Revocation Games in Ephemeral Networks Maxim Raya, Mohammad Hossein Manshaei, Márk Félegyházi,...

Tags:

Preview:

Click to see full reader

Citation preview

Revocation Games inEphemeral Networks

Maxim Raya, Mohammad Hossein Manshaei, Márk Félegyházi, Jean-Pierre Hubaux

CCS 2008

Misbehavior in Ad Hoc Networks

• Packet forwarding• Routing

AM

B

• Large scale• High mobility• Data dissemination

2

Traditional ad hoc networks Ephemeral networks

Reputation systems ? Solution to misbehavior:

Reputation vs. Local Revocation

• Reputation systems:– Often coupled with routing/forwarding– Require long-term monitoring– Keep the misbehaving nodes in the system

• Local Revocation– Fast and clear-cut reaction to misbehavior– Reported to the credential issuer– Can be repudiated

3

Tools of the Revocation Trade

• Wait for:– Credential expiration– Central revocation

• Vote with:– Fixed number of votes– Fixed fraction of nodes (e.g., majority)

• Suicide:– Both the accusing and accused nodes are revoked

Which tool to use?4

How much does it cost?

• Nodes are selfish• Revocation costs• Attacks cause damage

How to avoid the free rider problem?

Game theory can help:models situations where the decisions of players affect each other

5

Example: VANET

• CA pre-establishes credentials offline

• Each node has multiple changing pseudonyms

• Pseudonyms are costly

• Fraction of detectors =

6

dp

Revocation Game

• Key principle: Revoke only costly attackers• Strategies:– Abstain (A)– Vote (V): votes are needed– Self-sacrifice (S)

• benign nodes, including detectors• attackers• Dynamic (sequential) game

n

dp NN

M

7

Game with fixed costs1

3

2

A V

VS

S

A

3

2

VSA

3

VSAVSAVSA

( , , )c c c (0,0, 1)

( , , )c c v c

(0, 1,0)

( , , )c v c c (0, , 1)v

(0, , )v v

( 1,0,0)

( , 1,0)v ( , ,0)v v

( ,0, )v v

( ,0, 1)v ( , , )v c c c

Cost of abstaining

Cost of self-sacrifice

Cost of voting

All costs are in keys/message 8

A: AbstainS: Self-sacrificeV: Vote

Assumptions: c > 1

1

3

2

A V

VS

S

A

3

2

VSA

3

VSAVSAVSA

( , , )c c c (0,0, 1)

( , , )c c v c

(0, 1,0)

( , , )c v c c (0, , 1)v

(0, , )v v

( 1,0,0)

( , 1,0)v ( , ,0)v v

( ,0, )v v

( ,0, 1)v ( , , )v c c c

Equilibrium

Game with fixed costs: Example 1

9

Back

war

d in

ducti

on

Assumptions: v < c < 1, n = 2

1

3

2

A V

VS

S

A

3

2

VSA

3

VSAVSAVSA

( , , )c c c (0,0, 1)

( , , )c c v c

(0, 1,0)

( , , )c v c c (0, , 1)v

(0, , )v v

( 1,0,0)

( , 1,0)v ( , ,0)v v

( ,0, )v v

( ,0, 1)v ( , , )v c c c

Equilibrium

Game with fixed costs: Example 2

10

Theorem 1: For any given values of ni, nr, v, and c, the strategy of player i that results in a subgame-perfect equilibrium is:

Theorem 1: For any given values of ni, nr, v, and c, the strategy of player i that results in a subgame-perfect equilibrium is:

ni = Number of remaining nodes that can participate in the game

nr = Number of remaining votes that is required to revoke

Game with fixed costs: Equilibrium

Revocation is left to the end, doesn’t work in practice11

Game with variable costs

S

( 1,0,0)

1

2

A V

V

3

2

SA

S

2 2 2( , , 1 )c c c

1 1 1( , 1 , )c c c 1 1 1( , , )v c v c c

, lim , j jj

c j c v

12Number of stages Attack damage

Theorem 2: For any given values of ni, nr, v, and δ, the strategy of player i that results in a subgame-perfect equilibrium is:

Theorem 2: For any given values of ni, nr, v, and δ, the strategy of player i that results in a subgame-perfect equilibrium is:

Game with variable costs: Equilibrium

Revocation has to be quick

13

Optimal number of voters

• Minimize: MC n

n

Duration of attack Abuse by attackers

14

Optimal number of voters

• Minimize: MC n

n

min{ , }opt a dn p p N M

Fraction of active players

Duration of attack Abuse by attackers

15

RevoGame

Estimation of parameters

Choice of strategy

16

Evaluation

• TraNS, ns2, Google Earth, Manhattan

• 303 vehicles, average speed = 50 km/h

• Fraction of detectors • Damage/stage • Cost of voting• False positives• 50 runs, 95 % confidence

intervals

0.8dp

410fpp

0.1 0.02v

17

Revoked attackers

18

Revoked benign nodes

19

Social cost

20

Maximum time to revocation

21

Global effect of local revocations

22

How many benign nodes ignore an attacker?

