Secure Protocols for Behavior Enforcement

Slides elaborated by Julien Freudiger and adapted by Jean-Pierre Hubaux

http://secowinet.epfl.ch

Note: this chapter (and therefore this slide show) is derived from the paper by S. Zhong, L. Erran Li, Y. Liu, and Y. R. Yang, “On

Designing Incentive-Compatible Routing and Forwarding Protocols in Wireless Ad Hoc Networks”, Mobicom 2005

Security and Cooperationin Wireless Networks

2

Motivation

• Packet forwarding consumes resources– Nodes are rational => Maximize their payoff

– Nodes avoid forwarding

Provide incentive to cooperate

within Routing and Forwarding protocols using a Game Theoretic approach

3

Outline

1. Introduction– Incentives– System Model

2. Formal Model– Dominant action/subaction– Cooperation optimal protocol

3. The Corsac Protocol– VCG payments with correct link cost establishment– Forwarding protocol with block confirmation

4. Evaluation

5. Conclusion

4

1. Introduction

• Routing protocol– Discover efficient routing paths: global welfare– Deal with selfish nodes: local welfare

• Packet forwarding protocol– address the fair exchange problem

=> Joint Incentive

5

• Incentive strategy:– Punish: Reputation, Jamming, Isolation

– Reward: Virtual currency

• Incentive is achieved:– Internally: With 802.11 primitives

– Externally: Dedicated protocols

Incentives

Incentive

Punish Reward

Internal External Internal External

6

• Ad-hoc networks as uncooperative strategic games • Called Ad Hoc Games

• Channel model: • Packet successfully transmitted if Ptransmission >= Pmin

– Pmin = minimum power to reach destination

• No errors (BER = 0)

• Nodes can withhold, replace or send a message

• Node can transmit at any power level

• We define the payoff of a node as:– bi = benefice (reward)– ci = cost of forwarding

System Model

iii cbu

7

2. Formal Model

• Dominant Action: – A dominant action is one that maximizes player i payoff no

matter what actions other players choose

Example: Joint packet forwarding game

– Imperfect information– Message from S to D– Two players: p1 and p2

• P1 has no dominant action• P2 dominant action is F

iiiiii aauaau ,,

S P1 P2 D

p1\p2 F D

F (1-c,1-c) (-c,0)

D (0,0) (0,0)

8

Forwarding Dominant

• A forwarding protocol is said forwarding dominant protocol if following the protocol is a dominant action

• We need incentives to enforce cooperation

Theorem 1: There does not exist a forwarding-dominant protocol for ad-hoc games.

9

Formal Model for Divided Solution

• Each node actions is divided into two parts:

– Routing subaction: A routing decision specifies what node is supposed to do in the forwarding stage

– Forwarding subaction: Specifies what the node actually does

• The total payoff comprises both subactions

firii aaa ,

fr aaRR ˆ

fii aRuu ,

10

Routing stage

• Routing payoff of a node is the payoff that it will achieve under the routing decision

• Dominant subaction:– In a routing stage, a dominant subaction is one that

maximizes its routing payoff no matter what subactions other players choose.

• A routing protocol is a routing-dominant protocol to the routing stage if following the protocol is a dominant subaction of each potential forwarding node in the routing stage

riri

Ri

ri

ri

Ri aauaau ,,

fiRi aRuu ˆ,

11

Forwarding stage

• Consider an extensive game model with imperfect information

• A forwarding protocol is a forwarding-optimal protocol to the forwarding stage under routing decision R if– All packets are forwarded to their destinations– Following the protocol is a subgame perfect equilibrium

• A path is said to be a subgame perfect equilibrium if it is a Nash equilibrium for every subgame

Node 1

Node 2

Last node

forward

forward

forward

drop

drop

drop

p1\p2 F D

F (1-c,1-c) (-c,0)

D (0,0) (0,0)

12

A protocol is a cooperation-optimal protocol to an ad-hoc game if

1. Its routing protocol is a routing-dominant protocol to the routing stage

2. For a routing decision R, its forwarding protocol is a forwarding optimal protocol to the forwarding stage

Cooperation-Optimal Protocol

13

3. The Corsac Protocol

• Corsac is a cooperation optimal protocol

– Routing:• VCG

– Forwarding:• Reverse Hash chains

14

• Nodes independently compute and declare their packet transmission cost to destination

• Destination computes Lowest Cost Path (LCP)

• Source rewards the nodes – declared cost + added value

• The added value is the difference between LCP with the node and without it– Incentive to declare the true price => Truthful

VCG for routing protocols

15

Example of VCG

Least cost path from S to D:LCP(S,D) = S, v2, v3,Dwith cost(LCP(S,D)) = 5 + 2 + 3 = 10 Least cost path without node v2:LCP(S,D;−v2) = S, v1, v4,Dwith cost(LCP(S,D);−v2) = 7 + 3 + 4 = 14

Least cost path without node v3:LCP(S,D;−v3) = S, v2, v4,D with cost(LCP(S,D);−v3) = 5 + 3 + 4 = 12.

