1 / 43

MSWiM 2004 Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks

MSWiM 2004 Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks. Jean-Pierre Hubaux EPFL. Cooperation in self-organized wireless networks. D 2. D 1. S 2. S 1. Problem : how to enforce cooperation, if each node is its own authority?

tab
Download Presentation

MSWiM 2004 Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MSWiM 2004Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks Jean-Pierre Hubaux EPFL

  2. Cooperation in self-organized wireless networks D2 D1 S2 S1 Problem: how to enforce cooperation, if each node is its own authority? Question 1: How do we prevent greedy behaviour at the MAC layer of multi-hop wireless networks? Question 2: How to prevent selfish behavior in packet forwarding?

  3. Question 1: How do we prevent greedy behavior at the MAC layer of multi-hop wireless networks ? Routing Routing MAC MAC Routing MAC Routing MAC Routing MAC Almost unexplored problem Question 1’: How is this problem solved today in WiFi hotspots? Answer: It is not solved!

  4. Question 1’ : How do we prevent greedy behavior at the MAC layer in WiFi hotspots ? The access point is trusted Well-behaved node Well-behaved node The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth

  5. Question 1’ : Preventing greedy behavior at the MAC layer in WiFi hotspots The access point is trusted Cheater Well-behaved node

  6. IEEE 802.11 MAC – Brief reminder • IEEE 802.11 is the MAC protocol used in WiFi • By default, it is the one used in wireless multi-hop networks

  7. Greedy technique 1/4:oversized NAV

  8. Greedy technique 2/4: transmit before DIFS

  9. Greedy technique 3/4 : scramble others’ frames

  10. Greedy technique 4/4: pick a shorter backoff Implementation of this cheating technique: 3 lines of code!

  11. Proposed solution: DOMINO • DOMINO: System for Detection Of greedy behaviour in the MAC layer of WiFi public NetwOrks (Raya, Hubaux, Aad, Mobisys 2004) • Idea: monitor the traffic and detect deviations by comparing average values of observed users • Detection tests: statistical comparison of the observed protocol behaviour • Features: • Full standard compliance • Needs to be implemented only at the Access Point • Simple and efficient • The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives) • Other solution: Kyasanur and Vaidya, DSN 2003 (but not protocol compliant)

  12. Detection Tests of DOMINO Cheating method Detection test Oversized NAV Comparison of the declared and actual NAV values Comparison of the idle time after the last ACK with DIFS Transmission before DIFS Number of retransmissions Frame scrambling Backoff manipulation Maximum backoff: the maximum should be close to CWmin - 1 Actual backoff Consecutive backoff

  13. Simulation of cheating and detection • Cheating technique: Backoff manipulation • Traffic: • Constant Bit Rate / UDP traffic • FTP / TCP traffic • misbehavior coefficient (m): cheater chooses its backoff as (1 - m) x CWmin • Simulation environment: ns-2 Cheater

  14. Simulation results • Each point corresponds to 100 simulations • Confidence intervals: 95%

  15. Implementation of the demo prototype • Equipment • Adapters based on the Atheros AR5212 chipset • MADWIFI driver • Misbehavior: backoff • Overwrite the values CWmin and CWmax (in driver) • Monitoring • The driver in MONITOR mode • prism2 frame header

  16. Conclusion on the prevention of greedy behaviour at the MAC layer • There exist greedy techniques against hotspots • Some of these techniques are straightforward • We have proposed, implemented and patented a simple solution, DOMINO, to prevent them (http://domino.epfl.ch) • The same problem in self-organized wireless networks is still unsolved. Can it be solved? • Game-theoretic study:M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux"On Cheating in CSMA/CA Networks"Technical report No. IC/2004/27, July 2004

  17. Question 2: How to prevent selfish behavior in packet forwarding ? (1/2) • self-organizing network – no central authority • each networking service is provided by the nodes themselves

