Limited Verification of Identities to Induce False-Name-Proofness

In open, anonymous environments such as the Internet, mechanism design is complicated by the fact that a single agent can participate in the mechanism under multiple identifiers. One way to address this is to design false-name-proof mechanisms, which choose the outcome in such a way that agents have no incentive to use more than one identifier. Unfortunately, there are inherent limitations on what can be achieved with false-name-proof mechanisms, and at least in some cases, these limitations are crippling. An alternative approach is to verify the identities of all agents. This imposes significant overhead and removes any benefits from anonymity. In this paper, we propose a middle ground. Based on the reported preferences, we check, for various subsets of the reports, whether the reports in the subset were all submitted by different agents. If they were not, then we discard some of them. We characterize when such a limited verification protocol induces false-name-proofness for a mechanism, that is, when the combination of the mechanism and the verification protocol gives the agents no incentive to use multiple identi- fiers. This characterization leads to various optimization problems for minimizing verification effort. We study how to solve these problems. Throughout, we use combinatorial auctions (using the Clarke mechanism) and majority voting as examples

Essays in Economic Theory

This thesis consists of five chapters on topics in mechanism design and voting. In Chapter 1, we study a committee deciding collectively whether to accept a given proposal or to maintain the status quo. Committee members are privately informed about their valuations and monetary transfers are possible. According to which rule should the committee make its decision? We consider strategy-proof and anonymous social choice functions and solve for the decision rule that maximizes utilitarian welfare, which takes monetary transfers to an external agency explicitly into account. For regular distributions of preferences, we find that it is optimal to exclude monetary transfers and to decide by qualified majority voting. This sheds new light on the common objection that criticizes voting for its inefficiency. In Chapter 2, we study welfare-optimal decision rules for committees that repeatedly take a binary decision. Committee members are privately informed about their payoffs and monetary transfers are not feasible. In static environments, the only strategy-proof mechanisms are voting rules which are inefficient as they do not condition on preference intensities. The dynamic structure of repeated decision-making allows for richer decision rules that overcome this inefficiency. Nonetheless, we show that often simple voting is optimal for two-person committees. This holds for many prior type distributions and irrespective of the agents' patience. In Chapter 3, we study binary, sequential voting procedures in settings with privately informed agents and single-peaked (or single-crossing) preferences. We identify two conditions on binary voting trees, convexity of divisions and monotonicity of qualified majorities, ensuring that sincere voting at each stage forms an ex-post perfect equilibrium in the associated extensive form game with incomplete information. We illustrate our findings with several case studies: procedures that do not satisfy our two conditions offer ample space for strategic manipulations. Conversely, when the agenda satisfied our conditions, sincere behavior was indeed the most likely outcome. In Chapter 4, we study how a principal should optimally choose between implementing a new policy and keeping status quo when the information relevant for the decision is privately held by agents. Agents are strategic in revealing their information, but the principal can verify an agent's information at a given cost. We exclude monetary transfers. When is it worthwhile for the principal to incur the cost and learn an agent's information? We characterize the mechanism that maximizes the expected utility of the principal. This mechanism can be implemented as a weighted majority voting rule, where agents are given additional weight if they provide evidence about their information. The evidence is verified whenever it is decisive for the principal's decision. Additionally, we find a general equivalence between Bayesian and ex-post incentive compatible mechanisms in this setting. In Chapter 5, we are interested in strategy-proof mechanisms that maximize the agents' residual surplus, that is, the utility derived from the physical allocation minus transfers accruing to an external entity, in an independent private value auction environment. We find that, under the assumption of an increasing hazard rate of type distributions, an optimal deterministic mechanism never extracts any net payments from the agents, that is, it will be budget-balanced. Specifically, optimal mechanisms have a simple "posted price'' or "option'' form. In the bilateral trade environment, we obtain optimality of posted price mechanisms without any assumption on type distributions

Conceptual Model and Architecture of MAFTIA

This deliverable builds on the work reported in [MAFTIA 2000] and [Powell and Stroud 2001]. It contains a further refinement of the MAFTIA conceptual model and a revised discussion of the MAFTIA architecture. It also introduces the work done in MAFTIA on verification and assessment of security properties, which is reported on in more detail in [Adelsbach and Creese 2003

