1 mswim 2004 rational behaviors in wifi hotspots and in ad hoc networks jean-pierre hubaux epfl
Post on 19-Dec-2015
214 Views
Preview:
TRANSCRIPT
1
MSWiM 2004
Rational Behaviors in WiFi Hotspots and in Ad Hoc Networks
Jean-Pierre Hubaux
EPFL
2
Cooperation in self-organized wireless networks
Problem: how to enforce cooperation, if each node is its own authority?
Question 1: How do we prevent greedy behaviour at the MAC layer of multi-hop wireless networks?
Question 2: How to prevent selfish behavior in packet forwarding?
S1
S2
D1D2
3
Question 1: How do we prevent greedy behavior at the MAC layer of multi-hop
wireless networks ?
Routing
Routing
Routing
Routing
Routing
MAC
MAC
MAC
MAC
MAC
Almost unexplored problem
Question 1’: How is this problem solved today in WiFi hotspots?Answer: It is not solved!
4
Question 1’ : How do we prevent greedy behavior at the MAC layer in WiFi hotspots ?
Well-behaved node Well-behaved node
The access point is trustedThe access point is trusted
The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth
The MAC layer is fair: if users have similar needs, they obtain a similar share of the bandwidth
5
Question 1’ : Preventing greedy behavior at the MAC layer in WiFi hotspots
Well-behaved node Cheater
The access point is trustedThe access point is trusted
6
IEEE 802.11 MAC – Brief reminder
• IEEE 802.11 is the MAC protocol used in WiFi• By default, it is the one used in wireless multi-hop networks
• IEEE 802.11 is the MAC protocol used in WiFi• By default, it is the one used in wireless multi-hop networks
7
Greedy technique 1/4:oversized NAV
8
Greedy technique 2/4: transmit before DIFS
9
Greedy technique 3/4 : scramble others’ frames
10
Greedy technique 4/4: pick a shorter backoff
Implementation of this cheating technique: 3 lines of code!Implementation of this cheating technique: 3 lines of code!
11
Proposed solution: DOMINO DOMINO: System for Detection Of greedy behaviour in the MAC layer of
WiFi public NetwOrks (Raya, Hubaux, Aad, Mobisys 2004) Idea: monitor the traffic and detect deviations by comparing average values of
observed users
Detection tests: statistical comparison of the observed protocol behaviour
Features:
• Full standard compliance
• Needs to be implemented only at the Access Point
• Simple and efficient
The operator decides the amount of evidence required before taking action (in order e.g. to prevent false positives)
Other solution: Kyasanur and Vaidya, DSN 2003 (but not protocol compliant)
12
Detection Tests of DOMINO
Consecutive backoff
Actual backoff
Maximum backoff: the maximum should
be close to CWmin - 1
Backoff manipulation
Comparison of the idle time after the last
ACK with DIFSTransmission before DIFS
Comparison of the declared and actual
NAV valuesOversized NAV
Number of retransmissionsFrame scrambling
Detection testCheating method
13
Simulation of cheating and detection
Cheating technique: Backoff manipulation
Traffic:
Constant Bit Rate / UDP traffic
FTP / TCP traffic
misbehavior coefficient (m): cheater chooses its
backoff as (1 - m) x CWmin
Simulation environment: ns-2
Cheater
14
Simulation results
• Each point corresponds to 100 simulations• Confidence intervals: 95%
• Each point corresponds to 100 simulations• Confidence intervals: 95%
15
Implementation of the demo prototype
Equipment
Adapters based on the Atheros
AR5212 chipset
MADWIFI driver
Misbehavior: backoff
Overwrite the values CWmin and
CWmax (in driver)
Monitoring
The driver in MONITOR mode
prism2 frame header
AP DOMINO
Cheater Well-behaved
16
Conclusion on the prevention of greedy behaviour at the MAC layer
There exist greedy techniques against hotspots Some of these techniques are straightforward We have proposed, implemented and patented a simple
solution, DOMINO, to prevent them (http://domino.epfl.ch) The same problem in self-organized wireless networks is still
unsolved. Can it be solved? Game-theoretic study:
M. Cagalj, S. Ganeriwal, I. Aad and J.-P. Hubaux"On Cheating in CSMA/CA Networks" Technical report No. IC/2004/27, July 2004
17
Question 2: How to prevent selfish behavior in packet forwarding ? (1/2)
self-organizing network – no central authority each networking service is provided by the nodes themselves
18
Question 2: How to prevent selfish behavior in packet forwarding ? (2/2)
• Problem: If selfish nodes do not forward packets for others (do notcooperate with others), the network can be paralyzed Intuitively, an incentive is required• Solutions: based typically on game theory, on reputation systems, and on micropayments; often related to secure routing• proposed by NEC, UC Berkeley, Stanford, CMU, Cornell, U. of Washington,Yale, UCSD, Eurécom, EPFL,…• address different scenarios: pure ad hoc, multi-hop access to the backbone,…
• BUT the proof that an incentive is required has been addressed only very recently (and independently) by UCSD and EPFL
19
UCSD approach (1/2)
Question: Do we need these incentive mechanisms or can cooperation exist based on the self-interest of the nodes?
