1 / 36

Selfishness in packet forwarding/ Secure protocols for behavior enforcement

Selfishness in packet forwarding/ Secure protocols for behavior enforcement. Part I: Selfishness in packet forwarding. the operation of multi-hop wireless networks requires the nodes to forward data packets on behalf of other nodes

ursula
Download Presentation

Selfishness in packet forwarding/ Secure protocols for behavior enforcement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Selfishness in packet forwarding/Secure protocols for behavior enforcement

  2. Part I: Selfishness in packet forwarding • the operation of multi-hop wireless networks requires the nodes to forward data packets on behalf of other nodes • however, such cooperative behavior has no direct benefit for the forwarding node, and it consumes valuable resources (battery) • hence, the nodes may tend to behave selfishly and deny cooperation • if many nodes defect, then the operation of the entire network is jeopardized • question: • When a node is requested to forward a packet by one of its neighbors, will it do so, if no mechanism enforces this cooperation behavior?

  3. Modeling packet forwarding as a game • Players: nodes • In each time slot t, each node I chooses a cooperation level mi(t) ϵ [0,1]; 0 represents full defection and 1 means full cooperation. • So mi(t) would represent the fraction of traffic routed through i at time t that i cooperatively forwards. • TS : constant amount of traffic sent by source S Strategy: cooperation level mC(1) mC(t) mC(0) time slot: time 0 1 t Benefit (of node i as the source on route r): proportion of packets sent by node i (as the source) on route r reaching their destination = the throughput experienced by i as a source 

  4. A E D C mC(t) mE(t) TA Benefit function benefit function : Experienced throughput : bS where: s – source r – route on which s is a source t – time slot fk – forwarders for s mfk – cooperation level of forwarder fk bi – benefit function Example : r (A→D): Normalized throughput:

  5. A Normalizedthroughput at forwarder fj : E D C mC(t) mE(t) TA where: r – route on which fk is a forwarder t – time slot fk – forwarders on route r mfk – cooperation level of forwarder fk Cost function where: Cost for forwarder fj on route r: Ts(r) – traffic sent by source s on route r C – unit cost of forwarding (cost of forwarding one packet) Example : r (A→D):

  6. Total payoff Payoff = Benefit - Cost where: Si(t) – set of routes on which i is a source Fi(t) – set of routes on which i is a forwarder The goal of each node is to maximize its total payoff over the game: where: – discounting factor t – time Example : uA(1). uA(t).t uA(0) Payoff: time slot: 0 1 t time

  7. yi A-i i xi Representation of the nodes as players Strategy function for node i: where: t(r,t) – experienced throughput of route r at time t • Node i is playing against the rest of the network (represented by the box denoted by A-i ) • : strategy function of node I • The strategy of node I is defined by its strategy function and its initial cooperation level mi(0) • Node I chooses its strategy (cooperation level) at time t based on the normalized throughput it experienced in time slot t-1 on the route where it is a source

  8. Examples of strategies Initial cooperation level Function Strategy 0 AllD (always defect) AllC (always cooperate) 1 1 TFT (Tit-For-Tat) (mimics the strategy of its opponent in the previous time slot) where yi stands for the input • non-reactive strategies: the output of the strategy function is independent of the input (example: AllD and AllC) • reactive strategies: the output of the strategy function depends on the input (example: TFT)

  9. dependency loop Concept of dependency graph • dependency: the benefit of each source is dependent on • the behavior of its forwarders • Figure (a) shows a network with 5 routes • Figure (b) shows the correspondent dependency graph (an arrow from I to j means behavior of I has an effect on the benefit of j = I is an intermediate node for source j) A Dependency loop L of node I is a sequence (I,v1),(v1,v2),…,(v(l-1),vl),(vl,i) of edges in the dependency graph.

  10. dependency loops • There exist two kinds of dependency loops: • Reactive dependency loop: • A dependency loop of I in which all nodes other than I play reactive strategies. • Non-Reactive dependency loop • A dependency loop of I in which all nodes other than I play non-reactive strategies. • It is interesting to find possible Nash equlibria of packet forwarding strategies • In such strategy profiles the nodes would be better off by cooperating

  11. Analytical Results (1/2) Theorem 1: If node i does not have any dependency loops, then its best strategy is AllD. Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD. node i node playing a non-reactive strategy other nodes Corollary 1: If every node plays AllD, it is a Nash-equilibrium.

