Stimulation for Cooperation in Ad Hoc and Multi-hop Cellular Networks N. Ben Salem*, L. Buttyán*, J.-P. Hubaux* and M. Jakobsson** * Laboratory of Computer Communications and Applications Swiss Federal Institute of Technology – Lausanne, Switzerland ** RSA Laboratories, Hoboken, NJ, USA

Stimulation for Cooperation in (pure) Ad Hoc Networks Part 1 N. Ben Salem, L. Buttyán and J.-P. Hubaux

Motivation and goal Ad hoc networks no infrastructure all networking services are provided by the nodes themselves cooperation is essential Problem assume that nodes don’t belong to a single authority there’s no good reason to cooperate nodes tend to be selfish Example if the average number of hops from source to destination is ~5  ~80 % of the energy is devoted to packet forwarding  temptation to deny packet forwarding is strong Our goal: to design a mechanism that stimulates cooperation (packet forwarding)

Proposed stimulation mechanism Each node has a credit counter c, and 1.when sending an own packet –the number n of needed intermediate forwarding nodes is estimated –if c < n, then the packet cannot be sent –otherwise, the packet can be sent, in which case c is decreased by n 2.when forwarding a packet –c is increased by 1 + Protection that ensures that –the user cannot manipulate the credit counter –the user cannot tamper with the above mechanism (but she can decide to drop a packet before the mechanism is called !) –c is increased only if the packet has indeed been forwarded We propose a protection mechanism that is based on a tamper resistant hardware module in each node

Single node model (basic) B, C, N IN o IN f OUT = OUT o + OUT f DRP = DRP o + DRP f B – initial battery level C – initial credit level N – constant charge b – battery c – credit counter out o – own packets sent (during whole lifetime) out f – forwarding packets sent (during whole lifetime) Selfishness: maximize out o subject to (1) out o, out f  0 (2) N out o – out f  C (3) out o + out f = B b,cb,c

Single node model (extended) - own packets are generated at rate r o - forwarding packets arrive at rate r f - no buffering (if an own packet cannot be sent due to the low level of the credit counter, then it is dropped) t end – time when the battery is drained out (not a constant! ) Selfishness: maximize out o and z o subject to z o = out o / r o t end – fraction of own packets sent (1) out o, out f  0 (2) out o  r o t end (3) out f  r f t end (4) N out o – out f  C (5) out o + out f = B

Forwarding rules If f = (NB – C)/(N + 1) then drop else –rule 1: always forward –rule 2: if c  C then forward else forward with prob C /c –rule 3: if c  C then forward else drop –rule 4: if c  C then forward with prob c /C else drop where f is the number of packets forwarded so far and c is the current credit level Pr fwd (c) 1 C c rule 1 Pr fwd (c) 1 C c rule 2 Pr fwd (c) 1 C c rule 3 Pr fwd (c) 1 C c rule 4

Comparison of forwarding rules (1) Simulation parameters B = r o = 0.2 pkt/s C = 100 r f = 0.6 … 1.6 pkt/s N = 5 Simulation results out o = = (B + C )/(N + 1)

Comparison of forwarding rules (2) Simulation parameters space500 m x 500 mpkt generation rate0.2 (0.5, 0.8) pkt/s number of nodes100choice of pkt. dest.random power range120 mroutinggeodesic pkt fwding mobility modelrandom waypointinitial credits100 speed1 m/s – 3 m/scredit sync interval 5 (10, 15, 20) s avg. pause time60 ssimulation time7200 s Simulation results

Throughput The effect of less cooperative nodes (rule 3) on the total cumulative throughput

Conclusion We proposed a mechanism to stimulate the nodes of an ad hoc network for packet forwarding Our approach is based on a credit counter and enforcement of some simple rules in each node (tamper resistant hardware) We showed that the mechanism is effective assuming the following: –each node generates packets continuously –own packets are not buffered (they must be sent immediately or dropped) –selfishness is represented by the goal of dropping as few own packets as possible Future work Weakening the above assumptions Application to other network functions (not only packet fwding) Application in higher layers (e.g., peer-to-peer systems) Application in hybrid (multi hop cellular) networks

Stimulation for Cooperation in Multi-hop Cellular Networks Part 2 N. Ben Salem, L. Buttyán, J.-P. Hubaux and M. Jakobsson

S D Multi-hop cellular Set of base stations connected to a backbone (like in cellular) Potentially, multi-hop communication between the mobile station and the base station (unlike in cellular)

Multi-hop cellular Advantages: –Energy consumption of the mobile stations can be reduced –Immediate side effect: Reduced interference –Number of base stations (fixed antennas) can be reduced –Coverage of the network can be increased –Closely located mobile stations can communicate independently from the infrastructure (ad hoc networking) Disadvantages: –Routing? –Synchronization?

