Encounter–Based Routing in DTNs
Samuel C. Nelson, Mehedi Bakht, and Robin Kravets
Department of Computer Science
University of Illinois at Urbana-Champaign
{snelso20,mbakht2,rhk}@cs.uiuc.edu
Abstract—Current work in routing protocols for delay and
disruption tolerant networks leverage epidemic-style algorithms
that trade off injecting many copies of messages into the network
for increased probability of message delivery. However, such
techniques can cause a large amount of contention in the network,
increase overall delays, and drain each mobile node’s limited
battery supply. We present a new DTN routing algorithm, called
Encounter-Based Routing (EBR), which maximizes delivery ra-
tios while minimizing overhead and delay. Furthermore, we
present a means of securing EBR against black hole denial-
of-service attacks. EBR achieves up to a 40% improvement in
message delivery over the current state-of-the-art, as well as
achieving up to a 145% increase in goodput. Also, we further
show how EBR outperforms other protocols by introduce three
new composite metrics that better characterize DTN routing
performance.
I. INTRODUCTION
Delay and disruption tolerant networks (DTNs) transport ap-
plication data by creating a “store and forward” network where
no infrastructure exists. Although end-to-end connectivity may
not be available between two nodes, DTN routing protocols in-
stead take advantage of temporal paths created in the network
as nodes encounter their neighbors and exchange messages
they have been asked to forward. Since there are no guarantees
that a route will ever be available, many current DTN routing
protocols apply epidemic-style techniques [19], leveraging the
fact that an increased number of copies of a particular message
in the network should improve the probability that the message
will reach its intended destination. However, such techniques
come at a high price in terms of network resources, resulting
in the rapid depletion of buffer space and energy on resource-
limited devices, the rapid depletion of available bandwidth,
and the potential to greatly increase end-to-end delay.
A number of routing protocols have been proposed to enable
data delivery in such challenging environments [2], [4], [5],
[6], [7], [11], [14], [17], [18], [20], [21]. However, many of
these protocols trade overhead and computational complexity
for increased successful delivery. This overhead expresses
itself as more traffic in the network creating more contention
in clusters of high connectivity and increased energy consump-
tion for nodes exchanging messages. Furthermore, many DTN
protocols make routing and forwarding decisions based on
advertised contact information, allowing for denial-of-service
attacks over the already intermittently connected network. All
of these effects can decrease overall network performance.
One method to mitigate this overhead is to identify key
properties in the network that allow for more intelligent
forwarding and message replication decisions. For example,
in environments targeted by DTNs, such as disaster scenarios
and certain vehicular networks, different classes of nodes
naturally tend to have more node encounters than others.
The main contribution of our research capitalizes on this
network property to design a DTN routing protocol that uses
local observations about a node’s environment. Our protocol,
Encounter-Based Routing (EBR), uses an encounter-based
metric for optimization of message passing that maximizes
message delivery ratio while minimizing overhead both in
terms of extra traffic injected into the network and control
overhead, as well as minimizing latency as a second order
metric. Furthermore, we present a security component to our
protocol that protects against denial-of-service attacks aimed at
eliminating copies of messages in the system. To fully evaluate
EBR, we propose the use of three composite metrics, which
clearly illustrate the interplay between fundamental metrics
like message delivery ratio, goodput, and end-to-end delay.
We then use these metrics to evaluate EBR and compare it to
the major protocols developed for DTNs, showing improved
performance and overhead. EBR achieves up to a 40% im-
provement in message delivery over the current state-of-the-
art, as well as achieving up to a 145% increase in goodput.
The rest of this paper is as follows. Section II presents a tax-
onomy of current DTN routing protocols. Section III presents
our Encounter-Based Routing protocol, EBR. Section IV
shows how to secure EBR against black hole denial-of-service
attacks. Section V describes our evaluation methodology and
presents results. Finally, Section VI presents conclusions and
future research directions.
