1. Incentive Based Routing Protocols In Ad Hoc Networks Vinay Shah CSE 620

2. Overview Basics…Ad Hoc Networks Motivation Definition Steps for Engineering Incentive Schemes in a protocol Incentive based Routing Protocols  Reputation based: SORI  Credit Based: SPRITE

3. Basics…Ad Hoc Networks Set of nodes who wish to communicate without any network infrastructure. All nodes equipped with transmission and receiving capability Not every node is in the range of every other node. Thus the node has to take assistance of intermediate nodes if it want to transmit packets to other nodes not in its range of transmission. Usage: E.g. For communication during emergency and military situations (Cooperative ad hoc networks) or in general when nodes want to communicate in a civilian domain (Non- Cooperative ad hoc network)

4. Motivation Overview: An ad hoc routing protocol The routing function is distributed among the participating nodes Current ad hoc routing protocols assumes that all the nodes are cooperative However, forwarding of packets consumes resources such as battery power which are scarce. If the nodes in an non cooperative network belong to different users, they don’t have any incentive to cooperate The routing component of any such protocol will not work if the nodes are selfish as the information provided by nodes may not be correct Thus to prevent this, protocols should have an incentive scheme associated with them.

5. Definition: Incentive based Schemes In ad hoc networks, devices have to cooperate. Autonomous devices tend to abstain from cooperation. Incentive schemes have been proposed as a means of fostering cooperation under these circumstances Note: In order to work effectively, incentive schemes need to be carefully tailored to the characteristics of the cooperation protocol they should support. E.g. If Node A wants to Communicate with Node Z (Z not in its radio range). The intermediate nodes B, C … Y need some kind of incentive to use their resources to forward packets. BAC…………... Z

6. Engineering Incentive based Protocols

7. The systematic design of incentive schemes comprises several steps. Analysis: The engineer analyzes and adjusts the cooperation protocol that requires an incentive scheme. Design: Design decisions have to be made regarding the choice of incentives, who should get the incentives and the means of implementing them. Evaluate: The resulting cooperation protocol is evaluated by applying an appropriate evaluation method.

8. Analysis Questions that need to be answered What kinds of inter-entity cooperation exist? Determined by the cooperation protocol the entities run. Which steps of the cooperation protocol are not beneficial to the executing entity? Is the behavior perceptible? If yes, how costly and reliable is such perception? Adjustments needed to make protocol more perceptible? There are several Perception mechanisms: Digital signatures: Check the authenticity of the sender and If entities of the forwarding path altered the packet. Redundancy: E.g. Extend the protocol to accommodate the issuance of receipts Over Hearing: Over hear to check if the entity is behaving as it should

9. Design Design decisions Which type of behavior should be remunerated and which type should be taken as granted. How should a defecting entity be punished? Choice of appropriate incentives An incentive pattern induces that an entity enters into a otherwise detrimental commitment Incentive patterns fall into two classes:  Trust based: Entity may believe that its peers will reciprocate by entering into future commitments.  Trade based: Entity is convinced to enter into a commitment if its peers enter into commitments that are beneficial for itself. Notes/Credits is a trade based approach If exchange protocols are not viable, use distributed reputation systems

10. Evaluation Simulations provide the only cost-efficient means for such evaluation Evaluations focused on the total utility of the participating entities Evaluate the fairness of the incentive scheme with respect to the individual utility/costs that arise from cooperation High degrees of fairness indicate that entities have to exhibit cooperative behavior in order to benefit from the behavior of other entities. Cooperation protocol has to be modeled appropriately in order to obtain meaningful simulation results. Objectives of the evaluation: The engineer has to measure the total utility u and the total costs c that arise from cooperation. If the objectives of the evaluation include fairness, the individual utility u i and individual costs c i have to be measured separately for every entity A straightforward means of correlation is the calculation of a regression line between the individual utilities and costs. In case of good linear correlation, the slope of the regression line indicates the magnitude of the incentive effects.

