cooperation in wireless networks: incentive techniquesica › hubaux › slideswinter0405 ›...
TRANSCRIPT
1
Cooperation in Wireless Networks:Incentive Techniques
N. Ben Salem and J.-P. Hubaux
2
Related Work
Selfishness in ad hoc networks• S. Marti, T.J. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in
Mobile Ad Hoc Networks,” in Proceedings of Mobicom 2000.• L. Buttyan and J. P. Hubaux, “Enforcing Service Availability in Mobile Ad Hoc
WANs,” in Proceedings of MobiHoc 2000.• L. Buttyan and J. P. Hubaux, “Stimulating cooperation in self-organizing
mobile ad hoc networks,” ACM/Kluwer Mobile Networks and Applications (MONET), October 2003
• S. Zhong, Y. R. Yang, and J. Chen, “Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad Hoc Networks,” in Proceedings of INFOCOM2003.
• P. Michiardi and R.Molva, “Core: A COllaborative REputation mechanism to enforce node cooperation in Mobile Ad Hoc Networks,” in Proceedings of The6th IFIP Communications and Multimedia Security Conference 2002.
• S. Buchegger and J. Y. Le Boudec, “Performance Analysis of the CONFIDANT Protocol: Cooperation Of Nodes — Fairness In Distributed Ad HocNeTworks,” in Proceedings of MobiHoc 2002.
2
3
Related Work
Selfishness in hybrid ad hoc networks• M. Jakobsson, J.-P. Hubaux and L. Buttyan, "A Micro-Payment Scheme
Encouraging Collaboration in Multi-Hop Cellular Networks", in Proceedingsof FC 2003.
• N. Ben Salem, L. Buttyán, J.-P. Hubaux and M. Jakobsson, "A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop CellularNetworks", To be published in TMC
• B. Lamparter, K. Paul and D. Westhoff, "Charging Support for Ad Hoc StubNetworks", Journal of Computer Communication,Special Issue on Internet Pricing and Charging, Algorithms, Technology and Applications,Elsevier Science ,Summer 2003.
Selfishness in WiFi networks• N. Ben Salem, J.-P. Hubaux and M. Jakobsson, "Reputation-based Wi-Fi
Deployment: Protocols and Security Analysis", WMASH'04, Philadelphia, USA, October 2004
4
Outline
Part 1 : Incentive to cooperate in pure Ad Hoc NetworksUsing a virtual currency: The Nuglets Approach
Part 2 : Incentive to cooperate in Hybrid Ad Hoc Networks
2.1 - A Micro-Payment Scheme Encouraging Collaboration in Hybrid Ad hoc Networks
2.2 - A Charging and Rewarding Scheme for Packet Forwardingin Hybrid Ad hoc Networks
Part 3 : Incentive to cooperate in WiFi NetworksReputation-based WiFi Deployment: Protocols and SecurityAnalysis
3
Incentive to cooperate in pure Ad Hoc Networks
The Nuglets Approach
Part 1
L. Buttyán and J.-P. Hubaux
6
Motivation and goal
Ad hoc networks• no infrastructure• all networking services are provided by the nodes themselves• cooperation is essential
Problem• assume that nodes don’t belong to a single authority• there’s no good reason to cooperate• nodes tend to be selfish
Exampleif the average number of hops from source to destination is ~5
~80 % of the energy is devoted to packet forwardingtemptation to deny packet forwarding is strong
Our goal: to design a mechanism that stimulates cooperation (packet forwarding)
4
7
Proposed stimulation mechanismEach node has a credit counter c, and1. when sending an own packet
– the number n of needed intermediate forwarding nodes is estimated– if c < n, then the packet cannot be sent– otherwise, the packet can be sent, in which case c is decreased by n
2. when forwarding a packet– c is increased by 1
+ Protection that ensures that– the user cannot manipulate the credit counter– the user cannot tamper with the above mechanism (but she can decide
to drop a packet before the mechanism is called !)– c is increased only if the packet has indeed been forwarded
• We propose a protection mechanism that is based on a tamper resistant hardware module in each node
8
Single node model (basic)B, C, NINo
INf
OUT = OUTo + OUTf
DRP = DRPo + DRPf