II. DTN ROUTING PROTOCOL TAXONOMY
DTN routing protocols can be classified as either
forwarding-based or replication-based. Forwarding-based
protocols keep one copy of a message in the network and
attempt to forward that copy toward the destination at each en-
counter. In contrast, replication-based protocols insert multiple
copies, or replicas, of a message into the network to increase
the probability of message delivery. Essentially, replication-
based protocols leverage a trade-off between resource usage
(e.g., node memory and bandwidth) and probability of message
delivery. Although all replication-based protocols take advan-
tage of this trade-off, these protocols can be further separated
into two classes based on the number of replicas created:
quota-based and flooding-based.
Flooding-based protocols send a replica of each message
to as many nodes as possible, whereas quota-based protocols
intentionally limit the number of replicas. Assume that m
t
indicates the maximum number of unique messages (excluding
replicas) that have been created prior to some time t. Then,
an upper bound on the total number of messages (including
replicas) in the network at time t is m
t
· L, where L is the
maximum number of replicas for any given message. L can
be a probabilistic or discrete variable. Given these definitions,
a quota-based routing protocol can be defined as follows:
A replication-based routing protocol is quota-based if and
only if L is independent of the number of nodes in the
network (assuming the characteristics of the network, such
as storage, bandwidth, and mobility, allow for every node
to have a replica of every message).
Conversely, any replication-based protocol where L is de-
pendent on the number of nodes in the network is defined to
be flooding-based.
These definitions allow us to classify routing protocols
into three groups. Traditional Internet routing protocols (e.g.,
IP [15]) and ad hoc routing protocols (e.g., AODV [13],
DSR [10]) are forwarding-based, since nodes along a route
forward messages toward the destination without storing or
creating extra replicas of the messages. Forwarding-based
approaches for DTNs have been proposed [8], [16], but are
limited in their effectiveness due the instability or even non-
existence of routes from any particular node to the destination.
One forwarding-based approach, proposed by Jain et al. [9],
utilizes future knowledge about node mobility and specific
node encounters to improve the protocol (e.g., knowledge
that a node will encounter a bus at noon that will have
access to the Internet). However, the availability of such future
knowledge constitutes a special class of DTN networks and
such approaches will not work in general.
Epidemic routing is an obvious example of a flooding-based
protocol, since the number of replicas in the system is directly
dependent on the number of nodes in the system. One of
the major flooding-based protocols for DTNs is MaxProp [4].
MaxProp is flooding-based, since, if resources and mobility
allow, it is possible for every node in the network to have
a replica of the same message. Other examples of flooding-
based DTN protocols include Prophet [11], RAPID [2] and
PREP [14]. Prophet attempts to use information about the
likelihood of nodes encountering particular destinations to
optimize the exchange of messages. RAPID orders messages
through the use of utility functions, with the goal of inten-
tionally maximizing specific metrics (e.g., delay). PREP, a
variant of Epidemic Routing, assigns priority to messages
based on costs to destination as well as expiration time, and
uses this priority to determine which messages should be
deleted or transmitted when buffer or bandwidth is constrained
respectively. In an attempt to mitigate the inherent resource
burden from flooding-based protocols, many of these protocols
specify complex optimizations, making implementation harder
and error-prone. These optimizations are tuned and tweaked
for performance in different environments.
Recent work by Erramilli et. al recognizes similar problems
with current DTN routing protocols and proposes techniques
to utilize properties of nodes, such as contact rate, when
making forwarding decisions [6], [5]. They are concerned with
choosing the best node(s) to forward messages to based on
utility values. This technique, however, can result in flooding-
like behavior if many encountered nodes have high utility
values. On the other hand, if many encountered nodes have
low utility value, messages may never leave the source nodes.
The main problem with flooding-based protocols is their
high demand on network resources, such as storage and band-
width. This led to work in developing quota-based protocols.
Spray and Wait [17] is a quota-based protocol where an upper
bound on the number of replicas allowed in the network is
fixed during message creation. Spray and Wait breaks routing
into two phases: a spray phase, where message replicas are
disseminated, and a wait phase, where nodes with single-copy
messages wait until a direct encounter with the respective
destinations. A follow-up protocol called Spray and Focus [18]
uses a similar spray phase, followed by a focus phase, where
single copies can be forwarded to help maximize a utility
function. While both Spray and Wait and Spray and Focus
succeed in limiting some of the overhead of flooding-based
protocols, their delivery ratios suffer.
