are served, e.g., customers buy electroniccoins in advance from the bank to pay to the merchants, or thebank has to be interactively involved in each session.

Offline and credit payment are better for the practical im-plementation of micropayment in MWNs for the followingreasons. First, connection with the bank may not be available ona regular basis, and even if it is available, involving a centralizedunit in each transaction is very costly and creates bottleneck inthe bank due to the high frequency of low-value transactions(P4 and P5 in Table I). Second, customers generate their owncoins (or receipts), which provides many flexibilities. Coins aregenerated on demand, and customers do not need to frequentlycontact with the bank to buy coins. In [26], it is shown thatalthough some nodes have helper credits in CASHnet, theycannot communicate because they could not find a servicepoint to convert the helper credits to traffic credits. Moreover,generating coins to pay for a specific merchant [27]–[33] is notpractical due to the large number of probable merchants in thenetwork, and generating general coins to pay for any merchantis vulnerable to a double-spending attack or requires interactiveand frequent contact with the bank.

Although the developed payment architecture has manypositives, it is obvious that reducing the receipts’ number is

essential for practical implementation for the following reasons.First, since the transactions’ number is large and multiplemerchants may be involved in a transaction (P1 and P2 inTable I), generating a receipt per packet or customer increasesthe receipts’ number significantly, and thus, the transactionvalue may not cover its processing cost (P5 in Table I) andprocessing a large number of receipts may not be feasible.Second, the nodes have low resources (P7 in Table I); therefore,the overhead of storing and submitting a large number ofreceipts may stimulate the nodes to behave selfishly. Whatmakes it worse is that the nodes keep the receipts for sometime because instantaneous contact with the bank may not beguaranteed.

2) Charging and Rewarding Policy: In most existing in-centive systems [22], [23], [31]–[33], only the source nodeis charged. We argue that a more fair charging policy is tosupport cost sharing between the source and the destinationnodes because both of them benefit from their communication.The payment ratio is adjustable and can be negotiated duringthe session establishment phase. To simplify our presentation,we suppose the source and the destination nodes agreed tohalve the packet-relaying expense, although any other payment-splitting ratio can be used. For rewarding policy, some incentivesystems [39], [40] consider a different packet-relaying cost thatcorresponds to the incurred energy in packet relay. This reward-ing policy is difficult to be implemented in practice withoutinvolving complicated route-discovery process and calculationof en route individual payments. Therefore, similar to [21],[23], [31], and [33], we use a fixed rewarding rate, e.g., λ creditsper unit-sized packet.

In MWNs, packet loss may occur normally due to nodemobility, packet collision, channel impairment, or other rea-sons. Ideally, any node that has ever tried to forward a packetshould be rewarded no matter if the packet eventually reachesits destination or not because forwarding a packet consumesthe node’s resources. However, it is difficult to corroborate anintermediate forwarding action in a trustable and distributedmanner without involving too complicated design. For example,rewarding the nodes for route establishment packets or packetretransmissions complicates the incentive system and increasesthe receipts’ number significantly because a large number ofnodes may be involved in relaying route establishment packets,and packet retransmissions frequently happen in wireless net-works. Moreover, to reward the nodes for every relayed packet,all the intermediate nodes submit all the receipts to identifythe last node that relayed the packet before route breakage[31]–[33].

Therefore, in our incentive system, the first intermediatenode after the source node submits the session receipt, and theother intermediate nodes submit the receipts probabilistically toprotect against collusion attacks. In Fig. 2(a), the intermediatenodes are rewarded when the receipt proves that the messagehas been delivered, i.e., when the first intermediate node afterthe source node (ID1) receives the message’s ACK, or one ofthe other intermediate nodes receives the ACK and submits thereceipt. However, in Fig. 2(a) and (b), the two communicatingnodes are charged when the source node transmits a packet,whether it reaches the destination or not. The value of λ is


Fig. 2. Payment rewarding and charging policy. (a) Delivered packet.(b) Undelivered packet.

TABLE IIUSEFUL NOTATIONS

Fig. 3. Architecture of our incentive system.

determined to compensate the nodes for their consumed re-sources in route-establishment packets, packet retransmission,and undelivered packets. In Section V, we will argue that ourcharging and rewarding policy can discourage rational attacksand encourage packet relay. Table II gives the used notations inthis paper.

IV. PIS: THE PROPOSED INCENTIVE SYSTEM

Fig. 3 shows that our incentive system consists of threephases: 1) Communication; 2) Receipt Submission; and3) Payment Redemption and Colluder Identification. In theCommunication phase, the network nodes are involved incommunication sessions, and the communicating nodes issuepayment receipts to the intermediate nodes. In the ReceiptSubmission phase, the nodes submit the receipts to the AC toclaim their payments. In the Payment Redemption and ColluderIdentification phase, the AC clears the receipts and identifies thecolluding nodes that do not submit the receipts.

Fig. 4. Evolution of the session payment proof.

A. Communication Phase

1) Route Discovery: To establish an end-to-end session, thesource node broadcasts the Route Request Packet (RREQ) thatcontains the identities of the source (IDS) and the destination(IDD) nodes, as well as the session establishment time stamp(TS). A network node appends its identity and broadcasts thepacket if the TS is within proper range. When the RREQpacket reaches the destination node, it unicasts the RouteReply Packet (RREP) that contains the session nodes’ iden-tities (e.g., R = IDS, ID1, ID2, ID3, IDD in the session shownin Fig. 4), its certificate, and its signature SigD (R, TS) forauthentication and payment nonrepudiation. After receiving theRREP packet, an intermediate node adds its certificate, signsthe packet’s signature to authenticate itself, and relays thepacket. The source node receives the RREP packet containingthe session nodes’ identities and authentication code (NAC =Sig1(Sig2(Sig3(SigD(R, TS)))) in Fig. 4). In the first datapacket, the source node appends its certificate and the NAC thatis used in receipt composition.

