Stimulating Cooperation in Self-Organizing Mobile Ad Hoc
Networks
Levente Butty´an and Jean-Pierre Hubaux
Laboratory for Computer Communications and Applications
Swiss Federal Institute of Technology – Lausanne
EPFL-IC-LCA, CH-1015 Lausanne, Switzerland
March 19, 2002
Abstract
In military and rescue applications of mobile ad hoc networks, all the nodes belong to the
same authority; therefore, they are motivated to cooperate in order to support the basic functions
of the network. In this paper, we consider the case when each node is its own authority and tries
to maximize the benefits it gets from the network. More precisely, we assume that the nodes are
not willing to forward packets for the benefit of other nodes. This problem may arise in civilian
applications of mobile ad hoc networks. In order to stimulate the nodes for packet forwarding,
we propose a simple mechanism based on a counter in each node. We study the behavior of the
proposed mechanism analytically and by means of simulations, and detail the way in which it
could be protected against misuse.
Keywords: mobile ad hoc networking, self-organization, cooperation
1 Introduction
A mobile ad hoc network is a wireless multi-hop network formed by a set of mobile nodes in a self-
organizing way without relying on any established infrastructure. Due to the absence of infrastructure,
all networking functions must be performed by the nodes themselves. For instance, packets sent
between two distant nodes are expected to be forwarded by intermediate nodes [8, 16]. This operating
principle of mobile ad hoc networks renders cooperation among nodes an essential requirement. By
cooperation, we mean that the nodes perform networking functions for the benefit of other nodes. As
pointed out in [13], lack of cooperation may have fatal effects on network performance.
So far, applications of mobile ad hoc networks have been envisioned mainly for crisis situations
(e.g., in the battlefield or in rescue operations). In these applications, all the nodes of the network
belong to a single authority (e.g., a single military unit or rescue team) and have a common goal. For
this reason, the nodes are naturally motivated to cooperate.
However, with the progress of technology, it will soon be possible to deploy mobile ad hoc net-
works for civilian applications as well. Examples include networks of cars and provision of commu-
nication facilities in remote areas. In these networks, the nodes typically do not belong to a single
authority and they do not pursue a common goal. In addition, these networks could be larger, have a
c
2002 by Kluwer Academic Publishers. To appear in ACM/Kluwer Mobile Networks and Applications (MONET).
1
longer lifetime, and they could be completely self-organizing, meaning that the network would be run
solely by the operation of the end-users. In such networks, there is no good reason to assume that the
nodes cooperate. Indeed, the contrary is true: In order to save resources (e.g., battery power, memory,
CPU cycles) the nodes tend to be “selfish”.
As a motivating example, let us consider packet forwarding: Even in a small ad hoc network,
most of the energy of a given node is likely to be devoted to forwarding packets for the benefit of
other nodes. For instance, if the average number of hops from source to destination is around 5, then
approximately 80% of the energy devoted to sending packets will be consumed by packet forwarding.
Hence, turning the forwarding function off would very noticeably extend the battery lifetime of a
node, and increase its overall availability for its user.
In this paper, we address the problem of stimulating cooperation in self-organizing, mobile ad
hoc networks for civilian applications. We assume that each node belongs to a different authority, its
user, which has full control over the node. In particular, the user can tamper with the software and the
hardware of the node, and modify its behavior in order to better adapt it to her own goals (e.g., to save
battery power). We understand that regular users usually do not have the required level of knowledge
and skills to modify their nodes. Nevertheless, our assumption is still reasonable, because criminal
organizations can have enough interest and resources to reverse engineer a node and sell tampered
nodes with modified behavior on a large scale. The experience of cellular networks shows that as
soon as the nodes are under the control of the end-users, there is a strong temptation to alter their
behavior in one way or another.
One approach to solve this problem would be to make the nodes tamper resistant, so that their
behavior cannot be modified. However, this approach does not seem to be very realistic, since ensuring
that the whole node is tamper resistant may be very difficult, if not impossible. Therefore, we propose
another approach, which requires only a tamper resistant hardware module, called security module,
in each node. One can think of the security module as a smart card (similar to the SIM card in GSM
phones) or as a tamper resistant security co-processor [12]. Under the assumption that the user can
possibly modify the behavior of the node, but never that of the security module, our design ensures
that tampering with the node is not advantageous for the user, and therefore, it should happen only
rarely.
