a trust-building mechanism in the mesh 07.08.08 jeremy flores [email protected]@mit.edu jorge...
TRANSCRIPT
![Page 1: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/1.jpg)
A Trust-Building Mechanism in the Mesh
07.08.08
Jeremy Flores [email protected]
Jorge de la GarzaRobert FalconiKevin Kelley
![Page 2: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/2.jpg)
One Laptop Per Child - Considerations
Limited processing power AMD Geode, ~433 MHz 256 MB RAM
Limited energy consumption Sparse access to electricity for battery recharging
Open-source software Users can alter any mechanisms
Closed-source wireless card firmware Must implement protocols in kernel
![Page 3: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/3.jpg)
One Laptop Per Child - Considerations
Potentially massive network topologies Liberal software philosophy: “Let kids explore”
Can't implement overly-restrictive security policies MAC spoofing entirely feasible, even encouraged
![Page 4: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/4.jpg)
Issues
Very unusual networking environment No central authority MAC addresses not tied to users New identities all over the place
![Page 5: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/5.jpg)
Issues
“Bruce Wayne” problem Allowed/encouraged to spoof MAC address Can provide other ID of choice
Other concerns are more typical Point-to-point privacy Tamper-resistance for messages
![Page 6: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/6.jpg)
Issues
Misbehaving peers Problem is direct result of topology Can't save self
Super-lightweight devices (~433 Mhz) Practical considerations
![Page 7: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/7.jpg)
Thoughts
Disregard MAC address Okay for routing / 802.11s / AODV Will be spoofed, impersonated
![Page 8: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/8.jpg)
Basic Solution
Generating a new identity As simple as generating new keys Choose new MAC address at same time
Sending a general-purpose message Use MAC & checksum Send public key with message Public key effectively is identity
![Page 9: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/9.jpg)
Basic Solution
Point-to-point privacy Just add encryption on top of MACing
Behavior enforcement “Organic/natural” model Temporary blacklisting
![Page 10: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/10.jpg)
Solution
“A Trust Model Based Cooperation Enforcement Mechanism in Mesh Networks” Proposes PID-like trust model
Trust score If node is deemed untrustworthy, add to blacklist Can change parameters to better fit network and
desired effects More efficient than blacklist-sharing models (zero
network overhead, no list comparing) Should be efficient enough for XOs
![Page 11: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/11.jpg)
Solution
Extend the algorithm Prioritizing Packet Forwarding
Instead of blacklist, use node's trust score to determine importance
Higher priority in packet forwarding means faster, sustained bandwidth
If sufficiently low score, actively malicious, and low overall traffic, temporarily blacklist ( t ~ 1/score )
If also using blacklist sharing, false positives are only a small problem for otherwise-trustworthy nodes
Further incentive to play nice
![Page 12: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/12.jpg)
Solution
Extend the algorithm “Trust Building”
When a new node is encountered, initially has a low trust score
As the node performs dutifully, trust score increases “Good deeds” <==> Reward (bandwidth)
MAC address swapping If legit user wants to switch identities, no problem If switching to bypass blacklists, still must play nice to gain trust
![Page 13: A Trust-Building Mechanism in the Mesh 07.08.08 Jeremy Flores flores1@mit.eduflores1@mit.edu Jorge de la Garza Robert Falconi Kevin Kelley](https://reader036.vdocuments.us/reader036/viewer/2022082818/56649f0c5503460f94c2001b/html5/thumbnails/13.jpg)
Solution
Benefits Sits in kernel: works with Cerebro Customizable Low overhead Sidesteps unique identification problem Weak penalization To be effectively malicious on a widespread level,
one must first “do good” to become trusted Score is asymmetric towards untrustworthy, so more
“good” done than “bad” overall