Safeguarding Cooperation in Synergy MAC

Santosh Kulkarni and Prathima Agrawal

Auburn University, Auburn, AL, USA 36849

Emails: {santosh@auburn.edu, pagrawal@eng.auburn.edu}

Abstract—Cooperative communication is a novel, diversity-improving technique that holds great promise for the future ofwireless networks. But in order to fully exploit this diversityrealized at the physical layer, the idea of node cooperation needsto be extended to other layers of the protocol stack as well.Synergy MAC is one such extension to the MAC sublayer. Asper this protocol, whenever a source intends to transmit somedata to the destination, it solicits the support of its neighborsfor the ensuing data transfer. When one a willing neighboris identified as the relay, the source transmits its data to thedestination by forwarding it via the enlisted relay. In doingthis, not only does Synergy MAC realize spatial diversity butis also able to achieve faster transmission speeds. However, relayassisted two hop transmission in Synergy MAC gives rise tonumerous concerns about its security. To address these concerns,appropriate security schemes need to be adapted to suit SynergyMAC. In this paper, we discuss various security issues introducedby cooperation in Synergy MAC and utilize two security schemesto address those problems. The techniques that are discussed hereenable popular security schemes like WEP, WPA and WPA2 tosuccessfully operate with Synergy MAC.

I. INTRODUCTION

Since the advent of IEEE’s 802.11 standard [1], Wireless

Local Area Networks (WLAN) have gained widespread ac-

ceptance in providing broadband wireless access to portable

nodes. The performance of WLANs however, is severely

affected when the network’s radio waves experience fading.

Though spatial diversity is known to minimize the ill effects

of fading, realizing it generally requires incorporation of newer

technologies such as Multiple Input Multiple Output (MIMO)

systems. But it is impractical to equip every node in a network

with multiple antennae, primarily due to the node’s size and

energy constraints.

Recent research on cooperative communication [6], [9],

[11], [12], [13] demonstrates that spatial diversity can also be

achieved by exploiting some key characteristics of the wireless

medium. Because of the broadcast nature of the medium, any

signal transmitted on the channel is overheard by all nodes

within range. If such nodes were to retransmit the overheard

signal to destination rather than discarding it completely, the

destination would effectively receive extra observations of

the source signal, resulting in diversity. In short, cooperative

system can be seen as a virtual antenna array, where each

antenna in the array corresponds to an assisting neighbor

[5]. However, to exploit this diversity realized at the physical

layer, the idea of node cooperation needs to be extended to

other layers of the protocol stack. Synergy MAC [7] is one

such extension to the MAC sublayer. It was devised to take

advantage of cooperating neighbors while remaining backward

compatible with legacy 802.11b [2]. As this protocol, when-

ever a source node experiences poor channel conditions with

the intended destination, it solicits the help of its neighbors

in transferring its data to the destination. When a willing

neighbor is identified as the relay, the source sends its data to

the destination using a two-hop, via-relay transmission. Since

the relay experiences better channel conditions with both the

source and the destination, in addition to realizing spatial

diversity, the two-hop via-relay transmission also achieves

higher data transmission rates. As a result, Synergy MAC is

able to substantially improve the performance of WLANs.

Despite these improvements, Synergy MAC’s argument of

involving a third party node as relay in an otherwise direct two

node (source-destination) interaction raises concerns about its

security. Not only is source’s data passing through the third

party relay, but also the fact that the identity of the relay

is advertised on the fly and not previously known, makes

the problem a lot more serious. Hence all potential security

loopholes resulting from relay node’s participation in data

transfer between source and destination need to be thoroughly

investigated. In this paper we first study all security issues

that arise in Synergy MAC due to its reliance on a third

party relay. We then utilize two security schemes discussed

in [10] to adapt popular security techniques like WEP, WPA

and WPA2 [1] [3] to suit Synergy MAC. The rest of the

paper is organized as follows: In Section 2 we present a

brief overview of the Synergy MAC protocol followed by an

enumeration of its security concerns. In Section 3 we provide a

brief overview of the 802.11i security framework. In Section 4

we propose solutions to fix security issues described in Section

2. In Section 5 we further examine our proposed solution and

finally, conclude the paper in Section 6.

II. SYNERGY MAC PROTOCOL

This section presents a brief overview of the Synergy MAC

protocol followed by a discussion on its cooperation related

security concerns. Interested readers can find more details of

the studied protocol in [7] and [8].

