# On Security and Reliability Using Cooperative Transmissions in Sensor Networks

## Authors

- First Online:

DOI: 10.1007/s11036-012-0360-8

- Cite this article as:
- Aksu, A., Krishnamurthy, P., Tipper, D. et al. Mobile Netw Appl (2012) 17: 526. doi:10.1007/s11036-012-0360-8

- 2 Citations
- 131 Views

## Abstract

Cooperative transmissions have received recent attention and research papers have demonstrated their benefits for wireless networks. Such benefits include improving the reliability of links through diversity and/or increasing the reach of a link compared to a single transmitter transmitting to a single receiver (single-input single-output or SISO). In one form of cooperative transmissions, multiple nodes can act as virtual antenna elements and provide diversity gain or range improvement using space-time coding. In a multi-hop ad hoc or sensor network, a source node can make use of its neighbors as relays with itself to reach an intermediate node with greater reliability or at a larger distance than otherwise possible. The intermediate node will use its neighbors in a similar manner and this process continues till the destination is reached. Thus, for the same reliability of a link as SISO, the number of hops between a source and destination may be reduced using cooperative transmissions as each hop spans a larger distance. However, the presence of malicious or compromised nodes in the network impacts the benefits obtained with cooperative transmissions. Using more relays can increase the reach of a link, but if one or more relays are malicious, the transmission may fail. *However, the relationships between the number of relays, the number of hops, and success probabilities are not trivial to determine.* In this paper, we analyze this problem to understand the conditions under which cooperative transmissions fare better or worse than SISO transmissions. We take into consideration additional parameters such as the path-loss exponent and provide a framework that allows us to evaluate the conditions when cooperative transmissions are better than SISO transmissions. This analysis provides insights that can be employed before resorting to simulations or experimentation.

### Keywords

cooperative communicationssecurityreliability## 1 Introduction

Cooperative transmissions or cooperative diversity is a relatively new physical layer approach which helps to achieve performance gains similar to multiple-input multiple-output (MIMO) enabled transmissions in wireless networks compared to traditional single-input single-output (SISO) links. With cooperative transmissions, several nodes with single antennas form what can be considered as a *virtual antenna array* to assist each other with the transmission of messages. When a virtual antenna array is created only for transmitting to a single receiving node, the approach is called virtual multiple-input single-output (vMISO) transmissions [1]. The way vMISO works is as follows. A cooperative transmission is initiated by a source node multi-casting (or broadcasting) a message to a number of cooperating relay nodes, which then send the message to the destination node (together with the source node) using techniques such as space-time coding. The destination node combines the signals from the source and relays appropriately to decode the message.

Cooperative transmissions exploit a fundamental feature of the wireless medium: the ability to achieve *diversity* through independent channels created between the multiple transmitters and the receiver, because these channels are likely to fade independently. In the case of SISO transmissions, the channel has a certain probability of being in fade. With vMISO, unless *all* of the multiple independent channels are in fade, the information in the signal has a good chance of being recovered at the receiver. The resulting advantages (that have been widely studied previously at the physical layer—see for example [2]) are a better bit-error rate (BER) for a given transmission rate and/or a longer transmission range for a given BER while consuming the same amount of transmission power compared to non-cooperative transmissions. These advantages can also provide energy efficient routing and a longer lifetime in the case of sensor networks. We will use cooperative transmissions and vMISO interchangeably in this paper.

Unfortunately, from a security point of view, cooperative transmissions suffer from drawbacks. The benefits of cooperative transmissions arise from the fact that with more relay nodes, a higher order of diversity can be achieved, thus improving the BER and/or range. However, at the same time, security threats increase with the involvement of additional parties to the communication since they may all not be honest and trustworthy nodes. For example, even if one of the nodes that form the virtual antenna array is malicious, it can disrupt the transmission, or it can transmit garbled symbols in order to both corrupt the transmission and perhaps drain the batteries of honest nodes.

*The relationships between the number of relays, the number of malicious nodes, the number of hops, and delivery success probabilities are not trivial to determine and also depend on parameters such as the path-loss exponent.*In this paper, we develop an analytical framework for evaluating when cooperative transmissions may be more beneficial than SISO transmissions in sensor networks with a mix of honest and malicious and/or compromised nodes. For this evaluation, we employ as the performance metric, the probability of successful reception of packets. While this framework could be applied to any multi-hop wireless network, we will consider here a sensor network with multi-hop transmissions where key pre-distribution schemes may be employed for additional security [3]. Key pre-distribution allows pairs of sensor nodes to establish secure communications if they share a key. However, with key pre-distribution,

*not all pairs*of sensor nodes share a key, although many pairs do. Thus, it is very likely that each SISO link on a route from a source to the destination is secure when there are no compromised nodes. The presence of compromised nodes may however disrupt communications along a path from the source to the destination and data packets may not successfully reach the destination. As the number of hops to the destination increases, the chance of a successful reception at the destination drops. When cooperative transmissions are employed with vMISO, for the same link reliability, the number of hops to the destination may be reduced making it more likely that the packet is successfully received at the destination (see Fig. 1). The reduction in the number of hops increases as the number of cooperating nodes increases. This however does not come freely in a network with a mix of honest and malicious nodes. Since every pair of sensor nodes may not share a key, even without compromised nodes in the network, a vMISO transmission may potentially accept cooperation from a node that is not necessarily honest (i.e., from nodes that may not share keys with the transmitting node). Additionally, if some of the nodes that share keys are compromised, in such cases, vMISO may fare worse than longer SISO links.