2) Data Generation and Relay: The source node appendsits signature (SigS(R,H(MC),TS,C)) and the message (MC)to the Cth data packet in the session and sends the packetto the first node on the route. The source node’s signaturecontains the session nodes’ identities (R), the message’s hashvalue (H(MC)), the number of transmitted messages (C), andthe session establishment TS. This signature is an approval fromone payer to pay for C packets and to ensure the message’sauthenticity and integrity. Signing H(MC) instead of MC canreduce the receipt size because a smaller size H(MC) can beattached to the receipt. As illustrated in Fig. 4, upon receivingthe packet, each intermediate node verifies the source node’ssignature and updates the session payment proof to contain thelast source node’s signature that is enough to prove transmittingC packets.

3) ACK Generation and Relay: After receiving the Cth datapacket, the destination node sends back signed ACK containing


Fig. 5. Format of a session receipt for C packets.

Fig. 6. Receipt aggregation technique.

its signature (SigD(R, TS, C)) as approval to pay for C deliveredmessages. H(MC) is not included in the signature in order toavoid increasing the receipt size by attaching both H(MC) andH(MC−1) when the session is broken before receiving the ACKpacket. Fig. 4 shows that after receiving the ACK, intermediatenodes update the session payment proof to contain the latestdestination node’s signature. It can be seen that the paymentproof always contains the latest received signatures from thesource and the destination nodes.

B. Receipt Submission Phase

For each session, one receipt containing the payment data forall the intermediate nodes can be composed. It can be seen inFig. 5 that a session receipt contains two main parts: Descriptorand Evidence. The Descriptor contains the payment data, i.e.,the identities of the payers and the payees, the messages’number, and the session TS. The Evidence is a security tokenthat prevents payment repudiation and manipulation and thusensures that the receipt is nondeniable, nonmodifiable, andnonforgeable. The Evidence consists of hashing the sessionpayment proof. Attaching the hash of the payment proof insteadof the payment proof can reduce the receipt’s size significantly.Fig. 6 shows that different receipts can be aggregated togetherto a smaller size aggregated receipt. The aggregated receipt con-tains the descriptors of the individual receipts and AggregatedEvidence, where Descriptor(i) and Evidence(i) refer to theDescriptor and the Evidence of receipt number i, respectively.The Aggregated Evidence is computed by onion hashing theindividual receipts’ evidences, i.e., H(H(. . . H(H(Evidence(1),Evidence(2)), Evidence(3)), . . .), Evidence(N)). The onion-hashing technique enables the nodes to aggregate a newlyissued receipt with old aggregated receipts, i.e., receipts are

Fig. 7. Charges and rewards for Pt packets.

Fig. 8. Reactive receipt submission mechanism.

always stored in aggregated format, which can reduce therequired storage area to store the receipts.

Since the communication sessions may occur without involv-ing an infrastructure, the intermediate nodes have to submit thereceipts to the AC for redemption. It is sufficient to submitone copy of the receipt because it contains payment data forall the intermediate nodes. However, it is not secure to trustone node to submit the receipt because it may collude with thecommunicating nodes so as not to submit the receipt to increasetheir welfare. Fig. 7 shows the nodes’ charges and rewards forPt delivered packets. If the communicating nodes collude withκ intermediate nodes and the receipt is not submitted, then thecolluding nodes can save Pt × λ × (n − κ) credits. Obviously,colluders can achieve gains when κ < n, and thus, payers cancompensate the colluding intermediate nodes. In this section,we present a reactive receipt submission mechanism to protectagainst collusion attacks by submitting few redundant receipts.

1) Basic Reactive Receipt Submission Mechanism: InFig. 8, the first node after the source node (ID1) is assignedto submit the session receipt and is accused of collusion if itdoes not submit it; therefore, this node is called assigned sub-mitter or A-submitter. To detect the colluding A-submitter, theother intermediate nodes submit the receipt probabilistically,so they are called probabilistic submitters or P-submitters. TheP-submitters’ receipt submission probability (PS) is small sothat the colluding A-submitters can be identified by submittingsmall number of redundant receipts. A colluding A-submittercan be identified once the P-submitter submits the receipt.Equation (1) gives the probability that at least one P-submittersubmits the receipt for a session of n intermediate nodes and nC

colluding P-submitters, and (2) gives the probability of identi-fying a colluding A-submitter after unsubmitting γ receipts orthe probability that at least one P-submitter submits the receiptin γ sessions.

P = 1 − (1 − PS)n−nC−1 (1)

PC(γ) =γ∑

k=1

(γ

k

)· Pk · (1 − P)γ−k. (2)

We define colluder’s lifetime (γL) as the number of unsub-mitted receipts for the probability of identifying the colludingA-submitter to be 0.9. Collusion resistance or the immunitylevel to collusion attack can be measured by the colluder’s


Fig. 9. PC(γ) versus γ with nC = 0.

Fig. 10. γL versus PS .

lifetime, and the overhead can be measured by the number ofredundant receipts, which is proportional to PS . Fig. 9 canclarify an intuitive tradeoff between collusion resistance andoverhead, and PS can control this tradeoff. For example, thecolluding A-submitter can be identified in shorter time (or fewerγ) with the increase of PS from 0.12 to 0.2, which impliesthe increase of the redundant receipts’ number. The receiptsubmission probability can be determined to achieve a specificcolluder’s lifetime, and thus, PS can limit the colluders’ gainsor the number of unpaid sessions. For example, when n is twoin Fig. 9, the colluder’s lifetime can be 10 or 18 by PS to be0.12 or 0.2, respectively. Fig. 10 shows that choosing a propervalue for PS can reduce the overhead and achieve the sameγL. For example, when n is 2, the increase of PS from 0.37to 0.44 increases the number of redundant receipts but does notimprove γL.