A. Protocol Overview

Synergy MAC is an IEEE 802.11b based medium access

control protocol designed to realize cooperative diversity at the

physical (PHY) layer. Although based on IEEE 802.11b, the

protocol can be easily adapted to suit any MAC sub-layer that

offers multi-rate capability for packet transmission. At present,

Synergy MAC’s PHY layer uses Direct Sequence Spread

Spectrum (DSSS) which operates in the 2.4GHz industrial,

156978-1-4244-5692-5/10/$26.00 © IEEE 2010

42nd South Eastern Symposium on System TheoryUniversity of Texas at TylerTyler, TX, USA, March 7-9, 2010

M2C.6

scientific, medical (ISM) band and uses DBPSK, DQPSK and

CCK modulation schemes to support transmission rates of

1Mbps, 2Mbps, 5.5Mbps and 11Mbps. A node running Syn-

ergy MAC protocol, selects its modulation scheme based on

its perceived Signal-to-Noise Ratio (SNR) to the destination.

Synergy MAC provides access to the shared wireless

medium through 802.11b’s contention based access mecha-

nism, called Distributed Coordination Function (DCF). The

DCF mechanism is based on Carrier Sense Multiple Access

with Collision Avoidance (CSMA/CA) under which a node

with data to transmit, has to first sense the wireless medium to

determine if it is free. It also employs 802.11b’s virtual carrier

sensing by using frames like Request to Send (RTS) and Clear

to Send (CTS). Such control frames set the Network Allocation

Vector (NAV) using which nodes in the network are able to

avoid collisions resulting from hidden terminals. If the data

packet following the control frames is received without any

errors, the destination node sends an acknowledgment (ACK)

packet back to the source. When a source node Ns wants to

Fig. 1. Three-way handshake followed by data exchange in Synergy MAC

send L octets of data to destination Nd, it first sends an RTS

frame to the destination indicating the time needed to transmit

all the octets using direct transmission. When an intermediate

node Nr, overhears this RTS transmission, it computes the

time required to transmit the same data frame over two hops

with itself acting as the relay. If Nr determines that it can

offer a faster two hop alternative, it volunteers to become a

relay by broadcasting a self addressed CTS frame (CTSr). To

resolve potential collisions between many such volunteering

Nrs, the CTSr frame from all eligible intermediate nodes

are governed by a contention window. The node that picks the

lowest slot in this contention window gets to transmit its CTSr

while the remaining candidates update their NAV based on the

Duration contained in this winning CTSr frame. When the

Fig. 2. NAV update in Synergy MAC

destination Nd overhears a CTSr (from relay Nr) soon after

receiving an RTS from source Ns, it transmits a CTS frame

(CTSd) to the source. This CTSd requests Ns to send its L

octets using the faster two hop alternative via node Nr. On

receiving a CTSd from the destination, source Ns updates the

Duration field of its L octet data frame and transmits it to

relay Nr. Relay Nr then forwards the data frame to destination

Nd which responds with an ACK addressed to source Ns. Data

transfer cycle in Synergy MAC is complete when the source

Ns receives the ACK from the destination. Figure 1 depicts

the protocol’s three-way handshake mechanism followed by

its two-hop data transfer. The corresponding NAV update

mechanism is illustrated in Figure 2.

B. Security Concerns

Since all potential relays in Synergy MAC are governed by

a contention window, it is unlikely that the same node will be

judged the winner every single time. Nevertheless, malicious

relays are always a threat. Security issues resulting from

malicious relays are nothing but variations of the classic Man

in the Middle form of attacks and can be broadly classified

into the following categories: (a) relay deliberately dropping

frames (b) relay spoofing an ACK from destination (c) relay

modifying source’s data. The following paragraphs discuss

these issues in greater detail.

The first security issue is that of Denial of Service (DoS)

caused by a malicious relay which deliberately stops for-

warding source’s dataframes to destination. This scenario is

depicted in Figure 3(a). The source node can detect such

deliberate acts of frame dropping by either listening for the

second hop transmission from relay to destination or by

imposing a timeout on the duration required to receive an

ACK from destination. If a relay is identified as malicious,

the source node blacklists its ID and solicits help from its

remaining neighbors. If none are available and/or willing, the

source can transmit its data directly to the destination albeit

at slower speeds.

The second security issue is that of ACK spoofing by the

relay. A malicious relay may try to deny service to the source

by dropping the dataframes and spoofing an ACK, causing

the source to wrongly conclude a successful transmission.

