Upload
cory-gentile
View
213
Download
1
Tags:
Embed Size (px)
Citation preview
© 2007 Levente Buttyán and Jean-Pierre Hubaux
Security and Cooperation in Wireless Networks
http://secowinet.epfl.ch/
Chapter 12: Secure protocols for behavior enforcement
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 2/22
Motivation
Provide incentive to cooperate
within Routing and Forwarding protocols using a game theoretic approach
Packet forwarding consumes resources– Nodes are rational => Maximize their own payoff– Nodes avoid forwarding
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 3/22
Outline
• Introduction– Incentives– System Model
• Model– Dominant action/subaction– Cooperation optimal protocol
• Protocols– VCG payments with correct link cost establishment– Forwarding protocol with block confirmation
• Conclusion
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 4/22
Introduction
Routing protocol– Discover efficient routing paths: global welfare– Deal with selfish nodes: local welfare
Packet forwarding protocol– address the fair exchange problem
=> Joint Incentive
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 5/22
Possible incentives
Incentive
Punish Reward
Internal External Internal External
Possible incentive strategies:– Punish: Reputation, Jamming, Isolation
– Reward: Virtual currency
Possible incentives:– Internally: With intrinsic mechanisms (e.g., deny
communication, jam)
– Externally: by dedicated protocols
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 6/22
System Model
Ad-hoc networks as non-cooperative strategic games • Called “Ad Hoc Games”
Channel model: • Packet successfully transmitted if Ptransmission >= Pmin
– Pmin = minimum power to reach receiver
• No errors (BER = 0)
Nodes can withhold, replace or send a message
Nodes can transmit at any power level
We define the payoff of a node as:– bi = benefit (reward, by micro-payment)– ci = cost of forwarding (energy, overhead,…)
iii cbu
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 7/22
Formal Model
Dominant Action: – A dominant action is one that maximizes player i
payoff, no matter what actions other players choose
Example: Joint packet forwarding game
– Imperfect information– Message from S to D– Two players: p1 and p2
• p1 has no dominant action• p2’s dominant action is F
iiiiii aauaau ,,
S P1 P2 D
p1\p2 F D
F (1-c,1-c) (-c,0)
D (0,0) (0,0)
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 8/22
Formal Model
Each node action is comprised of two parts: is node i’s subaction in the routing stage
(what it is supposed to do in the routing stage) is node i’s subaction in the forwarding stage (what it really does in the forwarding stage)
,r fi i ia a a
, ri iu u R a
fia
ria
• Routing decision R: determined by the routing subactions of all nodes • Prospective routing payoff:
ra
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 9/22
Routing stage
Dominant subaction:– In a routing stage, a dominant subaction is one
that maximizes its routing payoff no matter what subactions other players choose.
A routing protocol is a routing-dominant protocol to the routing stage if following the protocol is a dominant subaction of each potential forwarding node in the routing stage
, ,R r r R r ri i i i i iu a a u a a
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 10/22
Forwarding stage
A forwarding protocol is a forwarding-optimal protocol to the forwarding stage under routing decision R if– All packets are forwarded to their destinations– Following the protocol is a subgame perfect equilibrium
A path is said to be a subgame perfect equilibrium if it is a Nash equilibrium for every subgame
Node 1
Node 2
Last node
forward
forward
forward
drop
drop
drop
p1\p2 F D
F (1-c,1-c) (-c,0)
D (0,0) (0,0)
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 11/22
Cooperation-Optimal Protocol
A protocol is a cooperation-optimal protocol to an ad-hoc game if
– Its routing protocol is a routing-dominant protocol to the routing stage
– For a routing decision R, its forwarding protocol is a forwarding optimal protocol to the forwarding stage
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 12/22
VCG for routing protocols
VCG: Vickrey, Clarke, and Groves – second-best sealed auction
Nodes independently compute and declare their packet transmission cost to destination
Destination computes Lowest Cost Path (LCP) Source rewards the nodes
– declared cost + added value
The added value is the difference between LCP with the node and without it– Incentive to declare the true price => Truthful
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 13/22
Example of VCG
Least cost path from S to D:LCP(S,D) = S, v2, v3, Dwith cost(LCP(S,D)) = 5 + 2 + 3 = 10 Least cost path without node v2:LCP(S,D;−v2) = S, v1, v4, Dwith cost(LCP(S,D);−v2) = 7 + 3 + 4 = 14
Least cost path without node v3:LCP(S,D;−v3) = S, v2, v4, D with cost(LCP(S,D);−v3) = 5 + 3 + 4 = 12.
