Incentive Based Routing
Protocols In
Ad Hoc Networks
Vinay Shah
CSE 620
Overview





Basics…Ad Hoc Networks
Motivation
Definition
Steps for Engineering Incentive Schemes in a protocol
Incentive based Routing Protocols
 Reputation based:
 SORI
 Credit Based:
 SPRITE
Basics…Ad Hoc Networks





Set of nodes who wish to communicate without any network
infrastructure.
All nodes equipped with transmission and receiving capability
Not every node is in the range of every other node.
Thus the node has to take assistance of intermediate nodes if it
want to transmit packets to other nodes not in its range of
transmission.
Usage: E.g. For communication during emergency and military
situations (Cooperative ad hoc networks) or in general when
nodes want to communicate in a civilian domain (NonCooperative ad hoc network)
Motivation







Overview: An ad hoc routing protocol
The routing function is distributed among the participating nodes
Current ad hoc routing protocols assumes that all the nodes are
cooperative
However, forwarding of packets consumes resources such as
battery power which are scarce.
If the nodes in an non cooperative network belong to different
users, they don’t have any incentive to cooperate
The routing component of any such protocol will not work if the
nodes are selfish as the information provided by nodes may not
be correct
Thus to prevent this, protocols should have an incentive scheme
associated with them.
Definition: Incentive based Schemes





In ad hoc networks, devices have to cooperate.
Autonomous devices tend to abstain from cooperation.
Incentive schemes have been proposed as a means of fostering cooperation under
these circumstances
Note: In order to work effectively, incentive schemes need to be carefully tailored to
the characteristics of the cooperation protocol they should support.
E.g. If Node A wants to Communicate with Node Z (Z not in its radio range). The
intermediate nodes B, C … Y need some kind of incentive to use their resources to
forward packets.
A
B
C
…………...
Z
Engineering Incentive based Protocols
The systematic design of incentive schemes comprises several steps.

Analysis: The engineer analyzes and adjusts the cooperation
protocol that requires an incentive scheme.

Design: Design decisions have to be made regarding the choice of
incentives, who should get the incentives and the means of
implementing them.

Evaluate: The resulting cooperation protocol is evaluated by
applying an appropriate evaluation method.
Analysis
Questions that need to be answered




What kinds of inter-entity cooperation exist?
Determined by the cooperation protocol the entities run.
Which steps of the cooperation protocol are not beneficial to the
executing entity?
Is the behavior perceptible? If yes, how costly and reliable is such
perception?
Adjustments needed to make protocol more perceptible? There are
several Perception mechanisms:
Digital signatures: Check the authenticity of the sender and If
entities of the forwarding path altered the packet.
Redundancy: E.g. Extend the protocol to accommodate the
issuance of receipts
Over Hearing: Over hear to check if the entity is behaving as it
should
Design






Design decisions
Which type of behavior should be remunerated and which type should be
taken as granted.
How should a defecting entity be punished?
Choice of appropriate incentives
An incentive pattern induces that an entity enters into a otherwise detrimental
commitment
Incentive patterns fall into two classes:
 Trust based: Entity may believe that its peers will reciprocate by entering
into future commitments.
 Trade based: Entity is convinced to enter into a commitment if its peers
enter into commitments that are beneficial for itself. Notes/Credits is a
trade based approach
If exchange protocols are not viable, use distributed reputation systems
Evaluation









Simulations provide the only cost-efficient means for such evaluation
Evaluations focused on the total utility of the participating entities
Evaluate the fairness of the incentive scheme with respect to the
individual utility/costs that arise from cooperation
High degrees of fairness indicate that entities have to exhibit cooperative
behavior in order to benefit from the behavior of other entities.
Cooperation protocol has to be modeled appropriately in order to obtain
meaningful simulation results.
Objectives of the evaluation: The engineer has to measure the total
utility u and the total costs c that arise from cooperation.
If the objectives of the evaluation include fairness, the individual utility ui
and individual costs ci have to be measured separately for every entity
A straightforward means of correlation is the calculation of a regression
line between the individual utilities and costs.
In case of good linear correlation, the slope of the regression line
indicates the magnitude of the incentive effects.
Some definitions