It is not easy or straightforward to predict what circumstances are better for vMISO or SISO for various reasons. First, the diversity benefits increase with the number of cooperating relays, but the relation is non-linear and varies with the environment and the requirements placed on reliability. Second, the chance of involvement of malicious or compromised nodes depends on their number in the network and also the distance between the source node and destination node. Third, various key pre-distribution schemes have different probabilities of sharing secret keys with neighbors that may act as relays which changes the ability of a transmitting node to select trusted cooperating neighbors. Finally, malicious nodes may also not always disrupt transmissions to avoid quick detection. The contribution of this paper is an analytical framework that includes these parameters so that it is possible to evaluate the boundaries of where vMISO or SISO fare better. We do however make simplifying assumptions (e.g., we do not very rigorously account for node density, but make approximations). Our analysis allowed us to determine a fairly general condition where vMISO has a better probability of successfully delivering a packet than SISO as *nK*_{v} < *K*_{s}, where *n* is the number of cooperating nodes that is used at each hop of a multi-hop vMISO route, and *K*_{v} and *K*_{s} are the number of hops required to reach a destination from the source with vMISO and SISO, respectively. This condition holds when the number of honest nodes in the neighborhood of a node is much higher than *n*. As expected, our analysis shows that while using vMISO, a small *n* is preferable. This analysis provides insights that can be employed before resorting to simulations or experimentation.

The rest of the paper is organized as follows. In Section 2, we present some background and related work on cooperative transmissions, some possible attacks against cooperative transmissions, and a primer on key pre-distribution. Section 3 describes the framework for analyzing the probability of successfully receiving a packet at the destination with SISO and vMISO, with and without the use of shared keys. Section 4 presents the results obtained from the analysis. Section 5 concludes the paper and outlines its limitations.

## 2 Background and related work

In this section we briefly describe the background material needed for the rest of this paper and some related work. We do not look at an exhaustive review of the literature on cooperative diversity for which we refer to [1, 2, 4]. We however look at the various ways in which attacks can disrupt cooperative transmissions as there is no work that to our knowledge provides a comprehensive discussion of the possibilities.

### 2.1 Cooperative transmissions

Cooperative transmissions can improve the quality or range of a link by creating virtual antenna arrays comprised of a source and some of its neighbors. In a vMISO system, a cluster of cooperating nodes emulate the antenna array of a real multiple-input single-output (MISO) system [1]. There is a single *head node* or *source* in this cluster that is the originator or source of data, and there are multiple *cooperating nodes* each of which act as a transmitter antenna in an antenna array. Unlike real MISO systems, the antennas are not co-located in vMISO systems. Consequently, the source first broadcasts or multicasts its packet to the neighboring nodes that make up the eventual relays. After the relays receive the data, the source and the cooperating relays all then simultaneously transmit the packet to the receiver(s). In the approach we consider here, once all nodes in the cluster have the original data, they will encode data using an appropriate *space-time block code* (STBC) [5], and simultaneously transmit the coded block to a receiver.

Figure 1 shows examples of SISO and vMISO routes between a source *S* and a destination *D* to illustrate the potential benefits (this is for illustration and does not use actual parameters). The SISO route is 4 hops long and goes through intermediate nodes *f*_{1}, *f*_{2}, *f*_{3}. The vMISO route is two hops long, but each hop has three transmitters (*S*, *R*_{1}, *R*_{2} for the first hop and *f*_{2}, *R*_{3}, *R*_{4} along the second hop). The assumptions underlying the benefits from vMISO are that each *individual link* (e.g., *S* to *f*_{2} or *R*_{2} to *f*_{2}) in Fig. 1 is independently fading. Thus, the vMISO link is more reliable because of the inherent diversity.

There are several physical layer related issues that we do not elaborate upon here. It is possible to overcome these challenges using physical layer techniques [1] that are described in many of the related physical layer research papers. For example, in order to leverage the benefits of space-diversity, data should be encoded using a space time block code. An STBC with code rate *r*_{n} = *k*/*k*_{n}, *r*_{n} ≤ 1, is defined by a transmission matrix of size *k*_{n}×*n*, where *n* is the number of (virtual) transmitter antenna elements and *k*_{n} is the number of time units involved in the transmission of *k* symbols [5]. The simplest STBC is the Alamouti code, which has unit rate [6], *n* = 2 co-located antennas or *n* = 2 cooperating relays, and transmitting two symbols every two time units. STBCs suitable for higher numbers of transmitter antennas or cooperating relays have also been developed (see for e.g., [7]) but some may have lower code rates which we ignore in this paper. In order to decode the transmitted block successfully, the receiver node requires channel state information (CSI) between itself and each of the transmitting nodes. CSI is obtained by using pilot tones transmitted by each node prior to the data transmission. Some loose synchronization between *S*, *R*_{1} and *R*_{2} is necessary but the impact of different node locations (as against co-located antennas) has been shown to be minimal [1]. The *individual links* are typically assumed to be flat-fading (which is the assumption made in this paper) although frequency selective fading may be combatted as well.

Further, in this paper, we ignore the protocols and overhead associated with identifying nodes such as *R*_{1} and *R*_{2} at every link as this has been previously considered in other work and is also not the focus of this paper. For instance, in [1] a primary SISO route is first created and then this primary route is used to create a vMISO route. In [2], a greedy geographical routing scheme is used. In this paper, we simply assume that somehow a vMISO route has been set-up with appropriate participation of honest and malicious nodes. We do not consider attacks on route set-up or discovery. We also ignore the medium access issues in this paper. Modifications to the traditional request-to-send (RTS) and clear-to-send (CTS) handshakes to avoid collisions and hidden terminals are often used [1] to accommodate cooperative transmissions. We do not consider MAC layer attacks against such protocols either in this paper.

### 2.2 Security threats against vMISO

Wireless ad hoc and sensor networks are vulnerable to security attacks due to the shared nature of wireless medium and the way they are deployed and their limited resources. Cooperative transmissions are more vulnerable to some security attacks than non-cooperative (SISO) transmissions. This is because they aim to exploit the advantages of diversity, and this is achievable only with multiple transmitters when each node has only one antenna. Introducing additional parties to a transmission increases the vulnerability to attacks. In this section, we will give a brief explanation of potential attacks. Our focus in the paper is less on the attacks and this section only describes how attacks may be employed. As explained previously, the focus of this paper is on the impact especially in terms of when cooperative transmissions should be used instead of SISO transmissions. Consequently, irrespective of the cause of the attack, we assume that the goal of a malicious or a compromised node is to disrupt the successful reception of packets either always or sometimes. Other attacks mentioned in this section (e.g., eavesdropping or wormhole attacks) are outside the scope of this paper.