While quota-based protocols are much better stewards of
network resources than their flooding-based counterparts, one
possible criticism is their inability to successfully deliver a
comparable amount of messages. In this paper, we show this
to be false by developing a quota-based protocol using an
encounter-based routing metric that has extremely low routing
overhead, while maintaining delivery ratios better than or
comparable to current flooding-based protocols.
III. ENCOUNTER-BASED ROUTING (EBR)
The primary goal of a DTN routing protocol is to obtain
high message delivery ratios and good latency performance,
while maintaining low overhead. However, current flooding-
based protocols (e.g., MaxProp [4], RAPID [2]) achieve high
delivery ratios at the expense of excessive network resource
usage, and current quota-based protocols (e.g., Spray And
Wait [17], Spray and Focus [18]) that reduce this overhead
are not able to achieve comparable delivery rates.
In response, we present Encounter-based Routing (EBR), a
quota-based DTN routing protocol that achieves high delivery
ratios comparable to flooding-based protocols, while maintain-
ing low network overhead. This improvement in delivery ratio
is accomplished by taking advantage of the following observed
mobility property of certain networks: the future rate of node
encounters can be roughly predicted by past data. This prop-
erty is useful because nodes that experience a large number of
encounters are more likely to successfully pass the message
along to the final destination than those nodes who only
infrequently encounter others. Many networks experience this
phenomenon; examples include disaster recovery networks,
where ambulances and police tend to be more mobile and
bridge more cluster gaps than civilians, and vehicular-based
networks, where certain vehicles take popular routes.
Since EBR is a quota-based routing protocol, it limits the
number of replicas of any message in the system, minimizing
network resource usage. Additionally, EBR bases routing
decisions on nodes’ rates of encounters, showing preference to
message exchanges with nodes that have high encounter rates.
These routing decisions result in higher probability of message
delivery, avoiding routes that may never result in delivery and
so reducing the total number of message exchanges.
In EBR, information about a node’s rate of encounter
is a purely local metric and can be tracked using a small
number of variables. Therefore, EBR is able to maintain very
low state overhead, as compared to other protocols that can
require up to O(n) routing messages exchanged during every
contact connection, and O(n
2
) routing state locally stored
(e.g., MaxProp [4], Prophet [11]). A further strength of EBR
is that its message replication rules are simple to understand
and implement, as opposed to complex rules found in many
protocols, minimizing the chance of bugs and reducing compu-
tational complexity (e.g., the resources in terms of CPU cycles
required to operate the protocol).
A. Algorithm
Every node running EBR is responsible for maintaining
their past rate of encounter average, which is used to predict
future encounter rates. When two nodes meet, the relative ratio
of their respective rates of encounter determines the appropri-
ate fraction of message replicas the nodes should exchange.
The primary purpose of tracking the rate of encounter is to
intelligently decide how many replicas of a message a node
should transfer during a contact opportunity.
To track a node’s rate of encounter, every node maintains
two pieces of local information: an encounter value (EV), and
a current window counter (CWC). EV represents the node’s
past rate of encounters as an exponentially weighted moving
average, while CWC is used to obtain information about the
number of encounters in the current time interval. EV is
periodically updated to account for the most recent CWC in
which rate of encounter information was obtained. Updates to
EV are computed as follows:
EV ← α · CW C + (1 − α) · EV.
This exponentially weighted moving average places an em-
phasis proportional to α on the most recent complete CWC.
Updating CWC is straightforward: for every encounter, the
CWC is incremented. When the current window update inter-
val has expired, the encounter value is updated and the CWC
is reset to zero. In our experiments, we found an α of 0.85
and update interval of around 30 seconds allow for reasonable
results in a variety of networks. These parameter choices are
further elaborated upon in Section V.