B – initial battery levelC – initial credit levelN – constant charge
b – batteryc – credit counter
outo – own packets sent (during whole lifetime)
outf – forwarding packets sent (during whole lifetime)
Selfishness: maximize outo subject to(1) outo, outf ≥ 0(2) N outo – outf ≤ C(3) outo + outf = B
b,c
5
9
Single node model (extended)- own packets are generated at rate ro- forwarding packets arrive at rate rf- no buffering (if an own packet cannot be sent due to the low level of
the credit counter, then it is dropped)
tend – time when the battery is drained out (not a constant! )
Selfishness: maximize outo and zo subject to
zo = outo / ro tend – fraction of own packets sent
(1) outo, outf ≥ 0(2) outo ≤ ro tend(3) outf ≤ rf tend(4) N outo – outf ≤ C(5) outo + outf = B
10
Forwarding rules
If f = (NB – C)/(N + 1) then drop else– rule 1: always forward– rule 2: if c ≤ C then forward else forward with prob C /c– rule 3: if c ≤ C then forward else drop– rule 4: if c ≤ C then forward with prob c /C else drop
where f is the number of packets forwarded so far and c is the currentcredit level
Prfwd(c)1
C c
rule 1 Prfwd(c)1
C c
rule 2
Prfwd(c)1
C c
rule 3 Prfwd(c)1
C c
rule 4
6
11
Comparison of forwarding rules (1)Simulation parametersB = 100000 ro = 0.2 pkt/sC = 100 rf = 0.6 … 1.6 pkt/sN = 5
Simulation results outo = 16683 = (B + C )/(N + 1)
12
Comparison of forwarding rules (2)Simulation parametersspace 500 m x 500 m pkt generation rate 0.2 (0.5, 0.8) pkt/snumber of nodes 100 choice of pkt. dest. randompower range 120 m routing geodesic pkt fwdingmobility model random waypoint initial credits 100speed 1 m/s – 3 m/s credit sync interval 5 (10, 15, 20) savg. pause time 60 s simulation time 7200 s
Simulation results
7
13
Throughput
The effect of less cooperative nodes (rule 3) on the total cumulative throughput
14
Conclusion• We proposed a mechanism to stimulate the nodes of an ad hoc
network for packet forwarding• Our approach is based on a credit counter and enforcement of some
simple rules in each node (tamper resistant hardware)• We showed that the mechanism is effective assuming the following:
– each node generates packets continuously– own packets are not buffered (they must be sent immediately or dropped)– selfishness is represented by the goal of dropping as few own packets as
possible
Future work• Weakening the above assumptions• Application to other network functions (not only packet fwding)• Application in higher layers (e.g., peer-to-peer systems)• Application in hybrid ad hoc networks
8
N. Ben Salem, L. Buttyan, J.-P. Hubaux and M. Jakobsson
Incentive to cooperatein Hybrid Ad hoc Networks
A charging and rewarding schemefor packet forwarding
in Hybrid Ad hoc Networks
Part 2
16
Outline1. Hybrid Ad Hoc Networks
6. Conclusions and future work
2. Modela. System and trust modelb. Adversarial model
3. The protocola. Session setupb. Packet sendingc. Payment redemption
4. Security analysis
5. Overhead of the solutiona. Communication Overheadb. Computation Overhead
9
17
• Cell = The geographical area under the control of a base station • A node beyond the reach of the base station coverage can
use other mobile stations as relays
Hybrid ad hoc networks
Backbone
A
B
• Set of base stations connected to a backbone
Backbone
• Advantages:– Increase the coverage of the network– Small number of base stations (fixed antennas)– Reduce the energy consumption of the sending mobile station– Reduced interference
18
• Hybrid ad hoc networks represent a new and promising paradigm, but …
• No cooperation = the network does not work
• We exclusively consider the packet forwarding service
Charge the initiator A of the communicationReward the cooperative forwarding nodes (and the operator)
Why would the intermediate nodes use their battery torelay packets for other nodes?
