Cooperation between Nodes in Multi-Hop Wireless Networks Jean-Pierre Hubaux 1 Joint work with Naouel Ben Salem 1, Levente Buttyan 2, Srdjan Čapkun 1, Mark Felegyhazi 1 and Markus Jakobsson 3 1 EPFL/School of Information and Communication 2 Budapest University of Technology and Economics 3 RSA Labs

2 Outline Encourage cooperation between nodes in multi-hop cellular networks (IP4) Brief overview of some other recent results : –Cooperation in ad hoc networks without incentives (IP4) –Mobility helps security (IP6) –Provable encounters (IP6)

3 S D Multi-Hop cellular networks (1/2) Set of base stations connected to a backbone (like in cellular) Potentially, multi-hop communication between the mobile station and the base station (unlike in cellular) Principle usable for both “classical”, voice centric cellular networks and wireless LANs (e.g., IEEE )

4 Multi-hop cellular networks (2/2) Expected benefits: –Energy consumption of the mobile stations can be reduced –Immediate side effect: Reduced interference –Number of base stations (fixed antennas) can be reduced –Coverage of the network can be increased –Closely located mobile stations can communicate independently from the infrastructure (ad hoc networking) Problem: How to encourage the nodes to relay packets for the benefit of other nodes?

5 Possible solution : systematic micro-payments (IP4) A i 1 BS A B j 1 BS B InitiatorCorrespondent Principle: for every packet, the initiator is charged and all relay nodes are rewarded Strength : all cheating attempts will be detected Weakness : overhead (increase of the communication cost around 3 to 12%) N. Ben Salem, L. Buttyan, J. P. Hubaux, and M. Jakobsson, "A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks" Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), Annapolis, June 2003

6 Alternative solution : probabilistic micro-payments (IP4) Model for the network: Multi-hop up-link Single-hop down-link S D Proposals for probabilistic payments: –D. Wheeler(1996) –Jarecki and Odlyzko (1997) –S. Micali and R. Rivest (2002) –… M. Jakobsson, J. P. Hubaux, and L. Buttyan "A Micro-Payment Scheme Encouraging Collaboration in Multi-hop Cellular Networks" Proceedings of Financial Crypto 2003

7 The solution in three easy steps – Step 1 Assume that all packet sending/receiving events can be observed by an observer The observer could tell –who originated a packet (whom to charge) –who forwarded a packet (whom to remunerate) –who dropped a packet (whom to punish?)

8 The solution in three easy steps – Step 2 Assume that every node honestly reports its own sending/receiving events to the operator The operator could tell –who originated a packet (whom to charge) –who forwarded a packet (whom to remunerate) –who dropped a packet (whom to punish?) Problems: –nodes may not be motivated to send reports –nodes may lie (send false reports) –reporting all events may be a huge overhead

9 The solution in three easy steps – Step 3 Nodes get paid for their reports  nodes are motivated to send reports Events to be reported are selected probabilistically  this drastically reduces the overhead Neighbors are remunerated as well  this further increases the motivation to cooperate Based on the received reports, the operator performs statistical analysis (auditing)  this allows detection of cheating behavior

10 Assumptions Multi-hop cellular with multi-hop up-link and single-hop down-link Symmetric-key crypto, each node shares a long-term symmetric key with the operator (base stations) The operator manages numerous base stations and one accounting center The operator is trusted by every node for –not revealing secret keys –correctly transmitting packets –correctly performing billing and auditing Users are not trusted to act according to the protocol –users behave rationally –they can tamper with their devices –they can collude

11 Protocol Setup –users register with the operator –each registered user u gets an id and a symmetric key K u –K u is shared by the user and the operator (base stations) Maintaining connectivity information –each user u keeps a list of triplets (u i, d i, L i ), where u i is a neighbor with distance (in hops) d i from the base station and with reward level L i –the list is sorted in terms of increasing values of d i and L i Reward levels –packets have reward levels too –a higher reward level means higher charge for the originator and higher reward for the forwarders –u i is willing to forward packets with a reward level higher than L i

12 Packet origination Originator o wants to send payload p –o selects a reward level L –computes a MAC  = MAC Ko ( L | p ) –transmits [ o | L | p |  ] according to the Packet Transmission Protocol

13 Packet transmission User u – originator or forwarder – wants to transmit packet P = [ o | L | p |  ] 1. u selects his first as yet unselected entry (u i, d i, L i ) where L i < L 2. sends a forward request to u i (contains L and possibly more info) 3. waits for an ack from u i if received, then u sends P to u i if not received, then u increases i by one and goes to step 2 in any case: if u is not the originator, then u performs the Reward Recording Protocol u y z x (u=y, d=2, L=53) (u=z, d=3, L=82) (u=x, d=3, L=70)