Since EV represents a prediction of the future rate of
encounters for each node per time interval, the node with
the highest EV represents a higher probability of successful
message delivery. Therefore, when two nodes meet, they
compare their EVs. The number of replicas of a message
transferred during a contact opportunity is proportional to the
ratio of the EVs of the nodes. For two nodes A and B, for
every message M
i
, node A sends
m
i
·
EV
B
EV
A
+ EV
B
replicas of M
i
, where m
i
is the total number of M
i
repli-
cas stored at node A. For example, assume node A has 4
replicas of a message M
1
and 8 replicas of a message M
2
.
Furthermore, assume node A, with EV
A
= 5, comes in contact
with node B, with EV
B
= 15. Node A sends
15
5+15
=
3
4
of
the replicas of each message. Therefore, node A transmits 3
replicas of message M
1
and 6 replicas of message M
2
.
Algorithm 1 presents the basic form of EBR, where W
i
represents the current window update interval parameter.
Algorithm 1 EBRRouting
if time ≥ nextUpdate then
EV ← α · CW C + (1 − α) · EV
CW C ← 0
nextUpdate ← time + W
i
end if
if Contact C available then
for All messages M
i
in local buffer do
m
i
← M
i
.numOf Replicas
m
send
← ⌊m
i
·
EV
c
EV
c
+EV
⌋
Send m
send
replicas of M
i
to node C
end for
end if
B. Generalizing EBR
In this section, we prove that EBR adheres to the definition
of a quota-based protocol (as described in Section II) and show
the relevant bounds, both for the simple version, where L, the
maximum number of replicas of a message, is discrete, and
for a more general version, allowing the use of probabilistic
L values.
For discrete L values, it is easy to show that EBR is quota-
based. Along with its data, every message contains a value
indicating the maximum number of replicas into which this
current message is allowed to be split. As an example, assume
an application at node A creates a message with the maximum
allowable replicas set to 10. Assume node A encounters node
B and, based on the EBR protocol described in Section III-A,
wishes to transmit 8 replicas. Then, A creates a copy of the
message for node B and assigns B’s maximum allowable
replicas to 8. Furthermore, A resets its maximum allowable
replicas to 2. Continuing this procedure in a recursive fashion
maintains the bound set by the initial message.
However, L values are not limited to a discrete maximum
number of replicas. The discrete structure can easily be relaxed
into a probabilistic structure, while maintaining meaningful
(yet probabilistic) bounds. Probabilistic L values can allow
for less sensitivity to exact network conditions. When using
discrete L values, changes to the initial number of message
replicas allows for a fundamental tradeoff between message
delivery ratio, goodput, and average latency (see Section V).
Using probabilistic L values and changing the variance and
mean can allow applications to compromise and not require
exact decisions about the number of allowable replicas.
While any distribution may be used in this probabilistic
model, the Gaussian distribution allows for immediate, elo-
quent properties that help establish the bound on the number of
messages in the network. In this case, the application specifies
the mean and variance of the distribution, instead of a discrete
number. Assume a node A wishes to split the message M into
two replicas, M
A
and M
B
. Node A must follow the following
EBR message splitting rule:
If M ∼ N (µ, σ
2
), then it can only be split into M
A
∼
N(µ
A
, σ
2
A
) and M
B
∼ N (µ
B
, σ
2
B
) such that µ = µ
A
+ µ
B
and σ
2
= σ
2
A
+ σ
2
B
.
For example, a message with mean 10 and variance 5 may
be split into two messages, one with mean 8 and variance 4,
and one with mean 2 and variance 1. It may not, however, be
split into a message of mean 8 and variance 4, and one with
mean 7 and variance 1. As a further note, EBR maintains the
ratio of mean to variance for all message splits.
This message splitting rule preserves the Gaussian distribu-
tion for the two newly created replicas. This is due to a result
from statistics known as Cramer’s Theorem:
• If X + Y ∼ N (µ
x
+ µ
y
, σ
2
x
+ σ
2
y
),
then X ∼ N (µ
x
, σ
2
x
) and Y ∼ N(µ
y
, σ
2
y
).
We now demonstrate that this general version of EBR is
a quota-based replication protocol, and establish an upper
bound, by proving the following theorem:
Theorem 3.1: Let S be a schedule of future message cre-
ations. Let t be an arbitrary future time. Assume
M
1
, M
2
, ..., M
i
∈ S are all the messages created before time t.