A i1 BSA Bj1BSB
Initiator Correspondent
Problem statement
10
19
A i1 BSA Bj1BSB
• The initiator A wants to communicate with the correspondent B
End-to-end session
• A has to establish an end-to-end session with B (a session is a secure route on which all the nodes are authenticated)
• This is done by establishing:– An initiator session between A and BSA
Initiator session
– A correspondent session between BSB and B
Correspondent session
• The operator charges A for the traffic (in both directions)• Then, A and B exchange packets
Packet exchange
System model:
Model
20
• Node i shares a symmetric key Ki with the operator• The nodes trust the operator for:
– not revealing secret keys– correctly transmitting packets– correctly performing billing and auditing
• The nodes do not trust each other• The underlying routing protocol is secure• All the communications go through a base station• Nodes are mobile but we have a certain level of route stability
Trust model and assumptions:
Adversarial Model:• The nodes are rational:
– they are potential attackers if cheating is beneficial– they will cooperate if they expect a gain
• Collusions are possible• We consider the pessimistic case where all the attackers are underthe control of a single entity
Model
11
21
Session SetupA i BSA BBSB j
AReqID oldASID ARoute TrafficInfo
AReq0
MACA
MACiAReqID oldASID ARoute TrafficInfo
AReqi
AReqID oldASID ARoute TrafficInfo MACi-1
AReqi-1
AReqID oldASID ARoute TrafficInfo
AReqa
MACa
A layered MAC thatBSA can verify
22
A i BSA BBSB j
Req
Layered MAC authentication
BReqID oldBSID BRoute TrafficInfo
BReq0
SIDKi
StreamCipher
Generation
seedi
MaxLength MaxLength MaxLength
PADi,1 PADi,2 PADi,l
MACA …MAC1 MACaAReqID ASID
AConf
BReqID BSID
BConf
MAC1 … MACb MACB
Session Setup
12
23
Packet SendingS i BSS DBSD j
SSID l Payloadl
SPkt0,l
MACSBody0,l
SSID Bodyi-1,l
SPkti-1,l
SSID l Bodyi,l
SPkti,l
=
Encrypted data that BSS can decrypt
SPkts,l
SSID Bodys,l
PADi,l
⊕
l Payloadl MACS
24
Packet SendingS i BSS DBSD j
DSID l Payloadl MACDBody’0,l
PAD1,l
⊕
DSID Body0,l
DPkti,l
=
Iterative XOR
The Body is decrypted
DPktd,l
DSID Bodyd,ll Payloadl MACD
Acknowledgementfor the packet
⊕PAD1,l
13
25
Payment Redemption• Charging and rewarding mechanism:
- When the packet SPktl of length Ll reaches BSS
A=S i1 BSA B=Dj1BSB
- When the packet DAck is received by a base station• The forwarders in the down-stream are rewarded α (Ll) each• D is refunded ε for each packet it acknowledges
- When the packet DPktl is injected in the down-stream• D is charged a small amount ε
• A is charged n (Ll)• The forwarders in the up-stream are rewarded α (Ll) each• The operator is rewarded
26
Payment Redemption
– D maintains: Batch = ⊕ MACKD(DSID | l | Payloadl )
l ≤ LastPkt; l ∉ LostPkts
– DAck is sent offline after the session is closed
– One acknowledgement per session:DAck = [ DSID | Batch | lastPkt | LostPkts |
MACKD(DSID | Batch | lastPkt | LostPkts ) ]
DPktd,lDSID l Payloadl MACD
Acknowledgementfor the packet
• Destination Acknowledgment:
14
27
Security AnalysisIncentive to cooperate:• The up-stream nodes get rewarded only if SPktl reaches BSS• The down-stream nodes get rewarded only if D acknowledges DPktl• D is refunded only if it acknowledges DPktl
Disincentive against cheating:• Refusal to pay:
– The MAC in the packet uniquely identifies S• Incorrect reward claims:
– A node i is credited if it is part of both the session setup and thepacket sending phases
– A node i is the only node that is able to correctly compute the layeredMAC in the session setup and the PAD in the packet sending
• Free-riding:– The packets are encrypted at each hop– The nodes are not rewarded and the transmitted data is garbled
• Emulated nodes: – A node is in several physical locations simultaneously– Some nodes seem to be always neighbors– Capture a rogue device
28
Communication Overhead• Sizes of the fields:
NbLostPkts*221616NbFwdrs*16444Size (bytes)
LostPktslMACTrafficInfoRouteoldSIDSIDReqIDField Name
– Session Setup Phase: 144+NbFwdrs*64 bytes– Packet Sending Phase: 20 bytes per packet– Sending the Acknowledgement: 38+2*NbLostPkts bytes per session
Numerical values?• Simulations:
– 100 nodes in a 500x500 m2 cell with one base station in the center– Fixed power range of 100 m– RWP: uniform speed ∈ [0,20] m/s; pause time ∈ {0,60,120,300,600} s– We discard the first 1000 s of simulation time– 100 simulations for each value of the pause time
• Figures of interest:– Average lifetime of a route (AverageLifeTime)– Average number of forwarding nodes (NbFwdrs)– Average percentage of disconnected nodes (NotConnected).