11. Some definitions Malicious Entity: Aims at breaking the co operative paradigm to intentionally damage others Self-Interested Entity: Unwilling to spend its resources on behalf of others. Does not intend to damage the overall functioning

12. Incentive Schemes Reputation based scheme  SORI: A Secure Objective Reputation based Incentive scheme Pricing/Credit Based Scheme  SPRITE: Simple Cheat Proof Credit Based System for Mobile Ad hoc Networks Some Definitions Malicious Entity: Aims at breaking the co operative paradigm to intentionally damage others Self-Interested Entity: Unwilling to spend its resources on behalf of others. Does not intend to damage the overall functioning

13. SORI A Secure Objective Reputation based Incentive scheme Features Assumptions Basic Scheme Security Enhancements Simulation results Conclusion

14. Features Reputation of the node used as an incentive to cooperate Reputation quantified by objective measures Propagation of reputation is computationally efficient and secured Reputation propagated only to its neighbors. Does not flood reputation information across the whole network Also has a punishment scheme to punish nodes which exhibit selfish behavior

15. Assumptions Non cooperative nodes: Nodes are non cooperative by nature No conspiracy among nodes: Two nodes do not work together to cheat Broadcast Transmission: Nodes communicate using a broadcast transmission medium Desire to Communicate: Nodes have a desire to communicate with each other Invariant Identity: Identity does not change over time Nodes are Selfish but not Malicious. Protocol designed to deal with selfish nodes Promiscuous mode is enabled in each node

16. Basic Scheme A] Neighbor Monitoring Each node N Maintains: 1. Neighbor Node List (NNL N ) 2. For Each Neighbor X, Request-for-Forwarding (RF N (X)): Total no of packets node N has transmitted to X for forwarding Has Forwarded (HF N (X)): Total no of packets forwarded by X and noticed by N For each Neighbor X, it can calculate Local Evaluation Record ( LER N (X) )  G N (X) = RF N (x) / HF N (x)  Confidence C N (X) describes how confident node N is on its judgment of the reputation of X. C N (X) = RF N (x) for the current scheme

17. Basic Scheme continued … B] Reputation Propagation Neighbors share the reputation information of other nodes Works as follows:  Each node Periodically updates its LER N (X) for each X  Broadcasts the updated record if G N (X) has significantly changed  Node N uses its LER N (X) and LER i (X) (I in NNL N ) to calculate Overall Evaluation Record (OER N (X)) as follows  Where λ N (i) is the credibility of node i from the perspective of N. Currently λ N (i) = G N (i), λ N (N) = 1 and λ N (i) = 0 if RF N (i) = 0

18. SORI: Basic Scheme continued … Punishment N can punish its neighbor X by probabilistic dropping as follows. If OER N (X) falls lower than a preset threshold, the probability of dropping is p where q = 1 – OER N (X) and 0<δ<1 δ is the margin introduced. Why?  Dropping could be because of collusion  Without the margin, node keep on increasing dropping probability and eventually fall into retaliation situation  δ helps well behaved nodes to treat its neighbor a little more generously

19. Basic Scheme: Summary & Remarks Neighbor Monitoring: Collect information about misbehavior Reputation Propagation: Share information to make reputation measure more accurate Punishment: Encourage packet Forwarding and discipline selfish nodes Reputation is objectively measured based on packet forwarding ratio Reputation of a node is weighted by confidence Reputation is also weighted by credibility Limitation: Objectivity of the reputation calculation depends upon probability of transmission collision. HF N (X) may not be correct due to packet collision in wireless medium

20. Security Enhancements To fix the vulnerabilities in the basic scheme A selfish node can play the following tricks to benefit itself  Impersonate a node nearby that has a good reputation to forward its own packets.  Impersonate a node nearby that has a good reputation to broadcast fake observation information to boost its calculations by the other nodes Authentication mechanism is used to fix these issues and is based on one way hash chain.

