In this section, we evaluate the performance of the 3TCA architecture and determine whether the obtained results may be generalized.
6.1 Mathematical representations
Let SS _{
j
} and D_{
j
} be two communicating SSs belonging to the MRS network. Let SS _{
j
} be managed by a mobile RS _{
m
} and D_{
j
} managed by RS{}_{{D}_{j}}. Let MRBS(RS _{
m
}) be the MRBS managing RS _{
m
} and MRBS(RS{}_{{D}_{j}}) be the MRBS managing RS{}_{{D}_{j}}. We define HO_{
d
} as the delay required by RS _{
m
} to perform the handoff process. This delay includes the delay required by the managed SSs to reestimate the QoS available on the edge links between them and the mobile RS _{
m
} in its new position. Let Ad_{i,j} be the agreed delay for flow i of the managed SS _{
j
}. Therefore, Ad_{i,j} = Min [Ad1_{i,j}, Ad2_{i,j}], where Ad1_{i,j} is the agreed delay for flow i of the managed SS j before handoff and Ad2_{i,j} is the agreed delay for the flow i of the managed SS j after the handoff and the QoS reestimation. Let R be the set of the available routes between MRBS(RS _{
m
}) and RS{}_{{D}_{j}}. The following cases are considered.

If HO_{
d
} < Ad_{i,j}, MRBS(RS _{
m
}) needs to find r ∈ R that fulfills the updated delay value Ad_{i,j} = Ad_{i,j}  HO_{
d
} based on the QoS information exchanged with the other MRBSs and collected on the backbone. After that, the MRBS(RS _{
m
}) will perform a CAC on the chosen route. Let del_{i,j} be the delay required by MRBS(RS _{
m
}) to perform the CAC on the selected route r. This procedure is the first delay compensation attempt.

If HO_{
d
} < Ad_{i,j} and \nexists r\phantom{\rule{0.3em}{0ex}}\text{fulfilling}\phantom{\rule{0.3em}{0ex}}{\text{Ad}}_{i,j}={\text{Ad}}_{i,j}{\text{HO}}_{d}, we perform a second delay compensation attempt while adopting either a linear approach or an exponential approach.

If the linear approach is adopted, choose y∈ℵ and n∈ ℵ and then launch n parallel CAC procedures on n routes in order to satisfy the condition (Ad_{i,j}  (HO_{
d
} + del_{i,j}  k y)) > 0; k ∈ [1,n]. Then select the route that satisfies Min[Ad_{i,j}  (HO_{
d
} + del_{i,j}  k y)] as the route on which the flow will be transmitted.

If the exponential approach is adopted, choose y ∈ ℵ and n ∈ ℵ, where n = 2^{k} and then launch k + 1 parallel CAC procedures on k + 1 routes in order to satisfy the condition (Ad_{i,j}  (HO_{
d
} + del_{i,j}  2^{h}y)) > 0; h ∈ [0,k]. Then select the route that satisfies Min[Ad_{i,j}  (HO_{
d
} + del_{i,j}  2^{h}y)] as the route on which the flow will be transmitted.
Note that the HO_{
d
} may be replaced by Intrusion_{
d
} which is the delay induced by an intrusion in case of QoS compensation under intrusions.
Now, let n b r_{
s
s
} be the number of SSs managed by the mobile RS RS _{
m
}. The HO_{
d
} value (i.e., that encompasses the delays of handoff and QoS reestimation) according to the number of managed SSs can be given by the formula:
{\text{HO}}_{d}=\alpha +\text{exp}\left(\mathit{\text{nb}}{r}_{\mathit{\text{SS}}}\right),
(1)
where α is the mean delay of a hard IEEE 802.16j handoff.