  12. Analytical results (2/2) Theorem 3 (simplified): Assuming that node i is a forwarder, its best strategy will be to cooperate only if it has a dependency loop with each of its sources Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium. Example in which Corollary 2 holds: A B B A C C Dependency graph Network

  13. Classification of scenarios • A classification of scenarios from the cooperation perspective • D: Set of scenarios, in which every node playing AllD is a Nash equilibrium • set of all possible scenarios (from Corollary 1) • C: Set of scenarios, in which a Nash equilibrium based on cooperation is not • excluded by Theorem 1 • C2: Set of scenarios, in which cooperation is based on the conditions expressed in • Corollary 2

  14. Simulation settings Number of nodes 100, 150, 200 Distribution of the nodes random uniform Area size 1500x1500m, 1850x1850m, 2150x2150m Radio range 200 m Number of routes originating at each node 1-10 Route selection shortest path Number of simulation runs 1000

  15. Simulation results • The scenarios in set C in the classification (see slide 13) • Result: the necessary condition expressed by theorem 1 is a strong requirement for cooperation in realistic settings (i.e. for a reasonably low no. of routes per node)

  16. Part I: Summary • Analytical results: • If everyone drops all packets, it is a Nash-equilibrium • In theory, given some conditions, a cooperative Nash-equilibrium can exist ( i.e., each forwarder forwards all packets ) • Simulation results: • In practice, the conditions for cooperative Nash-equilibria are very restrictive : the likelihood that the conditions for cooperation hold for every node is extremely small • Consequences: • Cooperation cannot be taken for granted • Mechanisms that stimulate cooperation are necessary • incentives based on virtual currency • reputation systems

  17. Part II: Secure protocols for behavior enforcement Packet forwarding consumes resources • Nodes are rational => Maximize their own payoff • We have seen that cooperation does not happen naturally for packet forwarding in self-organized networks • Cooperation must be encouraged Provide incentive to cooperate within Routing and Forwarding protocols using a game theoretic approach Motivation: 17/22

  18. Part II: Outline • Introduction • Incentives • System Model • Model • Dominant action/subaction • Cooperation optimal protocol • Protocols • VCG payments with correct link cost establishment • Forwarding protocol with block confirmation • Conclusion

  19. Introduction • Routing protocol • Discover efficient routing paths • Packet forwarding protocol • Forward packets for other sources • A micropayment system is required to provide incentives to the nodes after they relay packets fro others

  20. Possible incentives Incentive Punish Reward Internal External Internal External • Possible incentive strategies: • Punish:Reputation, Jamming, Isolation • Reward: Virtual currency • Possible incentives: • Internally:With intrinsic mechanisms (e.g., deny communication, jam) • Externally: by dedicated protocols

  21. Ad-hoc networks as non-cooperative strategic games Called “Ad Hoc Games” Nodes can withhold, replace or send a message Nodes can transmit at discrete power levels Pi Channel model: Packet successfully transmitted if Ptransmission >= Pmin Pmin = minimum power to reach receiver No errors (BER = 0) We define the payoff of a node as: bi= benefit (reward, by micro-payment) ci = cost of forwarding (energy, overhead,…) System Model

  22. Dominant Action: A dominant action is one that maximizes player i payoff, no matter what actions other players choose Example: Joint packet forwarding game Imperfect information Message from S to D Two players: p1 and p2 p1 has no dominant action p2’s dominant action is F Formal Model S P1 P2 D

  23. Each node action is comprised of two parts: is node i’s subaction in the routing stage (what it is supposed to do in the routing stage) is node i’s subaction in the forwarding stage (what it really does in the forwarding stage) Formal Model • Routing decision R: determined by the routing subactions of all nodes • A node’s prospective payoff is determined by R and by the nodes’ • subactions : • Given a routing decision R, a node’s prospective routing payoff, is the • payoff that it achieves under the routing decision assuming that all nodes • are faithful in their packet forwarding subaction to the one they have • declared in the routing subaction, would be:

  24. Dominant subaction: In a routing stage, a dominant subaction of a node is one that maximizes its prospective payoff no matter what subactions other players choose in this stage: A routing protocol is a routing-dominant protocol to the routing stage if following the protocol is a dominant subaction of each potential forwarding node in the routing stage Routing stage

  25. A forwarding protocol is a forwarding-optimal protocol to the forwarding stage under routing decision R if All packets are forwarded to their destinations Following the protocol is a subgame perfect equilibrium under R in the forwarding stage. A path is said to be a subgame perfect equilibrium if it is a Nash equilibrium for every subgame Forwarding stage Node 1 drop forward Node 2 drop forward Last node drop forward

  26. Cooperation-Optimal Protocol • A protocol is a cooperation-optimal protocol to an ad-hoc game if • Its routing protocol is a routing-dominant protocol to the routing stage • For a routing decision R, its forwarding protocol is a forwarding optimal protocol to the forwarding stage

  27. Protocol for routing stage • Two required fundamental operations: • To estimate how much should be paid for node’s cooperation each link of the route  the appropriate reward level • Should take into account how much energy the nodes have to spend to do the operation • It is also interesting to consider in calculating the reward for a node that what the price would be if that node was not included in the route • How to make sure that the nodes cannot cheat about these estimate

