MSWiM 2004Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks Jean-Pierre Hubaux EPFL
Cooperation in self-organized wireless networks D2 D1 S2 S1 Problem: how to enforce cooperation, if each node is its own authority? Question 1: How do we prevent greedy behaviour at the MAC layer of multi-hop wireless networks? Question 2: How to prevent selfish behavior in packet forwarding?
Question 1: How do we prevent greedy behavior at the MAC layer of multi-hop wireless networks ? Routing Routing MAC MAC Routing MAC Routing MAC Routing MAC Almost unexplored problem Question 1’: How is this problem solved today in WiFi hotspots? Answer: It is not solved!
Question 1’ : How do we prevent greedy behavior at the MAC layer in WiFi hotspots ? The access point is trusted Well-behaved node Well-behaved node The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth
Question 1’ : Preventing greedy behavior at the MAC layer in WiFi hotspots The access point is trusted Cheater Well-behaved node
IEEE 802.11 MAC – Brief reminder • IEEE 802.11 is the MAC protocol used in WiFi • By default, it is the one used in wireless multi-hop networks
Greedy technique 4/4: pick a shorter backoff Implementation of this cheating technique: 3 lines of code!
Proposed solution: DOMINO • DOMINO: System for Detection Of greedy behaviour in the MAC layer of WiFi public NetwOrks (Raya, Hubaux, Aad, Mobisys 2004) • Idea: monitor the traffic and detect deviations by comparing average values of observed users • Detection tests: statistical comparison of the observed protocol behaviour • Features: • Full standard compliance • Needs to be implemented only at the Access Point • Simple and efficient • The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives) • Other solution: Kyasanur and Vaidya, DSN 2003 (but not protocol compliant)
Detection Tests of DOMINO Cheating method Detection test Oversized NAV Comparison of the declared and actual NAV values Comparison of the idle time after the last ACK with DIFS Transmission before DIFS Number of retransmissions Frame scrambling Backoff manipulation Maximum backoff: the maximum should be close to CWmin - 1 Actual backoff Consecutive backoff
Simulation of cheating and detection • Cheating technique: Backoff manipulation • Traffic: • Constant Bit Rate / UDP traffic • FTP / TCP traffic • misbehavior coefficient (m): cheater chooses its backoff as (1 - m) x CWmin • Simulation environment: ns-2 Cheater
Simulation results • Each point corresponds to 100 simulations • Confidence intervals: 95%
Implementation of the demo prototype • Equipment • Adapters based on the Atheros AR5212 chipset • MADWIFI driver • Misbehavior: backoff • Overwrite the values CWmin and CWmax (in driver) • Monitoring • The driver in MONITOR mode • prism2 frame header
Conclusion on the prevention of greedy behaviour at the MAC layer • There exist greedy techniques against hotspots • Some of these techniques are straightforward • We have proposed, implemented and patented a simple solution, DOMINO, to prevent them (http://domino.epfl.ch) • The same problem in self-organized wireless networks is still unsolved. Can it be solved? • Game-theoretic study:M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux"On Cheating in CSMA/CA Networks"Technical report No. IC/2004/27, July 2004
Question 2: How to prevent selfish behavior in packet forwarding ? (1/2) • self-organizing network – no central authority • each networking service is provided by the nodes themselves
Question 2: How to prevent selfish behavior in packet forwarding ? (2/2) • Problem: If selfish nodes do not forward packets for others (do not • cooperate with others), the network can be paralyzed Intuitively, an incentive is required • Solutions: based typically on game theory, on reputation systems, and on micropayments; often related to secure routing • proposed by NEC, UC Berkeley, Stanford, CMU, Cornell, U. of Washington,Yale, UCSD, Eurécom, EPFL,… • address different scenarios: pure ad hoc, multi-hop access to the backbone,… • BUT the proof that an incentive is required has been addressed only very recently (and independently) by UCSD and EPFL
UCSD approach (1/2) Question: Do we need these incentive mechanisms or can cooperation exist based on the self-interest of the nodes? • Energy-efficient cooperation: Willingness to cooperate adapts to the energy class of the nodes. [SrinivasanNCR03infocom] S R1 R2 R3 D session: energy class: energy class of the session [SrinivasanNCR03infocom] :V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, “Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,” Infocom 2003 (extended version in IEEE Trans. on Wireless Comm.)
UCSD approach (2/2) Conclusions: • Unique and optimal operating point of the system • Proposed strategy (GTFT) reaches the optimal operating point But: • Uniform random participation in sessions • Security is not considered two mechanisms: • class membership • session acceptance
The role of the network configuration Network configuration = connectivity graph + traffic matrix Assumptions: • static network • routes last for the whole duration of the game • each node is a source on only one route (will be relaxed) • each node i is a CBR source with traffic rate Ti • [FelegyhaziHB04tmc]: M. Felegyhazi, J.-P. Hubaux and L. Buttyan, “Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,” to appear in IEEE Transactions on Mobile Computing • Preliminary version presented at PWC 2003 (in Venice!)
