Selfishness in packet forwarding/ Secure protocols for behavior enforcement

Security and Cooperation in Wireless NetworksSecurity and Cooperation in Wireless Networks Georg-August University Göttingen

Selfishness in packet forwarding/Selfishness in packet forwarding/Secure protocols for behavior enforcementSecure protocols for behavior enforcement

Georg-August University GöttingenSelfishness in packet forwarding/behavior enforcement

Part I: Selfishness in packet forwarding the operation of multi-hop wireless networks requires the nodes

to forward data packets on behalf of other nodes however, such cooperative behavior has no direct benefit for

the forwarding node, and it consumes valuable resources (battery)

hence, the nodes may tend to behave selfishly and deny cooperation

if many nodes defect, then the operation of the entire network is jeopardized

question:– When a node is requested to forward a packet by one of its

neighbors, will it do so, if no mechanism enforces this cooperation behavior?

2

Georg-August University GöttingenSelfishness in packet forwarding/behavior enforcement 3

Modeling packet forwarding as a game

time0time slot:

1 t

Strategy: cooperation level

mC(0) mC(1) mC(t)

• Players: nodes• In each time slot t, each node I chooses a cooperation level mi(t) ϵ [0,1]; 0

represents full defection and 1 means full cooperation.

Benefit (of node i as the source on route r): proportion of packets sent by node i (as the source) on route r reaching their destination = the throughput experienced by i as a source

• So mi(t) would represent the fraction of traffic routed through i at time t that i cooperatively forwards.

• TS : constant amount of traffic sent by source S


Benefit function

, ( ) ( ) ( )A E Cr t T r m t m t

1

, ( ) ( )k

l

s fk

r t T r m t

where: s – sourcer – route on which s is a sourcet – time slotfk – forwarders for smfk – cooperation level of forwarder fk

bi – benefit function

Experienced throughput :

A E C D

TA mE(t) mC(t)r (A→D):

Example :

benefit function :

bS

Normalized throughput:


Cost function

Example :

{ , }

ˆ , ( ) ( ) ( )kC f E C

k E C

r t m t m t m t

ˆ, ( ) ,C A jc r t T r C r t

A E C D

TA mE(t) mC(t)r (A→D):

1

ˆ , ( )k

j

j fk

r t m t

Normalized throughput at forwarder fj :

where: r – route on which fk is a forwarder t – time slot fk – forwarders on route r mfk – cooperation level of forwarder fk

ˆ, ( ) ,jf s jc r t T r C r t

Cost for forwarder fj on route r: where: Ts(r) – traffic sent by source s on route r C – unit cost of forwarding (cost of forwarding one packet)


Total payoff

( ) ( )

, ,i i

i i iq S t r F t

u t b q t c r t

The goal of each node is to maximize its total payoff over the game:

Payoff = Benefit - Cost

where: Si(t) – set of routes on which i is a source Fi(t) – set of routes on which i is a forwarder

0

ti

t

u t

where: – discounting factort – time

time0time slot: 1 t

Payoff: uA(0) uA(1). uA(t). t

Example :


Representation of the nodes as players

• Node i is playing against the rest of the network (represented by the box denoted by A-i )• : strategy function of node I• The strategy of node I is defined by its strategy function and its initial cooperation level

mi(0) • Node I chooses its strategy (cooperation level) at time t based on the normalized

throughput it experienced in time slot t-1 on the route where it is a source

yi

xi

A-i i

Strategy function for node i:

where:(r,t) – experienced throughput of route r at time t


Examples of strategies

1)( ii y

iii xy )(

0)( ii y

StrategyFunctionInitial

cooperation level

AllD (always defect)

AllC (always cooperate)

TFT (Tit-For-Tat) (mimics the strategy of its opponent in the previous time slot)