In addition to collusion with an A-submitter, the communi-cating nodes may collude with some P-submitters to protectthe A-submitter. The impact of this collusion is the extensionof the A-submitter’s lifetime. The effect of collusion withP-submitters on the detection probability of the colludingA-submitter is shown in Fig. 11. It can be seen that when nC

is 1, the colluding A-submitter’s lifetime is seven unsubmittedreceipts, but when nC is 3 or only one P-submitter is nota colluder, the colluding A-submitter’s lifetime increases to22 unsubmitted receipts. Therefore, the value of PS has to be

Fig. 11. Effect of colluding P-submitters.

Fig. 12. PC(γ) versus γ with dynamic PS .

determined to achieve reasonable worst-case colluder’s lifetimewhen only one P-submitter is not colluder.

2) Enhanced Reactive Receipt Submission Mechanism: Inthis section, we discuss two simple modifications to improveour reactive receipt submission mechanism. Fig. 9 shows thatthe colluder’s lifetime depends on the number of intermediatenodes, e.g., at PS to be 0.12, the colluder’s lifetimes are 18and 3.6 unsubmitted receipts for n of 2 and 6, respectively. Themechanism can have close PC(γ) regardless of n by makingthe receipt submission probability function of n, which we calldynamic PS , i.e., PS should be larger for small n and smallerfor large n. One way to implement dynamic PS is to select thevalue of PS to fix the colluding A-submitter’s lifetime, e.g., inFig. 10, if γL of 9 is desired, PS should be 0.05 and 0.23 for n of6 and 2, respectively. Fig. 12 shows the relation between PC(γ)and γ at different n and with dynamic PS . Comparing Fig. 9with Fig. 12, dynamic PS can make PC(γL) almost identicalfor different n.

P = 1 −n∏

i=2

(1 − PS(i)) . (3)

To identify the colluding A-submitter, it is sufficient that oneP-submitter submits the receipt. However, in the basic reactivereceipt submission mechanism, a receipt may be submitted bymore than one P-submitter; therefore, if this receipt submission


Fig. 13. PC(γ) versus γ in weighted and equal PS techniques.

overlapping is reduced, then the mechanism can be more robustagainst collusion attack for the same overhead (or the sum-mation of the P-submitters’ receipt submission probabilities).Nevertheless, it is not secure to trust one P-submitter because itmay collude with the communicating nodes so as not to submitthe receipt. One way to reduce the probability of submittinga receipt by more than one P-submitter is by using a weighedPS technique, or one P-submitter called main P-submitter has ahigher PS than the other P-submitters. Equation (3) can provethat the weighed PS technique can increase the probabilityof submitting a receipt without increasing the overhead or∑i=n

i=2 PS(i), where PS(i) is the receipt submission probabilityfor the P-submitter number i on the session. To assign themain P-submitter, a public function called selector functioncan be used. The input of the function is the session’s uniqueidentifier that contains the identities of the nodes on the route(R) and the session establishment TS. The selector functionreturns the position of the main P-submitter on the route (nS),where nS ∈ {2, 3, . . . ,n} for a session with n intermediatenodes. Obviously, changing the function input can change theposition of the main P-submitter, which increases the difficultyof colluding with the main P-submitter. The selector functioncan be implemented by a hash function, such as SHA-1 [41],by deriving nS from its output.

To implement the weighted PS technique, the PS of thenonmain P-submitters is PSmin, which can be determined torestrict the colluder’s lifetime to γLmax in the worst collusionattack, i.e., when only one P-submitter is not colluder. More-over, the main P-submitter adjusts its PS to achieve a colluder’slifetime of γLmin, but PS should not be less than PSmin. Thisway, if all the P-submitters are honest, then the colludingA-submitter’s lifetime is γLmin, but it may be extended up toγLmax due to the collusion with the P-submitters. The rationalehere is that since collusion with one node is more likely oreasier than collusion with two or more nodes, the weightedPS technique can improve the robustness against collusionattacks with high probability. In Fig. 13, each P-submitter’sPS is 0.12 in the equal PS technique, and PS is 0.45 and0.01 for the main P-submitter and the other P-submitters inthe weighted PS technique, respectively. It can be seen that byusing the weighted PS technique, the colluding A-submitter can

be identified after unsubmitting a smaller number of receiptsfor the same

∑i=ni=2 PS(i) due to decreasing the probability of

submitting a receipt by more than one P-submitter.

C. Payment Redemption and Colluder Identification Phase

The network nodes periodically submit the receipts to theAC to redeem them. Once the AC receives a receipt, it firstchecks if the receipt has been deposited before using its uniqueidentifier (R, TS). Then, to verify the receipt’s credibility, theAC generates the session payment proof and hashes it and com-pares the resultant hash value with the receipt’s Evidence. If theA-submitter does not submit the receipt but the P-submitterdoes, then the A-submitter is identified as colluder and excludedfrom the network by denying update of its certificate. Finally,the AC clears the receipt according to the rewarding and charg-ing policy discussed in Section III-C2.

V. SECURITY ANALYSIS

Our security objective is to prevent misbehaving nodes fromachieving gains such as stealing credits or paying less. In ourincentive system, the charges and rewards are based on receiptssubmitted by rational nodes, so a node or even a group of col-luding nodes may attempt to cheat the system to increase theirwelfare. For Double Clearance attack, the attacker attempts toclear a receipt multiple times to increase its rewards. The ACcan thwart the attack and identify the attacker because eachreceipt has a unique identifier. For Double Spending attack,the attackers attempt to generate identical receipts for differentsessions to pay once. In our incentive system, even if attackersestablish different sessions at the same time, the receipts’identifiers are different because at least one intermediate nodeis different. For Receipt Forgery or Manipulation attack, theattackers attempt to forge receipts or manipulate valid receiptsto increase their rewards. This is almost impossible in ourincentive system due to the difficulties of forging or modifyingthe payers’ signatures, computing the private keys from thepublic ones, and computing the hash of the signatures withoutcomputing the signatures. Moreover, if an attacker attachesa random value for a receipt’s Evidence, the probability tohit the correct value is extremely low, e.g., this probability is6.84 × 10−49 by using SHA-1 [41] with digest value of 20 B,the AC can identify the attackers because their receipts’ verifi-cations fail.