#### 2.2.1 Disruption of packet transmission on vMISO links

vMISO transmissions can exploit space-time diversity by using relay nodes. A relay node must agree to help a source node which has a data to send to a destination node. When a relay node *behaves selfishly* by not cooperating, a source node cannot exploit the advantages of cooperative transmissions, and instead it has to use SISO transmissions or transmissions with fewer cooperating nodes. This may result in conditions such as higher network-wide power consumption, longer latency in transferring data and/or higher bit error rates. A selfish node that agrees to cooperate but then does not transmit the packet with the source and other relays reduces the diversity and will likely result in a packet not reaching the destination reliably (i.e., the packet will be dropped).

The number of relays is very important in cooperative transmissions. Therefore, an attacker may try to prevent a source node from choosing the right number of relays for the cooperative transmission. If the source assumes there will be *n* cooperative transmitters, but in fact there are fewer than *n* transmitters, the packet will not be successfully received at the intermediate or final destination. If STBC is used as part of the cooperation scheme, the cooperative transmission simply is not realized since linearly combining the signals may not yield the right decision variable or the diversity gain. If any other uncoded cooperation scheme is used, given certain BER requirements, a source node cannot transmit its data to the destination which is in the transmission range if there are *n* nodes in the cooperation set, but outside the range if there are *m* < *n* nodes. The necessity of symmetric links in cooperative transmissions can add another problem to the mix. For a symmetric cooperative link between source and destination nodes, they both must have at least the same number of relays. Thus, if a source node has *n* relays, the destination must also have at least *n* relays. So it is possible for a source node to pick an intermediate destination that claims to have *n* cooperating relays even if it is a node with which it shares no keys instead of a node that it shares a key with, but which has fewer than *n* relays. Sybil attacks are good examples for possibilities of this kind of an attack. For instance, a Sybil node can claim more than one identity, which will cause the source node to believe that it has *n* relays, while in reality it has *m* < *n* relays.

With a routing algorithm where the routing metric favors nodes with higher numbers of relays, a malicious node may try to convince others that it has a higher number of relays in its neighborhood or that other nodes have fewer relays. This way it may attract traffic to itself which then never reaches the destination.

An attacker can jam the channel during the transmission of pilot tones that are often needed with cooperative transmissions in order to prevent successful estimation of CSI at the receiver. In such a case, the receiver cannot decode symbols successfully. Selectively jamming some transmissions will also damage packets at the receiver. In addition, control packet corruption attacks are possible that allow a malicious node to disrupt the successful reception of a packet.

In this paper, we only consider those attacks where the attacker is part of the cooperative transmissions. We do not consider the precise nature of the attack. For example, the attacker could be a Sybil node or a selfish node. The result in either case is that the packet will not be successfully delivered. We do not consider jamming or extraneous attacks such as the ones described below.

#### 2.2.2 Other attacks

One of the advantages of cooperative diversity is the increased transmission range with the same BER requirement and power consumption as SISO transmissions. However, this causes a single hop cooperative transmission to have wider reception and interference ranges when compared to those of SISO transmissions. Therefore, cooperation has increased vulnerabilities in terms of overhearing due to the larger transmission range. This can facilitate *rushing and wormhole attacks*. A wormhole attack may occur when a malicious node captures a packet and replays it at another location. A rushing attack may occur when a malicious node does not wait for timers to timeout and replies before a legitimate node. Obviously, the chances that a malicious node can overhear a cooperative transmission is higher. In addition, cooperative transmissions often require a more complex MAC algorithm [1] which requires exchanging more messages than needed for a direct transmission. This also increases the probability of attacks that are related to packet capturing. Methods that narrow down the transmission area without decreasing transmission range in the desired direction, i.e., using directional antennas, may be useful.

Cooperative jamming is a method to protect against eavesdropping which introduces noise into the communication medium to hurt the eavesdropper (untrusted relay) more than the legitimate destination. An example of such a solution to mitigate the eavesdroppers in the transmission range is given in [8], where an opportunistic selection of two relay nodes is proposed to increase security against eavesdroppers. The first relay operates as a conventional node and assists a source to deliver its data to a destination via the Decode-and-Forward strategy [9]. The second relay is used in order to create intentional interference at the eavesdropping nodes. The proposed selection technique jointly protects the primary destination against interference and jams the reception at the eavesdropper. This assumes knowledge of the existence of the eavesdropper. In [10], the authors show that a positive secrecy rate can be achieved with the help of destination node or an external node that jams the relay by cooperative jamming.

*Resource draining attacks* aim to reduce or deplete the network’s resources such as the battery power of nodes and the capacity of the network, etc. A malicious node that is involved in a cooperative transmission can attack the transmission to drain the batteries of honest nodes, or occupy links by sending garbage data for a longer time to decrease the capacity of the network. Relay discovery attacks that request repeated responses for discovering potential relay nodes may result in high numbers of retransmissions which will drain the batteries of nodes and reduce the lifetime of the network. As mentioned before, the nodes that reside in the wider transmission range of a cooperation set (set of nodes cooperating) have to wait (to avoid collisions) to be able to send their own data. In a non-cooperative transmission, a simple 4-way handshake is often enough to contend for the channel; in the vMISO case, however, transmission latency increases due to the message exchanging phase at the source and destination clusters before cooperative control packets are sent; also coding and decoding of symbols at the source and destination may add to the latency. Therefore, retransmissions must be as few as possible to have a longer network lifetime.

In [11], two types of resource draining attacks are addressed. In “inside” attacks, malicious nodes send garbage information to the destination when they serve as relays. In bad mouthing attacks, a malicious node needs to report the link quality or trust values. The malicious node can lie and report false information. To mitigate both attacks in addition to selfish behavior, [11] proposed a distributed trust-assisted cooperative transmission scheme. Trust values are constructed to determine the link quality between cooperating nodes and the destination node. Relayed transmissions are combined at the destination according to the trust values.