14 Packet processing by the base station The base station receives a packet P = [ o | L | p |  ] –it looks up the secret key K o of the originator o –verifies the MAC  if not correct, then drops the packet if correct, then transmits the packet to the destination –keeps a count of the number of packets transmitted for o –records a fraction of all triplets ( , L, u), where u is the id of the user from which it received the packet [ o | L | p |  ] –periodically sends the recorded information to an accounting center S D Accounting Center Retrieve K o Verify  P

15 Reward recording User u has forwarded a packet P = [ o | L | p |  ] –u interprets  as a lottery ticket –the ticket is winning for u iff f( , K u ) = 1 for some function f –if  is winning, then u records (u 1, u 2, , L), where u 1 is the user from which he received P u 2 is the user (or base station) to which he forwarded P u1u1 u 2 (or base station) u f( , K u ) = 1 ? Example for f : f( , K u ) = 1 iff d Hamming ( , K u )  h Note: If f is not one-way, then all claims should be encrypted during transmission

16 Reward claim User u has a list M of reward records –when u is adjacent to a base station, he transmits a claim [ u | M | MAC Ku (M) ] to the base station –the base station verifies the MAC if incorrect, then ignores the claim if correct then records the claim and sends an ack –when u receives the ack, he deletes M from memory –the base station sends the recorded reward claims to the accounting center u Accounting Center [ u | M | MAC Ku (M) ]

17 Accounting The accounting center receives –reward claims of the form: “u claims (u 1, u 2, , L)” –traffic info recorded by the base stations of the form: “( , L, u) from o” All originators whose identity has been recorded by a base station are charged All users whose identity figures as a claimant in an accepted reward claim are credited All users whose identity appears as sending or receiving neighbor in an accepted reward claim are also credited

18 Auditing The probability for a ticket to win is independent of the identity of the user who evaluates it  each user should appear as a claimant with approximately the same frequency as he figures as either sending or receiving neighbor of a claimant

19 Examples of abuses and their detection (1/2) Packet dropping Description: the user agrees to forward, but he doesn’t forward Detection: receiving neighbor freq. > sending neighbor freq. Ticket sniffing Description: the user claims credit for overheard packets Detection: –claimant freq. > receiving neighbor or sending neighbor freq. –conflicting claims a b c d b claims (a, c, , L) d claims (b, c, , L)

20 Examples of abuses and their detection (2/2) Greedy collection of tickets Description: a set of users collect and share tickets allowing each other to choose from a larger pool than they forwarded Detection: –unusually long transmission paths (counted in number of claims per packet) –abnormally high packet transmission rates per time unit by some user (if timing information is also collected at the base station) Tampering with the reward level Description: the packet carries a large reward level during some portion of the route, but the reward level is reduced by a colluder before the packet is transmitted to the base station Detection: –claimants indicate a higher reward level in their claim than that registered by the base station for a given packet

21 Conclusion on the probabilistic encouragement for collaboration Cooperation between nodes can be fostered by micro- payments Probabilistic micro-payments can drastically reduce the overhead The operator can fine tune the detection mechanisms according to the level of observed cheating Future work –Study attacks by malicious users –Pricing issues (e.g., computation of the reward levels)

22 Cooperation without incentives in pure ad hoc networks (IP4) Examples of strategies: Strategy Function Initial cooperation level AllD (always defect) AllC (always cooperate) TFT (Tit-For-Tat) σiσi AiAi yiyi xixi Conclusion: In a static network, the conditions for spontaneous cooperation are extremely unlikely to be met; but mobility improves things. M. Felegyhazi, Levente Buttyan, and J. P. Hubaux "Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case" Proceedings of Personal Wireless Communications (PWC `03), Venice, Italy, September 2003

23 Mobility helps security (IP6) Conclusion: Mobility can help security, both in symmetric and asymmetric crypto: initial key setup, re-keying operations, intrusion detection,… Conclusion: Mobility can help security, both in symmetric and asymmetric crypto: initial key setup, re-keying operations, intrusion detection,… Infrared link (Alice, PuK Alice, XYZ) (Bob, PuK Bob, UVW) Visual recognition, conscious establishment of a two-way security association Secure side channel Alice Bob S. Capkun, J. P. Hubaux, and L. Buttyan "Mobility Helps Security in Ad Hoc Networks" Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), Annapolis, June 2003

24 Provable encounters (IP6) claimant : a node claiming that it has met another node at a given time t certifier : a node that certified the encounter with the claimant verifier : a node that verifies the encounter between two nodes claimant certifier 1. Encounter claimant verifier 2. Proof of encounter Verification is: a posteriori frequent Conclusion: Mobile nodes can prove their encounters, at a very reasonable cost S. Capkun, L. Buttyan, and J. P. Hubaux "SECTOR : Secure Tracking of Node Encounters in Multi-hop Wireless Networks" First ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN) 2003

25 Conclusion Cooperation and security issues are closely related to each other We propose several techniques to study / foster cooperation between nodes in multi-hop networks More research is needed –Investigation of the trade-off between overhead and robustness –Be able to compare different proposals –Be able to prove that a given proposal fulfills given expected properties