  18. Question 2: How to prevent selfish behavior in packet forwarding ? (2/2) • Problem: If selfish nodes do not forward packets for others (do not • cooperate with others), the network can be paralyzed  Intuitively, an incentive is required • Solutions: based typically on game theory, on reputation systems, and on micropayments; often related to secure routing • proposed by NEC, UC Berkeley, Stanford, CMU, Cornell, U. of Washington,Yale, UCSD, Eurécom, EPFL,… • address different scenarios: pure ad hoc, multi-hop access to the backbone,… • BUT the proof that an incentive is required has been addressed only very recently (and independently) by UCSD and EPFL

  19. UCSD approach (1/2) Question: Do we need these incentive mechanisms or can cooperation exist based on the self-interest of the nodes? • Energy-efficient cooperation: Willingness to cooperate adapts to the energy class of the nodes. [SrinivasanNCR03infocom] S R1 R2 R3 D session: energy class: energy class of the session [SrinivasanNCR03infocom] :V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, “Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,” Infocom 2003 (extended version in IEEE Trans. on Wireless Comm.)

  20. UCSD approach (2/2) Conclusions: • Unique and optimal operating point of the system • Proposed strategy (GTFT) reaches the optimal operating point But: • Uniform random participation in sessions • Security is not considered two mechanisms: • class membership • session acceptance

  21. The role of the network configuration Network configuration = connectivity graph + traffic matrix Assumptions: • static network • routes last for the whole duration of the game • each node is a source on only one route (will be relaxed) • each node i is a CBR source with traffic rate Ti • [FelegyhaziHB04tmc]: M. Felegyhazi, J.-P. Hubaux and L. Buttyan, “Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,” to appear in IEEE Transactions on Mobile Computing • Preliminary version presented at PWC 2003 (in Venice!)

  22. Modeling packet forwarding as a game cooperation level: pC(1) pC(t) pC(0) time time slot: 0 1 t

  23. Cost function A E D C pC(t) pE(t) TA Normalizedthroughput at forwarder fj : r (A→D): Cost for forwarder fj : where: • r – route on which fk is a forwarder • t – time slot • fk – forwarders on route r • pfk – cooperation level of forwarder fk where: • Ts(r) – traffic sent by source s on route r • c – unit cost of forwarding Example :

  24. Utility function A E D C pC(t) pE(t) TA Experienced throughput : r (A→D): where: • s – source • r – route on which s is a source • t – time slot • fk – forwarders for s • pfk – cooperation level of forwarder fk Example :

  25. Total payoff A E D C pC(t) pE(t) TA Payoff = Utility - Cost r (A→D): where: • Si(t) – set of routes on which i is a source • Fi(t) – set of routes on which i is a forwarder The goal of each node is to maximize its total payoff over the game where: •  – discounting factor • t – time Example : A(1). A(t).t A(0) Payoff: time slot: 0 1 t time

  26. Representation of the nodes as players yi  yi A-i i i xi xi Mi ... ... • Node i is represented as a machine Mi •  is a multiplication gate corresponding the multiplicative property of packet forwarding • σi represents the strategy of the node Node i is playing against the rest of the network (represented by the box denoted by A-i )

  27. Strategy of the nodes  yi i xi Mi ... Strategy function for node i: where: • t(r,t) – experienced throughput • Si – set of routes on which i is a source

  28. Examples of strategies Initial cooperation level Function Strategy 0 AllD (always defect) AllC (always cooperate) 1 1 TFT (Tit-For-Tat) where yi stands for the input • non-reactive strategies: the output of the strategy function is independent of the input (example: AllD and AllC) • reactive strategies: the output of the strategy function depends on the input (example: TFT)

  29. Concept of dependency graph dependency loop dependency: the benefit of each source is dependent on the behavior of its forwarders

  30. Nash equilibrium (reminder) • Nash equilibrium = No player can deviate to increase its payoff for all i‘and for all i where: • – total throughput in the game • i*– a Nash equilibrium strategy played by node i • i’ – any strategy played by node i • -i – the strategies played by the other players

  31. Analytical Results (1) Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD. Theorem 1: If node i does not have any dependency loops, then its best strategy is AllD. node i node playing a non-reactive strategy other nodes Corollary 1: If every node plays AllD, it is a Nash-equilibrium.