0

1

1

non-reactive strategies: the output of the strategy function is independent of

the input (example: AllD and AllC) reactive strategies:

the output of the strategy function depends on the input (example: TFT)

where yi stands for the input

iii yy )(


Concept of dependency graphdependency: the benefit of each source is dependent on the behavior of its forwarders•Figure (a) shows a network with 5 routes•Figure (b) shows the correspondent dependency graph (an arrow from I to j means behavior of I has an effect on the benefit of j = I is an intermediate node for source j)

dependency loop

A Dependency loop L of node I is a sequence (I,v1),(v1,v2),…,(v(l-1),vl),(vl,i) of edges in the dependency graph.


dependency loops There exist two kinds of dependency loops:

– Reactive dependency loop:• A dependency loop of I in which all nodes other than I

play reactive strategies.– Non-Reactive dependency loop

• A dependency loop of I in which all nodes other than I play non-reactive strategies.

It is interesting to find possible Nash equlibria of packet forwarding strategies– In such strategy profiles the nodes would be better off by

cooperating

10


Analytical Results (1/2)

0)( IF

Theorem 1: If node i does not have any dependency loops, then its best strategy is AllD.

Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD.

Corollary 1: If every node plays AllD, it is a Nash-equilibrium.

0)( IE

node i

node playing a non-reactive strategy

other nodes


Analytical results (2/2)

Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.

Theorem 3 (simplified): Assuming that node i is a forwarder, its best strategy will be to cooperate only if it has a dependency loop with each of its sources

Example in which Corollary 2 holds:

A B

C

A B

C

Network Dependency graph


Classification of scenarios

D: Set of scenarios, in which every node playing AllD is a Nash equilibrium

• set of all possible scenarios (from Corollary 1)

C: Set of scenarios, in which a Nash equilibrium based on cooperation is not

excluded by Theorem 1

C2: Set of scenarios, in which cooperation is based on the conditions expressed in

Corollary 2

• A classification of scenarios from the cooperation perspective


Simulation settings

Number of nodes 100, 150, 200

Area size 1500x1500m, 1850x1850m, 2150x2150m

Radio range 200 m

Distribution of the nodes random uniform

Number of routes originating at each node

1-10

Route selection shortest path

Number of simulation runs 1000


Simulation results

• The scenarios in set C in the classification (see slide 13) • Result: the necessary condition expressed by theorem 1 is a strong requirement for

cooperation in realistic settings (i.e. for a reasonably low no. of routes per node)


Part I: Summary Analytical results:

– If everyone drops all packets, it is a Nash-equilibrium– In theory, given some conditions, a cooperative Nash-

equilibrium can exist ( i.e., each forwarder forwards all packets )

Simulation results: – In practice, the conditions for cooperative Nash-equilibria

are very restrictive : the likelihood that the conditions for cooperation hold for every node is extremely small

Consequences:– Cooperation cannot be taken for granted– Mechanisms that stimulate cooperation are necessary

• incentives based on virtual currency• reputation systems


Part II: Secure protocols for behavior enforcement Motivation:

17

Packet forwarding consumes resources– Nodes are rational => Maximize their own payoff– We have seen that cooperation does not happen naturally for

packet forwarding in self-organized networks– Cooperation must be encouraged

Provide incentive to cooperate within Routing and Forwarding protocols

using a game theoretic approach


Part II: Outline• Introduction

– Incentives– System Model

• Model– Dominant action/subaction– Cooperation optimal protocol

• Protocols– VCG payments with correct link cost establishment– Forwarding protocol with block confirmation

• Conclusion

18


Introduction Routing protocol

– Discover efficient routing paths

Packet forwarding protocol– Forward packets for other sources– A micropayment system is required to provide

incentives to the nodes after they relay packets fro others

19


Possible incentives Possible incentive strategies:

– Punish: Reputation, Jamming, Isolation– Reward: Virtual currency

Possible incentives:– Internally: With intrinsic mechanisms (e.g., deny

communication, jam)– Externally: by dedicated protocols

20

Incentive

Punish Reward

Internal External Internal External


System Model

iii cbu

21

Ad-hoc networks as non-cooperative strategic games • Called “Ad Hoc Games”

