Security and Cooperation
in Wireless Networks
Secure Protocols for Behavior Enforcement
Slides elaborated by Julien Freudiger and adapted by
Jean-Pierre Hubaux
http://secowinet.epfl.ch
Note: this chapter (and therefore this slide show) is derived from the
paper by S. Zhong, L. Erran Li, Y. Liu, and Y. R. Yang, “On Designing
Incentive-Compatible Routing and Forwarding Protocols in Wireless
Ad Hoc Networks”, Mobicom 2005
Motivation
• Packet forwarding consumes resources
– Nodes are rational => Maximize their payoff
– Nodes avoid forwarding
Provide incentive to cooperate
within Routing and Forwarding protocols
using a Game Theoretic approach
2
Outline
1.
Introduction
–
–
2.
Incentives
System Model
Formal Model
–
–
3.
Dominant action/subaction
Cooperation optimal protocol
The Corsac Protocol
–
–
VCG payments with correct link cost establishment
Forwarding protocol with block confirmation
4.
Evaluation
5.
Conclusion
3
1. Introduction
• Routing protocol
– Discover efficient routing paths: global welfare
– Deal with selfish nodes: local welfare
• Packet forwarding protocol
– address the fair exchange problem
=> Joint Incentive
4
Incentives
• Incentive strategy:
– Punish: Reputation, Jamming, Isolation
– Reward: Virtual currency
• Incentive is achieved:
Incentive
Punish
Internal
External
Reward
Internal
External
– Internally: With 802.11 primitives
– Externally: Dedicated protocols
5
System Model
• Ad-hoc networks as uncooperative strategic games
• Called Ad Hoc Games
• Channel model:
• Packet successfully transmitted if Ptransmission >= Pmin
– Pmin = minimum power to reach destination
• No errors (BER = 0)
• Nodes can withhold, replace or send a message
• Node can transmit at any power level
• We define the payoff of a node as:
– bi = benefice (reward)
– ci = cost of forwarding
ui  bi  ci
6
2. Formal Model
• Dominant Action:
– A dominant action is one that maximizes player i payoff no
matter what actions other players choose
ui ai , ai   ui ai, ai 
Example: Joint packet forwarding game
– Imperfect information
– Message from S to D
– Two players: p1 and p2
• P1 has no dominant action
• P2 dominant action is F
S
P1
P2
D
p1\p2
F
D
F
(1-c,1-c)
(-c,0)
D
(0,0)
(0,0)
7
Forwarding Dominant
• A forwarding protocol is said forwarding dominant
protocol if following the protocol is a dominant action
Theorem 1:
There does not exist a forwarding-dominant protocol for ad-hoc
games.
• We need incentives to enforce cooperation
8
Formal Model for Divided Solution

• Each node actions is divided into two parts: ai  air  , ai f 

– Routing subaction: A routing decision specifies what node is
supposed to do in the forwarding stage
 
R  R a r   aˆ  f 
– Forwarding subaction: Specifies what the node actually does
• The total payoff comprises both subactions

ui  ui R , a  f 

9
Routing stage
• Routing payoff of a node is the payoff that it will achieve
under the routing decision

ui R   ui R, aˆ  f 

• Dominant subaction:
– In a routing stage, a dominant subaction is one that
maximizes its routing payoff no matter what subactions
other players choose.