Malicious Entity: Aims at breaking the co operative paradigm to
intentionally damage others
Self-Interested Entity: Unwilling to spend its resources on behalf of others.
Does not intend to damage the overall functioning
Incentive Schemes
Reputation based scheme
 SORI: A Secure Objective Reputation based Incentive scheme
Pricing/Credit Based Scheme
 SPRITE: Simple Cheat Proof Credit Based System for Mobile Ad hoc
Networks


Some Definitions


Malicious Entity: Aims at breaking the co operative paradigm to
intentionally damage others
Self-Interested Entity: Unwilling to spend its resources on behalf of others.
Does not intend to damage the overall functioning
SORI
A Secure Objective Reputation based
Incentive scheme
Features
Assumptions
Basic Scheme
Security Enhancements
Simulation results
Conclusion
Features





Reputation of the node used as an incentive to cooperate
Reputation quantified by objective measures
Propagation of reputation is computationally efficient and secured
Reputation propagated only to its neighbors. Does not flood
reputation information across the whole network
Also has a punishment scheme to punish nodes which exhibit
selfish behavior
Assumptions







Non cooperative nodes: Nodes are non cooperative by nature
No conspiracy among nodes: Two nodes do not work together to
cheat
Broadcast Transmission: Nodes communicate using a broadcast
transmission medium
Desire to Communicate: Nodes have a desire to communicate with
each other
Invariant Identity: Identity does not change over time
Nodes are Selfish but not Malicious. Protocol designed to deal with
selfish nodes
Promiscuous mode is enabled in each node
Basic Scheme


A] Neighbor Monitoring
Each node N Maintains:
1. Neighbor Node List (NNLN)
2. For Each Neighbor X,
Request-for-Forwarding (RFN(X)): Total no of packets node N has
transmitted to X for forwarding
Has Forwarded (HFN(X)): Total no of packets forwarded by X and
noticed by N
For each Neighbor X, it can calculate
Local Evaluation Record ( LERN(X) )
 GN(X) = RFN(x) / HFN(x)
 Confidence CN(X) describes how confident node N is on its judgment of
the reputation of X. CN(X) = RFN(x) for the current scheme
Basic Scheme continued …


B] Reputation Propagation
Neighbors share the reputation information of other nodes
Works as follows:
 Each node Periodically updates its LERN(X) for each X
 Broadcasts the updated record if GN(X) has significantly changed
 Node N uses its LERN(X) and LERi(X) (I in NNLN) to calculate Overall
Evaluation Record (OERN(X)) as follows

Where λN(i) is the credibility of node i from the perspective of N.
Currently λN(i) = GN(i), λN(N) = 1 and λN(i) = 0 if RFN(i) = 0
SORI: Basic Scheme continued …
Punishment

N can punish its neighbor X by probabilistic dropping as follows. If OERN(X)
falls lower than a preset threshold, the probability of dropping is p

where q = 1 – OERN(X) and 0<δ<1
δ is the margin introduced. Why?


Dropping could be because of collusion
 Without the margin, node keep on increasing dropping probability and eventually
fall into retaliation situation
 δ helps well behaved nodes to treat its neighbor a little more generously
Basic Scheme: Summary & Remarks







Neighbor Monitoring: Collect information about misbehavior
Reputation Propagation: Share information to make reputation measure
more accurate
Punishment: Encourage packet Forwarding and discipline selfish nodes
Reputation is objectively measured based on packet forwarding ratio
Reputation of a node is weighted by confidence
Reputation is also weighted by credibility
Limitation: Objectivity of the reputation calculation depends upon probability
of transmission collision. HFN(X) may not be correct due to packet collision
in wireless medium
Security Enhancements



To fix the vulnerabilities in the basic scheme
A selfish node can play the following tricks to benefit itself
 Impersonate a node nearby that has a good reputation to forward its
own packets.
 Impersonate a node nearby that has a good reputation to broadcast
fake observation information to boost its calculations by the other nodes
Authentication mechanism is used to fix these issues and is based on one
way hash chain.
Security Enhancements

Node gets its identity IDN as follows:

N chooses a random number rN and a pseudo random function H. IDN = HK(rN) where

N broadcasts ID(N) which is received by all its neighbors
 Neighbor puts this identity in their NNL and uses it to authenticate messages

Procedure for Message Authentication

N partitions the time into equal intervals and assigns the ith interval with a key (Ki) where
Ki = HK-i(rN) in the one way hash chain.
 The content of the packet sent in the ith interval is { Mi||MAC(K’i,Mi)||Ki-d} where
Mi = Message to be sent, K’i = f (Ki), where f : second pseudo Random Function
d: disclosure delay. Hence (i-d)th message is authenticated by Ki-d disclosed in the ith
interval