Such a scenario is depicted in Figure 3(b). Like before, the

source node can detect such acts of DoS by listening in

on the second hop transmission. Alternatively the destination

can also help the source by sending in a NACK (a negative

acknowledgment) frame when it fails to receive a scheduled

data frame from relay.

The third security issue is that of a relay modifying the

source’s payload before forwarding it to the destination. An

example setting of this scenario is illustrated in Figure 3(c).

When the communication integrity is compromised in this

manner, the destination is typically unaware of any such

modifications. Thus, it might erroneously respond back with

critical/sensitive information. Although the use of strong en-

cryption techniques should thwart all modifications that result

in corruption free frames, few of the established techniques

157

(a) Relay dropping frames. (b) Relay spoofing ACK. (c) Relay modifying data.

Fig. 3. Security concerns in Synergy MAC

like WEP have been shown to be unsafe [4]. Security schemes

in 802.11i however, are not vulnerable to such attacks unless

the exact decryption key is known to the relay. Hence it is a lot

safer to use IEEE 802.11i based security schemes in Synergy

MAC.

III. AN OVERVIEW OF 802.11I

Wi-Fi Protected Access 2 or WPA2 also known as IEEE

802.11i [3], is a certification program created by the Wi-Fi Al-

liance to indicate compliance with protocols that were specif-

ically created to secure wireless networks. This certification

program was created in response to several serious weaknesses

found in previous Wired Equivalent Privacy (WEP) system [4].

But as 802.11i was still being drafted, an intermediate solution

was needed to secure all wireless communications in absence

of the WEP. This led to the introduction of WPA protocol

prior to the full fledged release of 802.11i.

While WEP and WPA used the RC4 stream cipher, WPA2

uses the stronger Advanced Encryption Standard (AES) block

cipher making it much more secure. Also its architecture

consists of a 802.1X authentication server used for authentica-

tion, a Robust Secure Network (RSN) used for keeping track

of associations and AES based Counter Mode with Cipher

Block Chaining Message Authentication Code (CCMP) used

to provide confidentiality, integrity and origin authentication.

Like WPA, 802.11i too supports Pre-Shared Key (PSK) mode,

which was designed for home and office networks that could

not afford the cost of an 802.1X authentication server.

A. TKIP

Temporal Key Integrity Protocol (TKIP) is a security pro-

tocol designed by the IEEE 802.11i task group and the Wi-Fi

Alliance as a solution to replace WEP without requiring the

replacement of legacy hardware. This was necessary because

the breaking of WEP had left WiFi networks without viable

link-layer security, and a solution was required for already

deployed hardware. To be able to run on legacy WEP hardware

with minor upgrades, TKIP uses RC4 as its cipher. It also

provides a rekeying mechanism ensuring that every data packet

is sent with a unique encryption key. Additionally, TKIP’s

message integrity check prevents forged packets from being

accepted. Figure 4(a) depicts the format of a TKIP MAC

protocol data unit (MPDU).

B. CCMP

Counter Mode with Cipher Block Chaining Message Au-

thentication Code Protocol (CCMP) is an IEEE 802.11i en-

cryption protocol created to replace TKIP the earlier, inse-

cure protocol. CCMP uses the Advanced Encryption Standard

(AES) algorithm is a mandatory part of the WPA2 standard, an

optional part of the WPA standard, and a required option for

Robust Security Network (RSN) Compliant networks. Unlike

in TKIP, key management and message integrity is handled

by a single component built around AES. Data is encrypted

using Counter (CTR) mode in AES. Authentication is achieved

by using a Cipher Block Chaining Message Authentication

Code (CBCMAC). This combination of CTR and CBCMAC

is what constitutes CCMP. Integrity is assured by calculating

a MIC (Message Integrity Code) sum to check if the message

is altered, protecting data from replay attacks. [10]. Figure

4(b) depicts the format of a CCMP MAC protocol data unit

(MPDU).

IV. SECURITY IN SYNERGY MAC

In order to secure Synergy MAC protocol, we need to be

able to modify without corruption, the IEEE 802.11 header of

the packet at the relay (source, destination MAC addresses)

for the relay-to-destination transmission. Thus, the current

approach to implement Synergy MAC will not be compatible

with 802.11i [3]. In both TKIP and AES mode, the integrity

check covers the MAC header of the packet in addition to

its payload. This check calculates a message integrity check

(MIC) over the source and destination address as well as the

MSDU plaintext data. Thus, if the relay changes anything

in the header, the integrity check at the destination will fail

and the packet will be discarded. No ACK will be issued,

so the source will try to retransmit. After a few unsuccessful

retransmissions, the source will then blacklist its relay to avoid

using it in the future; an action which is not desirable. Hence

in order to make 802.11i work in a cooperative network we

need to make some modifications to the protocol in terms

of header management so as to support its encryption and

authentication mechanisms. After a careful study of 802.11i

and Synergy MAC implementation, we propose two possible

solutions in order to make Synergy MAC compatible with the

IEEE 802.11i architecture:

A. Nested Header Scheme

Source

• In this method before any authentication or encryption is

performed, the source if using cooperation, obtains the

shared keys for both the relay and the destination.