Nodes can withhold, replace or send a message

Nodes can transmit at discrete power levels Pi

Channel model: • Packet successfully transmitted if Ptransmission >= Pmin

– Pmin = minimum power to reach receiver• No errors (BER = 0)

We define the payoff of a node as:– bi = benefit (reward, by micro-payment)– ci = cost of forwarding (energy, overhead,…)


Formal Model

iiiiii aauaau ,,

22

Dominant Action: – A dominant action is one that maximizes player i

payoff, no matter what actions other players choose

Example: Joint packet forwarding game

– Imperfect information– Message from S to D– Two players: p1 and p2

• p1 has no dominant action• p2’s dominant action is F

p1\p2 F D

F (1-c,1-c) (-c,0)

D (0,0) (0,0)

S P1 P2 D


Formal Model

,r fi i ia a a

23

Each node action is comprised of two parts: is node i’s subaction in the routing stage

(what it is supposed to do in the routing stage) is node i’s subaction in the forwarding stage (what it really does in the forwarding stage)

fia

ria

• Routing decision R: determined by the routing subactions of all nodes • A node’s prospective payoff is determined by R and by the nodes’ subactions :

ra fia

• Given a routing decision R, a node’s prospective routing payoff, is the payoff that it achieves under the routing decision assuming that all nodes are faithful in their packet forwarding subaction to the one they have declared in the routing subaction, would be:


Routing stage

, ,R r r R r ri i i i i iu a a u a a

24

Dominant subaction:– In a routing stage, a dominant subaction of a node

is one that maximizes its prospective payoff no matter what subactions other players choose in this stage:

A routing protocol is a routing-dominant protocol to the routing stage if following the protocol is a dominant subaction of each potential forwarding node in the routing stage


Forwarding stage

p1\p2 F D

F (1-c,1-c) (-c,0)

D (0,0) (0,0)

25

A forwarding protocol is a forwarding-optimal protocol to the forwarding stage under routing decision R if– All packets are forwarded to their destinations– Following the protocol is a subgame perfect equilibrium under

R in the forwarding stage.

A path is said to be a subgame perfect equilibrium if it is a Nash equilibrium for every subgame

Node 1

Node 2

Last node

forward

forward

forward

drop

drop

drop


Cooperation-Optimal Protocol

A protocol is a cooperation-optimal protocol to an ad-hoc game if

– Its routing protocol is a routing-dominant protocol to the routing stage

– For a routing decision R, its forwarding protocol is a forwarding optimal protocol to the forwarding stage

26


Protocol for routing stage Two required fundamental operations:

1. To estimate how much should be paid for node’s cooperation each link of the route the appropriate reward level• Should take into account how much energy the nodes

have to spend to do the operation • It is also interesting to consider in calculating the reward

for a node that what the price would be if that node was not included in the route

2. How to make sure that the nodes cannot cheat about these estimate

27


VCG for routing protocols We use VCG: Vickrey, Clarke, and Groves

Nodes independently compute and declare their packet transmission cost to destination

Destination computes Lowest Cost Path (LCP)

Source rewards the nodes – declared cost + added value

The added value is the difference between LCP with the node and without it– Incentive to declare the true price => Truthful

28


Example of VCG

29

Least cost path from S to D:LCP(S,D) = S, v2, v3, Dwith cost(LCP(S,D)) = 5 + 2 + 3 = 10 Least cost path without node v2:LCP(S,D;−v2) = S, v1, v4, Dwith cost(LCP(S,D);−v2) = 7 + 3 + 4 = 14

Least cost path without node v3:LCP(S,D;−v3) = S, v2, v4, D with cost(LCP(S,D);−v3) = 5 + 3 + 4 = 12.

VCG payments:bi=cost(LCP(S,D;-i))-cost(LCP(S,D)-{i})=cost(LCP(S,D;-i))-cost(LCP(S,D))+cost({i})

•LCP(S,D): ;-i): the path with the lowest cost claimed from S to D •LCP(S,D;-i): the path with the lowest cost claimed from S to D that does not include i •cost({i}): the cost of the link on LCP(S,D) starting from i

b2 = 14 − 10 + 2 = 6b3 = 12 − 10 + 3 = 5These values represent the unit payment (the payment for one forwardeddata packet) to nodes v2 and v3, respectively.


