1 / 19

On the Optimal Placement of Mix Zones: a Game- Theoretic Approach

Mini-project of the Security and Cooperation in Wireless Networks course. On the Optimal Placement of Mix Zones: a Game- Theoretic Approach. Mathias Humbert LCA1/EPFL January 19, 2009. Supervisors: Mohammad Hossein Manshaei Julien Freudiger Jean-Pierre Hubaux. Motivations.

kolton
Download Presentation

On the Optimal Placement of Mix Zones: a Game- Theoretic Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mini-project of the Security and Cooperation in Wireless Networks course On the Optimal Placement of Mix Zones: a Game-TheoreticApproach Mathias Humbert LCA1/EPFL January 19, 2009 Supervisors: Mohammad Hossein Manshaei Julien Freudiger Jean-Pierre Hubaux

  2. Motivations • Pratical case study on location privacy • Use of the relevant information from Lausanne’s traffic data • Game-theoretic model evaluating agents’ behaviors a priori • Incomplete information game analysis

  3. Outline • Lausanne traffic: a case study • System model and mixing effectiveness • Game-theoretic approach • Game results: • A complete information game • Numerical evaluations • An incomplete information game • Conclusion and future work

  4. Place Chauderon Lausanne downtown Intersections’ statistics stored in 23 matrices (size = 5x5) Place Chauderon: Traffic matrix: 23 intersections

  5. System model mix • Road network with N intersections • Mobile nodes vs. Local passive adversary • Nodes’ privacy-preserving mechanisms (at intersection i): • Active mix zone (cost = cim) • cim = cip + ciq = pseudonyms cost + silence cost • Passive mix zone (cost = cip) • Adversary’s tracking devices:: • Sniffing station (cost = cs) • Mobility parameters: • Relative traffic intensity λi • Mixing effectiveness mi Traffic matrix: mix

  6. Mixingeffectiveness • Mixing: uncertainty for an adversary trying to match nodes leaving the active mix zone to the entering ones => normalized entropy => relative traffic intensity Smallest mixing between Chaudron & Bel-Air: mi = 0 (no uncertainty for the adversary) Greatest mixing at place Chaudron: mi = 0.74

  7. Game-theoreticapproach • G = {P, S, U} • 2 players: {mobile nodes, adversary} • Nodes’ strategies sn,i (intersection i): • Active mix zone (AMZ) • Passive mix zone (PMZ) • Nothing (NO) • Adversary’s strategies sa,i : • Sniffing station (SS) • Nothing (NO) • Payoffs: 0 < λi, mi, cim, cs< 1 Adversary Nodes

  8. Complete information game for one intersection Probabilities: pi = (λi-cs) /λimi 1- pi • Pure-strategy NE [theorem 1]: • Mixed-strategy NE: Probabilities: qi = min(ciq/λimi, 1) mixed-strategy Nash equilibrium 1- qi 0

  9. N intersections-game • Global NE = Union of local NE • Global payoffs at equilibrium defined as • Number of sniffing stations = Ws (upper bound) • Game = two maximisation problems: Nodes Adversary

  10. N intersections-game • Algorithm converging to an equilibrium [theorem 2] As uia = 0 at mixed-strategy NE and assuming (wlos) that m1 < m2 < … < mn Remove sniffing stations at mixed NE first Remove sniffing stations at pure NE (Start with smallest adversary’s payoff) The nodesnormallytakeadvantage of the absence of sniffing station to deploy a passive mix zone

  11. Numericalresults: lowplayers’ costs Fixed (normalized) costs and limited nb of sniffing stations (Ws= 5): Fixed (normalized) costs and unlimited nb of sniffing stations:

  12. Numericalresults: mediumsniffingcost Fixed (normalized) costs and limited nb of sniffing stations (Ws= 5): Fixed (normalized) costs and unlimited nb of sniffing stations:

  13. Incomplete information game for one intersection • Assumptions: • Nodes do not know the sniffing cost • Instead, they have a probability distribution on cost’s type • Theorem 3: one pure-strategy Bayesian Nash equilibrium (BNE) with strategy profile defined by: with (probability that the adversary installs a sniffing station) defined using the probability distribution on cost’s type Suboptimal BNE, such as (AMZ, NO) or (PMZ, SS) for nodes’ payoffcanoccur if nodes’ belief on sniffing station cost’s type isinacurrate

  14. N intersections incomplete information game • Potential algorithm to converge to a Bayesian Nash equilibrium (ongoing work): Complete knowledge for the adversary => remove sniffing stations leading to smallest payoffs at BNE Nodes know Ws => put passive mix zones where adversary’s expected payoffs are the smallest

  15. Conclusion and future work • Prediction of nodes’ and adversary’sstrategicbehaviorsusinggametheory • Algorithmsreaching an optimal (Bayesian) NE in complete and incomplete information games • In incomplete information game, significantdecrease of nodes’ location privacy due to lack of knowledge about adversary’spayoff • Concrete application on a real city network • Nodes and adversaryoftenadoptingcomplementarystrategies • Future work • Evaluation of the incomplete information gamewith the real traffic data and variousprobability distributions on sniffing station cost

  16. Numericalevaluation of optimal strategieswith variable costs 1) Unlimitednumber of SS: 2) Limited number of SS:

  17. Backup: MixingEffectiveness computation • Mixing: uncertainty for an adversary trying to match nodes leaving the active mix zone to the entering ones • => entropy • => relative traffic intensity • Dfdf • Dfdf • dfd

  18. Backup: Bayesian NE for the Incomplete Information Game @ one intersection • Nodes do not know the sniffing cost • Instead, they have a probability distribution on cost’s type • Theorem 3: one pure-strategy Bayesian Nash equilibrium (BNE) with strategy profile defined by: With (probability that the adversary installs a sniffing station) defined using the cdf of the cost’s type: Suboptimal BNE, such as (AMZ, NO) or (PMZ, SS) for nodes’ payoffcanoccur if nodes’ belief on sniffing station cost’s type isinacurrate

  19. Backup: Motivation • Master project [1]: study of mobile nodes’ location privacy threatened by a local adversary • Application of this work on a practical and real example • Collaboration with people of TRANSP-OR research group at EPFL • Lausanne’s traffic data based on actual road measurements and Swiss Federal census (more on this in next slide) • Selection of the relevant information from the traffic data • New game-theoretic model in order to exploit the provided data and evaluate nodes’ location privacy • Incomplete information game to better model the players’ knowledge on payoffs and behaviors of other participants [1] M. Humbert , Location Privacy amidst Local Eavesdroppers, Master thesis, 2009

More Related