Our model Multi-hop up-link Single-hop down-link Problem: How to encourage the nodes to relay packets for the benefit of other nodes? Approach: Remunerating the forwarders (and charging the packet originator) With the following new elements (compared to the previous solution): –there is an operator (trusted by all nodes) –the operator maintains a billing account for each node –charging and remunerating are done by manipulating billing accounts S D

The solution in three easy steps Step 1: Assume that all packet sending/receiving events can be observed by an observer The observer could tell who did what –who originated a packet (who to charge) –who forwarded a packet (who to remunerate) –who dropped a packet (who to punish?) Step 2: Assume that every node honestly reports its own sending/receiving events to the operator The operator could tell who did what Problems: –nodes may not be motivated to send reports –nodes may lie (send false reports) –reporting all events may be a huge overhead

The solution in three easy steps Step 3: Nodes get paid for their reports  nodes are motivated to send reports Events to be reported are selected probabilistically  this reduces the overhead Based on the received reports, the operator performs statistical analysis (auditing)  this allows detection of cheating behavior

Assumptions Multi-hop cellular with multi-hop up-link and single-hop down-link Symmetric-key crypto, each node shares a long-term symmetric key with the operator (base stations) The operator is trusted by every node for –not revealing secret keys –correctly transmitting packets –correctly performing billing and auditing Users are not trusted to act according to the protocol –users behave rationally –they can tamper with their devices –users could collude

Protocol: Setup users register with the operator each registered user u gets an id and a symmetric key K u K u is shared by the user and the operator (base stations) S D AC S, K S

Protocol: Maintaining connectivity information each user u keeps a list of triplets (u i, d i, L i ), where –u i is a neighbor –with distance (in hops) d i from the base station and –with reward level L i the list is sorted in terms of increasing values of d i and L i S D AC (u=4,d=2,L=3) L=3

Protocol: Maintaining connectivity information each user u keeps a list of triplets (u i, d i, L i ), where –u i is a neighbor –with distance (in hops) d i from the base station and –with reward level L i the list is sorted in terms of increasing values of d i and L i S D AC L=3 L=5 (u=4,d=2,L=3) (u=2,d=2,L=5)

Protocol: Maintaining connectivity information each user u keeps a list of triplets (u i, d i, L i ), where –u i is a neighbor –with distance (in hops) d i from the base station and –with reward level L i the list is sorted in terms of increasing values of d i and L i S D AC L=2 L=5 (u=4,d=2,L=3) (u=2,d=2,L=5) (u=1,d=4,L=2) L=3

Protocol: Reward levels packets have reward levels too a higher reward level means higher charge for the originator and higher reward for the forwarders u i is willing to forward packets with a reward level higher than L i S D AC L=5 I accept to forward a packet if its reward level is higher than 5

Protocol: Packet origination Originator o wants to send payload p –o selects a reward level L S D AC This packet is important. I choose a reward level of 6!

Protocol: Packet origination Originator o wants to send payload p –o selects a reward level L –computes a MAC  = MAC Ks ( L | p ) S D AC I compute  = MAC Ks ( 6 | p )

Protocol: Packet origination Originator o wants to send payload p –o selects a reward level L –computes a MAC  = MAC Ks ( L | p ) –transmits the packet P = [ o | L | p |  ] according to the Packet Transmission protocol S D AC My packet P = [ S | 6 | p |  ]

Protocol: Packet transmission The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L S D AC Node 4 is the first in my list and its reward level < 6 (u=4,d=2,L=3) (u=2,d=2,L=5) (u=1,d=4,L=2)

Protocol: Packet transmission The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) S D AC Req

Protocol: Packet transmission S D AC ack The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i

Protocol: Packet transmission S D AC P The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then o sends P to u i –if not received, then o increases i by one and goes to step 2

Protocol: Packet transmission S D AC Req The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then o sends P to u i –if not received, then o increases i by one and goes to step 2 ack (u=4,d=2,L=3) (u=2,d=2,L=5) (u=1,d=4,L=2)

Protocol: Packet transmission S D AC ack The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then o sends P to u i –if not received, then o increases i by one and goes to step 2 ack

Protocol: Packet transmission S D AC P The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then o sends P to u i –if not received, then o increases i by one and goes to step 2 ack

Protocol: Packet transmission S D AC P The originator o wants to transmit packet P = [ o | L | p |  ] 1. o selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then o sends P to u i –if not received, then o increases i by one and goes to step 2

Protocol: Packet transmission S D AC The forwarding node u wants to transmit packet P = [ o | L | p |  ] 1. u selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then u sends P to u i –if not received, then u increases i by one and goes to step 2 Req