Receiver Side Algorithm

Check if the key used by the message is already disclosed
If yes then discard the message as the message might be forged
 If not, cache the message and check its authenticity at the time when k i is
disclosed.
 A packet with an invalid MAC will be discarded



This Enhancement makes it difficult for selfish node to cheat. This is
because MAC is difficult to forge without the key of that node
This design eliminated the need of a PKI or other network authentication
infrastructure.
In addition, One way Hash is computationally cheaper than digital signature
used in many other schemes
Simulation Results






Simulation settings:
Simulator: ns2
Parameters: 50 mobile nodes, 670 X 670square meter, IEEE 802.11 DCF
Mac layer, DSR as the routing protocol,250 meters transmission range, data
rate = 2Mb/s, Physical layer is either free space or two ray propagation
model. Antenna height: 1.5 m
5 nodes are randomly chosen to be selfish nodes. They probabilistically
drop packets unless they are the destination
Nconn randomly generated source destination pairs(connections). Each last
for 10 simulated seconds. CBR traffic model used.
δ set to 0.1 for all simulations
Avg throughput for (well behaving/selfish) node is obtained as follows
 Summing up no. of packets correctly received by all (well behaving/selfish) node
 Divide by total no of corresponding (well behaving/selfish) nodes
 Divide result by total simulation time 1000s



Fig 1: Throughput under various number of
connections
CBR fixed to 1 pkt/sec
For each simulation Nconn is fixed but varies
across connections form 10 to 40
On average, selfish node suffers 50%
throughput reduction




Fig 2: Throughput under various Data rate
CBR changes from 1 to 10 pkt/sec
For each simulation Nconn is fixed = 10
Well Behaving node has higher throughput
than selfish
Throughput difference reduces with increase
in data rate?
Performance




Fig 3: Throughput
Dropping probability varies form 10 to 100%. Fixed for
each simulation
Nconn = 10 fixed
CBR connections = 1 packet/sec
As the dropping probability of selfish nodes increases,
the gap increases




Fig 4: Communication Overhead
Selfish nodes drops all packets unless its the
Source/Destination
CBR Data rate = 1 packet/sec
Overhead incurred is not more than 8%
Overhead increase with increase in Nconn
SPRITE
Simple Cheat Proof Credit Based System for
Mobile Ad hoc Networks
Features
Assumptions
Basic Scheme
Security Enhancements
Simulation results
Conclusion
Features







Does not require any tamper proof hardware
Focuses on selfish nodes
Uses Credit to provide incentive to selfish nodes.
Node receives a message, it keeps a receipt of the message
When a fast connection to a CCS (Credit Clearance Service)
available, it reports the packets it has received/forwarded by
uploading the receipts
Depending upon the receipts submitted, CCS determines charge
and credit to each node
Issues to be addressed:

Security Aspect: Each node is autonomous and the charge and credit is
based on receipts submitted by each node
 Incentive Aspects: Node should receive enough credit for forwarding a
message so it can send its own message with the received credit
Basic Scheme

System Architecture:

Assumptions:
 Sender knows the full path to the destination
 Node equipped with a certificate issued by a scalable certificate authority for
identification.
 CCS is trusted in terms of maintaining credit balance
 CCS may not be trusted in terms of message authenticity
Node Sending a message will loose credit while node forwarding a message will gain
credit
Node can gain credit by either using real money to buy credit at a variable rate
depending upon network conditions or by paying its debit. Dominant/preferred way is
to forward other’s packet and gain credit.



Who Pays Whom?











Who should be Charged?
Charge the sender of the packet
If destination is charged, It can lead to DoS attack on the destination
Similarly if both sender and receiver are charged, sender can collude with other
nodes to launch DoS
If sender is charged, there wont be any useless messages
If destination benefits then a higher level protocol to be used by sender to get
back the compensation
Who should get the credit?
Any node who forwards the message
CCS believes a node forwarded the message only if its successor reports a valid
receipt of the message
Because CCS cannot distinguish between corrupted link and a selfish nodes
Objective of the Payment Scheme

To prevent cheating action and to provide incentive for the nodes to cooperate
 Does not target balances payment
Cheating actions in the submission game

Node can exhibit one of the following selfish actions:

After receiving the message, node saves a receipt but does not forward the
message
 Node has received the message but does not report the receipt
 Node does not receive the message but falsely claims that it has received the
message


Selfish actions can be further complicated by collusion of two or more
nodes.
Next we see the various techniques in the system to prevent the above
actions
Motivation nodes to forward the message


Basic Scheme:
 CCS determines the last node on the path who ever received the
message
 Sender has to pay β to this node and α to all its predecessors where β<
α
Example:
Motivation nodes to report Receipts






Make β > cost of submitting a receipt
Problem: Eg: The last node can collude with the sender and not report its
receipt.
Thus the sender saves α while the receiver looses β
Sender can pay the receiver a behind the scene payment of (β + ε)
where ε>0.
Sender still has a gain of (α – (β + ε))
To prevent this cheating action:

CCS charges the sender an extra amount if the destination does not
report a receipt.
 CCS charges the sender kβ less than the charge when the destination
receives the packet. E.g. Charge to sender here is (4 α + β) - 2 β
Preventing false Receipts




Consider this: Instead of forwarding the whole message, an intermediate
node forwards only the receipt of a message
This is sufficient to get the credit from the CCS
The destination will not report a receipt as it has not got a valid payload
CCS Algorithm:
 If the destination does not report a receipt of a message, multiply the
credit paid to each node by γ, where γ < 1
 Reduce the charge to the sender by γβ instead of β , for each node on
the path who does not report a receipt
Message Forwarding Protocol:
Specifications
A. Sending a message

Node ni maintains a sequence-number matrix seq and
public/private key pair (PKi, SKi).

Where seqi(j, k) = sequence number of messages from sender nj to
destination nk, observed by node ni.

n0 is to send message payload m with sequence number seq0(0, d) to
destination nd,
B. Receiving a message
 Node i upon receiving a message
C. Computing payments
 receipt (D, p, seq, s) is valid if verifyPK0 ((D, p, seq), s) = TRUE
 Assume p =(n0, n1, . . . , ne, . . . , nd), ne is the last node on path p that
submits a valid receipt with sequence number seq
 CCS charges C from node n0, and pays Pi to node ni where

In actual implementation, the CCS will issue credit gradually as and when it
receives receipts
Evaluation
A.
Overhead

To evaluate the CPU processing time on a mobile node

Observations


RSA has a much smaller forwarding overhead.
ECNR has a much smaller bandwidth and storage requirement.
B. System performance vs. network resource
 Measures the Message Success Rate: i.e., the percentage of messages
that are successfully relayed from the sender to the destination.
 consider a special class of mobile nodes, namely the power-and-creditconservative nodes.
 Power-Conservative Node: Its remaining power allows it to send (and
forward) only a limited amount of messages
 Credit-Conservative Node: Refrains from sending any new message when
its credit balance is insufficient to cover the charge for sending a message
 let c and b denote the estimated credit balance and the number of
messages allowed to be transmitted by the remaining battery of a node,
respectively.
 Assuming each message takes an average of L hops
 policy of such a node is the following: if c/L < b, forward a transient
message otherwise drop
Conclusion





We studied the steps to follow to Engineering such a protocol
Two Prototype Protocols were studied in their functioning
Reputation based SORI: Uses Reputation of the node among its neighbor
as an incentive
Credit based SPRITE: Uses credit scheme to make intermediate nodes
forward packets.
The use of appropriate protocol depends on the application of ad hoc
networks.
References




Obreiter, P., Konig-Ries, B., und Papadopoulos, G.: Engineering incentive
schemes for ad hoc networks - a case study for the lanes overlay. In: First
EDBT-Workshop on Pervasive Information Management. To appear in postproceedings, Greece. 2004
SORI: A Secure and Objective Reputation-based Incentive Scheme for Ad-hoc
Networks
by Qi He, Oliver D. Wu, Pradeep Khosla
IEEE Wireless Communications and Networking Conference 2004
S. Zhong, Y. R. Yang, J. Chen, "Sprite: A Simple, Cheat-Proof, Credit-Based
System for Mobile Ad Hoc Networks," In Proceedings of IEEE INFOCOM'03, San
Francisco, Mar 30 - Apr 3, 2003.
Cooperation Issues in Mobile Ad Hoc Networks: 24th International Conference on
Distributed Computing Systems Workshops - W6: WWAN (ICDCSW'04)