For Free Calling (or Riding) attacks, the attackers attemptto communicate freely. Two colluding intermediate nodes on alegitimate session may manipulate the session packets to addtheir data. If the intermediate nodes cannot verify the paymentdata, then the source node may transmit packets with invalidpayment data. Internal and external attackers may record validpackets and replay them in a different place and/or time, claim-ing that they are fresh to establish sessions under the namesof others. For Message and Payment Repudiation attacks, theattacker attempts to deny initiating a session or the payment inorder to not pay. To thwart these attacks, the communicatingnodes’ signatures can prevent the denial and the manipulationof the messages and the payment. The intermediate nodes verify


the communicating nodes’ signatures to verify the message in-tegrity and authenticity, as well as the payment data. Moreover,an RREQ packet is dropped if the TS is not within a properrange to thwart Packet-Replay attack.

For Fake A-submitter attack, the communicating nodes at-tempt to insert a nonexisting A-submitter on the route to com-municate freely because the fake A-submitter does not submitthe receipt. In addition, this A-submitter may be accused of col-lusion. To thwart this attack and other attacks [42] outside thescope of this paper, the session nodes authenticate themselvesin the route discovery phase, and the NAC is included in thereceipt’s Evidence. For Credit Collecting attack, some nodesmay insert nonexistent neighbors to collect credits for themwithout participation in packet relay. This attack is a type ofthe known routing attack called Route Lengthening. First, thecolluding nodes have to exchange their private keys becauseauthentication is needed in our incentive system, which maydiscourage the attack because colluders can steal the creditsof each other or commit malicious actions under their names.Second, the attack does not always work because it may leadto suboptimal route due to the preference of shortest routes.Third, the AC can identify the attackers when it observes thatsome nodes appear in different locations at the same time.Finally, the proposed solutions for secure routing protocolssuch as ARAN [43] and Ariadne [44] can be implemented inour incentive system. For Destination Node’s Robbery attack,the source node colludes with some intermediate nodes to stealcredits from the destination node by sending bogus data to thedestination. In our incentive system, the intermediate nodesare rewarded only when the destination node acknowledgesreceiving correct data, and a receipt cannot be composed if thedestination node is not interested in the communication becauseits signature is required in the receipt composition.

For our reactive receipt submission mechanism, the colludingA-submitter can be identified once the P-submitter submits thereceipt, and the colluders cannot know whether the P-submitteris going to submit the receipt or not because the P-submittersdecide submitting the receipts independently. Moreover, thereceipt submission probability can restrict the number of un-submitted receipts or colluders’ gains. The AC can identifythe colluding or uncooperative P-submitters that do not sub-mit the receipts by comparing their receipt submission ratioswith PS . For Reduced Payment Receipt attack, the colludingA-submitter submits the session receipt but with less payment.The AC can identify the colluding A-submitter by matching thepayment in its receipt with that in the P-submitter’s receipt. Inthis case, the P-submitter cannot be the attacker because it isdifficult to manipulate the receipt’s Evidence to increase thepayment.

In our payment model, the communicating nodes can com-municate even if they do not have sufficient credits; therefore,to limit overspending, the certificates’ lifetime is short, andthe lifetime can depend on the node’s available credits andits average credit consumption rate. As the network nodesare rational, without proper charging and rewarding policy,they may try to cheat to increase their welfare. Our chargingand rewarding policy has been developed to counteract ratio-nal cheating actions and encourage the nodes’ cooperation.

Particularly, a rational node can exhibit one of the followingactions.

1) To increase their rewards with consuming low resources,a node may compose the receipt but does not forwardthe message, or a group of colluding nodes may forwardonly the receipt instead of the message because submit-ting a receipt to the AC is sufficient to earn credits. Inour payment model, the nodes are motivated to relaythe messages because they are rewarded only when thedestination node acknowledges receiving the messages.

2) The destination node receives a message, but it does notsend ACK in order to not pay. To prevent this, boththe source and the destination nodes are charged forundelivered messages.

3) The A-submitter colludes with the communicating nodesand claims that a message does not reach the destinationnode to increase their welfare. In our payment model,the communicating nodes are charged for undeliveredmessages.

VI. PERFORMANCE EVALUATION

Using public key cryptography for cooperation stimulationis necessary to prevent the communicating nodes from denyingthe payment and to enable the intermediate nodes to verifythe payment. Digital signature technology and hardware imple-mentation have improved, and fast signature schemes are cur-rently available. For example, “online/offline” digital signature[45] is computed in two steps: An offline step that is compu-tationally more demanding and independent of the message isperformed before the message to be signed is available; and alightweight online step is performed once the message to besigned becomes available. Moreover, field-programmable gatearray implementation of the Rivest–Shamir–Adleman (RSA)signature scheme can perform the signing and verifying op-erations in several milliseconds [46]. In addition, instead ofgenerating an ACK per message, ACK can be generated for anumber of messages to reduce the number of digital signatureoperations, and to reduce the end-to-end delay, the destinationnode can generate its signature before receiving a message be-cause the message is not included in its signature. Moreover, theend-to-end delay can be reduced by delayed verification, wherea node forwards the packet before verifying the signature.

Due to the high frequency of low-value transactions, reduc-ing the receipts’ number is essential for practical implemen-tation of an incentive system to avoid making a bottleneck inthe AC and to reduce storage, submission, and process over-heads. In this section, simulations are performed to evaluatethe expected reduction of the receipts’ number in our incentivesystem, compared with the existing systems.

