Presentation is loading. Please wait.

Presentation is loading. Please wait.

GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications.

Published byGerald Bryant Modified over 9 years ago

Similar presentations

Presentation on theme: "GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications."— Presentation transcript:

1 GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications and Applications (LCA1)

2 P2P Wireless Communications  Smartphones equipped with advanced communication capabilities (WiFi & Bluetooth) => enable P2P communication between mobile users  Application examples: 2 Vehicular networksMobile social networks

3 Location Privacy Problem  Identifiers of mobile devices unveiled  Cryptographic credentials  MAC addresses  External eavesdropper can monitor users’ identifiers and track them 3 Local Adversary

4 Countermeasure: Mix Zones 4 A B D C E F I J K G Change identifiers in regions called mix zones [1] Public/private keys used to sign messages MAC addresses 2 types of mix zones Active mix zone (M): temporal + spatial decorrelations Passive mix zone (P): temporal decorrelation [2] Temporal decorrelation: change identifiers Spatial decorrelation: remain silent (necessary only if the adversary installed an eavesdropping station at the same place) [1] Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing (2003) [2] Buttyán, L. et al.: On the effectiveness of changing pseudonyms to provide location privacy in VANETs. Security and Privacy in Ad-hoc and Sensor Networks (2007)

5 Mixing Effectiveness 5 4  At some intersection i: p i 13 p i 12 p i 14 p i 24 p i 21 p i 23 p i 32 p i 34 3 entering roads 4 exiting roads Number of vehicles per hour  Normalized entropy-based metric [3]: 1 2 3 593 3 38 p i 13 = 3/(3+593+38) p i 12 = 593/(3+593+38) p i 14 = 38/(3+593+38) R i 1 = 3 R i 2 = 3 R i 3 = 2 k: entering roads j: exiting roads Normalized traffic intensity of entering road k Passive mix zones: m i = 0 if adversary at same place m i = 1 if no adversary [3] Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. PET 2002

6 Tracking Games Placement of active/passive mix zones versus placement of eavesdropping stations 6 : Eavesdropping station (E) : Active mix zone (M): Passive mix zone (P) Strategic behaviors of attacker and defenders => game theory to model the interactions between players and predict their best strategies 2 knowledge levels complete information incomplete info.

7 Game Model 7  Road network with K intersections  2 players: {mobile nodes, adversary}  Nodes’ strategies s n,i (intersection i):  Active mix zone (cost = c i m )  c i m = c i p + c i q = pseudonyms cost + silence cost  Passive mix zone (cost = c i p )  Abstain  Adversary’s strategies s a,i :  Eavesdrop (cost = c s )  Abstain  Payoffs: Eavesdrop (E)Abstain (A) Active mix zone (M)(λ i m i -c i p -c i q ; λ i (1-m i )-c s )(λ i -c i p -c i q ; 0) Passive mix zone (P)(-c i p ; λ i -c s )(λ i - c i p ; 0) Abstain (A)(0 ; λ i -c s )(0 ; 0) 0 ≤ λ i, m i, c i m, c s ≤ 1 Adversary Nodes m i ->1 if efficient mixing m i ->0 if weak mixing can be represented by a urban/central authority

8 Analytical Results Complete Information Game 8 One intersection Either one pure Nash equilibrium (NE) or one mixed NE Depending on traffic parameters m i, λ i and players’ costs c i m, c i p and c s 4 possible pure NE: (M, E), (P, A), (A, E) and (A,A) 2 pure NE never appear: (M, A) and (P, E) K intersections with limited number of eavesdropping stations Algorithm deriving a single Nash equilibrium Union of NE at K intersections (supergame [4]) Removal of exceeding eavesdropping stations Update of nodes’ best response [4] Friedman, J.W.: A non-cooperative equilibrium for supergames. The Review of Economic Studies (1971)

9 Analytical Results Incomplete and Asymmetric Information Game: Incomplete and Asymmetric Information Game: - Nodes do not know the adversary’s power => nodes’ belief on this power modeled as a probability distribution f(θ) [5] 9 One intersection Existence of a pure Bayesian Nash equilibrium (BNE) Depending on traffic parameters m i, λ i, players’ costs c i m, c i p, c s and accuracy of nodes’ belief f(θ) on adversary’s type All possible pure BNE: (M, E), (P, A), (A, E), (A, A), (M, A) and (P, E) K intersections with limited number of eavesdropping stations Algorithm deriving a single Bayesian Nash equilibrium Similar steps as the algorithm for complete information game Nodes do not know adversary’s strategy (eavesdropping stations placement) => have to “guess” it based on their belief [5] Harsanyi, J.: Games with incomplete information played by Bayesian players. Management science (1967)

