dealing with selfish and malicious nodes in ad hoc networks

Dealing with Selfish and Malicious Nodes in Ad Hoc Networks

What are they?

Selfish nodes– 損人利己

Malicious nodes– 損人不利己，白開心

How likely are they to exist?

Watchdog and Pathrater

“Mitigating routing misbehavior in mobile Ad hoc networks,” Mobcom’00.

Watchdog and Pathrater

Misbehaving nodes– Selfish, malicious, overloaded, broken

Basic idea: identify misbehaving nodes and avoid them in routing.

Watchdog

A scheme to identify misbehaving nodes On top of dynamic source routing Monitors next node’s transmission Tallies its misbehaviors Reports its misbehaving status when tally

reaches a threshold

A B CS

D

Pathrater

Watchdog’s Weakness (1)

Ambiguous collision: while A is monitoring B’s forwarding, it hears a collision.

Question: has B forwarded the packet?

A B CS

D


Receiver collision: a packet forwarded by B may collide at C.

Problem: a selfish B may choose to forward any packet only once?

A B CS

D


Partial dropping: the watchdog reports misbehavior only if it reaches a threshold.

Problem: a selfish node may choose to drop packets at a “safe” rate?


Collusion: two or more nodes collude to cheat.

Example: C always drops packets, but B does not report it.

A B CS

D

The Confidant Protocol

Buchegger & Boudec, “Performance Analysis of the Confidant Protocol,” Mobihoc’02

The Self Gene (a book by Richard Dawkins)

Three kinds of birds:– Sucker 以德報怨者– Cheat 自私自利者– Grudger 禮尚往來者

In a population with 50% suckers and 50% cheats, both groups will lead to extinction.

In a population with a majority of cheats and marginal groups of suckers and grudgers, only grudgers survive.

The Watchdog and Pathrater Scheme

Basic idea: identify misbehaving nodes and avoid them in routing.

The scheme does not punish misbehaving nodes, whose packets get forwarded as usual.

Two kinds of nodes: suckers and cheats.

The Confidant Scheme

Treat misbehaving nodes as cheats.

Treat non-misbehaving nodes as grudgers, rather than suckers.

Do not forward misbehaving nodes’ packets.

The Nuglet Scheme

Buttyan and Hubaux, “Stimulating cooperation in self-organizing mobile ad hoc networks,” MONET 2002.

Selfish nodes, malicious nodes

Malicious nodes– Hard to deal with– Uncommon

Selfish nodes– Very common– Easies to deal with– Interested in their own interests.

Consider selfish nodes first.

The Nuglet Scheme

Nuglet counter: a tamper-proof counter

Can send a packet only if you have enough nuglets.

-3+1 +1 +1

Analysis of the Nuglet Scheme (1)

What to analyze? Assuming each node is interested in

maximizing the number of its own outgoing packets.

Can send (B+C)/(N+1) own packets, if you forward (NB-C)/(N+1) packets for others, where

– C: initial number of nuglets– B: amount of battery (in terms of # of packet

transmissions)– N: cost of each outgoing packet


Four possible forwarding strategies:If f < (NB-C)/(N+1) then unconditionally forward forward if c ≤ C, and forward with some

probability if c > C forward if c ≤ C forward with some probability if c ≤ C where c = current nuglet countWhich strategy is best for selfish nodes?


Best strategy in what sense? Ro = rate of generating own packets Rf = rate of incoming packets for forwarding Zo = # own packets sent / # generated Selfish node wishes to maximize

– # of own packets sent, i.e. (B+C)/(N+1) – Zo

Which strategy is best for selfish nodes?

Implementation Issues

A security module containing the nuglet counter and some other functions.

All outgoing packets must pass this module. Must be able to distinguish between own and

others’ packets. Ensure it does forward others’ packets which

have gone thru the security module.– Cash on delivery– Nuglet synchronization, mobility problem

The Sprite System

Zhong & Chen & Yang, “Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad-Hoc Networks,” Infocom’03

Sprite

Dealing with only selfish nodes. An all-software solution; no need for tamper-

proof hardware. Credit based. Game theory based.

Architecture

Who Pays whom? And How much?

The nuglet scheme

Why?

-3+1 +1 +1

Who pays whom?

Three options : Sender Destination Both sender and destination

senderdestination

Who pays whom?

Three options: Each intermediate node Each intermediate node who ever forwards

the message Each intermediate node who successfully

forwards the message– The next node should report to CCS on receiving

the message

Payment scheme

Has to deal with selfish nodes

Possible Cheating Actions

After receiving a packet– Reports a receipt, drops the packet– Reports no receipt (& drops or forwards the packet)

Receiving no packet– Reports a receipt

To CCS

Objectives of Payment Scheme

Motivating nodes to forward packets

Motivating nodes to report receipts

Preventing false receipts

Motivating nodes to forward packets

β≥ 0

Motivating nodes to report receipts

The sender pays

Preventing false receipts

γ= 1 if destination reports receipt of packet γ« 1 otherwise

The Receipt-Submission Game (1)

Players: the nodes from sender to destination,

Truth (Ti): each player either – has received the packet or – has not received the packet.

Game (2)

Action (Ai): each player either – reports a receipt to CCS, or– does not report a receipt to CCS.

Cost of action:

Game (3)

Payment: as described earlier.

Welfare (Utility):

Game (4)

Strategy: each player may – tell the truth (Ai = Ti), or– cheat (Ai ≠ Ti).

Optimal strategy for a player: a strategy that brings the player the maximum welfare regardless other players’ strategies.

Theorem: Telling the truth is an optimal strategy if the destination does not cheat and

Game (5)

Theorem: Telling the truth is an optimal strategy if the destination does not cheat and

Theorem: Any group of colluding players cannot cheat to increase their total welfare.

The game is cheat-proof.

Zen (禪 ) Approaches

A Zen Approach (1)

“敢問師父 , 如何處理 selfish nodes?”

“ 老僧這裡不用電腦 !”

A Zen Approach (2)


“至道無難，唯嫌擇揀。老僧這裡不計較 ! ”

A Zen Approach (3)


師棒之。

dealing with selfish and malicious nodes in ad hoc networks

Documents