Injecting traffic attacks are addressed in [12]. These attacks occur when attackers inject an overwhelming amount of traffic into the network to consume valuable network resources of honest nodes and to reduce the network’s lifetime. In cooperative mobile ad hoc networks, nodes will usually unconditionally forward packets for other nodes. Consequently, such networks are extremely vulnerable to injecting traffic attacks, especially those launched by inside attackers. In [12], two types of injecting traffic attacks that can be launched in cooperative ad hoc networks are mentioned: query flooding attack and injecting data packet attack (IDPA). Fortunately, in cooperative ad hoc networks, since nodes belong to the same authority and pursue common goals, it is possible that they can know each other’s data packet injection statistics. According to the solution proposed in [12], detecting injecting traffic attacks is equivalent to detecting those nodes that are not legitimate but still they inject packets into the network or whose packet injection rates are much higher than their legitimate upper bounds. Also, legitimate nodes add a header to their packets along with a digital signature. The maximum number of allowed hops and signatures in the headers are used by honest nodes in order to decide if there exists a malicious node on the route and whether or not to forward a packet to the next hop.

### 2.3 Key pre-distribution in sensor networks

One of the problems in the security of sensor networks is that the nodes cannot store a lot of keys. Thus pairwise key installation and management is not possible. At the same time, it is not wise to use a single key that every node shares, as a single node compromise can disrupt the whole network. To address this problem, in [13], a key management mechanism is proposed, and it has three phases: key pre-distribution, shared-key discovery, and path-key establishment. The key-pre-distribution phase is an offline phase, where a large pool of *S* keys are generated. A key ring is generated from *k* keys that are randomly chosen from this pool. Key identifiers for each key in the key ring are loaded to a sensor node. In the shared-key discovery phase, each node discovers its neighbors in communication range with which it shares key(s). Nodes discover shared-keys by broadcasting the list of *k* key identifiers of the keys on their key ring in clear text. After this phase, a secure link exists between two nodes if they share at least one key. The probability they share a key depends on *S* and *k*. In path-key establishment phase, a path-key is assigned to selected pairs of nodes in wireless communication range that do not share a key but are connected by two or more links at the end of the shared-key discovery phase. The downside of this *random key distribution* scheme is that the probability that two nodes share a key can be small and path-key establishment may require several nodes to participate. In some cases, the path between two geographically close nodes (in communication range) may involve more than three other nodes.

The knowledge of the deployment of sensors [14] may be used to improve the probability that two nodes share a key to something close to 1. Multiple key pools are used in this *deployment based scheme* as opposed to the single global key pool *S*. Sensors are assumed to be deployed in clusters or groups organized into a grid. Each deployment group has its own associated group key pool that is generated from the global key pool. Keys from the global key pool are assigned to group key pools in a way that the group key pools of clusters that are geographically closer have a certain number of *common* keys. However, if two clusters are not neighbors, the group key pools do not share any keys. Nodes that are very far apart are thus unlikely to share any keys (and the expectation is that they do not have to share keys).

In this paper, we make use of these key pre-distribution approaches to increase the reliability of SISO and vMISO transmissions in the presence of malicious and/or compromised nodes as explained in the following sections.

## 3 Framework for analyzing packet success with vMISO and SISO transmissions

In this section, we describe an analytical framework for evaluating the probability of successfully delivering a packet with SISO and vMISO transmissions with and without the presence of malicious nodes in the system. First we describe the idea of “distance gain” with vMISO which we will employ in the framework in ensuing sections.

### 3.1 Outage probability, transmission range, and distance gain

Based on [2], we first derive here an expression for the relationship between the outage probability, the number of cooperating nodes, and the increase in transmission range possible with vMISO. The outage probability is a metric of reliability that is easier to employ compared to detailed physical layer parameters such as modulation schemes and bit error rate versus signal-to-noise ratio curves as we discuss here later.

We assume a narrow-band multi-path wireless channel with a coherence time much longer than the symbol transmission time, so that the channel can be assumed to be constant over multiple symbol durations. This channel is modeled as a flat Rayleigh fading channel with a path-loss exponent *β*. All nodes have omni-directional antennas and emit signals at the same power *P*_{t}. The large scale path-loss for a transmitter-receiver distance of *d* is, *K**d*^{ − β}, where *K* is a constant that is typically a function of *λ*, the wavelength. For a certain packet transmission, each transmitted signal goes over an independent Rayleigh fading channel and it is corrupted by a zero-mean additive white Gaussian noise (AWGN). Let *α* be a Rayleigh distributed random variable with parameter *σ* = 1. We note here that |*α*|^{2} has an exponential distribution. Under Rayleigh fading with SISO, the signal strength \(S_s = P_0 d_{s}^{-\beta} |\alpha|^2\) at the receiver is exponentially distributed, where *P*_{0} = *P*_{t} ×*K*. Here *d*_{s} is the distance between the SISO transmitter and receiver.

Let *α*_{i} for *i* = 1,2, ⋯ ,*n* be independent random fading coefficients with Rayleigh-distributed magnitudes and uniform phases. We use these coefficients toward determining the range improvement with vMISO. If there are *n* cooperating transmitters *i* = 1,2, ⋯ ,*n* in vMISO at distances *d*_{i} from the receiver, the signal strength *S*_{i} of the signal from the *i*-th cooperating node, at the receiver will be \(P_0 |\alpha_i|^2 d_{i}^{-\beta}\). The overall signal strength at the receiver due to the cooperative transmission will be \(S = P_0 \sum_{i=1}^{n} |\alpha_i|^2 d_{i}^{-\beta}\). If we make the assumption that the *d*_{i}’s are very close (and this is a reasonable assumption for mathematical tractability) and equal to *d*_{v}, the signal strength at the receiver is \(S_{\emph{v}} = P_0 d_{\emph{v}}^{-\beta} \sum_{i=1}^{n} |\alpha_i|^2\). Note that \(\sum_{i=1}^{n} |\alpha_i|^2\) has a *χ*^{2} distribution with 2*n* degrees of freedom.

