Cooperation between Nodes in Multi-Hop Wireless Networks

Jean-Pierre Hubaux1

Joint work with Naouel Ben Salem1, Levente Buttyan2, Srdjan Čapkun1, Mark Felegyhazi1 and Markus Jakobsson3

1 EPFL/School of Information and Communication 2 Budapest University of Technology and Economics

3 RSA Labs

2

Outline

• Encourage cooperation between nodes in multi-hop cellular networks (IP4)

• Brief overview of some other recent results :– Cooperation in ad hoc networks without incentives (IP4)– Mobility helps security (IP6)– Provable encounters (IP6)

3

S

D

Multi-Hop cellular networks (1/2)

• Set of base stations connected to a backbone (like in cellular)

• Potentially, multi-hop communication between the mobile station and the base station (unlike in cellular)

• Principle usable for both “classical”, voice centric cellular networks and wireless LANs (e.g., IEEE 802.11)

4

Multi-hop cellular networks (2/2)

• Expected benefits:– Energy consumption of the mobile stations can be reduced– Immediate side effect: Reduced interference– Number of base stations (fixed antennas) can be reduced– Coverage of the network can be increased– Closely located mobile stations can communicate independently

from the infrastructure (ad hoc networking)

• Problem: How to encourage the nodes to relay packets

for the benefit of other nodes?

5

Possible solution : systematic micro-payments (IP4)

A i1 BSA Bj1BSB

Initiator

Correspondent

• Principle: for every packet, the initiator is charged and all relay nodes are rewarded

• Strength : all cheating attempts will be detected

• Weakness : overhead (increase of the communication cost around 3 to 12%)

 N. Ben Salem, L. Buttyan, J. P. Hubaux, and  M. Jakobsson,"A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks"Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), Annapolis, June 2003

6

Alternative solution : probabilistic micro-payments (IP4)

Model for the network:• Multi-hop up-link• Single-hop down-link

S

D

• Proposals for probabilistic payments:– D. Wheeler(1996)– Jarecki and Odlyzko (1997)– S. Micali and R. Rivest (2002)– …

M. Jakobsson, J. P. Hubaux, and L. Buttyan  "A Micro-Payment Scheme Encouraging Collaboration in Multi-hop Cellular Networks"Proceedings of Financial Crypto 2003 

7

The solution in three easy steps – Step 1

• Assume that all packet sending/receiving events can be observed by an observer

• The observer could tell – who originated a packet (whom to charge)– who forwarded a packet (whom to remunerate)– who dropped a packet (whom to punish?)

8

The solution in three easy steps – Step 2

• Assume that every node honestly reports its own sending/receiving events to the operator

• The operator could tell– who originated a packet (whom to charge)– who forwarded a packet (whom to remunerate)– who dropped a packet (whom to punish?)

• Problems:– nodes may not be motivated to send reports– nodes may lie (send false reports)– reporting all events may be a huge overhead

9

The solution in three easy steps – Step 3

• Nodes get paid for their reports nodes are motivated to send reports

• Events to be reported are selected probabilistically this drastically reduces the overhead

• Neighbors are remunerated as well this further increases the motivation to cooperate

• Based on the received reports, the operator performs statistical analysis (auditing) this allows detection of cheating behavior

10

Assumptions

• Multi-hop cellular with multi-hop up-link and single-hop down-link

• Symmetric-key crypto, each node shares a long-term symmetric key with the operator (base stations)

• The operator manages numerous base stations and one accounting center

• The operator is trusted by every node for– not revealing secret keys– correctly transmitting packets– correctly performing billing and auditing

• Users are not trusted to act according to the protocol– users behave rationally– they can tamper with their devices– they can collude

11

Protocol

• Setup– users register with the operator– each registered user u gets an id and a symmetric key Ku – Ku is shared by the user and the operator (base stations)

• Maintaining connectivity information– each user u keeps a list of triplets (ui, di, Li), where

• ui is a neighbor• with distance (in hops) di from the base station and• with reward level Li

– the list is sorted in terms of increasing values of di and Li

• Reward levels– packets have reward levels too– a higher reward level means higher charge for the originator and

higher reward for the forwarders– ui is willing to forward packets with a reward level higher than Li

12

Packet origination

• Originator o wants to send payload p– o selects a reward level L

– computes a MAC = MACKo( L | p )

– transmits [ o | L | p | ] according to the Packet Transmission Protocol

13

Packet transmission

• User u – originator or forwarder – wants to transmit packet P = [ o | L | p | ]1. u selects his first as yet unselected entry (ui, di, Li) where Li < L

2. sends a forward request to ui (contains L and possibly more info)

3. waits for an ack from ui

• if received, then u sends P to ui

• if not received, then u increases i by one and goes to step 2

in any case: if u is not the originator, then u performs the Reward Recording Protocol

u y

z

x

(u=y, d=2, L=53)

(u=z, d=3, L=82)

(u=x, d=3, L=70)

14

Packet processing by the base stationThe base station receives a packet P = [ o | L | p | ]

– it looks up the secret key Ko of the originator o

– verifies the MAC • if not correct, then drops the packet• if correct, then transmits the packet to the destination

– keeps a count of the number of packets transmitted for o– records a fraction of all triplets (, L, u), where u is the id of the

user from which it received the packet [ o | L | p | ]– periodically sends the recorded information to an accounting center

S

D

Accounting Center

21 3

45

6

Retrieve Ko

Verify

P

15

Reward recording

• User u has forwarded a packet P = [ o | L | p | ]– u interprets as a lottery ticket

– the ticket is winning for u iff f(, Ku) = 1 for some function f

– if is winning, then u records (u1, u2, , L), where

• u1 is the user from which he received P

• u2 is the user (or base station) to which he forwarded P

u1 u2 (or base station)u

f(, Ku) = 1 ?