Let n b r H o p s B S be the number of intermediate hops from the RS _{
m
} til MRBS(RS _{
m
}). Let n b r H o p s B S D e s t_{
r
} be the number of hops from MRBS(RS _{
m
}) til RS{}_{{D}_{j}} on the route r where r ∈ R. We define the delay of transmitting the DSAREQ or DSCREQ message from the RS _{
m
} to MRBS(RS _{
m
}) as d_{REQBS}. Meanwhile, we define the delay of transmitting the corresponding DSARSP or DSCRSP from the MRBS(RS _{
m
}) til the RS _{
m
} as d_{RSPBS}. Besides, we define the delay of transmitting the DSAREQ or DSCREQ message on the intermediate nodes from MRBS(RS _{
m
}) to the destination RS{}_{{D}_{j}} on a particular route r as (d_{REQ inter})_{
r
} and we define (d_{RSPinter})_{
r
} as the delay of transmitting the corresponding DSARSP or DSCRSP message from RS{}_{{D}_{j}} to MRBS(RS _{
m
}) on the intermediate nodes of a particular route r; r ∈ R. These delays on a particular route r are given by the following formulae:
\begin{array}{ll}{d}_{\text{REQB}}& =\sum _{l=0}^{\mathit{\text{nbrHopsBS}}}{\left({\text{dtrans}}_{\text{REQ}}\right)}_{l}\phantom{\rule{2em}{0ex}}\end{array}
(2)
\begin{array}{ll}{d}_{\text{RSPBS}}& =\sum _{l=0}^{\mathit{\text{nbrHopsBS}}}{\left({\text{dtrans}}_{\text{RSP}}\right)}_{l}\phantom{\rule{2em}{0ex}}\end{array}
(3)
\begin{array}{ll}{\left({d}_{\text{REQinter}}\right)}_{r}& =\sum _{l=0}^{\mathit{\text{nbrHopsBSDes}}{t}_{r}}{\left({\text{dtrans}}_{\text{REQ}}\right)}_{l},\phantom{\rule{2em}{0ex}}\end{array}
(4)
where (dtrans_{REQ})_{
l
} is the delay required for transmitting a DSAREQ or DSCREQ message on the wireless link l and (dtrans_{RSP})_{
l
} is the delay required for transmitting a DSARSP or a DSCRSP message on the wireless link l.
As MRBS(RS _{
m
}) knows the periodically updated values of the QoS offered by the routes belonging to R, it may select the most appropriate route r_{selected}∈R that offers the required QoS after handover. We define the delay del_{i,j} required to process a first delay compensation as the delay of transmitting the DSAREQs or DSCREQs on the selected route r_{selected}
then receiving the corresponding DSARSP or DSCRSPs on the same route:
\phantom{\rule{15.0pt}{0ex}}\begin{array}{l}{\text{del}}_{i,j}={d}_{\text{REQBS}}+{\left({d}_{\text{REQinter}}\right)}_{{r}_{\text{selected}}}+{\left({d}_{\text{RSPinter}}\right)}_{{r}_{\text{selected}}}\\ \phantom{\rule{3em}{0ex}}\phantom{\rule{.8em}{0ex}}+{d}_{\text{RSPBS}}\end{array}
(5)
If HO_{
d
} < Ad_{i,j} but the first delay compensation attempt is fruitless (i.e., for example due to an update of the QoS values offered by the routes), a second delay compensation will be performed. Let (del2lin_{i,j})_{
n
} be the delay required to perform the second delay compensation on n selected routes with updated QoS values while adopting the linear approach. Moreover, let R=\left\{{r}_{\text{selected}}\right\}\u2323{\left(R{2}_{\text{sel}}\right)}_{n}\u2323{\left(\overline{R{2}_{\text{sel}}}\right)}_{n} where (R 2_{sel})_{
n
} is the set of the most appropriate n routes on which a new CAC procedure will be processed and {\left(\overline{R{2}_{\text{sel}}}\right)}_{n} is the set of the remaining routes. (del2lin_{i,j})_{
n
} is given by the following formula:
\phantom{\rule{15.0pt}{0ex}}\begin{array}{l}{\left(\text{del}2{\text{lin}}_{i,j}\right)}_{n}={\text{del}}_{i,j}+n\ast {d}_{\text{REQBS}}+{d}_{\text{RSPBS}}\\ \phantom{\rule{3.75em}{0ex}}\phantom{\rule{3.75em}{0ex}}+\sum _{r\in {\left(R{2}_{\text{sel}}\right)}_{n}}\left[{\left({d}_{\text{REQinter}}\right)}_{r}+{\left({d}_{\text{RSPinter}}\right)}_{r}\right]\phantom{\rule{0.5em}{0ex}},\end{array}
(6)
note that, after processing the CAC on the n selected routes, the MRBS(RS _{
m
}) will send a unique DSARSP or a DSCRSP indicating the route offering the minimum delay on which the flow will be transmitted.