*p*

_{out}, defined as the probability that the instantaneous signal-to-noise-ratio (SNR),

*SNR*

_{i}, falls below a certain threshold. If the coherence time is greater than the packet transmission time, the outage probability is time-invariant for a given packet transmission. Let us suppose that

*S*

_{th}is the minimum required signal strength for correct decoding at the receiver for a target outage probability

*p*

_{out}(assuming that the AWGN does not change with time). Then, the outage probability for the random signal strength

*S*at the receiver can be calculated as follows:

*p*

_{out}, SISO and vMISO will have different transmission ranges as follows. For SISO, we have:

*F*

_{s}(·) and \(F_{\emph{v}}(\cdot)\) are respectively the cumulative exponential and

*χ*

^{2}(2

*n*degrees of freedom) distributions previously mentioned. We have to determine the inverses of these cumulative distributions to calculate the transmission ranges. Thus, the gain in transmission range with vMISO for the same outage probability [2] can be expressed as:

We note here that the gain in transmission range depends upon three parameters namely (i) the number of cooperating nodes *n* that appears as an argument through the degrees of freedom of the *χ*^{2} distribution (ii) the path-loss exponent *β* and (iii) the outage probability requirements *p*_{out}. Each of these parameters has a non-linear influence on the gain in transmission range. We plot the range improvements to get some clarity on this influence.

*n*= 4 cooperating users as a function of the path-loss exponent

*β*. We vary

*β*from

*β*= 2 which is in free-space to

*β*= 6 which can occur in some harsh indoor environments. Clearly, the range gain is larger when the outage probability

*p*

_{out}requirements are more stringent, which is the case where cooperative transmissions provide the benefits of diversity. Further, the gain in transmission range starts becoming less important as

*β*increases. In fact, for

*β*> 4, the gains in transmission range with vMISO are very close even as

*p*

_{out}changes by two orders of magnitude. In the numerical results that we present later, we chose

*β*= 3 in most cases for this reason.

*p*

_{out}for different numbers of cooperating nodes with path-loss exponent fixed at

*β*= 3. Please note here that the

*x*-axis in Fig. 4 has a logarithmic scale. Again, we observe that the largest benefits are for more stringent values of

*p*

_{out}(i.e., for

*p*

_{out}= 0.001) and the range gains are larger for larger

*n*. However, the range gains have diminishing returns as

*n*increases.

### 3.2 Probability of success without malicious nodes

Having considered the improvements in transmission range with vMISO over SISO we next consider an analysis of the probability of successful reception of a packet at the destination of a multi-hop route with SISO and vMISO transmissions in a sensor network. Initially we will assume a network without any malicious or compromised nodes.

*D*using only SISO transmissions. Let the

*minimum*number of hops from the source to the destination, given an outage probability

*p*

_{out}be \(K_s=\left\lceil \frac{D}{d_s}\right\rceil\). If there are no malicious nodes in the network, the probability that a packet is successfully received at the destination is equal to the probability that the packet is successfully received on every hop,

*n*cooperating nodes at each hop are employed, the minimum number of hops needed from the same source to the same destination becomes \(K_{\emph{v}}=\left\lceil \frac{D}{d_{\emph{v}}}\right\rceil=\left\lceil \frac{K_s}{G_n(p_{out},\beta)}\right\rceil \leq K_s\). To calculate the success probability with vMISO, we need to consider the SISO transmissions between source and relay nodes in addition to the cooperative transmission to the destination node in every hop of the multi-hop vMISO route. Then, the success probability will be,

Based on the two success probabilities \(P_{suc}^{SISO}\) and \(P_{suc}^{\emph{v}MISO}\), we can make the following assertions:

**Theorem 1**

(vMISO reliability without malicious nodes)* With no malicious nodes in the network and n** cooperating nodes to transmit a data packet from a source to a destination that is K*_{s}* SISO hops away, vMISO has better transmission reliability than SISO if *\(I_{\emph{v}}(n,p_{out},\beta)=n\left\lceil \frac{K_s}{G_n(p_{out},\beta)}\right\rceil - K_s < 0\)*, given an outage probability p*_{out}* and path-loss exponent β**. *

### Proof

*β*,

*n*and

*p*

_{out}. It is not possible to simplify this further easily due to the ceiling function used to calculate the number of hops. We plot \(I_{\emph{v}}=nK_{\emph{v}} - K_s\) in Fig. 5 to show

*n*and

*p*

_{out}values for which vMISO is more reliable than SISO, \(I_{\emph{v}}<0\) (from Theorem 1), when

*β*= 3. From this figure, we observe that for vMISO to perform better, in general

*p*

_{out}and

*n*must be small. Also, as

*p*

_{out}gets larger (say from 0.001 to 0.1),

*n*must be smaller for vMISO to be better. When

*β*= 4, the ranges of values for

*n*and

*p*

_{out}for which vMISO is better is narrower than for

*β*= 3. Still, it is not unreasonable to employ as many as

*n*= 5 cooperative nodes for vMISO transmissions and obtain a higher reliability than SISO.

### 3.3 Probability of success with malicious nodes

Next we consider the setup of routes between sources and destinations in the network and the impact that malicious nodes may have on the probability of successfully receiving a packet at the destination. We assume that source and destination nodes are honest nodes and any malicious node will participate in generating the route with the idea of dropping or corrupting *all* data packets for now. We relax this to account for dropping only some data packets in a later section.

*γ*be the fraction of honest nodes in the network. Without any means of verifying whether or not a node in the network is malicious, the probability of picking a malicious node on a route depends on 1 −

*γ*. We further let

*δ*

_{s}be the degree of a node (the number of neighbors) in SISO range

*d*

_{s}. Then,

*δ*

_{s}consists of both honest nodes and malicious nodes

*f*

_{1}as the next hop node (from Fig. 1) is

*γ*, and the probability that

*f*

_{1}chooses another honest node

*f*

_{2}(excluding the source node) will be \(1-\frac{\delta_m}{\delta_s-1}\). When

*δ*

_{s}> > 1, this second probability approaches \(\gamma=\frac{\delta_h}{\delta_s}\). Similarly, if the density of nodes is high, and the fraction 1 −

*γ*of malicious nodes is also high, for simplicity, we can assume that this fraction does not change when a few nodes are already picked to be on a route. Essentially then, the probability of picking a malicious node as an intermediate node is 1 −

*γ*.