A. Simulation Setup

MATLAB is used to simulate MWN by randomly deploying35 mobile nodes with 125-m transmission range in a squarecell of 1000 m × 1000 m. The constant bit rate traffic sourceis implemented in each node as an application layer, and the


TABLE IIISTATISTICS OF THE SIMULATED NETWORK

TABLE IVAVERAGE RECEIPT SIZE (IN BYTES)

source and destination pairs are chosen randomly. To emulatenode mobility, we adopt the modified random waypoint model[47]. Specifically, a node travels toward a random destinationuniformly selected within the network field; upon reaching thedestination, it pauses for some time, and the process repeatsitself afterward. A node’s speed is uniformly distributed fromthe range [0, 3] m/s, and the pause time is 20 s. We simulate theAODV routing protocol [36] over an ideal and contention-freechannel, i.e., all the nodes within transmission range receivepacket transmission correctly. The TS, node’s identity (IDi),and message number (C) are 5, 4, and 2 B, respectively. Thesimulation results are averaged over 400 runs. MATLAB is usedinstead of network simulator such as NS2 because the intentionis to compare the receipts’ overhead of our incentive systemwith the existing systems. The effect of the unsimulated models,such as nonideal channel, channel contention, node buffer, etc.,should be the same on all the systems.

In Table III, statistics about route length and connectivity inour simulated network are given. P(RL ≤ 4) is the probabilitythat a route has four nodes or fewer, including the source andthe destination nodes. The network connectivity is the ratio ofthe connected routes to the total number of possible routes,assuming any two nodes are the source and destination pair. Thestatistics show that our simulated network is well connected andthat the route length is acceptable.

B. Simulation Results

1) Average Receipt Size: Using 1024-bit RSA signaturescheme and SHA-1 hash function with digest width of 20 B[41], the average receipt size is given in Table IV. It can beseen that the receipt sizes in DSC and our incentive system aremuch smaller than that in Sprite and Express due to hashing thesignatures. The receipt size in DSC is larger than that in PISdue to attaching the root and the last released hash value of thehash chain. For PIS and DSC, a 1-MB storage area can store upto 17 476.27 and 10 699.76 receipts, respectively.

2) Effectiveness of Receipt Aggregation Technique: Fig. 14shows the relation between the receipts’ number and theiraverage storage area. Without receipt aggregation, PIS requiresless storage area than DSC due to reducing the receipt size,and the receipt aggregation technique can reduce the storagearea effectively, e.g., 150 receipts require average storage areasof 14.36, 8.79, and 5.8 kB in DSC and PIS without and withreceipt aggregation, respectively.

Fig. 14. Effectiveness of the receipt aggregation technique.

TABLE VAVERAGE RECEIPTS’ NUMBER FOR DATA TRANSMISSION FOR 10 min

3) Number of Generated Receipts: Table V shows the num-ber of generated receipts for 10-min data transmission at dif-ferent packet-transmission rates and node speed. During thetransmission, a new session is established each time the routeis broken. It can be seen that Sprite and Express generatea large number of receipts due to generating a receipt perpacket, and the increase of packet-transmission rate increasesthe receipts’ number significantly due to increasing the numberof transmitted packets. Moreover, there is no effect to the nodes’speed on the receipts’ number because receipts are generatedfor transmitted packets, regardless of whether they reach thedestinations or not.

For DSC, a receipt is generated when a route is broken orS packets are transmitted, where S is the hash chain size, but areceipt is generated only when a route is broken in PIS. Table Vindicates that more receipts are generated at high node mobilityin DSC and PIS because the routes are more frequently broken,i.e., the data are transmitted over a larger number of routes. InPIS, the packet transmission rate has little effect on the receipts’number because one fixed-size receipt is generated per session(or route), regardless of the transmitted packets’ number.

For DSC, fewer receipts may be generated with the increaseof S because a receipt can contain payment data for morepackets. The increase of S from 11 to 22 can halve the receipts’number, but the increase from 22 to 33 reduces the receipts’number less because the routes are broken before releasing allthe elements in the hash chain. When a route is broken, the


Fig. 15. T versus PS .

unused hash values of the hash chain should not be used forother routes to secure the payment. Moreover, it is difficultto compute an optimal value for S due to the difficulty ofestimating the number of transmitted packets before the route isbroken. Consequently, to reduce the receipts’ number in DSC,each node has to compute and store a large number of longhash chains. In other words, DSC can reduce the ACK packets’processing overhead by replacing the destination’s signatureswith hashing operations but at the expense of increasing thereceipts’ size and number. Certainly, more receipts are gener-ated by considering the effect of the nonideal channel, but ourincentive system still generates fewer receipts compared withthe existing systems because the nonideal channel has a similareffect on all the systems.

4) Number of Submitted Receipts: To compare our receipt-submission mechanism with the existing mechanisms, we as-sume that the receipts’ number is 100 and that the number ofintermediate nodes is 5. For the Preventive mechanism, thenumber of submitted receipts by each node is 59 to securethe mechanism up to two colluders, i.e., to guarantee that theprobability of submitting at least 90% of the receipts is at least0.9 under two colluders. For the Reactive mechanism, PS is0.038 and 0.075 to guarantee that γL ≤ 20 and γL ≤ 10 incase of two colluders, respectively. Moreover, in our evaluation,we consider the following two metrics. The security metric(Q) is the robustness against collusion attack measured by thenumber of submitted receipts under collusion attack, which isrelated to the colluder’s lifetime in PIS. The efficiency metric(T) is the number of generated receipts to the submitted receiptsin normal (no collusion) case, where T ∈ [0, 1]. The optimalvalue for T is one when there is no submission to redundantreceipts. From (4), the value of T in PIS depends on the receipt-submission probability and the number of intermediate nodes.Fig. 15 shows that the increase of PS degrades the efficiency inour receipt submission mechanism but decreases the colludingA-submitter’s lifetime, as indicated in Fig. 10. A proper valuefor PS can reduce the number of redundant receipts and restrictthe colluders’ gains. The value of PS should depend on thelikelihood or the easiness of attacking the incentive system, e.g.,the easiness of obtaining multiple identities and compromisinga device. In addition, the AC can change the value of PS

TABLE VIEVALUATION OF RECEIPT SUBMISSION MECHANISMS

periodically, according to the security situation in the network,e.g., PS can be increased when discovering many collusionattacks in the network.