Protocol: Packet transmission The forwarding node u wants to transmit packet P = [ o | L | p |  ] 1. u selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then u sends P to u i –if not received, then u increases i by one and goes to step 2 S D AC ack

Protocol: Packet transmission S D AC The forwarding node u wants to transmit packet P = [ o | L | p |  ] 1. u selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then u sends P to u i –if not received, then u increases i by one and goes to step 2 P

Protocol: Packet transmission S D AC The forwarding node u wants to transmit packet P = [ o | L | p |  ] 1. u selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i –if received, then u sends P to u i –if not received, then u increases i by one and goes to step 2 P

Protocol: Reward recording user u (forwarding node) has forwarded a packet P = [ o | L | p |  ] S D AC P P P

Protocol: Reward recording user u (forwarding node) has forwarded a packet P = [ o | L | p |  ] –u interprets  as a lottery ticket –the ticket is winning for u iff f( , K u ) = 1 for some function f –if  is winning, then u records (u 1, u 2, , L), where u 1 is the user from which he received P u 2 is the user (or base station) to which he forwarded P S D AC P  is a lottery ticket the ticket is winning for me I record (S, 5, , 6) and forward P P

Protocol: Reward recording user u (forwarding node) has forwarded a packet P = [ S | L | p |  ] –u interprets  as a lottery ticket –the ticket is winning for u iff f( , K u ) = 1 for some function f –if  is winning, then u records (u 1, u 2, , L), where u 1 is the user from which he received P u 2 is the user (or base station) to which he forwarded P S D AC P the ticket is not winning for me P I just forward P P

Protocol: Network processing the base station receives a packet P = [ o | L | p |  ] –it looks up the secret key K o of the originator o –verifies the MAC  S D AC Find K S Verify  P

Protocol: Network processing the base station receives a packet P = [ o | L | p |  ] –it looks up the secret key K o of the originator o –verifies the MAC  if not correct, then drops the packet if correct, then transmits the packet to the destination S D AC P

Protocol: Network processing the base station receives a packet P = [ o | L | p |  ] –it looks up the secret key K o of the originator o –verifies the MAC  if not correct, then drops the packet if correct, then transmits the packet to the destination –keeps a count of the number of packets transmitted for o S D AC Packets for S++

Protocol: Network processing the base station receives a packet P = [ o | L | p |  ] –it looks up the secret key K o of the originator o –verifies the MAC  if not correct, then drops the packet if correct, then transmits the packet to the destination –keeps a count of the number of packets transmitted for o –records a fraction of all triplets ( , L, u), where u is the id of the user from which it received the packet [ o | L | p |  ] S D AC ( , 6, 5)

Protocol: Network processing the base station receives a packet P = [ o | L | p |  ] –it looks up the secret key K S of the originator o –verifies the MAC  if not correct, then drops the packet if correct, then transmits the packet to the destination –keeps a count of the number of packets transmitted for o –records a fraction of all triplets ( , L, u), where u is the id of the user from which it received the packet [ o | L | p |  ] –periodically sends the recorded information to an accounting center S D AC “( , 6, 5) from S”

[ 4 | M | MAC K4 (M) ] Protocol: Reward claim user u has a list M of reward records –when u is adjacent to a base station, he transmits a claim [ u | M | MAC Ku (M) ] to the base station AC

Protocol: Reward claim user u has a list M of reward records –when u is adjacent to a base station, he transmits a claim [ u | M | MAC Ku (M) ] to the base station –the base station verifies the MAC if correct then records the claim and sends an ack if incorrect, then ignores the claim The MAC is correct Record the claim M AC [ 4 | M | MAC K4 (M) ]

Protocol: Reward claim user u has a list M of reward records –when u is adjacent to a base station, he transmits a claim [ u | M | MAC Ku (M) ] to the base station –the base station verifies the MAC if correct then records the claim and sends an ack if incorrect, then ignores the claim The MAC is correct Record the claim M ack AC

Protocol: Reward claim user u has a list M of reward records –when u is adjacent to a base station, he transmits a claim [ u | M | MAC Ku (M) ] to the base station –the base station verifies the MAC if correct then records the claim and sends an ack if incorrect, then ignores the claim –when u receives the ack, he deletes M from memory AC The MAC is correct Record the claim M ack Delete the claim M form the memory

Protocol: Reward claim user u has a list M of reward records –when u is adjacent to a base station, he transmits a claim [ u | M | MAC Ku (M) ] to the base station –the base station verifies the MAC if correct then records the claim and sends an ack if incorrect, then ignores the claim –when u receives the ack, he deletes M from memory –the base station sends the recorded reward claims to the accounting center AC The MAC is correct Record the claim M ack Delete the claim M form the memory “4 claims (S, 5, , 6)”

