A Reputation Based Scheme for Stimulating Cooperation Aruna Balasubramanian, Joy Ghosh and Xin Wang University at Buffalo (SUNY), Buffalo, NY {ab42, joyghosh,

Outline Problem definition Related Research Our Solution: Reputation based solution for stimulating cooperation  Reputation System  Monitoring System  Cooperation System  Security System Conclusions References

Problem definition: Ad hoc network characteristics Wireless links Self organized network Communication between A and B using C: Multihop C B A C routes packets for A and B Lack of central authority to coordinate routing

Problem definition: Non cooperation Non cooperation: Phenomenon when nodes in the network refuse to cooperate in providing network services. E.g. Routing Non cooperation in routing manifested by dropping packet Environment (lack of central control, existence of implicit trust) increases challenges in isolating non- cooperative nodes If a large percentage of nodes do not cooperate in routing, the network throughput is considerably reduced Stimulating nodes to cooperate is important to ensure optimum network utilization

Problem definition: Reasons for Non cooperation Node Rational malicious Malicious Selfish Genuine Resource Constraint Irrationally malicious

Related Research Using Incentive Management schemes [1], [2], [3]  Maintain credit system  Give credit to nodes that cooperate  Give incentive to nodes that have a good credit  Incentive: Providing network services such as routing Punishment based schemes [4], [5], [6]  Identify nodes that misbehave (do not cooperate)  Punish misbehaving nodes  Punishment: Not providing network service such as routing Game theoretical approaches [7] Useful in analyzing the cooperation solution

Related Research: Limitations

Our solution: Both rewards well behaved nodes and punishes non cooperation REPUTATION SYSTEM: Calculates reputation MONITOR SYSTEM Monitors neighbors nodes for packet dropping and forwarding COOPERATION SYSTEM Punish nodes with low reputation Give incentive to nodes with high reputation Use reputation of node to ensure reliability SECURITY SYSTEM Ensures the security of all the components COMPONENTS Distribute reputation to neighbors Reputation reports from neighbors

Reputation System Reputation: Goodness of a node as perceived by its neighbors Reputation increased for good behavior at the rate of α Reputation decreased for bad behavior at the rate of β New node has neutral reputation If Reputation < Threshold, node is punished Common problems of reputation systems  High α: Node builds up reputation faster and misbehaves for prolonged time  Low α: Not enough incentive  High β: Genuine node that drops packets due to network failure will be punished  Low β: Takes a longer time for misbehaving nodes to be punished

Reputation System (Contd…) To solve this, in our solution, α and β are chosen carefully according to the network characteristics The reputation is not reduced or increased linearly, but as a function of the node’s current reputation and the number of packets dropped/forwarded  Smaller the reputation, smaller is the number of packets that are dropped to reduce reputation  Larger the reputation, more is the number of packets that need to be forwarded to increase the reputation Reputation value is changed cumulatively, at regular intervals, and not every time a packet is dropped or forwarded

Monitoring System Neighbor monitors nodes to check if node forwards packets B A C A transmits packet (sent by B) to C B listens to this transmission because of omni-directional antenna If B does not hear its packet being transmitted for a while, it assumes that the A has dropped it A’s reputation is re- calculated

Monitoring System (Contd…) Reputation calculation based on own observation alone may not be sufficient B A C If B cooperation with A, but has no transaction with C, C will not know the real characteristic of B Every node distributes its reputation to all neighbor nodes, to ensure that all nodes have a consistent view about each other

Monitoring System (Contd…) Every node calculate reputation as a weighted mean of its own observation and the neighbor reports Weights given to a neighbor report is proportional to how much the neighbor is trusted A receives reputation report of B, from C and D B A C D B’s reputation A has three reputation of B (including its own), Rep AB, Rep CB and Rep DB Weight given to reputation report of C by A = Reputation of C with A, Rep AC / (Rep AB + Rep CB + Rep DB ) Weight given by A to its own reputation = Ut (Maximum reputation) A calculates the reputation of B as a weighted mean

Monitoring System (Contd…) Common problems with monitoring systems Distribution of false reputation reports by malicious neighbors  In our solution, false reputation reports are given less weight and thus their effect will not be significant Incorrect monitoring, when packets are dropped due to congestion or collision  We implement a mechanism to identify congestion  Incorrect penalty due to incorrect monitoring is reduced considerably due to our tolerance scheme

Cooperation System: Penalty If the neighbor node has reputation lower than a threshold  Do not forward any packet for this neighbor  Re route packets, if the next hop is the misbehaving neighbor Common problem with cooperation systems is the inability of a repentant node to rejoin the network  We provide alternate protocols for repentant nodes to rejoin the network  Idle protocol: Node finishes penalty time and joins the network with neutral reputation  Redeem protocol: Node participates in forwarding packets, and can start sending its own packets when its reputation increases to the neutral reputation

Cooperation System: Incentive Intermediate nodes prioritize packets based on the reputation of source and destination Source sends first packet with the certificate of the source and destination SourceDestination Packet1 Cert 1 Cert 2 Packet 2 Packet n Intermediate nodes stores certificate Intermediate nodes prioritize subsequent packets based on the reputation of the source/destination Certificate certifies the reputation of a node by a trusted person

Security System Leaving the neighborhood to avoid punishment Certification Decentralized Certificate provided by the neighboring nodes themselves Using threshold cryptography Thus a new node may either be genuine, or be a node with low reputation from a different neighborhood Use route reply from others to identify a malicious node from a different neighborhood

References 1) L. Buttyan and J.-P. Hubaux. Enforcing Service Availability in Mobile Ad-Hoc WANs. In Proceedings of the IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Boston, August ) Hubaux, J., Gross, T., Le Boudec, J., Vetterli, M. Towards self-organized mobile ad hoc networks: The Terminodes project. IEEE Communications Magazine, (January 2001). 3) S. Zhing, J. Chen and Y.R. Yang, “SPRITE: A Simple, Cheat-Proof Credit-based System for Mobile Ad hoc Networks”, in Proceedings of IEEE INFOCOM ‘’03, San Fransesco, CA, April ) S. Marti, T. J. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehavior in mobile ad hoc networks," in Sixth annual ACM/IEEE International Conference on Mobile Computing and Networking, 2000, pp ) S. Buchegger and J. Le Boudec. Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks. In Proceedings of the Tenth Euromicro Workshop on Parallel, , Canary Islands, Spain, January IEEE Computer Society. 6) P.Michiardi and R.Molva, “CORE: A Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad hoc Networks,” in Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security. Kluwer, B.V., 2002, pp ) V.Srinivasa, P.Nuggehalli and C.Chiasserini, “Cooperation in Wireless Ad hoc Networks” in Proceedings of IEEE INFOCOM ‘’03, San Fransesco, CA, April 2003.