Let (del2exp_{i,j})_{
k
} be the delay required to perform the second delay compensation while adopting the exponential approach. Let us remember that n = 2^{k}. In this case, a new CAC procedure is processed on the most appropriate k + 1 routes. Meanwhile, let R=\left\{{r}_{\text{selected}}\right\}\u2323{\left(R{2}_{\text{sel}}\right)}_{k}\u2323{\left(\overline{R{2}_{\text{sel}}}\right)}_{k} where (R 2_{sel})_{
k
} is the set of the most appropriate k + 1 routes on which the CAC procedure will be processed and {\left(\overline{R{2}_{\text{sel}}}\right)}_{k} is the set of the remaining routes. (del2exp_{i,j})_{
k
} is given by the following formula:
\begin{array}{l}{\left(\text{del}2{\text{exp}}_{i,j}\right)}_{k}={\text{del}}_{i,j}+(k+1)\ast {d}_{\text{REQ  BS}}+{d}_{\text{RSPBS}}\\ \phantom{\rule{3.75em}{0ex}}\phantom{\rule{4em}{0ex}}+\sum _{\begin{array}{l}r\in {\left(R{2}_{\text{sel}}\right)}_{k}\end{array}}[{\left({d}_{\text{REQinter}}\right)}_{r}+{\left({d}_{\text{RSPinter}}\right)}_{r}]\phantom{\rule{0.5em}{0ex}},\end{array}
(7)
note that, after processing the CAC on the k + 1 selected routes, the MRBS(RS _{
m
}) will send a unique DSARSP or a DSCRSP indicating the route offering the minimum delay on which the flow will be transmitted.
If HO_{
d
} > Ad_{i,j} and we adopt the linear approach to compensate the handover delay, (dellin_{i,j})_{
n
} will be the delay of such a compensation. In this case, the CAC procedure is straightforward processed on the most appropriate n routes that may fulfill the QoS requirements. Let R={\left(R{1}_{\text{sel}}\right)}_{n}\u2323{\left(\overline{R{1}_{\text{sel}}}\right)}_{n} where (R 1_{sel})_{
n
} is the set of the most appropriate n routes on which the CAC procedure will be processed and {\left(\overline{R{1}_{\text{sel}}}\right)}_{n} is the set of the remaining routes. (dellin_{i,j})_{
n
} is given by the following formula:
\phantom{\rule{15.0pt}{0ex}}\begin{array}{l}{\left({\text{dellin}}_{i,j}\right)}_{n}=n\ast {d}_{\text{REQBS}}+{d}_{\text{RSPBS}}\\ \phantom{\rule{3.7em}{0ex}}\phantom{\rule{3em}{0ex}}+\sum _{\begin{array}{l}r\in {\left(R{1}_{\text{sel}}\right)}_{n}\end{array}}[{\left({d}_{\text{REQinter}}\right)}_{r}+{\left({d}_{\text{RSPinter}}\right)}_{r}]\phantom{\rule{0.5em}{0ex}},\end{array}
(8)
note that, after processing the CAC on the n selected routes, the MRBS(RS _{
m
}) will send a unique DSARSP or a DSCRSP indicating the route offering the minimum delay on which the flow will be transmitted.