• The source first prepares the second hop packet which

will be transmitted from the relay to the destination. This

158

(a) Format of a TKIP MPDU. (b) Format of a CCMP MPDU.

Fig. 4. IEEE 802.11i MPDU formats.

packet is the same as what a direct source to destination

transmission packet would have been, and is encrypted

and authenticated with the key shared between the source

and destination.

• Now this entire MAC level packet with its second hop

header is treated as payload and again encapsulated and

encrypted with respect to the first hop transmission i.e.

with the relay being the destination (hence the key is the

one which is shared between the source and relay).

• This doubly encapsulated and encrypted packet is now

transmitted. Thus this mechanism secures both the

source-relay and relay-destination links.

Fig. 5. Nested header format scheme.Relay

• Identifies if the received packet is using cooperation and

is the first hop.

• If it is first hop then remove out the first hop header

and transmit the remainder of the packet to the intended

destination with no modifications at all. Here relay cannot

modify the packet payload without risking its corruption,

as it is still encrypted with the 802.11i key shared between

the source and destination.

Destination

• Receives the packet and performs decryption.

• Calculates MIC for the packet and compares with the

original calculated MIC in the packet. If there has been no

modification to the parts of packet used in the calculation

of original MIC, the packet will successfully clear this

integrity check.

• Thus the authenticity and privacy of the packet is ensured.

The nested header format increases the transmission over-

head by one 802.11 header per transmission. This overhead

can be removed by using the false header format.

B. False Header Scheme

Source

• In this method before any authentication or encryption is

performed, the source if using cooperation, obtains the

shared keys for both the relay and the destination.

• The source first prepares the second hop packet which

will be transmitted from the relay to the destination. This

packet is the same as what a direct source to destination

transmission packet would have been, and is encrypted

and authenticated with the key shared between the source

and destination.

• Now the source replaces this second hop header with the

first hop header and without any further encryption or

authentication transmits the packet to the relay. It must be

noted that the header is still in plaintext. Hence, at present

the packet is a corrupt packet because of its incorrect

header but the correct header is known to the relay.

Fig. 6. False header format scheme.

Relay

• Identifies if the received packet is using cooperation and

is the first hop.

• If it is the first hop then the relay simply modifies the

plaintext header with second hop source and destination

fields and transmits the packet to the destination. Now the

header is the same as that for which the source calculated

the MIC.

Destination

• Receives the packet and performs decryption.

• Calculates MIC for the packet and compares with the

original calculated MIC in the packet. If there has been no

modification to the parts of packet used in the calculation

of original MIC, the packet will successfully clear this

integrity check.

• Thus the authenticity and privacy of the packet is ensured.

V. ANALYZING SECURE COOPERATION

Of all the security issues, the most important concern with

the Synergy MAC approach is not that the relay being in

possession of the packet may try to decode it (this can be

159

even done by passive sniffing), but that it has to be given

the ability to modify the header but not the payload of the

packet. The following points can be observed with respect to

our proposed schemes:

• The relay cannot decrypt the packet as it does not have

the appropriate keys. 802.11i uses separate keys for each

node and no private keys are shared with the relay.

• The relay itself will be an authenticated node using

802.1X and hence will be a trusted entity. In order for a

malicious relay to be a part of the network implies that

first 802.1X server has to be hacked into.

• The relay may try to spoof some packets and send them

to the destination, but as it does not have the proper keys

it will not be able to do so. Similarly any kind of session

hijacking will also not be possible.

• An attack by an authenticated relay node will be limited

to denial of service. On detection of the loss of packets,

the source can quickly shift to another relay or transmit

directly to the destination and blacklist the relay so as

not to use it later.

• Other than this there are no possible attacks from the relay

due to the inherent security features of 802.11i, which

takes care of the following security concerns: (i) Access

to data (using strong encryption like AES) (ii) Spoofing

(per packet encryption/authentication) (iii) Replay attacks

(as CCMP uses a 48-bit Packet Number (PN) to prevent

replay attacks and construct a fresh nonce for each packet.