VCG payments:b2 = 14 − 10 + 2 = 6b3 = 12 − 10 + 3 = 5
These values represent the unit payment (the payment for one forwardeddata packet) to nodes v2 and v3, respectively.
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 14/22
Cheating about the power level
Assume mutual computation of link cost
Consider a node i and its neighbor j1. Node i cheats by making Pi,j larger:
– Node j is less likely to be on LCP– Node j’ s payment will decrease.
2. Node j can respond by cheating and making Pi,j smaller:– Node j more likely to be on LCP– Node j increases its payment
VCG is thus not truthful in this case
i jPi,j
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 15/22
Cryptographic protection
Assume private computation of link cost
(the details of the security mechanisms are in the book)
Protocol for link cost establishment:– Nodes share a symmetric key with D – Nodes send an encrypted and signed test signal
at increasing power levels containing cost information– Messages are protected from forging with HMAC– Complexity (computation at the destination): O(N^3)
i j[cost3]K¦HMAC D
[cost2]K¦HMAC
[cost1]K¦HMAC
[cost4]K¦HMAC
[cost3]K¦HMAC
[cost4]K¦HMAC
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 16/22
Conclusion on the routing stage
Theorem 12.1:
If the destination is able to collect all involved link costs as described above, then the described protocol is a routing dominant protocol to the routing stage.
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 17/22
r1
Forwarding Protocol
Messages bundled in blocks
Block confirmation with a Reverse Hash Chain
– r is made public by source in an authenticated way
– Confirmation of block 2 is done by sending r5-2=r3
– Nodes verify
m1 m2 m3 m4 m5 m6 m7 m8 m9
b1 b2 b3 b4 b5
Hr0 H Hr2 r=r5
H
rrH 32
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 18/22
Fair Exchange Problem
Source and intermediate nodes can disagree about successful transmission of a block
Mutual decision = contract between source an intermediate nodes– Confirmation is sent with the last packet of each block to
destination– Destination forwards confirmation to intermediate nodes if
block correctly received– Intermediate nodes stop forwarding if they do not get
confirmation
Eliminates incentive to cheat– Not respecting the protocol blocks the protocol
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 19/22
Theorems
Theorem 12.2:
Given a routing decision R, assuming that the computed payment is greater than the cost, the reverse hash chain based forwarding protocol is a forwarding optimal protocol.
Theorem 12.3:
The complete protocol (routing protocol and packet forwarding protocol) is a cooperation-optimal protocol to AdHocGames.
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 20/22
Discussion
Modeling – Interference and mobility
• unreliable links make use of incentives more difficult
Game theoretic model assumes – Tamper proof hardware to compute best path at destination– Payment center to resolve payment issues
Performance vs. incentive compatibility– Control channel overhead– Throughput– Complexity
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 21/22
Summary
Cooperation optimal protocol– Routing dominant + Forwarding optimal– Routing based on VCG– Forwarding based on Reverse Hash Chain
Corsac provides incentives for cooperation– Protocol is fair– The topology determines payment– The incentive protocol reduces the network traffic
Security and Cooperation in Wireless NetworksChapter 12:Secure protocols for behavior enforcement 22/22
References On Designing Incentive-Compatible Routing and
Forwarding Protocols in Wireless Ad-Hoc Networks Sheng Zhong, Li Erran Li, Yanbin Grace Liu and Yang Richard Yang. ACM Springer Wireless Networks (WINET), Special Issue of Selected Papers of Mobicom 2005
Punishement in Selfish Wireless Networks: A Game Theoretic AnalysisDave Levin. NetEcon 2006
On Selfish Behavior in CSMA/CA NetworksMario Cagalj, Saurabh Ganeriwal, Imad Aad and Jean-Pierre Hubaux. Infocom 2005
Ad hoc-VCG: A Truthful and Cost-Efficient Routing Protocol for Mobile Ad hoc Networks with Selfish AgentsLuzi Anderegg and Stephan Eidenbenz. Mobicom 2003