*K*

_{s}hops, none of the

*K*

_{s}− 1 intermediate nodes (e.g.,

*f*

_{1},

*f*

_{2},

*f*

_{3}in Fig. 1a) must be malicious for the packet to be received successfully at the destination. Thus we have,

*n*cooperating nodes are employed, the computation of success probability is more complicated. This is because, in this case, each forwarding node in vMISO range must be chosen from the honest neighboring nodes, and in addition, each cooperating relay in SISO range must be chosen from the honest nodes. Let

*P*

_{n}be the probability that an honest source node chooses

*n*− 1 honest relay nodes in its SISO range to cooperate with them in a single hop vMISO. Then,

*P*

_{n}increases with increasing

*δ*

_{h}(and correspondingly

*δ*

_{s}) although

*γ*is constant. The reason is that the probability of selecting

*n*− 1 cooperating relays in a larger range is higher than in a smaller range. We analyze

*P*

_{n}for different ranges of

*n*and

*δ*

_{h}while keeping

*γ*=

*δ*

_{h}/

*δ*

_{s}constant. There are three cases we consider:

- 1.
When

*δ*_{h}→ ∞ and*δ*_{h}> >*n*, \(P_n \rightarrow \gamma^{(n-1)}\). - 2.
When

*n*= 2,*P*_{n}→*γ*. - 3.
When

*n*→ ∞,*P*_{n}→0.

*P*

_{n}and

*γ*

^{(n − 1)}, its approximation, for simplifying the analysis for various

*n*. The observations from this figure validates the claim that the approximation is very close to the exact value of

*P*

_{n}. For small

*n*,

*n*< 10 the difference is less than 0.01, and as

*n*increases the error also increases. However, even for

*n*= 20, the error is less than 0.03. Also it is

*unlikely*that very large values of cooperating nodes

*n*will turn out to be better in terms of reliability even in the absence of any malicious nodes.

**Theorem 2**

(vMISO reliability with malicious nodes)* When there exist malicious nodes in the network, but no mechanism exists to distinguish between them, using vMISO with n** cooperating nodes to transmit a data packet from a source to destination at distance K*_{s}* SISO hops has better transmission reliability if *\(I_{\emph{v}}(n,p_{out},\beta)=n\left\lceil \frac{K_s}{G_n(p_{out},\beta)}\right\rceil < K_s\)* given the same outage probability requirement, p*_{out}* and path loss exponent, β** for all transmissions.*

### Proof

- 1.
**First case:***γ*< < 1 −*p*_{out}: This condition is similar to the case when there are no malicious nodes in the network, since the terms including*γ*in Eqs. 10 and 12 can be neglected.*P*_{n}in Eq. 12 can also be neglected since it is also a function of*γ*. Then, this condition is in line with Theorem 1. - 2.
**Second case:**1 −*p*_{out}=*γ***and**\(P_n \approx \gamma^{(n-1)}\): This condition is possible when*δ*_{h}→ ∞ and*δ*_{h}> >*n*which results in \(P_n \approx \gamma^{(n-1)}\). Then Eqs. 10 and 12 can be re-written as,$$ P_{suc}^{SISO} = \gamma^{2K_s-1} $$(13)Then, comparing Eqs. 13 and 14, vMISO performs better than SISO when \(I_{\emph{v}} = nK_{\emph{v}} - K_s < 0\).$$ P_{suc}^{vMISO} = \gamma^{(2nK_{\emph{v}}-1)} $$(14) - 3.
**Third case:***γ*> > 1 −*p*_{out}**and**\(P_n \approx \gamma^{(n-1)}\): Under this condition, the (1 −*p*_{out}) terms in Eqs. 10 and 12 can be neglected, and the success probabilities can be re-written as,$$ P_{suc}^{SISO} = \gamma^{K_s-1} $$(15)When we compare Eqs. 15 and 16, vMISO performs better than SISO if \(I_{\emph{v}} = nK_{\emph{v}} - K_s < 0\).$$ P_{suc}^{\emph{v}MISO} = \gamma^{(nK_{\emph{v}}-1)} $$(16)

Note that in the presence of malicious nodes in the network and without a mechanism (e.g., shared keys) to identify malicious nodes, **all three cases result in the same condition**\(I_{\emph{v}}=nK_{\emph{v}} - K_s < 0\) for a \(K_{\emph{v}}\) hops vMISO route to outperform a *K*_{s} hops SISO route in terms of successful packet reception probability for given *β* and *p*_{out}.

From Theorems 1 and 2, we observe that the condition for multi-hop vMISO to outperform multi-hop SISO in terms of success probability in the presence of malicious nodes and with no mechanism for distinguishing between honest and malicious nodes, is the same as the condition for multi-hop vMISO to outperform multi-hop SISO when there are no malicious nodes in the network. This observation is a result of the approximation made in calculating *P*_{n}. Thus, the same conclusions can be made as before, i.e., *n* must be fairly small and *p*_{out} must be stringent enough for vMISO to be better.

### 3.4 Using partial trust with malicious nodes

*η*be the probability that two honest nodes share at least one common key and

*P*

_{m}be the probability that an honest node shares a common key with a malicious node in its SISO neighborhood. Then, “the degree” of a node becomes

*δ*

_{s}′ =

*δ*

_{s}when both key sharing and key compromising probabilities are 1,

*η*=

*P*

_{m}= 1. We analyze successful packet reception with multi-hop SISO and multi-hop vMISO with two different key pre-distribution schemes: deployment-based key pre-distribution scheme [14], and random key pre-distribution schemes [3]. The probability that a node shares a common key with nodes in its neighborhood is larger with the deployment based scheme [14] while it is smaller with the random pre-distribution scheme [3].