21. Security Enhancements Node gets its identity ID N as follows:  N chooses a random number r N and a pseudo random function H. ID N = H K (r N ) where  N broadcasts ID( N ) which is received by all its neighbors  Neighbor puts this identity in their NNL and uses it to authenticate messages Procedure for Message Authentication  N partitions the time into equal intervals and assigns the ith interval with a key (K i ) where K i = H K-i (r N ) in the one way hash chain.  The content of the packet sent in the ith interval is { M i ||MAC(K’ i,M i )||K i-d } where M i = Message to be sent, K’ i = f (K i ), where f : second pseudo Random Function d: disclosure delay. Hence (i-d) th message is authenticated by K i-d disclosed in the i th interval

22. Receiver Side Algorithm  Check if the key used by the message is already disclosed If yes then discard the message as the message might be forged  If not, cache the message and check its authenticity at the time when k i is disclosed.  A packet with an invalid MAC will be discarded This Enhancement makes it difficult for selfish node to cheat. This is because MAC is difficult to forge without the key of that node This design eliminated the need of a PKI or other network authentication infrastructure. In addition, One way Hash is computationally cheaper than digital signature used in many other schemes

23. Simulation Results Simulation settings: Simulator: ns2 Parameters: 50 mobile nodes, 670 X 670square meter, IEEE 802.11 DCF Mac layer, DSR as the routing protocol,250 meters transmission range, data rate = 2Mb/s, Physical layer is either free space or two ray propagation model. Antenna height: 1.5 m 5 nodes are randomly chosen to be selfish nodes. They probabilistically drop packets unless they are the destination N conn randomly generated source destination pairs(connections). Each last for 10 simulated seconds. CBR traffic model used. δ set to 0.1 for all simulations Avg throughput for (well behaving/selfish) node is obtained as follows  Summing up no. of packets correctly received by all (well behaving/selfish) node  Divide by total no of corresponding (well behaving/selfish) nodes  Divide result by total simulation time 1000s

24. Fig 1: Throughput under various number of connections CBR fixed to 1 pkt/sec For each simulation N conn is fixed but varies across connections form 10 to 40 On average, selfish node suffers 50% throughput reduction Fig 2: Throughput under various Data rate CBR changes from 1 to 10 pkt/sec For each simulation N conn is fixed = 10 Well Behaving node has higher throughput than selfish Throughput difference reduces with increase in data rate?

25. Performance Fig 3: Throughput Dropping probability varies form 10 to 100%. Fixed for each simulation N conn = 10 fixed CBR connections = 1 packet/sec As the dropping probability of selfish nodes increases, the gap increases Fig 4: Communication Overhead Selfish nodes drops all packets unless its the Source/Destination CBR Data rate = 1 packet/sec Overhead incurred is not more than 8% Overhead increase with increase in N conn

26. SPRITE Simple Cheat Proof Credit Based System for Mobile Ad hoc Networks Features Assumptions Basic Scheme Security Enhancements Simulation results Conclusion

27. Features Does not require any tamper proof hardware Focuses on selfish nodes Uses Credit to provide incentive to selfish nodes. Node receives a message, it keeps a receipt of the message When a fast connection to a CCS (Credit Clearance Service) available, it reports the packets it has received/forwarded by uploading the receipts Depending upon the receipts submitted, CCS determines charge and credit to each node Issues to be addressed:  Security Aspect: Each node is autonomous and the charge and credit is based on receipts submitted by each node  Incentive Aspects: Node should receive enough credit for forwarding a message so it can send its own message with the received credit

28. Basic Scheme System Architecture: Assumptions:  Sender knows the full path to the destination  Node equipped with a certificate issued by a scalable certificate authority for identification.  CCS is trusted in terms of maintaining credit balance  CCS may not be trusted in terms of message authenticity Node Sending a message will loose credit while node forwarding a message will gain credit Node can gain credit by either using real money to buy credit at a variable rate depending upon network conditions or by paying its debit. Dominant/preferred way is to forward other’s packet and gain credit.

29. Who Pays Whom?  Who should be Charged?  Charge the sender of the packet  If destination is charged, It can lead to DoS attack on the destination  Similarly if both sender and receiver are charged, sender can collude with other nodes to launch DoS  If sender is charged, there wont be any useless messages  If destination benefits then a higher level protocol to be used by sender to get back the compensation  Who should get the credit?  Any node who forwards the message  CCS believes a node forwarded the message only if its successor reports a valid receipt of the message  Because CCS cannot distinguish between corrupted link and a selfish nodes Objective of the Payment Scheme  To prevent cheating action and to provide incentive for the nodes to cooperate  Does not target balances payment

