Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games William Kozma Jr., and Loukas Lazos Dept. of Electrical and Computer Engineering University.

Published byOwen Booth Modified over 8 years ago

Similar presentations

Presentation on theme: "Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games William Kozma Jr., and Loukas Lazos Dept. of Electrical and Computer Engineering University."— Presentation transcript:

1 Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games William Kozma Jr., and Loukas Lazos Dept. of Electrical and Computer Engineering University of Arizona

2 n1n1 S D n2n2 n3n3 n4n4 n5n5 Ad hoc networks lack a network infrastructure Limited communication range Nodes rely on multi-hop routes to communicate Any node may act as a router Routing in Ad Hoc Networks 2 r Routing implemented on the basis of collaboration Implicit trust placed on intermediate routers Routing implemented on the basis of collaboration Implicit trust placed on intermediate routers William Kozma Jr. and Loukas Lazos, SecureComm 2009

3 Node Misbehavior Nodes may be compromised physically or remotely S ophisticated users - alter software/hardware of their device Adversaries with intimate knowledge of node operation One type of misbehavior is packet dropping Selfishness – Refuse to forward packets to conserve energy Maliciousness – Refuse to forward packets to degrade network performance 3 n1n1 S D n2n2 n3n3 n4n4 n5n5 William Kozma Jr. and Loukas Lazos, SecureComm 2009

4 The Misbehavior Identification Problem Given a path P SD from source S to destination D, identify misbehaving nodes that drop packets, in a resource efficient manner 4 William Kozma Jr. and Loukas Lazos, SecureComm 2009 n1n1 S D n2n2 n3n3 n4n4 n5n5

5 Current Solutions Acknowledgment-Based Schemes (e.g., 2ACK, Liu et. al., Byzantine fault detection, Awerbuch et. al.) Packets acknowledged 2 hops or more upstream Reputation-Based (e.g., CONFIDANT,, Buchegger et. al.) Rely on message overhearing to verify forwarding Credit-Based (e.g., Sprite, Zhong et. al.)) Provide incentive for a node to cooperate n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D $ $ $ $ $ $ 5 William Kozma Jr. and Loukas Lazos, SecureComm 2009 All schemes incur overhead on a per-packet basis

6 Research Goal Per-packet behavior evaluation is too expensive in Energy (operating in promiscuous mode) Performance (must observe instead of sleeping or communicating concurrently) Communication (may consume more bandwidth) Critical questions Can we perform per-packet evaluation without per-packet monitoring (or very low per-packet overhead)? What is the penalty we have to tradeoff? William Kozma Jr. and Loukas Lazos, SecureComm 2009 6

7 Implicit Node Monitoring William Kozma Jr. and Loukas Lazos, SecureComm 2009 7 n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D Audit Request Audit Reply Audit Request Audit Reply Nodes record a proof of packets they receive/forward Some nodes are audited to provide proof of behaving Multiple proofs are combined to identify misbehavior Use the honest to identify the malicious

8 Analogy to Rényi-Ulam Games Rényi-Ulam game: the game of 20 questions Questioner wins if ω is determined in at most q questions Responder has a limited number of lies Winning strategy: a strategy that wins regardless of how lies occur 8 Question Questioner Responder Secret Value: ω Reply William Kozma Jr. and Loukas Lazos, SecureComm 2009 The process of combining multiple audits to identify a misbehaving node is analogous to Rényi-Ulam games Ω = [1, 2, …,n]ω q ℓ Search space ℓ

9 SD n1n1 n2n2 n3n3 n4n4 n5n5 Rényi-Ulam Game: Misbehaving Node Identification: Misbehavior Identification as a Rényi-Ulam Game QuestionerResponder ω ≤ y ? Secret Value: ω in Ω Yes Did you see packets X? Yes || Proof Questioner Search Space ω 9 William Kozma Jr. and Loukas Lazos, SecureComm 2009 Response Question Responder

10 Types of Rényi-Ulam Games Two questioning modes: Batch Adaptive Two types of questions: Cut questions Membership questions QuestionerResponder Q1Q1 Q2Q2 Q3Q3 R1R1 R2R2 R3R3 Q1Q1 R1R1 Q2Q2 R2R2 Q3Q3 R3R3 Ω = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] Ω = [1, 2, 3, 4, 5, 6, 7, 8] Q: Is ω ≤ 8?A: Yes Ω = [3, 4, 5, 6, 7, 8] Q: Is ω ≤ 2?A: No Ω = [3, 4, 5, 6, 7, 8] Q: Is ω  A = {3, 4, 5, 6, 7, 8} ?A: Yes Ω = [3, 7, 8] Q: Is ω  A = {4, 5, 6} ?A: No Ω = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] 10 William Kozma Jr. and Loukas Lazos, SecureComm 2009 Goal: Devise a strategy to always find ω in the least number of questions

