1. A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks N. Ben Salem*, L. Buttyán**, J.-P. Hubaux* and M. Jakobsson*** * Laboratory of Computer Communications and Applications (LCA) Swiss Federal Institute of Technology – Lausanne (EPFL), Switzerland ** Department of Telecommunications, Budapest University of Technology and Economics, Hungary *** RSA Laboratories, Hoboken, NJ, USA NCCR/MICS

2. 2 Outline 1.Multi-hop Cellular Networks 6. Conclusions and future work 2. Model a.System and trust model b.Adversarial model 3. The protocol a.Session setup b.Packet sending c.Payment redemption 4.Security analysis 5. Overhead of the solution a.Communication Overhead b.Computation Overhead

3. 3 Cell = The geographical area under the control of a base station A node beyond the reach of the base station coverage can use other mobile stations as relays Multi-hop cellular networks Combine the characteristics of cellular and ad hoc networks Backbone A B Set of base stations connected to a backbone Backbone Advantages: – Increase the coverage of the network – Small number of base stations (fixed antennas) – Reduce the energy consumption of the sending mobile station – Reduced interference

4. 4 Problem statement Multi-hop cellular networks represent a new and promising paradigm, but … No cooperation = the network does not work We exclusively consider the packet forwarding service Charge the initiator A of the communication Reward the cooperative forwarding nodes (and the operator) Why would the intermediate nodes use their battery to relay packets for other nodes? A i 1 BS A B j 1 BS B InitiatorCorrespondent

5. 5 Model A i 1 BS A B j 1 BS B The initiator A wants to communicate with the correspondent B End-to-end session A has to establish an end-to-end session with B (a session is a secure route on which all the nodes are authenticated) This is done by establishing: –An initiator session between A and BS A Initiator session –A correspondent session between BS B and B Correspondent session The operator charges A for the traffic (in both directions) Then, A and B exchange packets Packet exchange System model:

6. 6 Model Node i shares a symmetric key K i with the operator The nodes trust the operator for: – not revealing secret keys – correctly transmitting packets – correctly performing billing and auditing The nodes do not trust each other The underlying routing protocol is secure All the communications go through a base station Nodes are mobile but we have a certain level of route stability Trust model and assumptions: Adversarial Model: The nodes are rational: – they are potential attackers if cheating is beneficial – they will cooperate if they expect a gain Collusions are possible We consider the pessimistic case where all the attackers are under the control of a single entity

7. 7 Session Setup A i BS A B BS B j AReqIDoldASIDARouteTrafficInfo AReq 0 MAC A MAC i AReqIDoldASIDARouteTrafficInfo AReq i AReqIDoldASIDARouteTrafficInfoMAC i-1 AReq i-1 AReqIDoldASIDARouteTrafficInfo AReq a MAC a A layered MAC that BS A can verify

8. 8 Session Setup A i BS A B BS B j Req Layered MAC authentication BReqIDoldBSIDBRouteTrafficInfo BReq 0 SID KiKi Stream Cipher Generation seed i MaxLength PAD i,1 PAD i,2 PAD i, MAC A … MAC 1 MAC a AReqIDASID AConf BReqIDBSID BConf MAC 1 …MAC b MAC B

9. 9 Packet Sending S i BS S D BS D j SSID Payload SPkt 0, MAC S Body 0, SSID Body i-1, SPkt i-1, SSID Body i, SPkt i, = Encrypted data that BS S can decrypt SPkt s, SSID Body s, PAD i, 

10. 10 Packet Sending S i BS S D BS D j DSID Payload MAC D Body’ 0, PAD 1,  DSID Body 0, DPkt i, = Iterative XOR The Body is decrypted DPkt d, DSID Body d, Payload MAC D Acknowledgement for the packet  PAD 1,