15
29
• Simulation Results:
Communication Overhead
6.614.315.521.915.395% Confidence Interval
8.221.640.573325.2AverageLifeTime (s) 1.41.81.71.92NbFwdrs
0.22%0.16%0.25%0.06%0.22%NotConnected060120300600Pause Time (s)
• Numerical example:– Mobility = 0s Pause time– Application = Voice over IP
• Codec G.711 • frame size = 200 bytes
• Values of the overhead:• During the 8.2s, it is possible to transmit 410 packets (= 65.6 kbytes)• Session setup : 0.3% of the total payload of the session • Packet sending : 11% of the packet size• Payment redemption : 0.3% of the total payload of the session for
the pessimistic case where NbLostPkts=100
30
Computation Overhead• Session Setup Phase (per session):
– 2 MAC operations for each node• Packet Sending Phase (per packet):
– 1 stream cipher encryption for each node (except D)– 1 MAC operation for S and D
• Acknowledgment computation (for D):– 1 XOR operation per packet– 1 MAC computation per session
78.594WAKE StreamCipher
EncryptionRC4
SEAL HMAC/MD5MD5-MAC
Name84.782MAC
Computation 99.863
63.039
118.081
Speed (Mbytes/sec)
What is the cost of a stream cipher encryption?
16
Considering Malicious attacks
32
Adversarial Model
• An attacker Ai can be rational or malicious
• No passive attacks because data confidentiality is not an issue
• Four active attacks:– Packet dropping : Ai drops a packet it is asked to forward
– Replay : Ai replays a valid packet from an expired or stillexisting session
– Filtering : Ai modifies a packet it is asked to forward
– Emulation : Ai uses the secret key of a node it compromisedto perform actions in its name
• Collusions are possible
• We consider exclusively the attacks performed against thedifferent phases of our protocols
17
33
Payment redemption: Charging
A=S i1 BSA B=Dj1BSB
• Use the concept of receipts:
Pkt Pkt Ack
+
S/BSD 1 k k+1k-1
Operator
Receipt
• The charging mechanism considered so far:
α βα
34
Payment redemption : Receipts• Up-stream: SPkt0,l SSID l Payloadl MACS
Body
– So far:
– Now: SPkt0,l SSID l Payloadl MACS
Body
Rcpt0,l
MACS
• Up-stream: DPktd,l DSID l Payloadl MACD
Body
– So far:
– Now: DPktd,l
Body
DSID l Payloadl MACD
Mj,l
18
35
Protection against some attacks• Packet dropping:
– Use the receipts (we proved that cooperation is the best choice for a rational node)
– Periodic acknowledgement in the up-stream and the down-stream
• Replay and Emulation: No modification for these attack
S s1 BSS
A
2SPkt0,1 SPkt1,1 SPkts,1
SPkt’0,l
SPkt’1,l SPkt’s,l
The packet isnot correctI’ll drop it
SPkt0, l
The packet isa duplicateI’ll drop it
• Filtering:– Free-riding (we still use the stream cipher encryption)– The early duplicate attack
36
Conclusions and future workConclusions:• Problem: cooperation for packet forwarding in hybrid ad hoc networks • Solution: charging and rewarding mechanism
– encourages cooperation– resists to number of rational (and malicious) attacks– very moderate overhead
Future work:• Several operators• Charge the correspondent• Auditing techniques• Routing misbehavior
Publications: N. Ben Salem, L. Buttyán, J. P. Hubaux, and M. Jakobsson,
• "A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks", MobiHoc 2003
• "Cooperation in Multi-hop Cellular Networks", To be published in TMC
19
Incentive to cooperate in WiFi Networks
Reputation-based WiFi Deployment:Protocols and Security Analysis
N. Ben Salem, J.-P. Hubaux and M. Jakobsson
Part 3
38
Reputation-based Wi-Fi Deployment
• Problem statement• System Model• Details of the protocols
– Session setup– Payment and service provision– Session closing– Reputation update
• Security– Threat model– Security analysis
• Simulations– Simulation setup– Simultion results
• Conclusion and future work
20
39
Problem statement
• Lack of Interoperability between the Wireless Internet Service Providers (WISPs):
A mobile node that is registered with W1 cannot connect to a hot spot managed by W2 (if W1 and W2 do not have roaming agreements)
• No guarantee for a good QoS provision: a mobile node can pay for a high speed connection and get a bad QoS
• Possible solutions:• Boingo, • Ticket based approach: B. Patel and J. Crowcroft, "Ticket based Service Access for the Mobile User".