Example for f : f(, Ku) = 1 iff dHamming(, Ku) h

• Note: If f is not one-way, then all claims should be encrypted during transmission

16

Reward claim

• User u has a list M of reward records– when u is adjacent to a base station, he transmits a claim

[ u | M | MACKu(M) ] to the base station

– the base station verifies the MAC• if incorrect, then ignores the claim

• if correct then records the claim and sends an ack

– when u receives the ack, he deletes M from memory– the base station sends the recorded reward claims to the

accounting center

u

Accounting Center

[ u | M | MACKu(M) ]

17

Accounting

• The accounting center receives– reward claims of the form: “u claims (u1, u2, , L)”

– traffic info recorded by the base stations of the form: “(, L, u) from o”

• All originators whose identity has been recorded by a base station are charged

• All users whose identity figures as a claimant in an accepted reward claim are credited

• All users whose identity appears as sending or receiving neighbor in an accepted reward claim are also credited

18

Auditing

The probability for a ticket to win is independent of the identity of the user who evaluates it

each user should appear as a claimant with approximately the same frequency as he figures as either sending or receiving neighbor of a claimant

19

Examples of abuses and their detection (1/2)

• Packet droppingDescription: the user agrees to forward, but he doesn’t forward

Detection: receiving neighbor freq. > sending neighbor freq.

• Ticket sniffingDescription: the user claims credit for overheard packets

Detection:– claimant freq. > receiving neighbor or sending neighbor freq.– conflicting claims

a b c

d

b claims (a, c, , L)

d claims (b, c, , L)

20

Examples of abuses and their detection (2/2)

• Greedy collection of ticketsDescription: a set of users collect and share tickets allowing each

other to choose from a larger pool than they forwarded

Detection:– unusually long transmission paths (counted in number of claims

per packet)– abnormally high packet transmission rates per time unit by some

user (if timing information is also collected at the base station)

• Tampering with the reward levelDescription: the packet carries a large reward level during some

portion of the route, but the reward level is reduced by a colluder before the packet is transmitted to the base station

Detection:– claimants indicate a higher reward level in their claim than that

registered by the base station for a given packet

21

Conclusion on the probabilistic encouragement for collaboration

• Cooperation between nodes can be fostered by micro-payments

• Probabilistic micro-payments can drastically reduce the overhead

• The operator can fine tune the detection mechanisms according to the level of observed cheating

• Future work– Study attacks by malicious users– Pricing issues (e.g., computation of the reward levels)

22

Cooperation without incentivesin pure ad hoc networks (IP4)

0)( xi

Examples of strategies:

Strategy Function

Initial cooperation

level

AllD (always defect)

AllC (always cooperate)

TFT (Tit-For-Tat)

0

1

1

1)( xi

xxi )(

σiAi

yi

xi

Conclusion: In a static network, the conditions for spontaneous cooperation are extremely unlikely to be met; but mobility improves things.

Conclusion: In a static network, the conditions for spontaneous cooperation are extremely unlikely to be met; but mobility improves things.

M. Felegyhazi, Levente Buttyan, and J. P. Hubaux"Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case"Proceedings of Personal Wireless Communications (PWC `03), Venice, Italy, September 2003

23

Mobility helps security (IP6)

Conclusion: Mobility can help security, both in symmetric and asymmetric crypto: initial key setup, re-keying operations, intrusion detection,…

Conclusion: Mobility can help security, both in symmetric and asymmetric crypto: initial key setup, re-keying operations, intrusion detection,…

Infrared link

(Alice, PuKAlice, XYZ)

(Bob, PuKBob , UVW)

Visual recognition, conscious establishment of

a two-way security association

Secure side channel

Alice Bob

S. Capkun, J. P. Hubaux, and L. Buttyan"Mobility Helps Security in Ad Hoc Networks" Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), Annapolis, June 2003

24

Provable encounters (IP6)

• claimant : a node claiming that it has met another node at a given time t• certifier : a node that certified the encounter with the claimant• verifier : a node that verifies the encounter between two nodes

claimant certifier

1. Encounter

claimant verifier

2. Proof of encounter

Verification is:• a posteriori• frequent

Conclusion: Mobile nodes can prove their encounters, at a very reasonable cost

Conclusion: Mobile nodes can prove their encounters, at a very reasonable cost

S. Capkun, L. Buttyan, and  J. P. Hubaux"SECTOR : Secure Tracking of Node Encounters in Multi-hop Wireless Networks"First ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN) 2003

25

Conclusion

• Cooperation and security issues are closely related to each other

• We propose several techniques to study / foster cooperation between nodes in multi-hop networks

• More research is needed– Investigation of the trade-off between overhead and robustness– Be able to compare different proposals– Be able to prove that a given proposal fulfills given expected

properties