Post on 14-Jan-2016
description
Dealing with Selfish and Malicious Nodes in Ad Hoc Networks
What are they?
Selfish nodes– 損人利己
Malicious nodes– 損人不利己,白開心
How likely are they to exist?
Watchdog and Pathrater
“Mitigating routing misbehavior in mobile Ad hoc networks,” Mobcom’00.
Watchdog and Pathrater
Misbehaving nodes– Selfish, malicious, overloaded, broken
Basic idea: identify misbehaving nodes and avoid them in routing.
Watchdog
A scheme to identify misbehaving nodes On top of dynamic source routing Monitors next node’s transmission Tallies its misbehaviors Reports its misbehaving status when tally
reaches a threshold
A B CS
D
Pathrater
Watchdog’s Weakness (1)
Ambiguous collision: while A is monitoring B’s forwarding, it hears a collision.
Question: has B forwarded the packet?
A B CS
D
Watchdog’s Weakness (2)
Receiver collision: a packet forwarded by B may collide at C.
Problem: a selfish B may choose to forward any packet only once?
A B CS
D
Watchdog’s Weakness (3)
Partial dropping: the watchdog reports misbehavior only if it reaches a threshold.
Problem: a selfish node may choose to drop packets at a “safe” rate?
Watchdog’s Weakness (4)
Collusion: two or more nodes collude to cheat.
Example: C always drops packets, but B does not report it.
A B CS
D
The Confidant Protocol
Buchegger & Boudec, “Performance Analysis of the Confidant Protocol,” Mobihoc’02
The Self Gene (a book by Richard Dawkins)
Three kinds of birds:– Sucker 以德報怨者– Cheat 自私自利者– Grudger 禮尚往來者
In a population with 50% suckers and 50% cheats, both groups will lead to extinction.
In a population with a majority of cheats and marginal groups of suckers and grudgers, only grudgers survive.
The Watchdog and Pathrater Scheme
Basic idea: identify misbehaving nodes and avoid them in routing.
The scheme does not punish misbehaving nodes, whose packets get forwarded as usual.
Two kinds of nodes: suckers and cheats.
The Confidant Scheme
Treat misbehaving nodes as cheats.
Treat non-misbehaving nodes as grudgers, rather than suckers.
Do not forward misbehaving nodes’ packets.
The Nuglet Scheme
Buttyan and Hubaux, “Stimulating cooperation in self-organizing mobile ad hoc networks,” MONET 2002.
Selfish nodes, malicious nodes
Malicious nodes– Hard to deal with– Uncommon
Selfish nodes– Very common– Easies to deal with– Interested in their own interests.
Consider selfish nodes first.
The Nuglet Scheme
Nuglet counter: a tamper-proof counter
Can send a packet only if you have enough nuglets.
-3+1 +1 +1
Analysis of the Nuglet Scheme (1)
What to analyze? Assuming each node is interested in
maximizing the number of its own outgoing packets.
Can send (B+C)/(N+1) own packets, if you forward (NB-C)/(N+1) packets for others, where
– C: initial number of nuglets– B: amount of battery (in terms of # of packet
transmissions)– N: cost of each outgoing packet
Analysis of the Nuglet Scheme (2)
Four possible forwarding strategies:If f < (NB-C)/(N+1) then unconditionally forward forward if c ≤ C, and forward with some
probability if c > C forward if c ≤ C forward with some probability if c ≤ C where c = current nuglet countWhich strategy is best for selfish nodes?
Analysis of the Nuglet Scheme (3)
Best strategy in what sense? Ro = rate of generating own packets Rf = rate of incoming packets for forwarding Zo = # own packets sent / # generated Selfish node wishes to maximize
– # of own packets sent, i.e. (B+C)/(N+1) – Zo
Which strategy is best for selfish nodes?
Implementation Issues
A security module containing the nuglet counter and some other functions.
All outgoing packets must pass this module. Must be able to distinguish between own and
others’ packets. Ensure it does forward others’ packets which
have gone thru the security module.– Cash on delivery– Nuglet synchronization, mobility problem
The Sprite System
Zhong & Chen & Yang, “Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad-Hoc Networks,” Infocom’03
Sprite
Dealing with only selfish nodes. An all-software solution; no need for tamper-
proof hardware. Credit based. Game theory based.
Architecture
Who Pays whom? And How much?
The nuglet scheme
Why?
-3+1 +1 +1
Who pays whom?
Three options : Sender Destination Both sender and destination
senderdestination
Who pays whom?
Three options: Each intermediate node Each intermediate node who ever forwards
the message Each intermediate node who successfully
forwards the message– The next node should report to CCS on receiving
the message
Payment scheme
Has to deal with selfish nodes
Possible Cheating Actions
After receiving a packet– Reports a receipt, drops the packet– Reports no receipt (& drops or forwards the packet)
Receiving no packet– Reports a receipt
To CCS
Objectives of Payment Scheme
Motivating nodes to forward packets
Motivating nodes to report receipts
Preventing false receipts
Motivating nodes to forward packets
β≥ 0
Motivating nodes to report receipts
The sender pays
Preventing false receipts
γ= 1 if destination reports receipt of packet γ« 1 otherwise
The Receipt-Submission Game (1)
Players: the nodes from sender to destination,
Truth (Ti): each player either – has received the packet or – has not received the packet.
Game (2)
Action (Ai): each player either – reports a receipt to CCS, or– does not report a receipt to CCS.
Cost of action:
Game (3)
Payment: as described earlier.
Welfare (Utility):
Game (4)
Strategy: each player may – tell the truth (Ai = Ti), or– cheat (Ai ≠ Ti).
Optimal strategy for a player: a strategy that brings the player the maximum welfare regardless other players’ strategies.
Theorem: Telling the truth is an optimal strategy if the destination does not cheat and
Game (5)
Theorem: Telling the truth is an optimal strategy if the destination does not cheat and
Theorem: Any group of colluding players cannot cheat to increase their total welfare.
The game is cheat-proof.
Zen (禪 ) Approaches
A Zen Approach (1)
“敢問師父 , 如何處理 selfish nodes?”
“ 老僧這裡不用電腦 !”
A Zen Approach (2)
“敢問師父 , 如何處理 selfish nodes?”
“至道無難,唯嫌擇揀。老僧這裡不計較 ! ”
A Zen Approach (3)
“敢問師父 , 如何處理 selfish nodes?”
師棒之。