Assume each message M
i
has a Gaussian random variable (for
notational ease, we refer to this directly as the message M
i
),
with mean µ
i
and variance σ
2
i
, that represents the maximum
number of replicas the current message is allowed to be split
into.
The upper bound on the maximum number of message
replicas in the system is:
U ∼ N
i
X
j=1
µ
j
,
i
X
j=1
σ
2
j
.
Proof: Let U be the sum of all message replicas in
the system. Assuming messages never split, there will be i
messages in the system, each with mean µ
i
and variance
σ
2
i
. We utilize the following rule of linearity for Gaussian
distributions (the converse of Cramer’s Theorem):
• If X ∼ N (µ
x
, σ
2
x
) and Y ∼ N (µ
y
, σ
2
y
), then X + Y ∼
N(µ
x
+ µ
y
, σ
2
x
+ σ
2
y
).
Therefore,
U =
i
X
j=1
M
i
∼ N
i
X
j=1
µ
j
,
i
X
j=1
σ
2
j
.
Now assume a message, M
j
∼ N(µ
j
, σ
2
j
) is split into
M
j1
∼ N(µ
j1
, σ
2
j1
) and M
j2
∼ N(µ
j2
, σ
2
j2
) such that
µ
j
= µ
j1
+µ
j2
and σ
2
j
= σ
2
j1
+σ
2
j2
(the message splitting rule
of EBR). Then by the same linearity rules, M
j
= M
j1
+ M
j2
,
leaving U unchanged.
One minor issue to address is that the statistical rules and
theorems each assume true Gaussian distributions. However,
it does not make sense in our system for a message M to
hold a negative value. The probability of this occurring can
be made sufficiently small by forcing the application to choose
sufficiently low variances for corresponding means (which can
never be below zero).
IV. SECURING EBR
The decision regarding how many replicas of a messages
a node should transmit to a contact depends completely
upon the ratio of both parties’ encounter values. Therefore,
a malicious node can convince a node following protocol to
transmit virtually any percentage of replicas to it. One of
the most worrisome results is the possibility of a denial-of-
service (DoS) attack where malicious nodes act as “black
holes”. Malicious nodes performing this attack advertise an
ultra-high encounter value, causing all contacts to send almost
all replicas to them. The malicious nodes then simply delete
these messages, attempting to stop, or at least slow, message
delivery.
Work by Burgess et. al shows that two popular types of
denial-of-service attacks, dropping all messages (which we
refer to as black hole denial-of-service) and flooding the
network with fake messages, result in similar network degrada-
tion [3]. This degradation does not cripple the network because
malicious nodes suffer from the same level of intermittent
connectivity as non-malicious nodes. In this paper, we have
chosen to consider the case of black hole DoS attacks. This
is because EBR is a low-overhead quota-based protocol, and
hence extra flooding is not as big a concern as black holes.
In quota-based protocols, non-malicious nodes do not flood
messages, real or fake, and should simply drop messages with
a high number of copies, since they are malicious.
To determine how vulnerable EBR is to black hole DoS
attacks, we performed a series of simulations where a cer-
tain percentage of the nodes are malicious. Malicious nodes
always advertise an exceptionally high encounter value, and
immediately delete any message replicas obtained. Each data
point is the average of 10 runs, and small 95% confidence
intervals are shown. A vehicular mobility model is used,
which is explained, along with simulation parameters, further
in Section V. The results of this experiment, shown in Figure 1,
indicate that network performance can be hindered with a rel-
atively small number of malicious nodes. However, matching
the work done by Burgess et. al, additional malicious nodes are
not able to cripple the network. These results indicate that it
is necessary to provide an optional solution that prevents DoS
attacks. Users not minding the decrease in performance may
choose not to implement this solution. However, providing a
solution is necessary for those users more concerned about
maximizing network performance. The penalty for choosing
the solution is that there must exist a means of digitally signing
data as well as binding keys to indentities, such as PKI.