We focus on the stimulation of packet forwarding, which is a fundamental networking function
that the nodes should perform in a mobile ad hoc network. In a nutshell, we propose a protocol that
requires the node to pass each packet (generated as well as received for forwarding) to its security
module. The security module maintains a counter, called nuglet counter, which is decreased when
the node wants to send a packet as originator, and increased when the node forwards a packet. The
value of the nuglet counter must remain positive, which means that if the node wants to send its own
packets, then it must forward packets for the benefit of other nodes. The nuglet counter is protected
from illegitimate manipulation by the tamper resistance of the security module.
Besides stimulating packet forwarding, our mechanism encourages the users to keep their nodes
turned on and to refrain from sending a large amount of packets to distant destinations. The latter
property is particularly desirable, because, as mentioned in [9], the available bandwidth per node de-
clines as the number of nodes increases (assuming that the traffic does not exhibit locality properties).
The present proposal has been developed in the framework of the Terminodes Project
1
[4, 10].
However, it is generic; in particular, it could work in conjunction with many routing algorithms.
The outline of the paper is the following: In Section 2, we describe the proposed mechanism
to stimulate packet forwarding, and study its behavior through the analysis of a simple model. In
1
http://www.terminodes.org/
2
Section 3, we detail the ways in which the proposed mechanism could be protected against misuse.
In Section 4, we describe our simulation settings, and the simulation results that we obtained. In
Section 5, we discuss some limitations of our approach. Finally, in Section 6, we report on related
work, and in Section 7, we conclude the paper.
2 Stimulation mechanism
2.1 Description
As mentioned before, we assume that every node has a tamper resistant security module, which main-
tains a nuglet counter. Our stimulation mechanism is based on the following two rules, which are
enforced by the security module:
1. When the node wants to send one of its own packets, the number
n
of intermediate nodes that
are needed to reach the destination is estimated. If the nuglet counter of the node is greater
than or equal to
n
, then the node can send its packet, and the nuglet counter is decreased by
n
.
Otherwise, the node cannot send its packet, and the nuglet counter is not modified.
2. When the node forwards a packet for the benefit of other nodes, the nuglet counter is increased
by one.
2.2 Model of a single node
Let us consider now the following model, the analysis of which will give an insight into the operation
of the above mechanism. A node has two incoming and two outgoing flows of packets (Figure 1).
The incoming flow
IN
o
represents the packets that are generated by the node itself. We call these
packets own packets. The other incoming flow
IN
f
represents the packets that are received for for-
warding. We call these packets forwarding packets. The packets that the node receives as destination
are not represented in the model. Each incoming packet (own as well as forwarding) is either sent or
dropped. The outgoing flow
OUT
represents the packets that are sent by the node. This flow con-
sists of two components
OUT
o
and
OUT
f
, where
OUT
o
represents the own packets that are sent
and
OUT
f
stands for the forwarded packets. The other outgoing flow
DRP
represents the packets
that are dropped. Similarly to
OUT
, this flow consists of two components too:
DRP
o
and
DRP
f
,
representing dropped own and forwarding packets, respectively.
B, C, N
o
IN
IN
f
=
OUT
o
OUT OUT
f
+
=
DRP
+
f
DRP
o
DRP
Figure 1: Model of a single node
The current state of the node is described by two variables
b
and
c
, where
b
is the remaining
battery of the node and
c
stands for the value of its nuglet counter. More precisely, we interpret
b
as
the number of packets that the node can send using its remaining energy. The initial values of
b
and
c
are denoted by
B
and
C
, respectively. To keep the model simple, we assume that when the node sends
3
an own packet,
c
is decreased by an integer constant
N >
1
, which represents the estimated number
of intermediate nodes that are needed to reach the destination. Since
c
must remain positive, the node
can send its own packet only if
c
N
holds. When the node sends a packet that was received for
forwarding,
c
is increased by one. In addition, each time the node sends a packet (own as well as
forwarding),
b
is decreased by one. When
b
reaches 0 (i.e., when the battery is drained out), the node
stops its operation. We assume that the initial number
C
of nuglets is not enough to drain the battery
out by sending only own packets (i.e.,
C=N <B
).