11 Implementing Cut Questions X i : Set of packets forwarded by node n i Is the misbehavior node upstream of audited node n i ( ω ≤ y )? |X S ∩ X i | ≈ |X S |: n i claims misbehavior occurs downstream (ω ≥ y ) |X S ∩ X i | << |X S |: n i claims misbehavior occurs upstream (ω ≤ y) n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D 11 Behaving Node Suspicious Node William Kozma Jr. and Loukas Lazos, SecureComm 2009

12 Adaptive Auditing with Cut Questions 12 n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D Pelc’s questioning strategy [Pelc ‘89]: Binary search requiring log 2 k questions; determine value ω' ℓ questions on if ω' = ω; total # of questions log 2 k + ℓ Auditing Strategy: V = P SD = {n 1,…,n k } |X S ∩ X i | ≈ |X S |: V = {n i,…,n k } |X S ∩ X i | << |X S |: V = {n 1,…,n k } Winning strategy: q = log 2 |P SD | + 2 (|M| + 1) audits Behaving Node Suspicious Node William Kozma Jr. and Loukas Lazos, SecureComm 2009 Misbehaving Link

13 Node Identification One misbehaving node Path division: exclude nodes in turn Path expansion: add node to remove misbehaving link Multiple misbehaving nodes Identification process repeated |M| + 1 times 13 n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D Behaving Node Suspicious Node nαnα nβnβ William Kozma Jr. and Loukas Lazos, SecureComm 2009

14 How About Colluders? 14 n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D Colluding nodes can cause incorrect convergence To avoid framing n 3, n 4 are simultaneously audited Since |X 3 ∩ X 4 | ≈ |X 3 |, then |M|≥2 Partition P SD into P Sn 3, P n 4 D ; search independently Behaving Node Suspicious Node 34 William Kozma Jr. and Loukas Lazos, SecureComm 2009

15 Adaptive Auditing with Membership Questions Dhagat’s questioning strategy [ Dhagat ‘92]: Perform a binary-based search while checking for contradicting answers Let V i = Ω = {1,…,k}; divide V i into two equal subsets A = {1,…,k/2}, B = {k/2,…,k} “Is ω  A?” then V i+1 = A “Is ω  B?” then V i+1 = B Else contradiction among answers; return to previous stage (V i-1 ) Winning strategy if q = 15 QuestionerResponder ω = 9 Is ω  A = {1, 2, 3, 4, 5} ? No V = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} Is ω  B = {6, 7, 8, 9, 10} ? Yes V = {6, 7, 8, 9, 10} Is ω  A = {6, 7, 8} ? No V = {6, 7, 8, 9, 10} Is ω  B = {9, 10} ? No V = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} William Kozma Jr. and Loukas Lazos, SecureComm 2009

16 Adaptive Auditing with Membership Questions n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D Membership questions constructed from two audits “Is n M  A = {n 1,…,n 4 }?” implies |X 1 X 4 | << |X 1 | Auditing Strategy V 1 = P SD = {n 1,…,n k }; A = {n 1,…,n i }, B = {n i,…,n k } If |X 1 ∩ X i | << |X 1 |, V i+1 = A, else If |X i ∩ X k | << |X i |, V i+1 = B, else Return to previous stage if contradiction found (V i-1 ) Select a new n i to prevent repetitive lies Worst case: q ≤ 4 log 2 (|P SD |) + 2 (|M| + 1) audits Behaving Node Suspicious Node 16 U ? William Kozma Jr. and Loukas Lazos, SecureComm 2009

17 Commit to a claim of a set of packets X i received/forwarded Bloom filters provide a compact representation of a membership set X i 0000000000 v: m-bit vector Creating Audit Replies h1h1 h2h2 hkhk … x x x 111 111 17William Kozma Jr. and Loukas Lazos, SecureComm 2009