11. 11 Payment Redemption Charging and rewarding mechanism: - When the packet SPkt of length L reaches BS S A is charged n (L ) The forwarders in the up-stream are rewarded  (L ) each The operator is rewarded - When the packet DAck is received by a base station The forwarders in the down-stream are rewarded  (L ) each D is refunded  for each packet it acknowledges - When the packet DPkt is injected in the down-stream D is charged a small amount  A=S i 1 BS A B=D j 1 BS B

12. 12 Payment Redemption –D maintains: Batch =  MAC K D (DSID | | Payload )  LastPkt;  LostPkts – DAck is sent offline after the session is closed – One acknowledgement per session: DAck = [ DSID | Batch | lastPkt | LostPkts | MAC K D (DSID | Batch | lastPkt | LostPkts ) ] DPkt d, DSID Payload MAC D Acknowledgement for the packet Destination Acknowledgment:

13. 13 Security Analysis Incentive to cooperate: The up-stream nodes get rewarded only if SPkt reaches BS S The down-stream nodes get rewarded only if D acknowledges DPkt D is refunded only if it acknowledges DPkt Disincentive against cheating: Refusal to pay: –The MAC in the packet uniquely identifies S Incorrect reward claims: –A node i is credited if it is part of both the session setup and the packet sending phases –A node i is the only node that is able to correctly compute the layered MAC in the session setup and the PAD in the packet sending Free-riding: –The packets are encrypted at each hop –The nodes are not rewarded and the transmitted data is garbled Emulated nodes: –A node is in several physical locations simultaneously –Some nodes seem to be always neighbors –Capture a rogue device

14. 14 Communication Overhead Sizes of the fields: Field NameReqIDSIDoldSIDRouteTrafficInfoMAC LostPkts Size (bytes)444NbFwdrs*1616 2NbLostPkts*2 – Session Setup Phase: 144+NbFwdrs*64 bytes – Packet Sending Phase: 20 bytes per packet – Sending the Acknowledgement: 38+2*NbLostPkts bytes per session  Numerical values? Simulations: –100 nodes in a 500x500 m 2 cell with one base station in the center –Fixed power range of 100 m –RWP: uniform speed  [0,20] m/s; pause time  {0,60,120,300,600} s –We discard the first 1000 s of simulation time –100 simulations for each value of the pause time Figures of interest: – Average lifetime of a route (AverageLifeTime) – Average number of forwarding nodes (NbFwdrs) – Average percentage of disconnected nodes (NotConnected).

15. 15 Simulation Results: Communication Overhead Pause Time (s)600300120600 NotConnected0.22%0.06%0.25%0.16%0.22% NbFwdrs21.91.71.81.4 AverageLifeTime (s)325.27340.521.68.2 95% Confidence Interval15.321.915.514.36.6 Numerical example: –Mobility = 0s Pause time –Application = Voice over IP Codec G.711 frame size = 200 bytes Values of the overhead: During the 8.2s, it is possible to transmit 410 packets (= 65.6 kbytes) Session setup: 0.3% of the total payload of the session Packet sending: 11% of the packet size Payment redemption: 0.3% of the total payload of the session for the pessimistic case where NbLostPkts=100

16. 16 Computation Overhead Session Setup Phase (per session): –2 MAC operations for each node Packet Sending Phase (per packet): –1 stream cipher encryption for each node (except D) –1 MAC operation for S and D Acknowledgment computation (for D): –1 XOR operation per packet –1 MAC computation per session NameSpeed (Mbytes/sec) MAC Computation MD5-MAC84.782 HMAC/MD599.863 Stream Cipher Encryption SEAL118.081 WAKE78.594 RC463.039 What is the cost of a stream cipher encryption?

17. 17 Conclusions and future work Conclusions: We have addressed the problem of cooperation for packet forwarding in multi-hop cellular networks We have proposed a solution based of a charging and rewarding mechanism We have shown that the protocol encourages cooperation and that it resists to number of rational attacks We have quantified the life time of the sessions and shown that the usage of our scheme leads to a very moderate overhead Future work: Malicious attacks Several operators Charge the correspondent