Modeling packet forwarding as a game cooperation level: pC(1) pC(t) pC(0) time time slot: 0 1 t
Cost function A E D C pC(t) pE(t) TA Normalizedthroughput at forwarder fj : r (A→D): Cost for forwarder fj : where: • r – route on which fk is a forwarder • t – time slot • fk – forwarders on route r • pfk – cooperation level of forwarder fk where: • Ts(r) – traffic sent by source s on route r • c – unit cost of forwarding Example :
Utility function A E D C pC(t) pE(t) TA Experienced throughput : r (A→D): where: • s – source • r – route on which s is a source • t – time slot • fk – forwarders for s • pfk – cooperation level of forwarder fk Example :
Total payoff A E D C pC(t) pE(t) TA Payoff = Utility - Cost r (A→D): where: • Si(t) – set of routes on which i is a source • Fi(t) – set of routes on which i is a forwarder The goal of each node is to maximize its total payoff over the game where: • – discounting factor • t – time Example : A(1). A(t).t A(0) Payoff: time slot: 0 1 t time
Representation of the nodes as players yi yi A-i i i xi xi Mi ... ... • Node i is represented as a machine Mi • is a multiplication gate corresponding the multiplicative property of packet forwarding • σi represents the strategy of the node Node i is playing against the rest of the network (represented by the box denoted by A-i )
Strategy of the nodes yi i xi Mi ... Strategy function for node i: where: • t(r,t) – experienced throughput • Si – set of routes on which i is a source
Examples of strategies Initial cooperation level Function Strategy 0 AllD (always defect) AllC (always cooperate) 1 1 TFT (Tit-For-Tat) where yi stands for the input • non-reactive strategies: the output of the strategy function is independent of the input (example: AllD and AllC) • reactive strategies: the output of the strategy function depends on the input (example: TFT)
Concept of dependency graph dependency loop dependency: the benefit of each source is dependent on the behavior of its forwarders
Nash equilibrium (reminder) • Nash equilibrium = No player can deviate to increase its payoff for all i‘and for all i where: • – total throughput in the game • i*– a Nash equilibrium strategy played by node i • i’ – any strategy played by node i • -i – the strategies played by the other players
Analytical Results (1) Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD. Theorem 1: If node i does not have any dependency loops, then its best strategy is AllD. node i node playing a non-reactive strategy other nodes Corollary 1: If every node plays AllD, it is a Nash-equilibrium.
Analytical Results (2) • Theorem 3: Assuming that node i is a forwarder, • the best strategy for node i is TFT, if: • Node i has a dependency loop with all of its sources, • all other nodes play TFT where: • – derivative of the utility function at Ti • Ti – traffic sent by node i • – discounting factor • src(r) – source of a route on which node i is a forwarder • – length of the shortest dependency loop with source src(r) • Fi – set of routes where node i is a forwarder • c – unit cost of forwarding Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.
Classification of scenarios D: Set of scenarios, in which every node playing AllD is a Nash equilibrium C: Set of scenarios, in which a Nash equilibrium based on cooperation is not excluded by Theorem 1 C2: Set of scenarios, in which cooperation is based on the conditions expressed in Corollary 2
Simulation Scenario Number of nodes 100, 150, 200 Distribution of the nodes random uniform Area type torus Area size 1500x1500m, 1850x1850m, 2150x2150m Radio range 200 m Number of routes originating at each node 1-10 Route selection shortest path Number of simulation runs 1000
Scenarios, where a cooperative Nash equilibrium is possible (not excluded by Theorem 1)
Avalanche effect Theorem 1 + Theorem 2 node playing a non-reactive strategy other nodes
Scenarios, in which some nodes are unaffected by the avalanche effect
Conclusion on selfish behavior in static multi-hop wireless networks • Analytical results: • If everyone drops all packets, it is a Nash-equilibrium. • In theory, given some conditions, a cooperative Nash-equilibrium can exist ( i.e., each forwarder forwards all packets). • Simulation results: • In practice, the conditions for cooperative Nash-equilibria are very restrictive : the likelihood that the conditions for cooperation hold for every node is extremely small. • Local cooperation among a subset of nodes is not excluded. • Future work: • Consider a mobile scenario – impact of mobility • Take battery level of nodes into account • Emergency of cooperation
A glimpse at the transport layer:Denial of service attacks • TCP can be highly vulnerable to protocol-compliant attacks: • Packet reordering • Packet delaying • Packet dropping • Illustration of the • « JellyFish » • re-order attack • Isolated relay chain • Single JF • Standard 802.11, 2Mb/s • TCP-Sack • Simulator: ns-2 Aad, Hubaux, Knightly, Mobicom 2004
A glimpse at secure mobility: provable encounters • Initial distribution of keys/hash values • Encounter certificationcomprised of the following phases: • Authentication • Distance bounding (Cf also Brands and Chaum, 1993) • Issuance of the proof of encounter • a) Guaranteeing Encounter Freshness (GEF) • b) Guaranteeing the Time of Encounter (GTE) • Encounter verification comprised of the following phases: • Authentication • Verification Encounter certification Encounter verification certifier claimant verifier claimant Solution based on hash chains and on Merkle trees (Capkun et al., SASN 2003)
A glimpse at secure positioning • Being able to securely verify the positions of devices can enable: • Location-based access control (e.g., prevention of the parking lot attack) • Detection of displacement of valuables • Detection ofstealing • Location-based charging • … • In multi-hop networks • Secure routing • Secure positioning • Secure data harvesting (sensor networks) • …
Conclusion • Rational behaviours are a major issue in wireless networks: • Wi-Fi hotspots must be protected against greedy behaviour(possible solution : DOMINO) • In self-organized ad hoc networks, packet forwarding is very unlikely to happen spontaneously (at least in static networks) Incentives are necessary • The more wireless networks become decentralized and self-organized, the more their proper operation depends on the behaviour of individual nodes Rational / greedy / selfish behaviour requires appropriate investigation • Wireless security offers many other research challenges (transport layer, proof of encounter, secure positioning,…) http://lcawww.epfl.ch/hubaux/