Lastly, if HO_{
d
} > Ad_{i,j} and we straightway adopt the exponential approach to compensate the handover delay, a CAC procedure will be processed on the most appropriate k + 1 routes. Let us remember that n = 2^{k}. Let R={\left(R{1}_{\text{sel}}\right)}_{k}\u2323{\left(\overline{R{1}_{\text{sel}}}\right)}_{k} where (R 1_{sel})_{
k
} is the set of the most appropriate k + 1 routes on which the CAC procedure will be processed and {\left(\overline{R{1}_{\text{sel}}}\right)}_{k} is the set of the remaining routes. (delexp_{i,j})_{
k
} will be the delay of such compensation, it is given by the following formula:
\phantom{\rule{15.0pt}{0ex}}\begin{array}{l}{\left({\text{delexp}}_{i,j}\right)}_{k}=(k+1)\ast {d}_{\text{REQBS}}+{d}_{\text{RSPBS}}\\ \phantom{\rule{3.5em}{0ex}}\phantom{\rule{3.5em}{0ex}}+\sum _{r\in {\left(R{1}_{\text{sel}}\right)}_{k}}[{\left({d}_{\text{REQinter}}\right)}_{r}+{\left({d}_{\text{RSPinter}}\right)}_{r}]\phantom{\rule{0.5em}{0ex}},\end{array}
(9)
note that, after processing the CAC on the k + 1 selected routes, the MRBS(RS _{
m
}) will send a unique DSARSP or a DSCRSP indicating the route offering the minimum delay on which the flow will be transmitted.
Note that when (R 2_{
s
e
l
})_{
n
} = (R 1_{
s
e
l
})_{
n
}, (del2lin_{i,j})_{
n
} will be obviously superior than (dellin_{i,j})_{
n
} by del_{i,j}. Similarly, when (R 2_{
s
e
l
})_{
k
} = (R 1_{
s
e
l
})_{
k
}, (del2exp_{i,j})_{
k
} will be obviously superior than {\left({\text{delexp}}_{{}_{i,j}}\right)}_{k} by del_{i,j}.
6.2 Simulation model
In order to estimate the performance of the 3TCA architecture for QoS routing and intrusion tolerance provision within the multihop relay network, we adopt the network shown in Figure 5. The network encompasses mobile NLoS RSs such as the RS12, fixed LoS RSs such as RS11 and RS13 and a set of MRBSs interconnected with a wireless backbone. The mobile RS12 hands over and enters into the coverage area of RS11. RS12 manages two SSs which are SS11 and SS12. Each SS has a unique flow to be transmitted. The fixed and mobile RSs along with the MRBSs host trusted 3TCACs.
We propose to perform four simulations. To that aim, we wrote the code implementing the 3TCA features and then we fixed simulation scenarios and we computed the execution cost of the scenarios implementation. The first considered scenario consists of a mobile RS that moves with its two managed SSs. The other scenarios consider legitimate and malicious RSs performing QoS reestimation. First, we only detect the attack, and then we detect the attack and we tolerate it through processing QoS compensation. This will be further detailed when we describe each simulation context.
The goal of the first simulation is to evaluate the connection establishment delay when QoS compensation is processed after handover. The second simulation intends to determine the overhead induced by the QoS compensation process after handover. In both simulations, we consider the scenario when RS12 hands over to enter into the coverage area of RS11. In the third simulation, we propose to estimate the processing delay when our network is under attack and we evaluate the cost of guaranteeing intrusiontolerance and of performing QoS compensation after being the victim of an intrusion. Finally, the last simulation aims at determining the overhead caused by the QoS compensation in case of intrusion. Note that for the described simulations, we assume that the delay is proportional to the number of executed operations.
6.3 Evaluating the performance of the 3TCA’s protocols
The first curve shown in Figure 6 estimates the number of operations executed when the RS12 moves with its managed SSs. The first attempt reflects the situation when the handover delay is smaller than the already agreed delay and when the handover compensation is successful from the first time. Therefore, the delay required to process the first attempt includes the delay described by Equation (6) along with the delay required to process the QoS reestimation between the managed SSs and the handing over RS after handover. The second attempt reflects the situation when the handover delay is superior to the already agreed delay so that a linear approach is adopted. Therefore, the second attempt includes the delay described by the Equation (9) and the delay of QoS reestimation. The third attempt reflects the situation when the handover delay is smaller than the already agreed delay and when the handover compensation is not successful from the first time so that a linear approach is adopted. Therefore, the third attempt includes the delay described by the Equation (7) along with the delay of QoS reestimation. The simulated case assumes that for the two times where the linear approach has been adopted, (R 2_{sel})_{
n
} = (R 1_{sel})_{
n
}. Note that three points of the abscissa axis reflect the three main scenarios of the handover’s impact compensation.
