1 / 25

Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games

Explore strategies to identify node misbehavior without per-packet monitoring in ad hoc networks, inspired by Rényi-Ulam Games and implemented via node auditing and cut questions.

gsexton
Download Presentation

Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games William Kozma Jr., and Loukas Lazos Dept. of Electrical and Computer Engineering University of Arizona

  2. Routing in Ad Hoc Networks • Ad hoc networks lack a network infrastructure • Limited communication range • Nodes rely on multi-hop routes to communicate • Any node may act as a router n3 n1 n4 D n2 n5 S r Routing implemented on the basis of collaboration Implicit trust placed on intermediate routers William Kozma Jr. and Loukas Lazos, SecureComm 2009

  3. Node Misbehavior Nodes may be compromised physically or remotely Sophisticated users - alter software/hardware of their device Adversaries with intimate knowledge of node operation One type of misbehavior is packet dropping Selfishness– Refuse to forward packets to conserve energy Maliciousness – Refuse to forward packets to degrade network performance n3 n1 n4 D n2 n5 S William Kozma Jr. and Loukas Lazos, SecureComm 2009

  4. The Misbehavior Identification Problem • Given a path PSD from source S to destination D, identify misbehaving nodes that drop packets, in a resource efficient manner n3 n1 n4 D n2 n5 S William Kozma Jr. and Loukas Lazos, SecureComm 2009

  5. Current Solutions Acknowledgment-Based Schemes (e.g., 2ACK, Liu et. al., Byzantine fault detection, Awerbuch et. al.) Packets acknowledged 2 hops or more upstream Reputation-Based (e.g., CONFIDANT, , Buchegger et. al.) Rely on message overhearing to verify forwarding Credit-Based (e.g., Sprite, Zhong et. al.)) Provide incentive for a node to cooperate D $ n6 n2 $ $ n4 n5 $ $ $ S n1 n3 All schemes incur overhead on a per-packet basis William Kozma Jr. and Loukas Lazos, SecureComm 2009

  6. Research Goal Per-packet behavior evaluation is too expensive in Energy (operating in promiscuous mode) Performance (must observe instead of sleeping or communicating concurrently) Communication (may consume more bandwidth) Critical questions Can we perform per-packet evaluation without per-packet monitoring (or very low per-packet overhead)? What is the penalty we have to tradeoff? William Kozma Jr. and Loukas Lazos, SecureComm 2009

  7. Implicit Node Monitoring Nodes record a proof of packets they receive/forward Some nodes are audited to provide proof of behaving Multiple proofs are combined to identify misbehavior Use the honest to identify the malicious D Audit Reply n6 Audit Reply n2 n4 Audit Request Audit Request n5 S n1 n3 William Kozma Jr. and Loukas Lazos, SecureComm 2009

  8. Analogy to Rényi-Ulam Games Rényi-Ulam game: the game of 20 questions Questioner wins if ω is determined in at most q questions Responder has a limited number of lies Winning strategy: a strategy that wins regardless of how lies occur The process of combining multiple audits to identify a misbehaving node is analogous to Rényi-Ulam games Question Search space Reply Responder Ω = [1,2,…,n] ω Questioner Secret Value: ω q ℓ ℓ William Kozma Jr. and Loukas Lazos, SecureComm 2009

  9. Misbehavior Identification as a Rényi-Ulam Game • Rényi-Ulam Game: • Misbehaving Node Identification: ω ≤ y ? Questioner Responder Yes Secret Value: ω in Ω Responder ω S D Questioner n5 n1 n2 n3 n4 Did you see packets X? Question Search Space Yes || Proof Response William Kozma Jr. and Loukas Lazos, SecureComm 2009

  10. Types of Rényi-Ulam Games • Two questioning modes: • Batch • Adaptive • Two types of questions: • Cut questions • Membership questions Q1 Q2 Q3 Questioner Responder R1 R2 R3 Q1 R1 Q: Is ω≤ 8? A: Yes Q: Is ω≤ 2? A: No Q2 Ω = [3, 4, 5, 6, 7, 8] Ω = [1, 2, 3, 4, 5, 6, 7, 8] R2 Ω = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] Ω = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] Q3 R3 Q: Is ω A = {3, 4, 5, 6, 7, 8}? A: Yes Q: Is ω A = {4, 5, 6}? A: No Goal: Devise a strategy to always find ω in the least number of questions Ω = [3, 7, 8] Ω = [3, 4, 5, 6, 7, 8] William Kozma Jr. and Loukas Lazos, SecureComm 2009

  11. Implementing Cut Questions • Xi : Set of packets forwarded by node ni • Is the misbehavior node upstream of audited node ni ( ω ≤y )? • |XS ∩ Xi| ≈ |XS|: ni claims misbehavior occurs downstream(ω ≥y ) • |XS ∩ Xi| << |XS|: ni claims misbehavior occurs upstream(ω ≤y) D n6 n2 n4 n5 S Behaving Node n1 n3 Suspicious Node William Kozma Jr. and Loukas Lazos, SecureComm 2009

  12. Adaptive Auditing with Cut Questions Pelc’s questioning strategy [Pelc ‘89]: Binary search requiring log2k questions; determine value ω' ℓ questions on if ω' = ω; total # of questions log2k + ℓ Auditing Strategy: V = PSD = {n1,…,nk} |XS ∩ Xi| ≈ |XS|: V = {ni,…,nk} |XS ∩ Xi| << |XS|: V = {n1,…,nk} Winning strategy: q = log2|PSD | + 2 (|M| + 1) audits Misbehaving Link D n6 n2 n4 n5 S Behaving Node n1 n3 Suspicious Node William Kozma Jr. and Loukas Lazos, SecureComm 2009

