Incentive Based Routing Protocols In

Ad Hoc Networks

Vinay ShahCSE 620

Overview

Basics…Ad Hoc Networks Motivation Definition Steps for Engineering Incentive Schemes in a protocol Incentive based Routing Protocols

Reputation based: SORI

Credit Based: SPRITE

Basics…Ad Hoc Networks

Set of nodes who wish to communicate without any network infrastructure.

All nodes equipped with transmission and receiving capability Not every node is in the range of every other node. Thus the node has to take assistance of intermediate nodes if it

want to transmit packets to other nodes not in its range of transmission.

Usage: E.g. For communication during emergency and military situations (Cooperative ad hoc networks) or in general when nodes want to communicate in a civilian domain (Non-Cooperative ad hoc network)

Motivation

Overview: An ad hoc routing protocol The routing function is distributed among the participating nodes Current ad hoc routing protocols assumes that all the nodes are

cooperative However, forwarding of packets consumes resources such as

battery power which are scarce. If the nodes in an non cooperative network belong to different

users, they don’t have any incentive to cooperate The routing component of any such protocol will not work if the

nodes are selfish as the information provided by nodes may not be correct

Thus to prevent this, protocols should have an incentive scheme associated with them.

Definition: Incentive based Schemes In ad hoc networks, devices have to cooperate. Autonomous devices tend to abstain from cooperation. Incentive schemes have been proposed as a means of fostering cooperation under

these circumstances Note: In order to work effectively, incentive schemes need to be carefully tailored to

the characteristics of the cooperation protocol they should support. E.g. If Node A wants to Communicate with Node Z (Z not in its radio range). The

intermediate nodes B, C … Y need some kind of incentive to use their resources to forward packets.

BA C …………... Z

Engineering Incentive based Protocols

The systematic design of incentive schemes comprises several steps.

Analysis: The engineer analyzes and adjusts the cooperation protocol that requires an incentive scheme.

Design: Design decisions have to be made regarding the choice of incentives, who should get the incentives and the means of implementing them.

Evaluate: The resulting cooperation protocol is evaluated by applying an appropriate evaluation method.

Analysis Questions that need to be answered

What kinds of inter-entity cooperation exist? Determined by the cooperation protocol the entities run.

Which steps of the cooperation protocol are not beneficial to the executing entity?

Is the behavior perceptible? If yes, how costly and reliable is such perception?

Adjustments needed to make protocol more perceptible? There are several Perception mechanisms:

Digital signatures: Check the authenticity of the sender and If entities of the forwarding path altered the packet.

Redundancy: E.g. Extend the protocol to accommodate the issuance of receipts

Over Hearing: Over hear to check if the entity is behaving as it should

Design

Design decisions Which type of behavior should be remunerated and which type should be

taken as granted. How should a defecting entity be punished? Choice of appropriate incentives An incentive pattern induces that an entity enters into a otherwise

detrimental commitment Incentive patterns fall into two classes:

Trust based: Entity may believe that its peers will reciprocate by entering into future commitments.

Trade based: Entity is convinced to enter into a commitment if its peers enter into commitments that are beneficial for itself. Notes/Credits is a trade based approach

If exchange protocols are not viable, use distributed reputation systems

Evaluation

Simulations provide the only cost-efficient means for such evaluation

Evaluations focused on the total utility of the participating entities

Evaluate the fairness of the incentive scheme with respect to the individual utility/costs that arise from cooperation

High degrees of fairness indicate that entities have to exhibit cooperative behavior in order to benefit from the behavior of other entities.

Cooperation protocol has to be modeled appropriately in order to obtain meaningful simulation results.

Objectives of the evaluation: The engineer has to measure the total utility u and the total costs c that arise from cooperation.

If the objectives of the evaluation include fairness, the individual utility ui and individual costs ci have to be measured separately for every entity

A straightforward means of correlation is the calculation of a regression line between the individual utilities and costs.

In case of good linear correlation, the slope of the regression line indicates the magnitude of the incentive effects.