In Proceedings of MobiCom, 1997, …• P2PWNC,
Our proposal
Do not consider the QoS problem
40
g Adversarial model:• TCA is trusted by all parties• H and S are rational• MN may be malicious
System Model
Mobile Node(MN)
Home WISP(H)
Internet
KHMKHS
Selected WISP(S)
Trusted Certification Authority(TCA)
21
41
Outline
• Problem statement• System Model• Details of the protocols
– Session setup– Payment and service provision– Session closing– Reputation update
• Security– Threat model– Security analysis
• Simulations– Simulation setup– Simultion results
• Conclusion and future work
42
Session Setup
HMN S TCA
RequestOffer(RR, QoS,P,Cert)
• RR is the reputation record of S ; signed by TCA• QoS is the quality of service offered by S• P is the price S is asking for • Cert is the certificate of S
Verifying that MN has a valid account
h h h• MN generates a hash chain wn wn-1 … w2 w1 w0
Establishment of the contract
• MN sends w0 in the contract
Selection of the WISP
Decision=RRα·QoSβ·P-γ
22
43
Payment and Service provision
HMN S TCASecure session
Payment proof (1,w1)
1st part of the service
2nd part of the service
w1 w0
h
Payment proof (2,w2) w2 w1
h
Payment proof (l,wl)
lth part of the servicewl wl-1
h
44
Session closing and Reputation update
HMN S TCAPayment request (l,wl)
Payment
New signed reputation record (RR)
Periodically sent to TCA (e.g., each day)
Did S provide MN with QoS it advertized?• If yes, the feedback is positive (e.g., 1)• If not, the feedback is negative (e.g., 0)
Satisfaction level
23
45
Outline
• Problem statement• System Model• Details of the protocols
– Session setup– Payment and service provision– Session closing– Reputation update
• Security– Threat model– Security analysis
• Simulations– Simulation setup– Simultion results
• Conclusion and future work
46
Security• General attacks:
• Filtering attack: The attacker tampers with a packet.• Replay attack: The attacker replay a packet.• Packet dropping attack: The attacker drops a packet it is asked to
forward.
MNS TCA
Satisfaction level
• Attacks against our solution:• Service interruption attack: S receives the ith payment from MN but
refuses to provide the corresponding service• Refusal to pay attack: MN does not send the ith payment to S• Publicity attack: S misbehaves i.e., Advertized QoS > Real QoS• Selective publicity attack: S misbehaves with a specific MN or H.
MNS
AQS (Session Setup)
RQS (Service Provision)
24
47
Security
• Attacks against our solution (cnd):• Repudiation attack: S or MN retracts the agreement it has with other
party.• Denigration attack: MN receives a good QoS from S but pretends the
contrary. It can be a coluding attack
• Flattering attack: MN sends systematically a good feedback about S ’s behavior to TCA. This attack makes sense particularly if S = H.