  32. Analytical Results (2) • Theorem 3: Assuming that node i is a forwarder, • the best strategy for node i is TFT, if: • Node i has a dependency loop with all of its sources, • all other nodes play TFT where: • – derivative of the utility function at Ti • Ti – traffic sent by node i • – discounting factor • src(r) – source of a route on which node i is a forwarder • – length of the shortest dependency loop with source src(r) • Fi – set of routes where node i is a forwarder • c – unit cost of forwarding Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.

  33. Classification of scenarios D: Set of scenarios, in which every node playing AllD is a Nash equilibrium C: Set of scenarios, in which a Nash equilibrium based on cooperation is not excluded by Theorem 1 C2: Set of scenarios, in which cooperation is based on the conditions expressed in Corollary 2

  34. Simulation Scenario Number of nodes 100, 150, 200 Distribution of the nodes random uniform Area type torus Area size 1500x1500m, 1850x1850m, 2150x2150m Radio range 200 m Number of routes originating at each node 1-10 Route selection shortest path Number of simulation runs 1000

  35. Scenarios, where a cooperative Nash equilibrium is possible (not excluded by Theorem 1)

  36. Avalanche effect Theorem 1 + Theorem 2 node playing a non-reactive strategy other nodes

  37. Scenarios, in which some nodes are unaffected by the avalanche effect

  38. Number of nodes unaffected by the avalanche effect

  39. Conclusion on selfish behavior in static multi-hop wireless networks • Analytical results: • If everyone drops all packets, it is a Nash-equilibrium. • In theory, given some conditions, a cooperative Nash-equilibrium can exist ( i.e., each forwarder forwards all packets). • Simulation results: • In practice, the conditions for cooperative Nash-equilibria are very restrictive : the likelihood that the conditions for cooperation hold for every node is extremely small. • Local cooperation among a subset of nodes is not excluded. • Future work: • Consider a mobile scenario – impact of mobility • Take battery level of nodes into account • Emergency of cooperation

  40. A glimpse at the transport layer:Denial of service attacks • TCP can be highly vulnerable to protocol-compliant attacks: • Packet reordering • Packet delaying • Packet dropping • Illustration of the • « JellyFish » • re-order attack • Isolated relay chain • Single JF • Standard 802.11, 2Mb/s • TCP-Sack • Simulator: ns-2 Aad, Hubaux, Knightly, Mobicom 2004

  41. A glimpse at secure mobility: provable encounters • Initial distribution of keys/hash values • Encounter certificationcomprised of the following phases: • Authentication • Distance bounding (Cf also Brands and Chaum, 1993) • Issuance of the proof of encounter • a) Guaranteeing Encounter Freshness (GEF) • b) Guaranteeing the Time of Encounter (GTE) • Encounter verification comprised of the following phases: • Authentication • Verification Encounter certification Encounter verification certifier claimant verifier claimant Solution based on hash chains and on Merkle trees (Capkun et al., SASN 2003)

  42. A glimpse at secure positioning • Being able to securely verify the positions of devices can enable: • Location-based access control (e.g., prevention of the parking lot attack) • Detection of displacement of valuables • Detection ofstealing • Location-based charging • … • In multi-hop networks • Secure routing • Secure positioning • Secure data harvesting (sensor networks) • …

  43. Conclusion • Rational behaviours are a major issue in wireless networks: • Wi-Fi hotspots must be protected against greedy behaviour(possible solution : DOMINO) • In self-organized ad hoc networks, packet forwarding is very unlikely to happen spontaneously (at least in static networks)  Incentives are necessary • The more wireless networks become decentralized and self-organized, the more their proper operation depends on the behaviour of individual nodes  Rational / greedy / selfish behaviour requires appropriate investigation • Wireless security offers many other research challenges (transport layer, proof of encounter, secure positioning,…) http://lcawww.epfl.ch/hubaux/

More Related