Some definitions

Malicious Entity: Aims at breaking the co operative paradigm to intentionally damage others

Self-Interested Entity: Unwilling to spend its resources on behalf of others. Does not intend to damage the overall functioning

Incentive Schemes

Reputation based scheme SORI: A Secure Objective Reputation based Incentive scheme

Pricing/Credit Based Scheme SPRITE: Simple Cheat Proof Credit Based System for Mobile Ad hoc

Networks

Some Definitions

Malicious Entity: Aims at breaking the co operative paradigm to intentionally damage others

Self-Interested Entity: Unwilling to spend its resources on behalf of others. Does not intend to damage the overall functioning

SORIA Secure Objective Reputation based

Incentive scheme

FeaturesAssumptionsBasic SchemeSecurity EnhancementsSimulation resultsConclusion

Features

Reputation of the node used as an incentive to cooperate Reputation quantified by objective measures Propagation of reputation is computationally efficient and secured Reputation propagated only to its neighbors. Does not flood

reputation information across the whole network Also has a punishment scheme to punish nodes which exhibit

selfish behavior

Assumptions

Non cooperative nodes: Nodes are non cooperative by nature No conspiracy among nodes: Two nodes do not work together to

cheat Broadcast Transmission: Nodes communicate using a broadcast

transmission medium Desire to Communicate: Nodes have a desire to communicate

with each other Invariant Identity: Identity does not change over time Nodes are Selfish but not Malicious. Protocol designed to deal with

selfish nodes Promiscuous mode is enabled in each node

Basic Scheme

A] Neighbor Monitoring Each node N Maintains:

1. Neighbor Node List (NNLN)

2. For Each Neighbor X,

Request-for-Forwarding (RFN(X)): Total no of packets node N has transmitted to X for forwarding

Has Forwarded (HFN(X)): Total no of packets forwarded by X and noticed by N

For each Neighbor X, it can calculate

Local Evaluation Record ( LERN(X) )

GN(X) = RFN(x) / HFN(x)

Confidence CN(X) describes how confident node N is on its judgment of the reputation of X. CN(X) = RFN(x) for the current scheme

Basic Scheme continued …

B] Reputation Propagation Neighbors share the reputation information of other nodes Works as follows:

Each node Periodically updates its LERN(X) for each X

Broadcasts the updated record if GN(X) has significantly changed

Node N uses its LERN(X) and LERi(X) (I in NNLN) to calculate Overall Evaluation Record (OERN(X)) as follows

Where λN(i) is the credibility of node i from the perspective of N. Currently λN(i) = GN(i), λN(N) = 1 and λN(i) = 0 if RFN(i) = 0

SORI: Basic Scheme continued …

Punishment N can punish its neighbor X by probabilistic dropping as follows. If OERN(X)

falls lower than a preset threshold, the probability of dropping is p

where q = 1 – OERN(X) and 0<δ<1 δ is the margin introduced. Why?

Dropping could be because of collusion Without the margin, node keep on increasing dropping probability and eventually

fall into retaliation situation δ helps well behaved nodes to treat its neighbor a little more generously

Basic Scheme: Summary & Remarks

Neighbor Monitoring: Collect information about misbehavior Reputation Propagation: Share information to make reputation measure

more accurate Punishment: Encourage packet Forwarding and discipline selfish nodes Reputation is objectively measured based on packet forwarding ratio Reputation of a node is weighted by confidence Reputation is also weighted by credibility Limitation: Objectivity of the reputation calculation depends upon probability

of transmission collision. HFN(X) may not be correct due to packet collision in wireless medium

Security Enhancements

To fix the vulnerabilities in the basic scheme A selfish node can play the following tricks to benefit itself

Impersonate a node nearby that has a good reputation to forward its own packets.

Impersonate a node nearby that has a good reputation to broadcast fake observation information to boost its calculations by the other nodes

Authentication mechanism is used to fix these issues and is based on one way hash chain.

Security Enhancements

Node gets its identity IDN as follows: N chooses a random number rN and a pseudo random function H. IDN = HK(rN) where

N broadcasts ID(N) which is received by all its neighbors

Neighbor puts this identity in their NNL and uses it to authenticate messages Procedure for Message Authentication

N partitions the time into equal intervals and assigns the ith interval with a key (K i) where Ki = HK-i(rN) in the one way hash chain.