Energy-efficient cooperation: Willingness to cooperate adapts to the energy class of the nodes. [SrinivasanNCR03infocom]
S R3R1 R2 D
session:
energy class:
energy class of the session
[SrinivasanNCR03infocom] :V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, “Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,” Infocom 2003 (extended version in IEEE Trans. on Wireless Comm.)
20
UCSD approach (2/2)
Conclusions:
Unique and optimal operating point of the system Proposed strategy (GTFT) reaches the optimal operating point
But:
Uniform random participation in sessions Security is not considered two mechanisms:
class membership session acceptance
21
The role of the network configuration
[FelegyhaziHB04tmc]: M. Felegyhazi, J.-P. Hubaux and L. Buttyan, “Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,” to appear in IEEE Transactions on Mobile Computing• Preliminary version presented at PWC 2003 (in Venice!)
Network configuration = connectivity graph + traffic matrix
Assumptions: static network routes last for the whole duration of the game each node is a source on only one route (will be relaxed) each node i is a CBR source with traffic rate Ti
22
Modeling packet forwarding as a game
time0time slot: 1 t
cooperation level:
pC(0) pC(1) pC(t)
23
Cost function
trcrTtr jsf j,ˆ)(,
)(,ˆ1
tptrj
kfj k
Normalized throughput at forwarder fj :
Cost for forwarder fj :
where: r – route on which fk is a forwarder t – time slot fk – forwarders on route r pfk – cooperation level of forwarder fk
where: Ts(r) – traffic sent by source s on route r c – unit cost of forwarding
Example :
)()()(,ˆ},{
tptptptr CECEk
fC k
ˆ, ( ) ,C A jr t T r c r t
A E C D
TApE(t) pC(t)
r (A→D):
24
Utility function
)()()(, tptprTtr CEA
)()(,1
tprTtrl
kfs k
where: s – source r – route on which s is a source t – time slot fk – forwarders for s pfk – cooperation level of forwarder fk
Experienced throughput : A E C D
TApE(t) pC(t)
r (A→D):
Example :
25
Total payoff
( ) ( )
, ,i i
i i iq S t r F t
t u q t r t
The goal of each node is to maximize its total payoff over the game
Payoff = Utility - Cost
where: Si(t) – set of routes on which i is a source Fi(t) – set of routes on which i is a forwarder
t
tii t
0
max where: – discounting factor t – time
time0time slot: 1 t
Payoff: A(0) A(1). A(t).t
A E C D
TApE(t) pC(t)
r (A→D):
Example :
26
Representation of the nodes as players
Node i is represented as a machine Mi
is a multiplication gate
corresponding the multiplicative
property of packet forwarding
σi represents the strategy of the node
Node i is playing against the rest
of the network (represented by the
box denoted by A-i )
yi
xi
A-i i
...
Mi
i
yi
xi
...
27
Strategy of the nodes
))]1,(([)( )1( tSrii itrtp Strategy function for node i:
where:
(r,t) – experienced throughput Si – set of routes on which i is a sourceMi
i
yi
xi
...
28
Examples of strategies
1)( ii y
iii xy )(
0)( ii y
StrategyFunction
Initial cooperation
level
AllD (always defect)
AllC (always cooperate)
TFT (Tit-For-Tat)
0
1
1
non-reactive strategies: the output of the strategy function is independent of the input (example: AllD and AllC) reactive strategies: the output of the strategy function depends on the input (example: TFT)
where yi stands for the input
iii yy )(
29
Concept of dependency graph
dependency: the benefit of each source is dependent on the behavior of its forwarders
dependency loop
30
Nash equilibrium (reminder)
Nash equilibrium = No player can deviate to increase its payoff
),(),( '*iiiiii
for all i‘ and for all i
where:
– total throughput in the game i* – a Nash equilibrium strategy played by node i
i’ – any strategy played by node i
-i – the strategies played by the other players
31
Analytical Results (1)
0)( IF
Theorem 1: If node i does not have any dependency loops, then its best strategy is AllD.