10 Numerical Results Real traffic data of Downtown Lausanne 10 Low costs for both players 17 (M, E) 6 (A, E) 0 (P, A) 0 Mixed-strategy 2 (M, E) 3 (A, E) 18 (P, A) 0 Mixed-strategy 2 (M, E) 3 (A, E) 5 (P, A) 13 Mixed-strategy 2 (M, E) 3 (A, E) 18 (P, A) 0 Mixed-strategy Unlimited number (Γ=23) of eavesdropping stations Adversary’s higher cost Limited number (Γ=5) of eavesdropping stations

11 Numerical Results Incomplete Information Game: Probability density functions f(θ) of nodes’ belief on adversary’s cost c s : U(0,1) or β(2,5) 11 Scenario\Bayesian NE(M, E)(P, E)(A, E)(M, A)(P, A)(A, A) U(0,1); c s = 0.2; Γ= 23 10130000 U(0,1); c s = 0.2; Γ= 5 1400180 β(2,5); c s = 0.2; Γ= 23 1634000 β(2,5); c s = 0.2; Γ= 5 1040180 β(2,5); c s = 0.5; Γ= 23 2021432 β(2,5); c s = 0.5; Γ= 5 1120172 E = Eavesdrop A = Abstain M = Active mix zone P = Passive mix zone A = Abstain Adversary’s strategies Nodes’ strategies

12 Conclusion  Possible to predict the best response of mobile users with respect to a local adversary strategy  2 algorithms to reach (Bayesian) NE in both complete and incomplete information games  In incomplete information game, nodes’ lack of information about the adversary’s strategy leading to a significant decrease in the achievable location privacy level or a needless cost increase  Concrete application on a real city network  Adversary and mobile nodes adopting complementary strategies  Future work  Enrich the analysis by including the spatial interdependencies between the different road intersections  Evaluate the interactions between the attacker and defenders by using repeated games 12

13 Backup slides – NE at one intersection 13

14 Backup slides – K intersections 14

15 Backup slides – Algorithm 1 15

16 Backup slides – Bayesian Game 16 where

17 Backup slides – Bayesian NE 17

18 Backup slides – Algorithm 2 18

Download ppt "GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications."

Similar presentations

On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.

On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.
Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.

Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.
M9302 Mathematical Models in Economics Instructor: Georgi Burlakov 3.1.Dynamic Games of Complete but Imperfect Information Lecture 326.03.2010.

M9302 Mathematical Models in Economics Instructor: Georgi Burlakov 3.1.Dynamic Games of Complete but Imperfect Information Lecture
1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.

1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)

Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.

Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.
Delay bounded Routing in Vehicular Ad-hoc Networks Antonios Skordylis Niki Trigoni MobiHoc 2008 Slides by Alex Papadimitriou.

Delay bounded Routing in Vehicular Ad-hoc Networks Antonios Skordylis Niki Trigoni MobiHoc 2008 Slides by Alex Papadimitriou.
Game Theoretical Insights in Strategic Patrolling: Model and Analysis Nicola Gatti – DEI, Politecnico di Milano, Piazza Leonardo.

Game Theoretical Insights in Strategic Patrolling: Model and Analysis Nicola Gatti – DEI, Politecnico di Milano, Piazza Leonardo.
Border Games in Cellular Networks Infocom 2007 Márk Félegyházi*, Mario Čagalj†, Diego Dufour*, Jean- Pierre Hubaux* * Ecole Polytechnique Federale de Lausanne.

Border Games in Cellular Networks Infocom 2007 Márk Félegyházi*, Mario Čagalj†, Diego Dufour*, Jean- Pierre Hubaux* * Ecole Polytechnique Federale de Lausanne.
Using Game Theoretic Approach to Analyze Security Issues In Ad Hoc Networks Term Presentation Name: Li Xiaoqi, Gigi Supervisor: Michael R. Lyu Department:

Using Game Theoretic Approach to Analyze Security Issues In Ad Hoc Networks Term Presentation Name: Li Xiaoqi, Gigi Supervisor: Michael R. Lyu Department:
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.

Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.
Algoritmi per Sistemi Distribuiti Strategici

Algoritmi per Sistemi Distribuiti Strategici
Mini-Project 2007 On Location Privacy in Vehicular Mix-Networks Julien Freudiger IC-29 Self-Organised Wireless and Sensor Networks Tutors: Maxim Raya Márk.

Mini-Project 2007 On Location Privacy in Vehicular Mix-Networks Julien Freudiger IC-29 Self-Organised Wireless and Sensor Networks Tutors: Maxim Raya Márk.
1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.

1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.
Harsanyi transformation Players have private information Each possibility is called a type. Nature chooses a type for each player. Probability distribution.

Harsanyi transformation Players have private information Each possibility is called a type. Nature chooses a type for each player. Probability distribution.
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of.

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Similar presentations

Ads by Google