T =1

1 + PS · (n − 1)(4)

From Table VI, the One-Submitter mechanism can achievethe highest efficiency (T = 1) because each receipt is submittedonce, i.e., there is no redundant receipts, but the mechanismis vulnerable to collusion attack because if one node colludes(Co = 1), all the receipts are not submitted (Q = 0) withoutidentifying the colluding nodes. The All-Submitter mechanismis not vulnerable to collusion attacks, but it is not efficientbecause six and seven copies of each receipt are submitted inSprite and Express, respectively.

For the Preventive mechanism, if all the nodes are honest(Co = 0), the probability to submit 97 receipts is 0.97; there-fore, in the Reactive mechanism, receipts are not submitted inexceptional cases (collusion), but in the Preventive mechanism,the unchosen receipts are not submitted normally in the dom-inant noncollusion condition. In the Preventive mechanism, itmay be difficult to identify the colluders that reduce the numberof unrepeated receipts by submitting the same receipts. At threecolluders, the probability to submit at least 78 receipts is 0.93,but the colluder’s lifetime is 30 and 15 for PS to be 0.038and 0.075, respectively; therefore, the Preventive mechanismcan protect the network effectively when collusion attacks arevery common and extensive, which contradicts property P6 inTable I. For efficiency, the Reactive mechanism can reducethe redundant receipts’ number significantly compared with thePreventive mechanism. Only 15.2 and 37.5 redundant receiptsare submitted for PS to be 0.038 and 0.075, respectively,but for the Preventive mechanism, 195 redundant receipts aresubmitted because each node has to submit a large number ofreceipts to guarantee submitting most of the receipts in case ofno collusion.

VII. CONCLUSION

In this paper, we have proposed an incentive system to stim-ulate the nodes’ cooperation in MWNs. The payment modelhas been developed to implement micropayment for coop-eration stimulation efficiently. Reducing the overhead of thepayment receipts is necessary for the practical implementationof an incentive system due to the high frequency of low-valuetransactions. Therefore, one fixed-size receipt is generated persession, regardless of the packets’ number. Attaching the hash


of the signatures instead of the signatures can reduce thereceipt size significantly, and the receipt-aggregation techniquehas been used to generate a smaller size receipt for multiplesessions. In addition, the reactive receipt submission mecha-nism has been proposed to reduce the number of submittedreceipts and protect against collusion attacks by a small num-ber of redundant receipts with limiting the colluders’ gainsprobabilistically. Our analysis and simulations demonstrate thatthe proposed incentive system can secure the payment andsignificantly reduce the receipts’ storage area and the numberof generated and submitted receipts.

REFERENCES

[1] G. Shen, J. Liu, D. Wang, J. Wang, and S. Jin, “Multi-hop relay for next-generation wireless access networks,” Bell Labs Tech. J., vol. 13, no. 4,pp. 175–193, 2009.

[2] X. Li, B. Seet, and P. Chong, “Multihop cellular networks: Technologyand economics,” Comput. Netw., vol. 52, no. 9, pp. 1825–1837, Jun. 2008.

[3] A. Abdrabou and W. Zhuang, “Statistical QoS routing for IEEE 802.11multihop ad hoc networks,” IEEE Trans. Wireless Commun., vol. 8, no. 3,pp. 1542–1552, Mar. 2009.

[4] P. Gupta and P. Kumar, “The capacity of wireless networks,” IEEE Trans.Inf. Theory, vol. 46, no. 2, pp. 388–404, Mar. 2000.

[5] 3rd Generation Partnership Project, Techn. Spec. Group Radio AccessNetwork, Opportunity driven multiple access, Dec. 1999.

[6] S. Marti, T. Giuli, K. Lai, and M. Baker, “Mitigating routing misbehav-ior in mobile ad hoc networks,” in Proc. ACM MobiCom, Boston, MA,Aug. 6–11, 2000, pp. 255–265.

[7] P. Michiardi and R. Molva, “Simulation-based analysis of security expo-sures in mobile ad hoc networks,” in Proc. Eur. Wireless, Florence, Italy,Feb. 25–28, 2002, pp. 287–292.

[8] J. Hu, “Cooperation in mobile ad hoc networks,” Comput. Sci. Dept.,Florida State Univ., Tallahassee, FL, Tech. Rep. TR-050111, Jan. 2005.

[9] G. Marias, P. Georgiadis, D. Flitzanis, and K. Mandalas, “Cooperationenforcement schemes for MANETs: A survey,” Wireless Commun. MobileComput., vol. 6, no. 3, pp. 319–332, May 2006.

[10] S. Bansal and M. Baker, “Observation-based cooperation enforcementin ad-hoc networks,” Comput. Sci. Dept., Stanford Univ., Stanford, CA,Jul. 2003.

[11] Q. He, D. Wu, and P. Khosla, “A secure incentive architecture for ad-hocnetworks,” Wireless Commun. Mobile Comput., vol. 6, no. 3, pp. 333–346,May 2006.

[12] L. Feeney, “An energy-consumption model for performance analysis ofrouting protocols for mobile ad hoc networks,” Mobile Netw. Appl., vol. 6,no. 3, pp. 239–249, Jun. 2001.

[13] A. Spyropoulos and C. Raghavendra, “Energy efficient communicationsin ad hoc networks using directional antennas,” in Proc. IEEE INFOCOM,New York, Jun. 2002, pp. 220–228.