Protocol: Accounting –the accounting center receives reward claims of the form: “u claims (u 1, u 2, , L)” traffic info recorded by the base stations of the form: “( , L, u) from o” S D AC “( , 6, 5) from S” “4 claims (S, 5, , 6)”

Protocol: Accounting –the accounting center receives reward claims of the form: “u claims (u 1, u 2, , L)” traffic info recorded by the base stations of the form: “( , L, u) from o” –all originators whose identity has been recorded by a base station are charged Charge S S D AC “( , 6, 5) from S” “4 claims (S, 5, , 6)”

Protocol: Accounting –the accounting center receives reward claims of the form: “u claims (u 1, u 2, , L)” traffic info recorded by the base stations of the form: “( , L, u) from o” –all originators whose identity has been recorded by a base station are charged –all users whose identity figures as a claimant in an accepted reward claim are credited Credit 4 Charge S S D AC “( , 6, 5) from S” “4 claims (S, 5, , 6)”

Protocol: Accounting –the accounting center receives reward claims of the form: “u claims (u 1, u 2, , L)” traffic info recorded by the base stations of the form: “( , L, u) from o” –all originators whose identity has been recorded by a base station are charged –all users whose identity figures as a claimant in an accepted reward claim are credited –all users whose identity figures as sending or receiving neighbor in an accepted reward claim are also credited Credit 4 Charge S S D AC “( , 6, 5) from S” “4 claims (S, 5, , 6)” Credit 5

Protocol: Accepted reward claim A reward claim is accepted iff –it is correct ( f( , K u ) = 1 ) –the base station has reported the packet associated to  as having been transmitted No packet, No reward! S D AC the ticket is not winning for me but I am credited

Lottery ticket evaluation Requirements on the function f : –Evaluation must be performed for every packet the user handles  f should be lightweight –Users should not be able to verify reward claims on behalf of each other without having to trust each other with their keys  f should use all bits in K u –Reward recording and claiming should not dominate the protocol  probability of winning should be small enough –Auditing is possible only on a sufficiently large data set  probability of winning should be large enough (trade-off) An example: f( , K u ) = 1 iff d Hamming ( , K u )  h Note: If f is not one-way, then all claims should be encrypted during transmission.

Auditing Observation: The probability for a ticket to win is independent of the identity of the user who evaluates it  each user should figure as a claimant with approximately the same frequency as he figures as either sending or receiving neighbor of a claimant

Examples for abuses and their detection Packet dropping Description: the user agrees to forward, but he doesn’t forward Detection: receiving neighbor freq. > sending neighbor freq. S D AC P P

P Examples for abuses and their detection Ticket sniffing Description: the user claims credit for overheard packets Detection: –claimant freq. > receiving neighbor or sending neighbor freq. S D AC P P

Examples for abuses and their detection Ticket sniffing Description: the user claims credit for overheard packets Detection: –claimant freq. > receiving neighbor or sending neighbor freq. –conflicting claims P S D AC P P 2 claims (S, 4, , L) 4 claims (S, 5, , L)

Examples for abuses and their detection Greedy ticket collection Description: a set of users collect and share tickets allowing each other to choose from a larger pool than they forwarded Detection: –unusually long transmission paths (counted in number of claims per packet) –abnormally high packet transmission rates per time unit by some user (if timing information is also collected at the base station) S D AC P P P Try the packet for nodes 7,8,9 and 10

Examples for abuses and their detection Reward level tampering Description: the packet carries a large reward level during some portion of the route, but the reward level is reduced by a colluder before the packet is transmitted to the base station Detection: –claimants indicate a higher reward level in their claim than that registered by the base station for a given packet S D AC P P P The reward level is not 6 anymore. It is 3.

Conclusion We proposed a micro-payment scheme encouraging packet forwarding in multi-hop cellular networks Two motivations for forwarding: 1. all users whose identity figures as a claimant in an accepted reward claim are credited a claim is accepted only if the base station has reported the corresponding packet  if the packet contains a winning ticket for u, then u is interested in forwarding the packet 2. all users whose identity figures as sending or receiving neighbor in an accepted reward claim are also credited  if u sends the packet to the next hop v, then v may file a claim, in which case u will be credited as a sending neighbor

Conclusion Our scheme relies on the existence of a trusted and powerful operator in the system Main features: –we encourage users to report about their packet sending/receiving events by paying for these reports –events to be reported are selected probabilistically (lottery tickets) which reduces overhead –the operator performs statistical analysis of the received reports in order to detect cheating –extremely low overhead for the nodes (especially, in terms of computation)