Cheating about the power level Assume mutual computation of link cost:

– Nodes i and j both are involved in measuring Pi,j– Pi,j is the minimum power level required to transmit packets from i

to j

Consider a node i and its neighbor j1. Node i cheats by making Pi,j larger:

– Node j is less likely to be on LCP– Node j’ s payment will decrease.

2. Node j can respond by cheating and making Pi,j smaller:– Node j would be more likely to be on LCP– Node j increases its payment

VCG is thus not truthful in this case

30

i jPi,j


Prevent cheating about link costs Computation of link cost (computing transmission costs between

neighboring nodes) using TESTSIGNAL messages TESTSIGNAL messages are sent by a node, i, to its neighbors at different

power levels (in an increasing order) The neighbors, j, will receive only the ones sent with a power equal or

higher than the minimum required power

Any neighbor, j, will inform the rest of the network (and therefore the destination) about the observed power levels by sending ROUTEINFO messages

The destination builds up a matrix of all costs of the links to compute the lowest cost path

31

i j[cost3]K¦HMAC D[cost2]K¦HMAC

[cost1]K¦HMAC

[cost4]K¦HMAC

[cost3]K¦HMAC

[cost4]K¦HMAC


Prevent cheating about link costs A node, after receiving the first TESTSIGNAL message for a route (a source-

destination pair) will perform the same operation for estimation of the power needed to reach its own neighbors.

Both TESTSIGNAL and ROUTEINFO message need to be cryptographically protected to prevent any forwarding nodes from altering the power levels

– Nodes share a symmetric key with D – Nodes send an encrypted and signed test signal at increasing power levels containing

cost information– Messages are protected from forging with HMAC– The power information in TESTSIGNAL is encrypted by the node initiating it and will be

re-encrypted by the neighbor receiving it and inserted in the ROUTEINFO message; therefore the second node can not modify the power level needed to reach it (can not increase it chance of being on the selected route or to increase its payment)

– Complexity (computation at the destination): O(N^3)

Once the destination has decided about the lowest cost path, it will send a message back along the path informing the intermediate nodes being on the path and also about the power with which each intermediate node must forward the data packets

32


Conclusion on the routing stage

33

Theorem 1: If the destination is able to collect all involved link costs as described above, then the described protocol is a routing dominant protocol to the routing stage.


Protocol for forwarding stage

rrH 32

34

In the transmission phase the source and the intermediate nodes forward the packets at the power levels identified in the routing phase

S bundles messages in blocks

With mth block, S sends confirmation rn-m encrypted with the key shared between S and D, where n is the number of blocks

After receiving a block, the destination decrypts rn-m and send it back in clear text along the path

r is made public by source in an authenticated way Nodes can verify the confirmation by applying the hash function m

times on it– For example, the destination should confirm block 2 by sending r5-2=r3

– Nodes can verify:

r1

m1 m2 m3 m4 m5 m6 m7 m8 m9

b1 b2 b3 b4 b5

Hr0 H Hr2 r=r5H


Theorems

35

Theorem 2: Given a routing decision R, assuming that the computed payment is greater than the cost, the reverse hash chain based forwarding protocol is a forwarding optimal protocol.

Theorem 3: The complete protocol (routing protocol and packet forwarding protocol) is a cooperation-optimal protocol to AdHocGames.


Part II: Summary We considered selfishnesh in both routing and

forwarding phases of ad hoc networks

We have seen how the problem could be studied using game theory

It was described how protocols aiming at simulating cooperation can be secured by appropriate cryptographic protocols

Cooperation optimal protocol– Routing dominant + Forwarding optimal– Routing based on VCG– Forwarding based on Reverse Hash Chain

36

Date post:	11-Feb-2016
Category:	Documents
Upload:	ursula
View:	39 times
Download:	0 times

Selfishness in packet forwarding/ Secure protocols for behavior enforcement

Documents