VCG payments:p2 = 14 − 10 + 2 = 6p3 = 12 − 10 + 3 = 5

These values represent the unit payment (the payment for one forwardeddata packet) to nodes v2 and v3, respectively.

16

VCG flaw• Assume mutual computation of link cost

• Consider a node i and its neighbor j1. Node i cheats by making Pi,j greater:

– Node j is less likely to be on LCP– Node j payment will decrease.

2. Node j responds by cheating and making Pi,j smaller:– Node j more likely to be on LCP– Node j increases its payment

• VCG is not truthful in this case– Possible to cheat in determining link cost

i jPi,j

17

Truthful VCG

• Assume private computation of link cost

• Protocol for VCG link cost establishment:– Nodes share a symmetric key with D – Nodes send an encrypted and signed test signal

at increasing power levels containing cost information– Messages are protected from forging with HMAC– O(N^3)

i j[cost3]K¦HMAC

D[cost2]K¦HMAC

[cost1]K¦HMAC

[cost4]K¦HMAC

[cost3]K¦HMAC

[cost4]K¦HMAC

18

VCG conclusion

Theorem 2:

If the destination is able to collect all involved link costs as described above, then the VCG protocol is a routing dominant protocol to the routing stage.

19

r1

Forwarding Protocol

• Messages bundled in blocks

• Block confirmation with a Reverse Hash Chain

– r is made public by source in an authenticated way

– Confirmation of block 2 is done by sending r(5-2)=r3

– Nodes verify

m1 m2 m3 m4 m5 m6 m7 m8 m9

b1 b2 b3 b4 b5

Hr0 H Hr2 r=r5

H

rrH 32

20

Fair Exchange Problem

• Source and intermediate nodes can disagree about successful transmission of a block

• Mutual decision = contract between source an intermediate nodes– Confirmation is sent with the last packet of each block to

destination– Destination forwards confirmation to intermediate nodes if block

correctly received– Intermediate nodes stop forwarding if do not get confirmation

• Eliminates incentive to cheat– Disregarding the protocol blocks the protocol

21

Cooperation Optimal

Theorem 3:

Given a routing decision R, assuming that the computed payment is greater than the cost, the reverse hash chain based forwarding protocol is a forwarding optimal protocol.

Theorem 4:

The Corsac protocol is a cooperation-optimal protocol to ad-hoc games.

22

• Nodes that accumulate more credits spend more energy in forwarding others’ traffic

=> The protocol is fair

4. Evaluation (1)

23

Evaluation (2)Consider the following topology:

24

+ = paymentX = cost

Node 19 as session source:

Evaluation (3)

Reach destination directly

25

Evaluation (4)Node 28 as session source:

+ = paymentX = cost

Node 3 is criticalpoint

Mainly the topology that determines payment

26

Future challenges

• Modeling – Interference and mobility

• unreliable link harden use of incentive

• Game theoretic model assumes – Tamper proof Hardware to compute best path at destination– Payment center to resolve payment issues

• Performance vs. incentive compatibility– Control channel overhead– Throughput– Complexity

27

5. Conclusions

• Cooperation optimal protocol– Routing dominant + Forwarding optimal– Routing based on VCG– Forwarding based on Reverse Hash Chain

• Corsac provides incentives for cooperation– Protocol is fair– The topology determines payment– The incentive protocol reduces the network traffic

28

References

[1] « On Designing Incentive-Compatible Routing and Forwarding Protocols in Wireless Ad-Hoc Networks ». Sheng Zhong, Li Erran Li, Yanbin Grace Liu and Yang Richard Yang. Mobicom 2005

[2] « Security and Cooperation in Wireless Networks ». Levente Buttyan and Jean-Pierre Hubaux. Book Cambridge University Press, Chapter 12

[3] « Punishement in Selfish Wireless Networks: A Game Theoretic Analysis ». Dave Levin. NetEcon 2006

[4] « On Selfish Behavior in CSMA/CA Networks ». Mario Cagalj, Saurabh Ganeriwal, Imad Aad and Jean-Pierre Hubaux. Infocom

2005

[5] « Ad hoc-VCG: A Truthful and Cost-Efficient Routing Protocol for Mobile Ad hoc Networks with Selfish Agents ». Luzi Anderegg and Stephan Eidenbenz. Mobicom 2003