18 Source sends audit request Defines the duration and starting packet number Audited node adds packets to its Bloom filter Signs filter with its private key and sends it back to the source Signed Bloom filter acts as a commitment to packets forwarded Source computes: Evaluating Responses (1) n1n1 n2n2 n3n3 n4n4 n5n5 n6n6 S D 18 Audit Request X4X4 sig 4 (X 4 ) William Kozma Jr. and Loukas Lazos, SecureComm 2009 Per packet evaluation without per-packet overhead; Only m-bit vector sent to source

19 Impact of Mobility Addition/Removal of an honest node does not affect REAct Misbehaving node added to P SD Added to V; as if there from start of search Added outside of V; as if two colluding nodes existed in P SD Misbehaving node removed from P SD Performance resumed 19 n1n1 n2n2 n3n3 n4n4 n5n5 SD nαnα n1n1 n2n2 n3n3 n4n4 n5n5 SD nαnα n1n1 n2n2 n3n3 n4n4 n5n5 SD n1n1 n2n2 n3n3 n5n5 SD William Kozma Jr. and Loukas Lazos, SecureComm 2009

20 Performance Evaluation Metrics of interest: Communication Overhead Identification Delay Compared our scheme to: CONFIDANT (reputation-based scheme) 2ACK (acknowledgment-based scheme) AWERBUCH (acknowledgment-based scheme) For CONFIDANT, defined energy for overhearing as 0.5 times the energy for transmission For 2ACK, varied percent of packets acknowledged, p = {1, 0.5, 0.1} 20 William Kozma Jr. and Loukas Lazos, SecureComm 2009

21 Communication Overhead 21 William Kozma Jr. and Loukas Lazos, SecureComm 2009

22 Communication Overhead for 2 Misbehaving Nodes William Kozma Jr. and Loukas Lazos, SecureComm 2009 22

23 Identification Delay William Kozma Jr. and Loukas Lazos, SecureComm 2009 23

24 Communication Overhead for 1 Misbehaving Node 24 William Kozma Jr. and Loukas Lazos, SecureComm 2009

25 Communication Overhead as a Function of Audit Size William Kozma Jr. and Loukas Lazos, SecureComm 2009 25

26 Identification Delay 26 William Kozma Jr. and Loukas Lazos, SecureComm 2009

27 Communication Overhead 27 William Kozma Jr. and Loukas Lazos, SecureComm 2009

28 Take Away Remarks For resource-constrained networks, per-packet behavior evaluation is too resource demanding We can trade identification delay for communication and energy efficiency Showed a logarithmic increase in # of transmitted messages with path size Showed small increase in identification delay compared to savings Differentiation of maliciousness from bad channel conditions, congestion and collisions is not yet clear (or an easy problem to solve) 28 William Kozma Jr. and Loukas Lazos, SecureComm 2009

Download ppt "Dealing with Liars: Misbehavior Identification via Rényi-Ulam Games William Kozma Jr., and Loukas Lazos Dept. of Electrical and Computer Engineering University."

Similar presentations

Problems in Ad Hoc Channel Access

Problems in Ad Hoc Channel Access
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Multicasting in Mobile Ad hoc Networks By XIE Jiawei.

Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
BY PAYEL BANDYOPADYAY WHAT AM I GOING TO DEAL ABOUT? WHAT IS AN AD-HOC NETWORK? That doesn't depend on any infrastructure (eg. Access points, routers)

BY PAYEL BANDYOPADYAY WHAT AM I GOING TO DEAL ABOUT? WHAT IS AN AD-HOC NETWORK? That doesn't depend on any infrastructure (eg. Access points, routers)
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Incentive-Compatible Opportunistic Routing for Wireless Networks Fan Wu, Tingting Chen, Sheng Zhong (SUNY Buffalo) Li Erran Li Li Erran Li (Bell Labs)

Incentive-Compatible Opportunistic Routing for Wireless Networks Fan Wu, Tingting Chen, Sheng Zhong (SUNY Buffalo) Li Erran Li Li Erran Li (Bell Labs)
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.

Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Sogang University ICC Lab Using Game Theory to Analyze Wireless Ad Hoc networks.

Sogang University ICC Lab Using Game Theory to Analyze Wireless Ad Hoc networks.
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.

A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
CSE 802.11 University of Washington Multipath Routing Protocols in AdHoc Networks.

CSE University of Washington Multipath Routing Protocols in AdHoc Networks.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
MAC Layer (Mis)behaviors Christophe Augier - CSE802.11 Summer 2003.

MAC Layer (Mis)behaviors Christophe Augier - CSE Summer 2003.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Similar presentations

Ads by Google