The content of the packet sent in the ith interval is { M i||MAC(K’i,Mi)||Ki-d} where

Mi = Message to be sent, K’i = f (Ki), where f : second pseudo Random Function

d: disclosure delay. Hence (i-d)th message is authenticated by Ki-d disclosed in the ith interval

Receiver Side Algorithm Check if the key used by the message is already disclosed

If yes then discard the message as the message might be forged If not, cache the message and check its authenticity at the time when k i is

disclosed. A packet with an invalid MAC will be discarded

This Enhancement makes it difficult for selfish node to cheat. This is because MAC is difficult to forge without the key of that node

This design eliminated the need of a PKI or other network authentication infrastructure.

In addition, One way Hash is computationally cheaper than digital signature used in many other schemes

Simulation Results

Simulation settings: Simulator: ns2 Parameters: 50 mobile nodes, 670 X 670square meter, IEEE 802.11 DCF

Mac layer, DSR as the routing protocol,250 meters transmission range, data rate = 2Mb/s, Physical layer is either free space or two ray propagation model. Antenna height: 1.5 m

5 nodes are randomly chosen to be selfish nodes. They probabilistically drop packets unless they are the destination

Nconn randomly generated source destination pairs(connections). Each last for 10 simulated seconds. CBR traffic model used.

δ set to 0.1 for all simulations Avg throughput for (well behaving/selfish) node is obtained as follows

Summing up no. of packets correctly received by all (well behaving/selfish) node Divide by total no of corresponding (well behaving/selfish) nodes Divide result by total simulation time 1000s

Fig 1: Throughput under various number of connections

CBR fixed to 1 pkt/sec For each simulation Nconn is fixed but varies

across connections form 10 to 40 On average, selfish node suffers 50%

throughput reduction

Fig 2: Throughput under various Data rate CBR changes from 1 to 10 pkt/sec For each simulation Nconn is fixed = 10 Well Behaving node has higher throughput than selfish Throughput difference reduces with increase in data

rate?

Performance

Fig 3: Throughput Dropping probability varies form 10 to 100%. Fixed for

each simulation Nconn = 10 fixed CBR connections = 1 packet/sec As the dropping probability of selfish nodes increases,

the gap increases

Fig 4: Communication Overhead Selfish nodes drops all packets unless its the

Source/Destination CBR Data rate = 1 packet/sec Overhead incurred is not more than 8% Overhead increase with increase in Nconn

SPRITE Simple Cheat Proof Credit Based System for

Mobile Ad hoc Networks

FeaturesAssumptionsBasic SchemeSecurity EnhancementsSimulation resultsConclusion

Features

Does not require any tamper proof hardware Focuses on selfish nodes Uses Credit to provide incentive to selfish nodes. Node receives a message, it keeps a receipt of the message When a fast connection to a CCS (Credit Clearance Service)

available, it reports the packets it has received/forwarded by uploading the receipts

Depending upon the receipts submitted, CCS determines charge and credit to each node

Issues to be addressed: Security Aspect: Each node is autonomous and the charge and credit is

based on receipts submitted by each node Incentive Aspects: Node should receive enough credit for forwarding a

message so it can send its own message with the received credit

Basic Scheme

System Architecture:

Assumptions: Sender knows the full path to the destination Node equipped with a certificate issued by a scalable certificate authority for

identification. CCS is trusted in terms of maintaining credit balance CCS may not be trusted in terms of message authenticity

Node Sending a message will loose credit while node forwarding a message will gain credit

Node can gain credit by either using real money to buy credit at a variable rate depending upon network conditions or by paying its debit. Dominant/preferred way is to forward other’s packet and gain credit.

Who Pays Whom? Who should be Charged? Charge the sender of the packet If destination is charged, It can lead to DoS attack on the destination Similarly if both sender and receiver are charged, sender can collude with other

nodes to launch DoS If sender is charged, there wont be any useless messages If destination benefits then a higher level protocol to be used by sender to get

back the compensation Who should get the credit? Any node who forwards the message CCS believes a node forwarded the message only if its successor reports a valid

receipt of the message Because CCS cannot distinguish between corrupted link and a selfish nodes

Objective of the Payment Scheme To prevent cheating action and to provide incentive for the nodes to cooperate Does not target balances payment