The large space of PN eliminates any worry about PN re-

usage during an association) and (iv) Man in the middle

attacks (strong mutual authentication)

It can also be noted that our implementations do not open up

any other security holes, as the environment will be controlled

(by appropriate modification in the driver/firmware) at the

source and the relay. These do not require disclosing of any

private keys by the source, relay or destination and hence

the data can at no point be decrypted by undesired nodes,

hence maintaining the confidentiality and integrity of the

environment.

VI. CONCLUSIONS

In this paper we studied the security implications that a

cooperative MAC protocol introduces in the current WiFi

security framework. We conclude that an intermediate relay

node that forwards packets to the destination can destroy the

network security when WEP is used, by changing the header

or the payload of the packet. However, when WPA or WPA2

(802.11i) is used, the intermediate node cannot change the

packet since both the payload and the header are used for

the encryption of the packet. Furthermore we proposed two

schemes for adjusting security (WPA or WPA2) to the new

cooperative environment. These schemes make Synergy MAC

support complete end to end security in the source-relay-

destination model of communication.

REFERENCES

[1] Ieee std. 802.11-1999, part 11: Wireless lan medium accesscontrol (mac) and physical layer (phy) specifications. IEEE Std.802.11, 1999 edition, 1999.

[2] Ieee std. 802.11b, supplement to part 11: Wireless lan mediumaccess control (mac) and physical layer (phy) specifications:Higher-speed physical layer extension in the 2.4 ghz band. IEEEStd 802.11b-1999, 2000.

[3] Ieee p802.11i/d10.0. medium access control (mac) securityenhancements, amendment 6 to ieee standard for informationtechnology – telecommunications and information exchangebetween systems – local and metropolitan area networks –specific requirements – part 11: Wireless medium access control(mac) and physical layer (phy) specifications. IEEE Std. 802.11i-2004, 2004.

[4] N. Borisov, I. Goldberg, and D. Wagner. Intercepting mobilecommunications: the insecurity of 802.11. In MobiCom ’01:Proceedings of the 7th annual international conference onMobile computing and networking, pages 180–189, New York,NY, USA, 2001. ACM.

[5] E. Erkip, A. Sendonaris, A. Stefanov, and B. Aazhang. Advancesin Network Information Theory, chapter Cooperative Communi-cation in Wireless Systems, pages 303–320. AMS DIMACSSeries, 2004.

[6] I. Hammerstroem, M. Kuhn, B. Rankov, and A. Wittneben.Space-time processing for cooperative relay networks. VehicularTechnology Conference, 2003. VTC 2003-Fall. 2003 IEEE 58th,1:404–408 Vol.1, Oct. 2003.

[7] S. Kulkarni, P. S. Prasad, and P. Agrawal. Performance en-hancement of mobile ad hoc networks using nodal cooperation.In WICON ’08: Proceedings of the 4th Annual InternationalConference on Wireless Internet, pages 1–8, ICST, Brussels,Belgium, Belgium, 2008. ICST (Institute for Computer Sciences,Social-Informatics and Telecommunications Engineering).

[8] S. Kulkarni, P. S. Prasad, and P. Agrawal. Enabling cooperationin mobile ad hoc networks. In SARNOFF’09: IEEE SarnoffSymposium, 2009, pages 1–5, 2009.

[9] J. Laneman, D. Tse, and G. Wornell. Cooperative diversity inwireless networks: Efficient protocols and outage behavior. IEEETransactions on Information Theory, 50(12):3062–3080, Dec.2004.

[10] S. Makda, A. Choudhary, N. Raman, T. Korakis, Z. Tao, andS. Panwar. Security implications of cooperative communicationsin wireless networks. In SARNOFF’08: IEEE Sarnoff Sympo-sium, 2008, pages 1–6, 2008.

[11] A. Sendonaris, E. Erkip, and B. Aazhang. User cooperationdiversity-part i: System description. IEEE Transactions onCommunications, 51(11):1927–1938, Nov. 2003.

[12] A. Sendonaris, E. Erkip, and B. Aazhang. User cooperationdiversity. part ii. implementation aspects and performance analy-sis. IEEE Transactions on Communications, 51(11):1939–1948,Nov. 2003.

[13] M. Valenti and N. Correal. Exploiting macrodiversity in densemultihop networks and relay channels. Wireless Communica-tions and Networking, 2003. WCNC 2003. 2003 IEEE, 3:1877–1882 vol.3, March 2003.

160