  13. Node Identification • One misbehaving node • Path division: exclude nodes in turn • Path expansion: add node to remove misbehaving link • Multiple misbehaving nodes • Identification process repeated |M| + 1 times nβ D n6 n2 n4 n5 S Behaving Node n1 n3 Suspicious Node nα William Kozma Jr. and Loukas Lazos, SecureComm 2009

  14. How About Colluders? • Colluding nodes can cause incorrect convergence • To avoid framing n3, n4 are simultaneously audited • Since |X3 ∩ X4| ≈ |X3|, then |M|≥2 • Partition PSD into PSn3, Pn4D; search independently 3 4 D n6 n2 n4 n5 S Behaving Node n1 n3 Suspicious Node William Kozma Jr. and Loukas Lazos, SecureComm 2009

  15. Adaptive Auditing with Membership Questions Dhagat’s questioning strategy [ Dhagat ‘92]: Perform a binary-based search while checking for contradicting answers LetVi= Ω = {1,…,k}; divide Vi into two equal subsets A = {1,…,k/2}, B = {k/2,…,k} “Is ω A?” then Vi+1 = A “Is ω B?” then Vi+1 = B Else contradiction among answers; return to previous stage (Vi-1) Winning strategy if q = Is ω B = {9, 10}? Is ω A = {6, 7, 8}? Is ω A = {1, 2, 3, 4, 5}? Is ω B = {6, 7, 8, 9, 10}? Questioner Responder No No No Yes ω = 9 V = {6, 7, 8, 9, 10} V = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} V = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} V = {6, 7, 8, 9, 10} William Kozma Jr. and Loukas Lazos, SecureComm 2009

  16. Adaptive Auditing with Membership Questions Membership questions constructed from two audits “Is nM A = {n1,…,n4}?” implies |X1 X4| << |X1| Auditing Strategy V1 = PSD = {n1,…,nk}; A = {n1,…,ni}, B = {ni,…,nk} If |X1 ∩ Xi| << |X1|, Vi+1 = A, else If |Xi ∩ Xk| << |Xi|, Vi+1 = B, else Return to previous stage if contradiction found (Vi-1) Select a new ni to prevent repetitive lies Worst case: q ≤ 4 log2 (|PSD|) + 2 (|M| + 1) audits U ? D n6 n2 n4 n5 S Behaving Node n1 n3 Suspicious Node William Kozma Jr. and Loukas Lazos, SecureComm 2009

  17. Creating Audit Replies • Commit to a claim of a set of packets Xi received/forwarded • Bloom filters provide a compact representation of a membership set Xi x x x … h1 h2 hk 1 1 1 0 0 1 0 0 0 1 0 0 0 1 0 0 v: m-bit vector William Kozma Jr. and Loukas Lazos, SecureComm 2009

  18. Evaluating Responses (1) Source sends audit request Defines the duration and starting packet number Audited node adds packets to its Bloom filter Signs filter with its private key and sends it back to the source Signed Bloom filter acts as a commitment to packets forwarded Source computes: D n6 sig4(X4) X4 n2 n4 Audit Request n5 S n1 n3 Per packet evaluation without per-packet overhead; Only m-bit vector sent to source William Kozma Jr. and Loukas Lazos, SecureComm 2009

  19. Impact of Mobility • Addition/Removal of an honest node does not affect REAct • Misbehaving node added to PSD • Added to V; as if there from start of search • Added outside of V; as if two colluding nodes existed in PSD • Misbehaving node removed from PSD • Performance resumed nα nα n1 n1 n5 n5 n2 n2 n3 n3 n4 n1 n5 S S n2 n3 n4 D D n1 n5 n2 n3 n4 S D S D William Kozma Jr. and Loukas Lazos, SecureComm 2009

  20. Performance Evaluation Metrics of interest: Communication Overhead Identification Delay Compared our scheme to: CONFIDANT (reputation-based scheme) 2ACK (acknowledgment-based scheme) AWERBUCH (acknowledgment-based scheme) For CONFIDANT, defined energy for overhearing as 0.5 times the energy for transmission For 2ACK, varied percent of packets acknowledged, p = {1, 0.5, 0.1} William Kozma Jr. and Loukas Lazos, SecureComm 2009

  21. Communication Overhead for 1 Misbehaving Node William Kozma Jr. and Loukas Lazos, SecureComm 2009

  22. Communication Overhead as a Function of Audit Size William Kozma Jr. and Loukas Lazos, SecureComm 2009

  23. Identification Delay William Kozma Jr. and Loukas Lazos, SecureComm 2009

  24. Communication Overhead William Kozma Jr. and Loukas Lazos, SecureComm 2009

  25. Take Away Remarks For resource-constrained networks, per-packet behavior evaluation is too resource demanding We can trade identification delay for communication and energy efficiency Showed a logarithmic increase in # of transmitted messages with path size Showed small increase in identification delay compared to savings Differentiation of maliciousness from bad channel conditions, congestion and collisions is not yet clear (or an easy problem to solve) William Kozma Jr. and Loukas Lazos, SecureComm 2009

More Related