#### 3.4.1 Using deployment-based scheme

*η*≈ 1, 0 <

*d*≤

*d*

_{s}), but not with nodes that are far away (0 ≤

*η*< 1,

*d*>

*d*

_{s}). Assuming that an intermediate node is not malicious, in such schemes, it is likely that the complete route is safe. Then, the success probability with SISO is only affected by the fraction of compromised nodes

*P*

_{m}. Let the probability that an intermediate node in SISO range is honest be \(\gamma_{s} = \frac{\delta_h^{\prime}}{\delta_s^{\prime}}=\frac{\delta_h}{\delta_h+\delta_m P_m}\) (

*η*= 1 and

*δ*

_{s}′ > > 1). Then, the success probability on a SISO route of length

*K*

_{s}hops is,

*n*− 1 honest nodes out of

*δ*

_{s}′ nodes in SISO range is,

*η*and will be \(\gamma_{\emph{v}} = \frac{\delta_h^{\prime}}{\delta_s^{\prime}}=\frac{\eta \delta_h}{\eta \delta_h+\delta_m P_m}\) (0 ≤

*η*≤ 1, 0 ≤

*P*

_{m}≤ 1 ). Then, the success probability is,

*P*

_{n}′, the key sharing probability is

*η*= 1, whereas in the calculation of \(\gamma_{\emph{v}}\), the key sharing probability may be 0 ≤

*η*≤ 1.

*γ*

_{s}and \(\gamma_{\emph{v}}\) instead of only

*γ*in addition to

*p*

_{out},

*n*and

*β*. Following the second condition in the proof of Theorem 2, let

*γ*

_{s}= 1 −

*p*

_{out}and \(P_n^{\prime} \approx \gamma_s^{n-1}\). When we compare Eqs. 17 and 19:

- 1.
When

*η*→1, \(\gamma_{\emph{v}} \rightarrow \gamma_s\); then, vMISO performs better than SISO when \(I_{\emph{v}} = nK_{\emph{v}} - K_s < 0\) as in Theorem 2. - 2.
When malicious nodes do not have the ability to compromise the keys of honest nodes (

*P*_{m}= 0), \(\gamma_{s}=\gamma_{\emph{v}}=1\) and*P*_{n}′ = 1, and the success probability with SISO and vMISO are the same as Eqs. 7 and 8 (when there are no malicious nodes in the network), respectively. Then, according to Theorem 1, vMISO is more efficient than SISO when \(I_{\emph{v}} = nK_{\emph{v}} - K_s < 0\). - 3.
When

*P*_{m}→*η*= 1 in SISO case,*γ*_{s}→*γ*; therefore, the success probability 17 approaches Eq. 10. Similarly, in the vMISO case, when*P*_{m}→*η*,*γ*_{v}→*γ*and*P*_{n}′ →*P*_{n}; therefore, Eq. 19 approaches Eq. 12. We recall that Eqs. 10 and 12 are valid when there is no trust mechanism in the presence of malicious nodes in the network. This is expected when*P*_{m}=*η*, because the trust mechanism cannot differentiate between malicious and honest nodes.

*η*and

*P*

_{m}when deployment based key predistribution is used to trust nodes with and without the presence of compromised nodes.

#### 3.4.2 Using random key pre-distribution

*η*≤ 1). Therefore, the success probability of SISO is affected by both key sharing probability of honest nodes,

*η*, and the fraction of compromised nodes,

*P*

_{m}. The success probability with SISO is given in Eq. 17 where the probability that an intermediate node in SISO range is honest is calculated from

*P*

_{n}′ and

*γ*

_{v}are calculated with given 0 ≤

*η*≤ 1, and the success probability is given in Eq. 19. Therefore, we can again use Eq. 20 for analysis:

- 1.
With random key pre-distribution schemes,

*γ*_{s}=*γ*_{v}. Assuming \(P_n^{\prime} \approx \gamma_s^{n-1}\), vMISO is more efficient if*I*_{v}=*nK*_{v}−*K*_{s}< 0. - 2.
With no compromised nodes

*P*_{m}= 0,*γ*_{s}=*γ*_{v}= 1 and*P*_{n}′ = 1. Then, following the same analogy as in the case with deployment based schemes, Theorem 2 is valid when random key pre-distribution schemes are employed. - 3.
When

*P*_{m}→*η*,*γ*_{s}→*γ*and*γ*_{v}→*γ*; therefore, the success probability (17) approaches Eq. 10, and Eq. 19 approaches Eq. 12. Therefore, Theorem 1 is valid when random key pre-distribution schemes are employed.

*η*and

*P*

_{m}when random key pre-distribution based scheme is used.

### 3.5 Partial packet dropping by malicious nodes

It is possible that malicious nodes do not *always* drop or corrupt the data packet transmission, but do so only with a probability 1 − *p*_{f} in order to avoid quick detection by honest nodes. We evaluate this scenario in this section.

*degree*of honest and malicious nodes from that in Section 3.3 as

*δ*

_{mf}=

*p*

_{f}

*δ*

_{m}is the fraction of malicious nodes that will correctly forward packets at a given time. The probability that an honest forwarding node is selected should now include the malicious nodes that will correctly forward packets.

*γ*the probability of a source choosing

*n*− 1 honest relay nodes in SISO range,

*P*

_{n}in Eq. 12 changes to:

*n*− 1 relays can come from the set of honest neighbors or malicious neighbors that will correctly forward packets.

Similarly, with the key pre-distribution schemes, we have to make the following modifications. In Eq. 17, we have to use \(\gamma_s = \frac{\delta_h^{\prime} + \delta_{mf}^{\prime}}{\delta_s^{\prime}}\) where *δ*_{s}′ = *δ*_{h}′ + *δ*_{m}′ as before but *δ*_{mf}′ = *P*_{m}*p*_{f}*δ*_{m} is the number of malicious nodes in the neighborhood that will correctly forward packets and also share a key with an honest node (i.e., they are compromised, yet do not wish to be detected). Equation 18 will have to be modified to account for such nodes as well when a vMISO transmission takes place and this modification is similar to that in Eq. 21 since the relays can now be picked from two different sets. Thus in Eq. 19, we have to use both the modified *γ*_{s} and the modified *P*_{n}′. Finally, the modified *γ*_{s} has to be employed with random key pre-distribution as well.