The experimental results confirm the theoretical results. More precisely, when the handover delay is smaller than the already agreed delay and the first compensation attempt is successful from the first time (i.e., the first point in the abscissa axis), only a CAC on a chosen route is performed and that route is able to provide the updated values of QoS. The delay of performing that successful first CAC is del_{i,j}. Moreover, when the handover delay is larger than the already agreed delay (i.e., the second point in the abscissa axis), only a first compensation attempt is performed. In this case, the CAC is processed on n routes and the resulting delay is (dellin_{i,j})_{
n
}. Note that (dellin_{i,j})_{
n
} is superior than del_{i,j} because we perform the CAC on n routes and not only on one chosen route. However, when the handover delay is smaller than the already agreed delay and the first compensation attempt is fruitless, we perform a second compensation attempt (i.e., the third point in the abscissa axis). As we simulate the case where (R 2_{sel})_{
n
} = (R 1_{sel})_{
n
}, (del2lin_{i,j})_{
n
} will be superior than (dellin_{i,j})_{
n
} because it includes del_{i,j}.
We may conclude that adopting the compensation induces some delay when it is not successful from the first time. Note that the delay caused by an unsuccessful compensation for the first time is taken into consideration when trying the compensation for the second time.
The second curve shown in Figure 7 estimates the number of the signalling messages exchanged when the RS12 hands over with its managed SSs. The same simulation scenario of the estimation of the connection establishment delay with handover compensation is adopted. Note that the number of exchanged messages increases especially when the compensation is not successful from the first time, which is an expected behavior.
In order to evaluate the performance of the 3TCA architecture with respect to intrusion tolerance, we consider various situations in which some RSs become malicious during the periodic QoS estimation on the backbone. More precisely, we increase the number of malicious nodes and we observe the delay and overhead induced by detecting and tolerating the intrusions. The first point of the abscissa axis shown by Figures 8 and 9 reflects the situation when the QoS reestimation procedure is normally processed (i.e., without facing any intrusions). The second point of the abscissa axis reflects the situation when the QoS reestimation faces an intrusion at the RS23 level but the threshold value of the p r o b a b l ym a l i c i o u sR S variable is not yet reached. In this case, only the value of that variable is incremented without affecting the normal QoS reestimation procedure. The third point of the abscissa axis reflects the situation when the QoS reestimation faces an intrusion at both RS23 and RS31 levels. In this case, the intrusions are detected but the 3TCACs do not react because the p r o b a b l ym a l i c i o u sR S threshold is not yet reached. Lastly, the fourth point of the abscissa axis reflects the situation when RS23, RS31, and RS15 are malicious and a compensation procedure is processed for RS15 while the intrusions of RS23 and RS31 are only detected. The 3TCACs do not react because the p r o b a b l ym a l i c i o u sR S threshold is not yet reached for both RS23 and RS 31. However, the delay estimated by RS14 is superior to the threshold and the threshold value of the p r o b a b l ym a l i c i o u sR S variable is reached. In that case, RS14 sends the p r o b a b l ym a l i c i o u sR SA l e r t to the MRBS1 which reacts by attempting an intrusion compensation on the link RS 13→ MRBS1. Note that the four points of the abscissa axis are particularly chosen to reflect the main intrusion tolerance behavior in case of attacks.
As shown by Figure 8, the processing delay increases in case of intrusion. Moreover, the more the number of malicious RSs increases, the more the intrusion tolerance processing delay augments. The delay of the compensation attempt is important as the MRBS needs to ask the involved RSs of the compensation links in order to decide whether the compensation is possible.
Let us now further evaluate the performance of our proposed architecture regarding intrusiontolerance. To achieve this, we propose to compare the simulation results obtained within the MMR networks context to those of an intrusion tolerant routing protocol within the mesh context. Such a routing protocol, called MERQIT, has been presented in [9]. We think that such a comparison is appropriate for two reasons. On one hand, both protocols address the combination of the intrusion tolerance property and the QoS provision within the context of mobile wireless networks. On the other hand, the MERQIT protocol relies on clusterheads in providing connection to Non Line of Sight mobile subscribers. Indeed, the clusterheads considered by MERQIT may be compared to the relays considered by the MMR networks; the main difference between them is that the relays are managed by the network operator while the clusterheads are not.
