1

Objective and Secure Reputation-Based Incentive Scheme for Ad-Hoc Networks

Dapeng Oliver WuElectrical and Computer Engineering

University of Florida(Joint work with Qi He and Pradeep Khosla

at Carnegie Mellon University)

2

What’s the Problem?

• Mobile ad hoc network (MANET) has no fixed infrastructure

• Communications rely on intermediate nodes

But why should intermediate nodes relay?• Need incentive mechanism for packet

forwarding in non-cooperative MANET

3

Outline

Problem and motivationPrevious work

Reputation-based schemes Pricing-based schemes

Our scheme Design objective Basic scheme Security enhancement

Conclusion

4

Watchdog: identifies selfish nodes

Mitigating Routing Misbehavior(S. Marti et al, Stanford University, 2000)

S A B C DX

S A B C D

X Y

Pathrater: gets around identified selfish nodes

5

Pros and Cons

Pros: Improve throughput

Cons: Unfairly makes well behaving nodes

busier Indirectly encourages misbehavior

(S. Marti et al, Stanford University, 2000)

6

Detect misbehavior of neighbors

Share reputation information with friends

Punish selfish nodes based on the shared information

CONFIDANT Protocol System(S. Buchegger and J-Y Le Boudec, IBM and EPFL, 2002)

7

Pros and Cons

Pros Use keys to authenticate nodes Identify and punish misbehavior

Cons How to build a network of friends is not clear Key distribution is not addressed Globally shared reputation makes it not scalable

(S. Buchegger and J-Y Le Boudec, IBM and EPFL, 2002)

8

Where are we?

Problem and motivationPrevious work

Reputation-based schemes Pricing-based schemes

Our scheme Design objective Basic scheme Security enhancement

Conclusion

9

Enforcing Service Availability

Scheme Virtual currency (nuglet) Centralized authority issuing nuglets Same amount of packets to forward Tamper-resistant hardware

Problem: Require balanced traffic

(L. Buttyan and Hubaux, Swiss Federal Institute of Technology -- EPFL, 2000)

10

Micro-payment Scheme Encouraging Collaboration

Multi-hop Cellular Networks (hybrid network)

Mobile nodes form ad-hoc networks

Base stations are connected to a backbone network

M. Jakobsson, J-P Hubaux, and L. Buttyan RSA Lab, Swiss Federal Institute of Technology, 2003

backbone

backbone

11

$

Micro-payment Protocol

1. Select a reward

Forward the packetKeep the MAC for reward

1. Check MAC2. Send service record

to clearing house

Accounting Center(Clearing house)

backbonebackbone

M. Jakobsson, J-P Hubaux, and L. Buttyan RSA Lab, Swiss Federal Institute of Technology, 2003

Registers to home network which shares a secret key

move

MAC

2. Generate an MAC3. Send out the packet

12

Pros and Cons

Pros Symmetric key crypto: reduce computational cost Payment aggregation: lower communication cost

Cons Substantial communication overhead Requirement of infrastructure Centralized trust authority

M. Jakobsson, J-P Hubaux, and L. Buttyan, RSA Lab, Swiss Federal Institute of Technology 2003

13

Where are we?Problem and MotivationPrevious work

Reputation-based schemes Pricing-based schemes

Our scheme Design objective Basic scheme Security enhancement

Conclusion

14

Our Design Objectives

Practicality

Available technologies

Realistic context of ad-hoc networks

Efficiency

Affordable computational cost

Moderate communication overhead

15

Assumptions Nodes are non-cooperative

No collusion among nodes

Broadcast transmission

All participating nodes desire to communicate

Invariant identity

Selfish but not malicious

Promiscuous mode (listening mode)

16

Where are we?Problem and motivationPrevious work

Reputation-based schemes Pricing-based schemes

Our scheme Design objectives Basic scheme Security enhancement

Conclusion

17

Neighbor Monitoring

Each node N maintains a Neighbor Node List (NNLN)

RFPN(X): (Requested to Forward Packets)The number of packets N requests X to forward

HFPN(X): (Has Forwarded Packets)

The number of packets that have been forwarded by X and noticed by N

LERN(X): Local Evaluation Record {GN(X), CN(X)}

)(

)()(

XRFP

XHFPXG

N

NN )()( XRFPXC NN GenerosityGenerosity ConfidenceConfidence

18

Reputation Propagation Every neighbor has its local evaluation record about X.

node i earned from N.

Everyone periodically broadcasts its LER(X).

GB(X), CB(X)GB(X), CB(X)

Compute Overall Evaluation Record OERN(X)

XN

A

B

CA(X), GA(X) CA(X), GA(X)

CB(X), GB(X)CB(X), GB(X)

CN(X), GN(X)CN(X), GN(X)

CA(X), GA(X)CA(X), GA(X)

*

*

*

)(NN)(AN)(BN

*

*

*

)(0)( iG

NNi if RFPN(X) 0

otherwiseCredibilityCredibility

Everyone periodically broadcasts its LER(X).

Compute Overall Evaluation Record OERN(X)

)(0)( iG

NNi if RFPN(X) 0

otherwiseCredibilityCredibility

XiNNNNLiN

XGXCiXCk

XOER iiN

XkNNNLk kNN

},{

)()()()()(

1)(

},{

19

Remarks

Quantified by objective observations

Weighted by confidence for accuracy

Weighted by credibility to limit impact of selfish nodes

e.g., fake a non-existing node to broadcast information

XiNNNLi

iiN

XkNNNLk kNN

NN

XGXCiXCk

XOER},{},{

)()()()()(

1)(

20

Punishment Action

if

otherwise

q

p0

q

Drop packets from X with a probability p :

SelfishnessSelfishness q = 1 - OERN(X)

21

Simulation Setup Network Simulator (NS-2)

Total number of nodes: 50 (5 selfish nodes)

Area: 670X670m2

IEEE 802.11 for medium access control

DSR for routing

CBR traffic: 1 packet/s

No. of connections: 10

Connection duration: 10s

Random waypoint mobility model

Max speed of movement: 20m/s

22

Simulation Results

10 20 30 40 50 60 70 80 90 1000

0.05

0.1

0.15

0.2

0.25

Ave

rage

thr

ough

put

(pac

kets

/sec

)

Dropping probability of selfish nodes (%)

Well-behaving nodeSelfish node

23

Where are we?Problem and motivationPrevious work

Reputation-based schemes Pricing-based schemes

Our scheme Design objectives Basic scheme Security enhancement

Conclusion

24

Potential Vulnerability

Impersonate a

node with a

good reputation

to propagate

fake observation

information

XN

A

B

CA(X), GA(X) CA(X), GA(X)

CA(X), GA(X) CA(X), GA(X)

CB(X), GB(X) CB(X), GB(X)

CB(X), GB(X)CB(X), GB(X)

CA(X), GA(X)CA(X), GA(X)

CA(X), GA(X) CA(X), GA(X)

25

Identification and Authentication

r … )(rhn)(rh )(rh din … …)(rh in

ID

)(1 rhn

… ……

1nK iKdiK nK 1K

f f f f f

)}(|),(|{ rhMKMACM inydiy

)}(|),(|{ rhMKMACM din

xix

iin Krhf ))((

Computationally infeasible to impersonate other nodes without knowing their keys

26

Conclusion Incentive scheme with punishment mechanism

• Reputation objectively quantified by observations

• Punishment action quantitatively suggested by reputation

• Effectively identify and punish selfish nodes

Security enhancement

• Identification and authentication constructed collectively

• Protection from impersonation

27

Thank you!