1 / 24

Revocation Games in Ephemeral Networks

Revocation Games in Ephemeral Networks. Maxim Raya , Mohammad Hossein Manshaei , Márk Félegyházi , Jean-Pierre Hubaux CCS 2008. Misbehavior in Ad Hoc Networks. Traditional ad hoc networks. Ephemeral networks. A. B. M. Packet forwarding Routing. Large scale High mobility

kgregory
Download Presentation

Revocation Games in Ephemeral Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RevocationGames inEphemeral Networks Maxim Raya, Mohammad Hossein Manshaei, MárkFélegyházi, Jean-Pierre Hubaux CCS 2008

  2. Misbehavior in Ad Hoc Networks Traditional ad hoc networks Ephemeral networks A B M • Packet forwarding • Routing • Large scale • High mobility • Data dissemination Solution to misbehavior: Reputation systems ?

  3. Reputation vs. Local Revocation • Reputation systems: • Often coupled with routing/forwarding • Require long-term monitoring • Keep the misbehaving nodes in the system • Local Revocation • Fast and clear-cut reaction to misbehavior • Reported to the credential issuer • Can be repudiated

  4. Tools of the Revocation Trade • Wait for: • Credential expiration • Central revocation • Vote with: • Fixed number of votes • Fixed fraction of nodes (e.g., majority) • Suicide: • Both the accusing and accused nodes are revoked Whichtool to use?

  5. How much does it cost? • Nodes are selfish • Revocation costs • Attacks cause damage How to avoid the free rider problem? Game theory can help: models situations where the decisions of players affect eachother

  6. Example: VANET • CA pre-establishes credentials offline • Each node has multiple changing pseudonyms • Pseudonyms are costly • Fraction of detectors =

  7. Revocation Game • Key principle: Revoke only costly attackers • Strategies: • Abstain (A) • Vote (V): votes are needed • Self-sacrifice (S) • benign nodes, including detectors • attackers • Dynamic (sequential) game

  8. Game with fixed costs 1 A S V A: Abstain S: Self-sacrifice V: Vote 2 2 A A S V S V 3 3 3 A S V A S V A S V Costof abstaining Cost of self-sacrifice Cost of voting All costs are in keys/message

  9. Game withfixedcosts: Example 1 Equilibrium 1 A S V 2 2 Backward induction A A S V S V 3 3 3 A S V A S V A S V Assumptions:c > 1

  10. Game withfixedcosts: Example 2 Equilibrium 1 A S V 2 2 A A S V S V 3 3 3 A S V A S V A S V Assumptions:v < c < 1, n = 2

  11. Game with fixed costs: Equilibrium Theorem 1: For any given values of ni,nr,v, and c, the strategy of player i that results in a subgame-perfect equilibrium is: ni=Number of remaining nodes that can participate in the game nr =Number of remaining votes that is required to revoke Revocation is left to the end, doesn’t work in practice

  12. Game with variable costs 1 A S V 2 2 A S V 3 S Number of stages Attack damage

  13. Game with variable costs: Equilibrium Theorem 2:For any given values of ni,nr,v, and δ, the strategy of player i that results in a subgame-perfect equilibrium is: Revocation has to be quick

  14. Optimal number of voters • Minimize: Abuse by attackers Duration of attack

  15. Optimal number of voters • Minimize: Abuse by attackers Duration of attack Fraction of active players

  16. RevoGame Estimation of parameters Choice of strategy

  17. Evaluation • TraNS, ns2, Google Earth, Manhattan • 303 vehicles, average speed = 50 km/h • Fraction of detectors • Damage/stage • Cost of voting • False positives • 50 runs, 95 % confidence intervals

  18. Revoked attackers

  19. Revoked benign nodes

  20. Social cost

  21. Maximum time to revocation

  22. Global effect of local revocations How many benign nodes ignore an attacker?

  23. False positives and abuse How many benign nodes ignore a benign node?

  24. Conclusion • Local revocation is a viable mechanism for handling misbehavior in ephemeral networks • The choice of revocation strategies should depend on their costs • RevoGame achieves the elusive tradeoff between different strategies

More Related