[14] F. Milan, J. Jaramillo, and R. Srikant, “Achieving cooperation in multi-hop wireless networks of selfish nodes,” in Proc. Workshop Game TheoryCommun. Netw., Pisa, Italy, Oct. 14, 2006.

[15] K. Wang, M. Wu, W. Lu, P. Xia, and S. Shen, “An incentive mechanismfor charging scheme in heterogeneous collaborative networks,” in Proc.IEEE CSCWD, Xi’an, China, Apr. 16–18, 2008, pp. 559–564.

[16] M. Peirce and D. O’Mahony, “Micropayments for mobile networks,”Dept. Comput. Sci., Trinity College, Dublin, Ireland, 1999.

[17] S. Micali and R. Rivest, “Micropayments revisited,” in Topics inCryptology—CT-RSA 2002. Berlin, Germany: Springer-Verlag, 2002,pp. 171–203.

[18] C. Gentry and Z. Ramzan, “Microcredits for verifiable foreign ser-vice provider metering,” in Financial Cryptography. Berlin, Germany:Springer-Verlag, 2004, pp. 9–23.

[19] I. Papaefstathiou and C. Manifavas, “Evaluation of micropayment trans-action costs,” Electron. Commerce Res., vol. 5, no. 2, pp. 99–113, 2004.

[20] J. Palmer and L. Eriksen, “Digital newspapers explore marketing on theInternet,” Commun. ACM, vol. 42, no. 9, pp. 33–40, Sep. 1999.

[21] M. Mahmoud and X. Shen, “DSC: Cooperation incentive mechanism formulti-hop cellular networks,” in Proc. IEEE ICC, Dresden, Germany,Jun. 14–18, 2009, pp. 569–574.

[22] L. Buttyan and J. Hubaux, “Stimulating cooperation in self-organizingmobile ad hoc networks,” Mobile Netw. Appl., vol. 8, no. 5, pp. 579–592,Oct. 2004.

[23] Y. Zhang, W. Lou, and Y. Fang, “A secure incentive protocol for mobilead hoc networks,” ACM Wireless Netw., vol. 13, no. 5, pp. 569–582,Oct. 2007.

[24] A. Weyland and T. Braun, “Cooperation and accounting strategy for multi-hop cellular networks,” in Proc. IEEE Workshop LANMAN, Mill Valley,CA, Apr. 25–28, 2004, pp. 193–198.

[25] A. Weyland, “Cooperation and accounting in multi-hop cellularnetworks,” Ph.D. dissertation, Univ. Bern, Bern, Switzerland,Nov. 2005.

[26] A. Weyland, T. Staub, and T. Braun, “Comparison of motivation-based co-operation mechanisms for hybrid wireless networks,” Comput. Commun.,vol. 29, no. 13/14, pp. 2661–2670, Aug. 2006.

[27] J. Pan, L. Cai, X. Shen, and J. Mark, “Identity-based secure collaborationin wireless ad hoc networks,” Comput. Netw., vol. 51, no. 3, pp. 853–865,Feb. 2007.

[28] M. Jakobsson, J. Hubaux, and L. Buttyan, “A micro-payment schemeencouraging collaboration in multi-hop cellular networks,” in Proc. 7thFC, La Guadeloupe, Jan. 2003, vol. 2742, pp. 15–33.

[29] M. Mahmoud and X. Shen, “Stimulating cooperation in multi-hopwireless networks using cheating detection system,” in Proc. IEEEINFOCOM, San Diego, CA, Mar. 14–19, 2010, pp. 776–784.

[30] N. Salem, L. Buttyan, J. Hubaux, and M. Jakobsson, “Node cooperationin hybrid ad hoc networks,” IEEE Trans. Mobile Comput., vol. 5, no. 4,pp. 365–376, Apr. 2006.

[31] S. Zhong, J. Chen, and R. Yang, “Sprite: A simple, cheat-proof, creditbased system for mobile ad-hoc networks,” in Proc. IEEE INFOCOM,San Francisco, CA, Mar. 30–Apr. 3, 2003, vol. 3, pp. 1987–1997.

[32] T. Chen and S. Zhong, “INPAC: An enforceable incentive scheme forwireless networks using network coding,” in Proc. IEEE INFOCOM,San Diego, CA, Mar. 14–19, 2010, pp. 1–9.

[33] H. Janzadeh, K. Fayazbakhsh, M. Dehghan, and M. Fallah, “A securecredit-based cooperation stimulating mechanism for MANETs using hashchains,” Future Gener. Comput. Syst., vol. 25, no. 8, pp. 926–934,Sep. 2009.

[34] B. Lamparter, K. Paul, and D. Westhoff, “Charging support for ad hocstub networks,” Comput. Commun., vol. 26, no. 13, pp. 1504–1514,Aug. 2003.

[35] D. Johnson and D. Maltz, “Dynamic source routing in ad hoc wirelessnetworks,” in Mobile Computing. Norwell, MA: Kluwer, 1996, ch. 5,pp. 153–181.

[36] C. Perkins and E. Royer, “Ad-hoc on-demand distance vector routing,”in Proc. IEEE Workshop Mobile Comput. Syst. Appl., New Orleans, LA,Feb. 1999, pp. 90–100.

[37] H. Pagnia and F. Gartner, “On the impossibility of fair exchange without atrusted third party,” Darmstadt Univ. Technol., Darmstadt, Germany, Tech.Rep. TUD-BS-1999-02, Mar. 1999.

[38] J. Hubaux, L. Buttyán, and S. Capkun, “The quest for security in mobilead hoc networks,” in Proc. ACM Symp. Mobile Ad Hoc Netw. Comput.,Oct. 2001, pp. 146–155.

[39] S. Zhong, L. Li, Y. G. Liu, and Y. R. Yang, “On designing incentive com-patible routing and forwarding protocols in wireless ad-hoc networks,” inProc. ACM MobiCom, New York, Aug. 2005, pp. 117–131.