2.3 Analysis of static aspects
Let us denote the number of own and forwarding packets sent during the whole lifetime of the node by
out
o
and
out
f
, respectively. Selfishness of the node could be represented by the goal of maximizing
out
o
subject to the following conditions:
out
o
;
out
f
0
(1)
N
out
o
;
out
f
C
(2)
out
o
+
out
f
=
B
(3)
Condition (1) is trivial. Condition (2) describes the requirement that the number
N
out
o
of nuglets
spent by the node cannot exceed the number
out
f
of nuglets earned plus the initial value
C
of the
nuglet counter. Finally, Condition (3) represents the fact that the initial energy of the node must be
shared between sending own packets and sending forwarding packets.
out
o
B
B + C
N + 1
out
f
B
NB - C
N + 1
- C
out
o
= B
-
out
f
out
o
- C
= N
out
f
Figure 2: Maximizing
out
o
Figure 2 illustrates the conditions graphically. It is easy to see that the maximum of
out
o
is
B
+
C
N
+1
.
It can also be seen that in order to reach this maximum
out
f
must be
NB
;
C
N
+1
. Thus, the node must
forward this number of packets for the benefit of other nodes if it wants to maximize its own benefit. If
there was no nuglet counter and an enforcing mechanism that does not allow the node to send an own
packet when it does not have enough nuglets, then Condition (2) would be missing, and the maximum
of
out
o
would be
B
. This means that the node would maximize its own benefit by dropping all packets
received for forwarding.
In principle, the node can always reach
out
o
=
B
+
C
N
+1
: When it runs out of nuglets, it can simply
buffer its own packets until it forwards enough packets and earns enough nuglets to send them. How-
ever, this works only if the buffer is large enough and no delay constraint is imposed on the packets.
4
In real-time applications, sending a packet that has spent too much time in the buffer may be useless,
which means that the node must drop some of its own packets. It can still reach
out
o
=
B
+
C
N
+1
, but it
is now important how many own packets it must drop meanwhile.
In order to study this situation, we extend our model in the following way: We assume that the
node generates own packets with a constant average rate
r
o
, and receives packets for forwarding with
a constant average rate
r
f
. We denote the time when the battery is drained out by
t
end
. Note that
t
end
is not a constant, since the time when the battery is drained out depends on the behavior of the node.
Furthermore, we assume that there is no buffering of own packets, which means that an own packet
that cannot be sent immediately (due to the low value of the nuglet counter) must be dropped.
Selfishness of the node could now be represented by the goal of maximizing
out
o
and, at the same
time, maximizing
z
o
=
out
o
r
o
t
end
(which is equivalent to minimizing the number of own packets dropped)
subject to the following conditions:
out
o
;
out
f
0
(4)
out
o
r
o
t
end
(5)
out
f
r
f
t
end
(6)
N
out
o
;
out
f
C
(7)
out
o
+
out
f
=
B
(8)
Using
out
f
=
B
;
out
o
from Condition (8), we can reduce the number of unknowns and obtain
the following set of conditions:
out
o
0
(9)
out
o
B
(10)
t
end
out
o
r
o
(11)
t
end
;
out
o
r
f
+
B
r
f
(12)
out
o
B
+
C
N
+1
(13)
Conditions (9-13) determine the feasible region, on which we have to maximize
out
o
and
z
o
. This
is illustrated in Figure 3. As we have already seen, the maximum of
out
o
is
B
+
C
N
+1
. Note that
B
+
C
N
+1
is
always less than
B
, because we assumed that
C=N < B
. Different values of
z
o
are represented by
lines with different slopes all going through the (0,0) point. In order to find the maximum of
z
o
,we
have to find the line with the smallest slope that still intersects the feasible region.
Depending on the ratio
r
f
=r
o
of the rates, we can distinguish the following two cases (Figure 3,
parts (a) and (b)):
Case (a): If
r
f
r
o
NB
;
C
B
+
C
(i.e.,
B
+
C
N
+1
r
o
r
o
+
r
f
B
) then the maximum of
z
o
is 1. Because of
Condition (11), this is the best that can be achieved. This means that in this case, the node does
not have to drop any of its own packets.
Case (b): If
r
f
r
o
<
NB
;
C
B
+
C
(i.e.,
B
+
C
N
+1
<
r
o
r
o
+
r
f
B
), then the maximum of
z
o
is
r
f
r
o
B
+
C
NB
;
C
<
1
.
This means that in this case, the node must drop some of its own packets.
Intuitively, the difference between the two cases above can be explained as follows: In case (a),
packets for forwarding arrive with high enough a rate to cover the expenses of sending own pack-
ets. On the other hand, in case (b), the arrival rate of forwarding packets is too low, and the node
5