## 4 Numerical results

### 4.1 Success probability without malicious nodes

*n*and

*K*

_{s}when

*β*= 3 and \(p_{out}=10^{-3}\). While increasing

*K*

_{s},

*d*

_{s}is kept the same; therefore, increasing

*K*

_{s}also means increasing the source-destination distance

*D*and the number of vMISO hops

*K*

_{v}. We observe that \(P_{suc}^{vMISO}\) is sometimes flat for several SISO hops. This is because the same number of cooperating nodes suffice for covering a few SISO hops. We also see that a smaller number

*n*of cooperating nodes is better when

*D*is small enough to be covered by a smaller number of SISO hops. However, a larger number of cooperating nodes may outperform SISO when the number of SISO hops is large (larger

*D*). A similar behavior is observed also in Figs. 8 and 9, where success probabilities with SISO and vMISO are shown for different values of

*β*and

*p*

_{out}. This behavior was previously explained in Theorem 1. From these figures, the success probabilities for vMISO are reduced with higher

*p*

_{out}and

*β*. We also observe a reduction in the number of cooperating nodes for vMISO to be more efficient than SISO with larger

*β*although

*p*

_{out}is kept the same.

### 4.2 Success probability with malicious nodes

*K*

_{s}and

*n*using Eqs. 13 and 14. We have picked \(p_{out} = 1- \gamma = 10^{-3}\), and used

*β*= 3 which provides moderate distance gains with cooperative transmissions. Also, a high number of honest node degree is assumed

*δ*

_{h}= 200 > > 1 for approximating \(P_n \approx \gamma^{n-1}\). When compared to Fig. 7, SISO and vMISO success probabilities decreased approximately by a factor of \(\gamma^{K_s-1}\) and \(\gamma^{nK_v-1}\), respectively. We emphasize that since

*p*

_{out}and

*β*are the same for both cases, the relation between performance comparison are the same for both cases,

*I*

_{v}=

*nK*

_{v}−

*K*

_{s}> 0 for

*n*and

*K*

_{s}for higher vMISO success probability.

*P*

_{suc}with SISO and vMISO are given for

*β*= 3,

*γ*= 1 −

*p*

_{out}= 0.999. We pick the distance between the source and the destination nodes as

*K*

_{s}= 30 hops to create a scenario to compare the results with

*δ*

_{h}= 200 and

*δ*

_{h}= 50. We observe that the approximation \(P_n \approx \gamma^{n-1}\) provides a success probability which is very close to its actual value. Another observation is that with larger

*p*

_{out}, the number of cooperating nodes must be small

*n*< 5 for vMISO to be better.

### 4.3 Success probability with key pre-distribution schemes

*p*

_{out}= 1 −

*γ*= 0.001. We picked

*P*

_{m}= 0.2, and

*η*= 0.5 for

*d*>

*d*

_{s}in the calculation of

*P*

_{suc}with vMISO. The observation is similar to the one seen in Fig. 10. In Fig. 13, we plot

*P*

_{suc}with different

*η*and

*P*

_{m}values when

*K*

_{s}= 30 hops and

*δ*

_{h}= 50. When

*η*= 0.5 and

*P*

_{m}= 0.5, an honest node cannot communicate with half of the nodes that reside in its transmission range, and it considers half of the malicious nodes in the neighborhood as honest nodes. Therefore, this case has a lower success probability compared to those achieved with

*η*= 0.5 and

*P*

_{m}= 0.2 and

*η*= 0.9 and

*P*

_{m}= 0.2.

*η*= 0.5 and

*P*

_{m}= 0.5, the success probabilities are lower than those with deployment based scheme due to the reduction in “presumably honest node degree” in SISO range with random key pre-distribution. The highest success probabilities for given parameters are achieved when

*η*= 0.9 and

*P*

_{m}= 0.2 as expected. We also see that the best number of cooperating nodes is

*n*= 4 for the scenario considered in Figs. 13 and 14. When

*n*= 4,

*G*

_{n}(

*p*

_{out},

*β*) = 7.5381 and

*I*

_{v}=

*nK*

_{v}−

*K*

_{s}= − 14 < 0.

### 4.4 Success probabilities with partial packet dropping

*p*

_{out}= 0.001 and Fig. 16 with

*p*

_{out}= 0.01. Clearly, as

*p*

_{f}increases, the success rate also increases with both SISO. However, with vMISO, an increase in

*p*

_{f}does not significantly change the success probabilities. Moreover, the observations are similar when

*p*

_{out}changes from 0.001 to 0.01, although the overall success probabilities are lower as expected. Any improvement in the success probabilities with vMISO occurs only when the number of cooperating nodes is small. This is because it takes only one malicious cooperating node to disrupt the successful delivery of a packet over the link (and this is quite likely even with malicious nodes correctly forwarding packets some of the time) as the number of cooperating nodes increases. In the case of SISO transmissions, only one node is used on every link and so there is some improvement in the probability of successfully delivering the packet. We also computed results with

*δ*

_{h}= 200 and there were no significant differences.

## 5 Conclusions

Cooperative transmissions exploit a fundamental feature of the wireless medium: the ability to achieve diversity through independent channels created between the multiple transmitters and the receiver, because these channels are likely to fade independently. With more relay nodes, a higher order of diversity can be achieved improving the BER and/or transmission range. However, at the same time, cooperative transmissions suffer from drawbacks from a security point of view due to the involvement of additional parties to the communication. In this paper, we evaluate the tradeoffs between using cooperative transmissions or not for reliable transmission of packets in sensor networks with a mix of honest and malicious nodes. We showed that when the number of honest nodes in the neighborhood of a node is much higher than the number of cooperating nodes (*n*), at high outage probability, vMISO with small *n* outperforms SISO in terms of successful transmission probability. We also derived a general condition (under simplifying approximations) for all cases where vMISO outperforms SISO.

As mentioned in the paper, we do not explicitly account for protocol effects in this paper which may change some of the conclusions as to when vMISO outperforms SISO. Accounting for protocol effects and comparing the analytical results with protocol effects with simulations is part of our future work.

## Acknowledgement

This work was funded in part by the Army Research Office MURI grant W911NF-07-1-0318.