  28. VCG for routing protocols • We use VCG: Vickrey, Clarke, and Groves • Nodes independently compute and declare their packet transmission cost to destination • Destination computes Lowest Cost Path (LCP) • Source rewards the nodes • declared cost + added value • The added value is the difference between LCP with the node and without it • Incentive to declare the true price => Truthful

  29. Example of VCG • Least cost path from S to D: • LCP(S,D) = S, v2, v3, D • with cost(LCP(S,D)) = 5 + 2 + 3 = 10 • Least cost path without node v2: • LCP(S,D;−v2) = S, v1, v4, D • with cost(LCP(S,D);−v2) = 7 + 3 + 4 = 14 • Least cost path without node v3: • LCP(S,D;−v3) = S, v2, v4, D with cost(LCP(S,D);−v3) = 5 + 3 + 4 = 12. • VCG payments: • bi=cost(LCP(S,D;-i))-cost(LCP(S,D)-{i})=cost(LCP(S,D;-i))-cost(LCP(S,D))+cost({i}) • LCP(S,D): ;-i): the path with the lowest cost claimed from S to D • LCP(S,D;-i): the path with the lowest cost claimed from S to D that does not include i • cost({i}): the cost of the link on LCP(S,D) starting from i • b2 = 14 − 10 + 2 = 6 • b3 = 12 − 10 + 3 = 5 • These values represent the unit payment (the payment for one forwarded • data packet) to nodes v2 and v3, respectively.

  30. Cheating about the power level Pi,j i j • Assume mutual computation of link cost: • Nodes i and j both are involved in measuring Pi,j • Pi,j is the minimum power level required to transmit packets from i to j • Consider a node i and its neighbor j • Node i cheats by making Pi,jlarger: • Node j is less likely to be on LCP • Node j’ s payment will decrease. • Node j can respond by cheating and making Pi,jsmaller: • Node j would be more likely to be on LCP • Node j increases its payment • VCG is thus not truthful in this case

  31. [cost4]K¦HMAC [cost4]K¦HMAC [cost3]K¦HMAC [cost3]K¦HMAC D j i [cost2]K¦HMAC [cost1]K¦HMAC Prevent cheating about link costs Computation of link cost (computing transmission costs between neighboring nodes) using TESTSIGNAL messages TESTSIGNAL messages are sent by a node, i, to its neighbors at different power levels (in an increasing order) The neighbors, j, will receive only the ones sent with a power equal or higher than the minimum required power Any neighbor, j, will inform the rest of the network (and therefore the destination) about the observed power levels by sending ROUTEINFO messages The destination builds up a matrix of all costs of the links to compute the lowest cost path

  32. Prevent cheating about link costs • A node, after receiving the first TESTSIGNAL message for a route (a source-destination pair) will perform the same operation for estimation of the power needed to reach its own neighbors. • Both TESTSIGNAL and ROUTEINFO message need to be cryptographically protected to prevent any forwarding nodes from altering the power levels • Nodes share a symmetric key with D • Nodes send an encrypted and signed test signal at increasing power levels containing cost information • Messages are protected from forging with HMAC • The power information in TESTSIGNAL is encrypted by the node initiating it and will be re-encrypted by the neighbor receiving it and inserted in the ROUTEINFO message; therefore the second node can not modify the power level needed to reach it (can not increase it chance of being on the selected route or to increase its payment) • Complexity (computation at the destination): O(N^3) • Once the destination has decided about the lowest cost path, it will send a message back along the path informing the intermediate nodes being on the path and also about the power with which each intermediate node must forward the data packets

  33. Conclusion on the routing stage • Theorem 1: • If the destination is able to collect all involved link costs as described above, then the described protocol is a routing dominant protocol to the routing stage.

  34. In the transmission phase the source and the intermediate nodes forward the packets at the power levels identified in the routing phase S bundles messages in blocks With mth block, S sends confirmation rn-m encrypted with the key shared between S and D, where n is the number of blocks After receiving a block, the destination decrypts rn-m and send it back in clear text along the path r is made public by source in an authenticated way Nodes can verify the confirmation by applying the hash function m times on it For example, the destination should confirm block 2 by sending r5-2=r3 Nodes can verify: Protocol for forwarding stage m1 m2 m3 m4 m5 m6 m7 m8 m9 b1 b2 b3 b4 b5 r1 r2 r=r5 H H H H r0

  35. Theorems • Theorem 2: • Given a routing decision R, assuming that the computed payment is greater than the cost, the reverse hash chain based forwarding protocol is a forwarding optimal protocol. • Theorem 3: • The complete protocol (routing protocol and packet forwarding protocol) is a cooperation-optimal protocol to AdHocGames.

  36. Part II: Summary • We considered selfishnesh in both routing and forwarding phases of ad hoc networks • We have seen how the problem could be studied using game theory • It was described how protocols aiming at simulating cooperation can be secured by appropriate cryptographic protocols • Cooperation optimal protocol • Routing dominant + Forwarding optimal • Routing based on VCG • Forwarding based on Reverse Hash Chain

More Related