30. Cheating actions in the submission game Node can exhibit one of the following selfish actions:  After receiving the message, node saves a receipt but does not forward the message  Node has received the message but does not report the receipt  Node does not receive the message but falsely claims that it has received the message Selfish actions can be further complicated by collusion of two or more nodes. Next we see the various techniques in the system to prevent the above actions

31. Motivation nodes to forward the message Basic Scheme:  CCS determines the last node on the path who ever received the message  Sender has to pay β to this node and α to all its predecessors where β< α Example:

32. Motivation nodes to report Receipts Make β > cost of submitting a receipt Problem: Eg: The last node can collude with the sender and not report its receipt. Thus the sender saves α while the receiver looses β Sender can pay the receiver a behind the scene payment of (β + ε) where ε>0. Sender still has a gain of (α – (β + ε)) To prevent this cheating action:  CCS charges the sender an extra amount if the destination does not report a receipt.  CCS charges the sender kβ less than the charge when the destination receives the packet. E.g. Charge to sender here is (4 α + β) - 2 β

33. Preventing false Receipts Consider this: Instead of forwarding the whole message, an intermediate node forwards only the receipt of a message This is sufficient to get the credit from the CCS The destination will not report a receipt as it has not got a valid payload CCS Algorithm:  If the destination does not report a receipt of a message, multiply the credit paid to each node by γ, where γ < 1  Reduce the charge to the sender by γβ instead of β, for each node on the path who does not report a receipt

34. Message Forwarding Protocol: Specifications A. Sending a message Node n i maintains a sequence-number matrix seq and public/private key pair (PK i, SK i ). Where seq i (j, k) = sequence number of messages from sender n j to destination n k, observed by node n i. n 0 is to send message payload m with sequence number seq 0 (0, d) to destination n d,

35. B. Receiving a message Node i upon receiving a message

36. C. Computing payments receipt (D, p, seq, s) is valid if verifyPK 0 ((D, p, seq), s) = TRUE Assume p =(n0, n1,..., ne,..., nd), n e is the last node on path p that submits a valid receipt with sequence number seq CCS charges C from node n0, and pays Pi to node ni where In actual implementation, the CCS will issue credit gradually as and when it receives receipts

37. Evaluation A. Overhead  To evaluate the CPU processing time on a mobile node  Observations RSA has a much smaller forwarding overhead. ECNR has a much smaller bandwidth and storage requirement.

38. B. System performance vs. network resource Measures the Message Success Rate: i.e., the percentage of messages that are successfully relayed from the sender to the destination. consider a special class of mobile nodes, namely the power-and-credit- conservative nodes. Power-Conservative Node: Its remaining power allows it to send (and forward) only a limited amount of messages Credit-Conservative Node: Refrains from sending any new message when its credit balance is insufficient to cover the charge for sending a message let c and b denote the estimated credit balance and the number of messages allowed to be transmitted by the remaining battery of a node, respectively. Assuming each message takes an average of L hops policy of such a node is the following: if c/L < b, forward a transient message otherwise drop

40. Conclusion We studied the steps to follow to Engineering such a protocol Two Prototype Protocols were studied in their functioning Reputation based SORI: Uses Reputation of the node among its neighbor as an incentive Credit based SPRITE: Uses credit scheme to make intermediate nodes forward packets. The use of appropriate protocol depends on the application of ad hoc networks.

41. References Obreiter, P., Konig-Ries, B., und Papadopoulos, G.: Engineering incentive schemes for ad hoc networks - a case study for the lanes overlay. In: First EDBT-Workshop on Pervasive Information Management. To appear in post- proceedings, Greece. 2004 SORI: A Secure and Objective Reputation-based Incentive Scheme for Ad-hoc Networks by Qi He, Oliver D. Wu, Pradeep Khosla IEEE Wireless Communications and Networking Conference 2004 S. Zhong, Y. R. Yang, J. Chen, "Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad Hoc Networks," In Proceedings of IEEE INFOCOM'03, San Francisco, Mar 30 - Apr 3, 2003. Cooperation Issues in Mobile Ad Hoc Networks: 24th International Conference on Distributed Computing Systems Workshops - W6: WWAN (ICDCSW'04)