MNS
RQS = AQS
Negative feedback
MNS=H
RQS < AQS
Positive feedback
• Analysis:• None of these attack is rational• Malicious attacks can easily be detected• The malicious attackers can statistically be identified
48
Outline
• Problem statement• System Model• Details of the protocols
– Session setup– Payment and service provision– Session closing– Reputation update
• Security– Threat model– Security analysis
• Simulations– Simulation setup– Simultion results
• Conclusion and future work
25
49
Simulation Setup
• Static network with 5 WISPs and 50 MNs. • Each WISP is a home WISP for 10 MNs.• Each WISP W is characterized by the triplet
– Advertized QoS : AQW– Real QoS : RQW– Price it asks for : PW
• A WISP W is:– Honest if RQW = AQW,– Misbehaving if RQW < AQW,– Modest if RQW > AQW.
• Initial reputation = maxRep = 100 • Satisfaction level = RQW/AQW• 50 000 seconds • Reputation updates are made every 2 000 seconds.
What is the effect of being honest, misbehaving or modest on the WISP’s reputation record?
50
Set1: Scenario 1.1
The WISPs are encouraged to provide the MNs with a good QoS
AdvertisedQoS
priceReal QoS
• Set 1: All WISPs are honest but offer different QoSs.
– Scenario 1.1: All WISPs ask for the same price.
26
51
Scenario 1.2 (Chat application)
• Set 1: All WISPs are honest but offer different QoSs.
– Scenario 1.2: W asks for a price PW ≈ RQW
Decision = Repα· AQβ · P-γ, (α β γ) = (2,1,3)
52
Scenario 1.2 (File transfer application)
Honest WISPs offering different QoSs can co-exist in the same network
• Set 1: All WISPs are honest but offer different QoSs.
– Scenario 1.2: W asks for a price PW ≈ RQW
Decision = Repα· AQβ · P-γ, (α β γ) = (2,2,1)
27
53
Set2: Scenario 2.1
The WISPs are encouraged to advertise the real QoS they can offer
• Set 2: We want to study the reaction of the network to thepresence of misbehaving WISPs and modest WISPs.– Scenario 2.1: All WISPs ask for the same price.
54
Scenario 2.2 (Chat application)
• Set 2: We want to study the reaction of the network to thepresence of misbehaving WISPs and modest WISPs.– 2.2: W asks for a price PW ≈ RQW.
Decision = Repα· AQβ · P-γ, (α β γ) = (2,1,3)
28
55
Scenario 2.2 (File transfer application)
Underestimating the QoS is not beneficial for the WISPs
• Set 2: We want to study the reaction of the network to thepresence of misbehaving WISPs and modest WISPs.– 2.2: W asks for a price PW ≈ RQW.
Decision = Repα· AQβ · P-γ, (α β γ) = (2,2,1)
56
Set3: Scenario 3.1
If the initial reputation is set to 100, the newcomer (WISP1) has more or less the same probability (as others) to get clients
• Set 3: We want to study the effect of the initial reputation of a WISP that opens its service. WISP 1 is the newcomer.– Scenario 3.1: Rep1 = maxRep = 100
29
57
Scenario 3.2
If the initial reputation is set to 50, the newcomer (WISP1) has no chance to get clients
• Set 3: We want to study the effect of the initial reputation of a WISP that opens its service. WISP 1 is the newcomer.– Scenario 3.2: Rep1 = 50, Rep2-5=100
58
Scenario 3.3
If WISP1 has a bad reputation, it is still able to reintegrate the network. However this reintegration comes with a cost (i.e., asking for a price that is much lower than usual)
• Set 3: We want to study the effect of the initial reputation of a WISP that opens its service. WISP 1 is the newcomer.– Scenario 3.3: Rep1 = 50, but WISP1 asks for lower price
30
59
Conclusion
• We present a reputation-based solution that:• Leads to a seamless roaming (attractive for the users)• Keeps communication and computation costs very moderate for
the mobile nodes• Is efficient (encourages the WISPs to behave correctly)• Is simple (encourages the deployment of WiFi networks)• Is secure (thwarts rational attacks, detects malicious attacks
and identifies the attacker)
• Future work:• Implement and test our solution by means of simulations• Evaluation of the QoS• Investigate the feasibility of a “multi-hop WiFi network”
http://lcawww.epfl.ch/salem/