Upload
henry-hodges
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
1
Objective and Secure Reputation-Based Incentive Scheme for Ad-Hoc Networks
Dapeng Oliver WuElectrical and Computer Engineering
University of Florida(Joint work with Qi He and Pradeep Khosla
at Carnegie Mellon University)
2
What’s the Problem?
• Mobile ad hoc network (MANET) has no fixed infrastructure
• Communications rely on intermediate nodes
But why should intermediate nodes relay?• Need incentive mechanism for packet
forwarding in non-cooperative MANET
3
Outline
Problem and motivationPrevious work
Reputation-based schemes Pricing-based schemes
Our scheme Design objective Basic scheme Security enhancement
Conclusion
4
Watchdog: identifies selfish nodes
Mitigating Routing Misbehavior(S. Marti et al, Stanford University, 2000)
S A B C DX
S A B C D
X Y
Pathrater: gets around identified selfish nodes
5
Pros and Cons
Pros: Improve throughput
Cons: Unfairly makes well behaving nodes
busier Indirectly encourages misbehavior
(S. Marti et al, Stanford University, 2000)
6
Detect misbehavior of neighbors
Share reputation information with friends
Punish selfish nodes based on the shared information
CONFIDANT Protocol System(S. Buchegger and J-Y Le Boudec, IBM and EPFL, 2002)
7
Pros and Cons
Pros Use keys to authenticate nodes Identify and punish misbehavior
Cons How to build a network of friends is not clear Key distribution is not addressed Globally shared reputation makes it not scalable
(S. Buchegger and J-Y Le Boudec, IBM and EPFL, 2002)
8
Where are we?
Problem and motivationPrevious work
Reputation-based schemes Pricing-based schemes
Our scheme Design objective Basic scheme Security enhancement
Conclusion
9
Enforcing Service Availability
Scheme Virtual currency (nuglet) Centralized authority issuing nuglets Same amount of packets to forward Tamper-resistant hardware
Problem: Require balanced traffic
(L. Buttyan and Hubaux, Swiss Federal Institute of Technology -- EPFL, 2000)
10
Micro-payment Scheme Encouraging Collaboration
Multi-hop Cellular Networks (hybrid network)
Mobile nodes form ad-hoc networks
Base stations are connected to a backbone network
M. Jakobsson, J-P Hubaux, and L. Buttyan RSA Lab, Swiss Federal Institute of Technology, 2003
backbone
backbone
11
$
Micro-payment Protocol
1. Select a reward
Forward the packetKeep the MAC for reward
1. Check MAC2. Send service record
to clearing house
Accounting Center(Clearing house)
backbonebackbone
M. Jakobsson, J-P Hubaux, and L. Buttyan RSA Lab, Swiss Federal Institute of Technology, 2003
Registers to home network which shares a secret key
move
MAC
2. Generate an MAC3. Send out the packet
12
Pros and Cons
Pros Symmetric key crypto: reduce computational cost Payment aggregation: lower communication cost
Cons Substantial communication overhead Requirement of infrastructure Centralized trust authority
M. Jakobsson, J-P Hubaux, and L. Buttyan, RSA Lab, Swiss Federal Institute of Technology 2003
13
Where are we?Problem and MotivationPrevious work
Reputation-based schemes Pricing-based schemes
Our scheme Design objective Basic scheme Security enhancement
Conclusion
14
Our Design Objectives
Practicality
Available technologies
Realistic context of ad-hoc networks
Efficiency
Affordable computational cost
Moderate communication overhead
15
Assumptions Nodes are non-cooperative
No collusion among nodes
Broadcast transmission
All participating nodes desire to communicate
Invariant identity
Selfish but not malicious
Promiscuous mode (listening mode)
16
Where are we?Problem and motivationPrevious work
Reputation-based schemes Pricing-based schemes
Our scheme Design objectives Basic scheme Security enhancement
Conclusion
17
Neighbor Monitoring
Each node N maintains a Neighbor Node List (NNLN)
RFPN(X): (Requested to Forward Packets)The number of packets N requests X to forward
HFPN(X): (Has Forwarded Packets)
The number of packets that have been forwarded by X and noticed by N
LERN(X): Local Evaluation Record {GN(X), CN(X)}
)(
)()(
XRFP
XHFPXG
N
NN )()( XRFPXC NN GenerosityGenerosity ConfidenceConfidence
18
Reputation Propagation Every neighbor has its local evaluation record about X.
node i earned from N.
Everyone periodically broadcasts its LER(X).
GB(X), CB(X)GB(X), CB(X)
Compute Overall Evaluation Record OERN(X)
XN
A
B
CA(X), GA(X) CA(X), GA(X)
CB(X), GB(X)CB(X), GB(X)
CN(X), GN(X)CN(X), GN(X)
CA(X), GA(X)CA(X), GA(X)
*
*
*
)(NN)(AN)(BN
*
*
*
)(0)( iG
NNi if RFPN(X) 0
otherwiseCredibilityCredibility
Everyone periodically broadcasts its LER(X).
Compute Overall Evaluation Record OERN(X)
)(0)( iG
NNi if RFPN(X) 0
otherwiseCredibilityCredibility
XiNNNNLiN
XGXCiXCk
XOER iiN
XkNNNLk kNN
},{
)()()()()(
1)(
},{
19
Remarks
Quantified by objective observations
Weighted by confidence for accuracy
Weighted by credibility to limit impact of selfish nodes
e.g., fake a non-existing node to broadcast information
XiNNNLi
iiN
XkNNNLk kNN
NN
XGXCiXCk
XOER},{},{
)()()()()(
1)(
20
Punishment Action
if
otherwise
q
p0
q
Drop packets from X with a probability p :
SelfishnessSelfishness q = 1 - OERN(X)
21
Simulation Setup Network Simulator (NS-2)
Total number of nodes: 50 (5 selfish nodes)
Area: 670X670m2
IEEE 802.11 for medium access control
DSR for routing
CBR traffic: 1 packet/s
No. of connections: 10
Connection duration: 10s
Random waypoint mobility model
Max speed of movement: 20m/s
22
Simulation Results
10 20 30 40 50 60 70 80 90 1000
0.05
0.1
0.15
0.2
0.25
Ave
rage
thr
ough
put
(pac
kets
/sec
)
Dropping probability of selfish nodes (%)
Well-behaving nodeSelfish node
23
Where are we?Problem and motivationPrevious work
Reputation-based schemes Pricing-based schemes
Our scheme Design objectives Basic scheme Security enhancement
Conclusion
24
Potential Vulnerability
Impersonate a
node with a
good reputation
to propagate
fake observation
information
XN
A
B
CA(X), GA(X) CA(X), GA(X)
CA(X), GA(X) CA(X), GA(X)
CB(X), GB(X) CB(X), GB(X)
CB(X), GB(X)CB(X), GB(X)
CA(X), GA(X)CA(X), GA(X)
CA(X), GA(X) CA(X), GA(X)
25
Identification and Authentication
r … )(rhn)(rh )(rh din … …)(rh in
ID
)(1 rhn
… ……
1nK iKdiK nK 1K
f f f f f
)}(|),(|{ rhMKMACM inydiy
)}(|),(|{ rhMKMACM din
xix
iin Krhf ))((
Computationally infeasible to impersonate other nodes without knowing their keys
26
Conclusion Incentive scheme with punishment mechanism
• Reputation objectively quantified by observations
• Punishment action quantitatively suggested by reputation
• Effectively identify and punish selfish nodes
Security enhancement
• Identification and authentication constructed collectively
• Protection from impersonation
27
Thank you!