We note that the simulation results obtained for the 3TCA architecture in case of intrusion confirm the results describing the MERQIT protocol behavior in case of intrusions. Particularly, Figure 8 shows the processing delay according to the number of malicious nodes within a mesh network. We notice that the processing delay does not highly increase when a malicious clusterhead is only detected without being isolated, but that the same delay becomes very important when the number of malicious access nodes increases (i.e., for example when a router presents malicious entities and should broadcast its status to its neighbors or when a clusterhead should be completely isolated) [9].
Nevertheless, we notice that MERQIT achieves better delays in the case of intrusions. First, because the simulated case of MERQIT is limited to QoS provision in terms of delays and does not consider QoS provision in terms of jitter, and second, because the MERQIT protocol isolates the malicious clusterheads or routers and asks the neighboring access nodes to take over if the QoS can be met. For example, since the same MN is managed by two clusterheads and if the managing router discovers that the first clusterhead is malicious, it will ask the second clusterhead to take over. In this case, minor treatments are processed as the second clusterhead has already all the information required to fulfill the failover. The 3TCA architecture rather processes QoS compensation by negotiating updated QoS values with candidate RSs of chosen links in order to accelerate the flows affected by the intrusion. Figure 8 also shows that adopting the isolation principle of the MERQIT protocol within the MMR networks is not appropriate. More precisely, when the probably malicious RS15 and RS14 are isolated, the whole branch of the tree rooted at RS14 becomes isolated. Consequently, the managed SS13 and SS14 are isolated and need to be rescued. In order to minimize the isolation impact, MRBS1 needs to ask the neighboring MRBS2 whether it is managing an RS that is in LoS with the isolated SSs and whether that candidate rescuing RS belongs to a path that fulfills the SSs’ QoS requirements. If it is the case, the isolated SSs will handover in order to attach to the rescuing RS and then they will process an edge QoS estimation with their new managing access node. This costly procedure in terms of processing delay may fail especially when the number of isolated SSs is important. For these reasons, we argue that adopting compensation in case of intrusion is more suited to the MMR context.
Now let us estimate the overhead when tolerating intrusions for our proposed scheme relative to MMR networks and let us adopt the same simulation scenario considering the processing delay with intrusion tolerance. As shown in Figure 9, the number of exchanged messages is the same when the normal QoS reestimation is processed and when the intrusion affecting one RS is detected but not tolerated. That number increases when the number of malicious RSs increases and when the MRBS1 tries to compensate the intrusion.
The overhead estimation results obtained in the MMR context confirm those obtained for MERQIT. In fact, we notice that the number of exchanged messages does not highly vary when a clusterhead is detected as malicious without being isolated. However, the overhead increases when the number of malicious access nodes increases. For example, the overhead augments when a router on the backbone should broadcast its status or when a manager should be isolated, [9]. Note that the number of exchanged messages in the context of MMR networks is superior to that number in the context of mesh networks mainly because we have implemented the jitter estimation within MMR networks. In fact, as stated in Section 2.3, the jitter estimation over a wireless link requires the exchange of at least 9 packets; thus, increasing the overhead of both QoS estimation and QoS compensation. Note that adopting isolation instead of compensation in case of intrusion within MMR networks induces an important overhead that increases exponentially with the number of managed SSs. This overhead results from the CAC processed by each neighboring MRBS and its managed RSs along with the overhead caused by processing the handover operation and implementing the edge QoS reestimation with the rescued SSs.
The simulations adopted in this article estimate the complexity of the 3TCA architecture in terms of processing delay and induced overhead. We may conclude that the obtained results are expected since one observes an increase of complexity and overhead when compensation is processed. This increase is the normal cost of an advanced management of QoS that adopts several attempts of compensation in case of handover and attacks in order to preserve the initial level of QoS or come close to that level. The simulation results obtained when adopting the predescribed simulation model may be generalized since we simulated the main scenarios of handover’s impact compensation and of intrusion tolerance behaviors.