False positives and abuse

23

How many benign nodes ignore a benign node?

Conclusion

• Local revocation is a viable mechanism for handling misbehavior in ephemeral networks

• The choice of revocation strategies should depend on their costs

• RevoGame achieves the elusive tradeoff between different strategies

24

Recommended

ISPs and Ad Networks Against Botnet Ad Fraud Nevena Vratonjic, Mohammad Hossein Manshaei, Maxim Raya and Jean-Pierre Hubaux 1 November 2010, GameSec’10
Documents
Recent developments at the Hungarian Meteorological ServiceEGOWS 2008 Recent Developments at OMSZ HAWK-3 Márk Rajnai, Miklós Vörös
Documents
GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications
Documents
Architectural Design Patterns for Language Parsersuni-obuda.hu/journal/Kovesdan_Asztalos_Lengyel_51.pdfArchitectural Design Patterns for Language Parsers Gábor Kövesdán, Márk Asztalos
Documents
Mohammad Hossein Manshaei manshaei@gmail.com · PDF fileSDMA TDMA FDMA CDMA Fixed Aloha Reservations DAMA Multiple Access with Collision Avoidance PollingCSMA Pure Slotted Non-persistent
Documents
1 Cooperation in Multi-Domain Sensor Networks Márk Félegyházi Levente Buttyán Jean-Pierre Hubaux {mark.felegyhazi, jean-pierre.hubaux}@epfl.ch EPFL, Switzerland
Documents
Mohammad Hossein Manshaei manshaei@gmail.com 1394€¦ · – What really makes this game a sequential move game? – It is not the fact that player 2 chooses after player 1, so time
Documents
Self-Management through Self-Organization · Self-Management through Self-Organization Márk Jelasity and Ozalp Babaoglu, Università di Bologna ... Guy Theraulaz, Jacques Gautrais,
Documents
Non-Cooperative Behavior in Wireless Networks Márk Félegyházi (EPFL) May 2007
Documents
Introducing the CrySyS Lab Félegyházi Márk Laboratory of Cryptography and System Security (CrySyS Lab) Budapest University of Technology and Economics
Documents
Márk Jukics IMPACT OF THE INTERNET ON GLOBALIZATION
Documents
Mohammad Hossein Manshaei manshaei@gmail.com 1393 · • OFDM / 6,12,18,24,36,48,54Mbps / BPSK,QPSK,16-QAM, ... • Two different preamble and header formats ... – End of frame
Documents
Project funded by the Future and Emerging Technologies arm of the IST Programme Self-Managing Systems: a bird’s eye view Márk Jelasity
Documents
Mohammad Hossein Manshaei manshaei@gmail.com 1393 · – Failure: continue scanning • AP accepts Reassociation Request – Signal the new station to the distribution system –
Documents
Mohammad Hossein Manshaei manshaei@gmail.com · PDF file– Indirect TCP – Snooping TCP – Mobile TCP – Fast Retransmit/Fast Recovery – Transmission/Time-out Freezing – Selective
Documents
1 Game theory and security Jean-Pierre Hubaux EPFL With contributions (notably) from M. Felegyhazi, J. Freudiger, H. Manshaei, D. Parkes, and M. Raya
Documents
Allerton 2011 September 28 Mathias Humbert, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux EPFL - Laboratory for Communications and Applications (LCA1)
Documents
Non-Cooperative Multi-Radio Channel Allocation in Wireless Networks Márk Félegyházi*, Mario Čagalj†, Shirin Saeedi Bidokhti*, Jean-Pierre Hubaux* * Ecole
Documents
Downlink Channel Assignment and Power Control in Cognitive Radio Networks Using Game Theory Ghazale Hosseinabadi Tutor: Hossein Manshaei January, 29 th,
Documents
Ç ç Cellular Operators in a Shared Spectrum Sivan Altinakar Supervisors: Tinaz Ekim-Asici Márk Félegyházi
Documents