Cheating actions in the submission game

Node can exhibit one of the following selfish actions: After receiving the message, node saves a receipt but does not forward the

message Node has received the message but does not report the receipt Node does not receive the message but falsely claims that it has received the

message Selfish actions can be further complicated by collusion of two or more

nodes. Next we see the various techniques in the system to prevent the above

actions

Motivation nodes to forward the message

Basic Scheme: CCS determines the last node on the path who ever received the

message Sender has to pay β to this node and α to all its predecessors where β<

α Example:

Motivation nodes to report Receipts Make β > cost of submitting a receipt Problem: Eg: The last node can collude with the sender and not report its

receipt. Thus the sender saves α while the receiver looses β Sender can pay the receiver a behind the scene payment of (β + ε)

where ε>0. Sender still has a gain of (α – (β + ε)) To prevent this cheating action:

CCS charges the sender an extra amount if the destination does not report a receipt.

CCS charges the sender kβ less than the charge when the destination receives the packet. E.g. Charge to sender here is (4 α + β) - 2 β

Preventing false Receipts

Consider this: Instead of forwarding the whole message, an intermediate node forwards only the receipt of a message

This is sufficient to get the credit from the CCS The destination will not report a receipt as it has not got a valid

payload CCS Algorithm:

If the destination does not report a receipt of a message, multiply the credit paid to each node by γ, where γ < 1

Reduce the charge to the sender by γβ instead of β , for each node on the path who does not report a receipt

Message Forwarding Protocol: Specifications

A. Sending a message Node ni maintains a sequence-number matrix seq and

public/private key pair (PKi, SKi).

Where seqi(j, k) = sequence number of messages from sender nj to destination nk, observed by node ni.

n0 is to send message payload m with sequence number seq0(0, d) to destination nd,

B. Receiving a message Node i upon receiving a message

C. Computing payments receipt (D, p, seq, s) is valid if verifyPK0 ((D, p, seq), s) =

TRUE Assume p =(n0, n1, . . . , ne, . . . , nd), ne is the last node on path p

that submits a valid receipt with sequence number seq CCS charges C from node n0, and pays Pi to node ni where

In actual implementation, the CCS will issue credit gradually as and when it receives receipts

Evaluation

A. Overhead To evaluate the CPU processing time on a mobile node

Observations RSA has a much smaller forwarding overhead. ECNR has a much smaller bandwidth and storage requirement.

B. System performance vs. network resource Measures the Message Success Rate: i.e., the percentage of

messages that are successfully relayed from the sender to the destination.

consider a special class of mobile nodes, namely the power-and-credit-conservative nodes.

Power-Conservative Node: Its remaining power allows it to send (and forward) only a limited amount of messages

Credit-Conservative Node: Refrains from sending any new message when its credit balance is insufficient to cover the charge for sending a message

let c and b denote the estimated credit balance and the number of messages allowed to be transmitted by the remaining battery of a node, respectively.

Assuming each message takes an average of L hops policy of such a node is the following: if c/L < b, forward a

transient message otherwise drop

Conclusion

We studied the steps to follow to Engineering such a protocol Two Prototype Protocols were studied in their functioning Reputation based SORI: Uses Reputation of the node among its neighbor

as an incentive Credit based SPRITE: Uses credit scheme to make intermediate nodes

forward packets. The use of appropriate protocol depends on the application of ad hoc

networks.

References

Obreiter, P., Konig-Ries, B., und Papadopoulos, G.: Engineering incentive schemes for ad hoc networks - a case study for the lanes overlay. In: First EDBT-Workshop on Pervasive Information Management. To appear in post-proceedings, Greece. 2004

SORI: A Secure and Objective Reputation-based Incentive Scheme for Ad-hoc Networks by Qi He, Oliver D. Wu, Pradeep KhoslaIEEE Wireless Communications and Networking Conference 2004

S. Zhong, Y. R. Yang, J. Chen, "Sprite: A Simple, Cheat-Proof, Credit-Based System for Mobile Ad Hoc Networks," In Proceedings of IEEE INFOCOM'03, San Francisco, Mar 30 - Apr 3, 2003.

Cooperation Issues in Mobile Ad Hoc Networks: 24th International Conference on Distributed Computing Systems Workshops - W6: WWAN (ICDCSW'04)