The insight of the solution comes from the observation that
an encounter value can never be altered unless an external
0
0.2
0.4
0.6
0.8
1
0 0.1 0.2 0.3 0.4 0.5
Message Delivery Ratio
Percentage of Malicious Nodes
Fig. 1. MDR in Attack Scenarios
Fig. 2. Timestamp Protocol
event (e.g., coming in contact with another node) occurs.
Therefore, proving that the encounter value was altered only
during an external event assures other nodes that the node in
question is not individually faking the value. Now, of course,
nodes can still collude to artificially inflate their encounter
values; this case will be considered shortly. Note that the goal
is to prevent the artificial increase, not decrease, of encounter
values.
The protocol works as follows. Assume node A comes in
contact with node C, and node C wishes to send data to node
A. The goal is for node A to offer acceptable evidence to node
C that the encounter value is not forged. To give acceptable
evidence for this, node A must keep a list of transactions in
which all previously encountered nodes digitally sign a time
stamped message stating that “node A met me at time T”. A
graphical illustration of this is given in Figure 2. Node A can
then offer all of these messages to node C, and allow node
C to recompute node A’s encounter value from scratch. If the
recomputed value is equal to the value provided by node A,
then node C can confidently transmit replicas to node A.
It is possible, even probable, that inherently trustworthy
nodes are present in the network. For instance, in disaster
recovery networks, police and emergency responders can be
considered highly trustworthy entities. These nodes can be
utilized to sign, or checkpoint, actual encounter values. This
checkpointing process allows a node to delete all previous
transactions and simply start with the new, signed encounter
value. Checkpointing nodes verify the encounter value in
the same fashion as mentioned above and then provide a
signed encounter value back to the node. Checkpointing nodes
must be trusted by all nodes in the network since previous
transaction data is deleted after a signed encounter value is
obtained (e.g., a node is checkpointed by a checkpointing
node).
It is possible for colluding nodes to artificially inflate
each other’s encounter values by signing multiple “fake”
meeting messages. This is a difficult problem, and we have
not discovered a clear-cut solution. However, using statistical
techniques, nodes diligent in looking for abnormal contact
rates can mitigate the damage. If a node legitimently meets
another node or group of nodes very frequently, it can lessen
its chances of raising a false red flag by simply not storing
some of the meetings, and not updating its encounter value
for those meetings. A more thorough investigation of this is
future work.
V. EVALUATION
The primary goal of our evaluation is to show that EBR
achieves a high message delivery ratio and good latency, while
maintaining extremely low overhead. To demonstrate this, we
first present the metrics used in our evaluation, followed by a
brief description of the mobility models. Finally, we present a
comprehensive evaluation of EBR in comparison to five other
popular DTN routing protocols. To perform our evaluation,
we use the Opportunistic Network Environment simulator
(ONE) [1], which is a simulation environment designed specif-
ically for disruption tolerant networks.
A. Metrics
Although traditional evaluation metrics provide a good
understanding of the performance of a network, the evaluation
of many current DTN routing protocols is hindered by the
limited, and sometimes misleading, metrics used. To give a
clearer, more complete picture of the evaluation, we consider
three traditional performance metrics as well as introduce three
composite metrics.
Traditional performance metrics include average message
delivery ratio and end-to-end message latency, while resource
usage, or resource friendliness can be captured by goodput.
Goodput is defined as the number of messages delivered
divided by the total number of messages transferred (including
those transfers that did not result in a delivery). In a resource
constrained network, effective use of available storage can be
captured by the number of messages dropped due to buffer
overflows. We evaluated this metric in all of our scenarios;
however, since it closely correlates to goodput, those results
were omitted due to space constraints.
While these three traditional metrics provide a comprehen-
sive view of the communication in DTNs, many protocols
trade off effectiveness in one metric for effectiveness in
another. Composite metrics are able to penalize protocols for
performing poorly in individual primary metrics, giving a more
complete picture of protocol performance. We consider three
composite metrics to illustrate the relative relationship between
the primary metrics. The MDR x Average Delay metric takes
MDR and penalizes it for having a poor end-to-end delay,