ui R  air  , ari   ui R  air  , ar i

• A routing protocol is a routing-dominant protocol to the
routing stage if following the protocol is a dominant
subaction of each potential forwarding node in the routing
stage
10
Forwarding stage
• Consider an extensive game model with imperfect information
• A forwarding protocol is a forwarding-optimal protocol to the
forwarding stage under routing decision R if
– All packets are forwarded to their destinations
– Following the protocol is a subgame perfect equilibrium
• A path is said to be a subgame perfect equilibrium if it is a Nash
Node 1
equilibrium for every subgame
drop
forward
Node 2
p1\p2
F
D
F
(1-c,1-c)
(-c,0)
D
(0,0)
(0,0)
drop
forward
Last node
drop
forward
11
Cooperation-Optimal Protocol
A protocol is a cooperation-optimal protocol to an ad-hoc game if
1. Its routing protocol is a routing-dominant protocol to the
routing stage
2. For a routing decision R, its forwarding protocol is a
forwarding optimal protocol to the forwarding stage
12
3. The Corsac Protocol
• Corsac is a cooperation optimal protocol
– Routing:
• VCG
– Forwarding:
• Reverse Hash chains
13
VCG for routing protocols
• Nodes independently compute and declare their
packet transmission cost to destination
• Destination computes Lowest Cost Path (LCP)
• Source rewards the nodes
– declared cost + added value
• The added value is the difference between LCP
with the node and without it
– Incentive to declare the true price => Truthful
14
Example of VCG
Least cost path from S to D:
LCP(S,D) = S, v2, v3,D
with cost(LCP(S,D)) = 5 + 2 + 3 = 10
Least cost path without node v2:
LCP(S,D;−v2) = S, v1, v4,D
with cost(LCP(S,D);−v2) = 7 + 3 + 4 = 14
Least cost path without node v3:
LCP(S,D;−v3) = S, v2, v4,D with cost(LCP(S,D);−v3) = 5 + 3 + 4 = 12.
VCG payments:
p2 = 14 − 10 + 2 = 6
p3 = 12 − 10 + 3 = 5
These values represent the unit payment (the payment for one forwarded
data packet) to nodes v2 and v3, respectively.
15
VCG flaw
• Assume mutual computation of link cost
• Consider a node i and its neighbor j
Pi,j
i
j
1. Node i cheats by making Pi,j greater:
– Node j is less likely to be on LCP
– Node j payment will decrease.
2. Node j responds by cheating and making Pi,j smaller:
– Node j more likely to be on LCP
– Node j increases its payment
• VCG is not truthful in this case
– Possible to cheat in determining link cost
16
Truthful VCG
•
Assume private computation of link cost
[cost4]K¦HMAC
i
[cost3]K¦HMAC
[cost2]K¦HMAC
[cost4]K¦HMAC
j
[cost3]K¦HMAC
D
[cost1]K¦HMAC
•
Protocol for VCG link cost establishment:
–
–
–
–
Nodes share a symmetric key with D
Nodes send an encrypted and signed test signal
at increasing power levels containing cost information
Messages are protected from forging with HMAC
O(N^3)
17
VCG conclusion
Theorem 2:
If the destination is able to collect all involved link costs as described
above, then the VCG protocol is a routing dominant protocol to
the routing stage.
18
Forwarding Protocol
• Messages bundled in blocks
m1
m2
b1
m3
m4
b2
m5
m6
b3
m7
m8
m9
b4
b5
• Block confirmation with a Reverse Hash Chain
r0
H
r1
H
r2
H
H
r=r5
– r is made public by source in an authenticated way
– Confirmation of block 2 is done by sending r(5-2)=r3
– Nodes verify
H 2 r3   r
19
Fair Exchange Problem
• Source and intermediate nodes can disagree about
successful transmission of a block
• Mutual decision = contract between source an
intermediate nodes
– Confirmation is sent with the last packet of each block to
destination
– Destination forwards confirmation to intermediate nodes if block
correctly received
– Intermediate nodes stop forwarding if do not get confirmation
• Eliminates incentive to cheat
– Disregarding the protocol blocks the protocol
20
Cooperation Optimal
Theorem 3:
Given a routing decision R, assuming that the computed payment is
greater than the cost, the reverse hash chain based forwarding
protocol is a forwarding optimal protocol.
Theorem 4:
The Corsac protocol is a cooperation-optimal protocol to ad-hoc
games.
21
4. Evaluation (1)
• Nodes that accumulate more credits spend more energy
in forwarding others’ traffic
=> The protocol is fair
22
Evaluation (2)
Consider the following topology:
23
Evaluation (3)
Node 19 as session source:
Reach
destination
directly
+ = payment
X = cost
24
Evaluation (4)
Node 28 as session source:
Node 3 is critical
point
+ = payment
X = cost
Mainly the topology that determines payment
25
Future challenges
• Modeling
– Interference and mobility
• unreliable link harden use of incentive
• Game theoretic model assumes
– Tamper proof Hardware to compute best path at destination
– Payment center to resolve payment issues
• Performance vs. incentive compatibility
– Control channel overhead
– Throughput
– Complexity
26
5. Conclusions
• Cooperation optimal protocol
– Routing dominant + Forwarding optimal
– Routing based on VCG
– Forwarding based on Reverse Hash Chain
• Corsac provides incentives for cooperation
– Protocol is fair
– The topology determines payment
– The incentive protocol reduces the network traffic
27
References
[1] « On Designing Incentive-Compatible Routing and Forwarding
Protocols in Wireless Ad-Hoc Networks ». Sheng Zhong, Li Erran
Li, Yanbin Grace Liu and Yang Richard Yang. Mobicom 2005
[2] « Security and Cooperation in Wireless Networks ». Levente Buttyan
and Jean-Pierre Hubaux. Book Cambridge University Press, Chapter 12
[3] « Punishement in Selfish Wireless Networks: A Game
Theoretic Analysis ». Dave Levin. NetEcon 2006
[4] « On Selfish Behavior in CSMA/CA Networks ». Mario Cagalj,
Saurabh Ganeriwal, Imad Aad and Jean-Pierre Hubaux. Infocom 2005
[5] « Ad hoc-VCG: A Truthful and Cost-Efficient Routing Protocol for
Mobile Ad hoc Networks with Selfish Agents ». Luzi Anderegg and
Stephan Eidenbenz. Mobicom 2003
28