Theorem 2: If node i has only non-reactive dependency loops, then its best strategy is AllD.
Corollary 1: If every node plays AllD, it is a Nash-equilibrium.
0)( IE
node i
node playing a non-reactive strategy
other nodes
32
Analytical Results (2)
)(' ii Tu
Theorem 3: Assuming that node i is a forwarder,
the best strategy for node i is TFT, if:
Node i has a dependency loop with all of its sources,
all other nodes play TFT
where: – derivative of the utility function at Ti
Ti – traffic sent by node i – discounting factor src(r) – source of a route on which node i is a forwarder – length of the shortest dependency loop with source src(r) Fi – set of routes where node i is a forwarder c – unit cost of forwarding
cTF
TTursrc
i
iiirsrci
)(
'
||
)( )(,
Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.Corollary 2: If Theorem 3 holds for every node, it is a Nash-equilibrium.
33
Classification of scenarios
D: Set of scenarios, in which every node playing AllD is a Nash equilibrium
C: Set of scenarios, in which a Nash equilibrium based on cooperation is not
excluded by Theorem 1
C2: Set of scenarios, in which cooperation is based on the conditions expressed in
Corollary 2
34
Simulation Scenario
Number of nodes 100, 150, 200
Area type torus
Area size 1500x1500m, 1850x1850m, 2150x2150m
Radio range 200 m
Distribution of the nodes random uniform
Number of routes originating at each node
1-10
Route selection shortest path
Number of simulation runs 1000
35
Scenarios, where a cooperative Nash equilibrium is possible (not excluded by Theorem 1)
36
Avalanche effect
Theorem 1
+Theorem 2
node playing a non-reactive strategy
other nodes
37
Scenarios, in which some nodes are unaffected by the avalanche effect
38
Number of nodes unaffected by the avalanche effect
39
Conclusion on selfish behavior in static multi-hop wireless networks
Analytical results: If everyone drops all packets, it is a Nash-equilibrium. In theory, given some conditions, a cooperative Nash-
equilibrium can exist ( i.e., each forwarder forwards all packets ). Simulation results:
In practice, the conditions for cooperative Nash-equilibria are
very restrictive : the likelihood that the conditions for cooperation
hold for every node is extremely small. Local cooperation among a subset of nodes is not excluded.
Future work: Consider a mobile scenario – impact of mobility Take battery level of nodes into account Emergency of cooperation
40
A glimpse at the transport layer:Denial of service attacks
TCP can be highly vulnerable to protocol-compliant attacks:• Packet reordering• Packet delaying• Packet dropping
Aad, Hubaux, Knightly, Mobicom 2004
Illustration of the« JellyFish »re-order attack
• Isolated relay chain• Single JF• Standard 802.11, 2Mb/s• TCP-Sack• Simulator: ns-2
41
A glimpse at secure mobility: provable encounters
- Initial distribution of keys/hash values
- Encounter certification comprised of the following phases:
- Authentication
- Distance bounding (Cf also Brands and Chaum, 1993)
- Issuance of the proof of encounter
a) Guaranteeing Encounter Freshness (GEF)
b) Guaranteeing the Time of Encounter (GTE)
- Encounter verification comprised of the following phases:
- Authentication
- Verification
claimant certifier
Encounter certification
claimant verifier
Encounter verification
Solution based on hash chains and on Merkle trees (Capkun et al., SASN 2003)
42
A glimpse at secure positioning
Being able to securely verify the positions of devices can enable:
- Location-based access control (e.g., prevention of the parking lot attack)- Detection of displacement of valuables- Detection of stealing- Location-based charging - …
In multi-hop networks- Secure routing- Secure positioning- Secure data harvesting (sensor networks)- …
Comm. Tower
v1
v3v4
v5
43
Conclusion Rational behaviours are a major issue in wireless networks:
Wi-Fi hotspots must be protected against greedy behaviour(possible solution : DOMINO)
In self-organized ad hoc networks, packet forwarding is very unlikely to happen spontaneously (at least in static networks) Incentives are necessary
The more wireless networks become decentralized and self-organized, the more their proper operation depends on the behaviour of individual nodes Rational / greedy / selfish behaviour requires appropriate investigation
Wireless security offers many other research challenges (transport layer, proof of encounter, secure positioning,…)
http://lcawww.epfl.ch/hubaux/
top related