[40] L. Anderegg and S. Eidenbenz, “Ad hoc-VCG: A trustful and cost-efficient routing protocol for mobile ad hoc networks with selfish agents,”in Proc. ACM MobiCom, San Diego, CA, Sep. 2003, pp. 245–259.

[41] A. Menzies, P. Oorschot, and S. Vanstone, Handbook of Applied Cryp-tography. Boca Raton, FL: CRC Press, 1996. [Online]. Available: http://www.cacr.math.uwaterloo.ca/hac

[42] B. Wu, J. Chen, J. Wu, and M. Cardei, “A survey of attacks andcountermeasures in mobile ad hoc networks,” in Wireless NetworkSecurity. Berlin, Germany: Springer-Verlag, 2007, ser. Network Theoryand Applications, pp. 103–135.

[43] K. Sanzgiri, D. LaFlamme, B. Dahill, B. Levine, C. Shields, andE. Belding-Royer, “Authenticated routing for ad hoc networks,” IEEE J.Sel. Areas Commun., vol. 23, no. 3, pp. 598–610, Mar. 2005.

[44] Y. Hu, A. Perrig, and D. Johnson, “Ariadne: A secure on-demand routingprotocol for ad hoc networks,” in Proc. ACM MobiCom, Atlanta, GA,Sep. 2002, pp. 12–23.

[45] S. Even, O. Goldreich, and S. Micali, “On-line/off-line digital signatures,”in Advances in Cryptology—Crypto’89. Berlin, Germany: Springer-Verlag, 1990, pp. 263–277.

[46] O. Nibouche, M. Nibouche, A. Bouridane, and A. Belatreche, “Fast archi-tectures for FPGA-based implementation of RSA encryption algorithm,”in Proc. IEEE Field-Programmable Technol. Conf., Brisbane, Australia,Dec. 2004, pp. 271–278.

[47] J. Yoon, M. Liu, and B. Nobles, “Sound mobility models,” in Proc. ACMMobiCom, San Diego, CA, Sep. 2003, pp. 205–216.


Mohamed Elsalih Mahmoud received the B.Sc.and M.Sc. degrees (with honors) in electrical com-munications engineering from Banha University,Cairo, Egypt, in 1998 and 2003, respectively. He iscurrently working toward the Ph.D. degree with theCentre for Wireless Communications, Department ofElectrical and Computer Engineering, University ofWaterloo, Waterloo, ON, Canada.

He is also currently a member of the Broad-band Communications Research Group, Universityof Waterloo. His research interest includes wireless

network security, privacy, anonymous and secure routing protocols, trust andreputation systems, cooperation incentive mechanisms, and cryptography.

Dr. Mahmoud received the Best Paper Award from the IEEE InternationalConference on Communications, Dresden, Germany, June 14-18, 2009. Thisaward is one of 14 awards among 1046 papers presented and more than 3000total paper submissions and is the unique award for the Communication andInformation Systems Security Symposium. He is the first author of morethan 13 papers in major IEEE conferences and journals. He also served as aTechnical Program Committee member for the Ad-Hoc and Sensor Networkstrack and the Mobile Applications and Services track at the IEEE VehicularTechnology Conference, which is to be held in Ottawa, ON, Canada onSeptember 6–9, 2010.

Xuemin (Sherman) Shen (M’97–SM’02–F’09) re-ceived the B.Sc. degree in electrical engineeringfrom Dalian Maritime University, Dalian, China, in1982 and the M.Sc. and Ph.D. degrees in electricalengineering from Rutgers University, Camden, NJ,in 1987 and 1990, respectively.

He is currently a Professor and the UniversityResearch Chair with the Centre for Wireless Com-munications, Department of Electrical and ComputerEngineering, University of Waterloo, Waterloo, ON,Canada. He is the author or coauthor of three books

and more than 400 papers and book chapters on wireless communications andnetworks, control, and filtering. He serves as the Editor-in Chief for Peer-to-Peer Networking and Application and an Associate Editor for ComputerNetworks, ACM/Wireless Networks, and Wireless Communications and MobileComputing. He has also served as a Guest Editor for ACM Mobile Networksand Applications. His research focuses on mobility and resource managementin interconnected wireless/wired networks, ultrawideband wireless communi-cations networks, wireless network security, wireless body area networks, andvehicular ad hoc and sensor networks.

Dr. Shen is a Registered Professional Engineer in the Province ofOntario and a Distinguished Lecturer of the IEEE Communications Society.He served as the 2006 International Conference on Quality of Service inHeterogeneous Wired/Wireless Networks, the General Cochair for the 2007International Conference in Communications and Networking in China, theTechnical Program Committee Chair for the 2007 IEEE Global Telecom-munications Conference, the Tutorial Chair for the 2008 IEEE InternationalConference on Communications, and the Founding Chair for IEEE Com-munications Society Technical Committee on Peer-to-Peer Communicationsand Networking. He also serves as a Founding Area Editor for the IEEETRANSACTIONS ON WIRELESS COMMUNICATIONS and an Associate Edi-tor for the IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY and theKICS/IEEE JOURNAL OF COMMUNICATIONS AND NETWORKS. He has alsoserved as a Guest Editor for the IEEE JOURNAL ON SELECTED AREAS

IN COMMUNICATIONS, IEEE WIRELESS COMMUNICATIONS, and the IEEECommunications Magazine. He received the Distinguished Performance Awardin 2002 and 2007 from the Faculty of Engineering, University of Waterloo,the Premier’s Research Excellence Award in 2003 from the Province ofOntario, and the Excellent Graduate Supervision Award in 2006 and theOutstanding Performance Award in 2004 and 2008, respectively, from theUniversity of Waterloo.

pis: a practical incentive system for multihop wireless...

Documents