Equitable proof-of-work mining rewards

We present Reward-All Nakamoto-Consensus (Reward-All), a Proof-of-Work cryptocurrency that rewards each miner with a number of coins that is directly proportional to its individual mining power, rather than in proportion to its relative share of the entire network’s mining power as done in Bitcoin. Unlike their Bitcoin counterparts, miners in Reward-All do not have to win the leader-election process to earn coins, and only lose earned coins after block reorganizations of a configurable minimum length occur. We present a detailed specification of Reward-All, along with a prototype implementation, and an evaluation of its practicality and efficiency. Additionally, we provide an analysis of the security of Reward-All, where mining is modeled as a Markov Decision Process, and the advantages of optimal mining strategies are quantified. Under reasonable configurations, Reward-All achieves near-perfect incentive compatibility, and near-zero censorship susceptibility, for adversarial mining shares up to 45%, while retaining the same chain quality as Bitcoin’s Nakamoto Consensus (Nakamoto). However, Reward-All pays for these advantages with a regression in subversion gain resilience compared to Nakamoto. Furthermore, under Reward-All’s approach, the growth rate of the total coin supply correlates closely with the growth rate of mining power invested in the network. This enables miners to mint coins at a stable hash-based cost of production, and enables all rewarded coins to correspond to an approximately equal number of hashing attempts on average. Consequently, depending on the network transaction-fees, Reward-All improves miners’ waiting times for rewards, and incentivizes forming mining pools smaller than required in Bitcoin for an equal level of reward stability. Moreover, rewards in Reward-All exhibit significantly lower variance for non-majority miners compared to Nakamoto, enabling unprecedented reward stability.Open Acces

Towards trustworthy social computing systems

The rising popularity of social computing systems has managed to attract rampant forms of service abuse that negatively affects the sustainability of these systems and degrades the quality of service experienced by their users. The main factor that enables service abuse is the weak identity infrastructure used by most sites, where identities are easy to create with no verification by a trusted authority. Attackers are exploiting this infrastructure to launch Sybil attacks, where they create multiple fake (Sybil) identities to take advantage of the combined privileges associated with the identities to abuse the system. In this thesis, we present techniques to mitigate service abuse by designing and building defense schemes that are robust and practical. We use two broad defense strategies: (1) Leveraging the social network: We first analyze existing social network-based Sybil detection schemes and present their practical limitations when applied on real world social networks. Next, we present an approach called Sybil Tolerance that bounds the impact an attacker can gain from using multiple identities; (2) Leveraging activity history of identities: We present two approaches, one that applies anomaly detection on user social behavior to detect individual misbehaving identities, and a second approach called Stamper that focuses on detecting a group of Sybil identities. We show that both approaches in this category raise the bar for defense against adaptive attackers.Die steigende Popularität sozialer Medien führt zu umfangreichen Missbrauch mit negativen Folgen für die nachhaltige Funktionalität und verringerter Qualität des Services. Der Missbrauch wird maßgeblich durch die Nutzung schwacher Identifikationsverfahren, die eine einfache Anmeldung ohne Verifikation durch eine vertrauenswürdige Behörde erlaubt, ermöglicht. Angreifer nutzen diese Umgebung aus und attackieren den Service mit sogenannten Sybil Angriffen, bei denen mehrere gefälschte (Sybil) Identitäten erstellt werden, um einen Vorteil durch die gemeinsamen Privilegien der Identitäten zu erhalten und den Service zu missbrauchen. Diese Doktorarbeit zeigt Techniken zur Verhinderung von Missbrauch sozialer Medien, in dem Verteidigungsmechanismen konstruiert und implementiert werden, die sowohl robust als auch praktikabel sind. Zwei Verteidigungsstrategien werden vorgestellt: (1) Unter Ausnutzung des sozialen Netzwerks: Wir analysieren zuerst existierende soziale Netzwerk-basierende Sybil Erkennungsmechanismen und zeigen deren praktische Anwendungsgrenzen auf bei der Anwendung auf soziale Netzwerke aus der echten Welt. Im Anschluss zeigen wir den Ansatz der sogenannten Sybil Toleranz, welcher die Folgen eines Angriffs mit mehreren Identitäten einschränkt. (2) Unter Ausnutzung des Aktivitätsverlaufs von Identitäten: Wir präsentieren zwei Ansätze, einen anwendbar für die Erkennung von Unregelmäßigkeiten in dem sozialen Verhalten eines Benutzers zur Erkennung unanständiger Benutzer und ein weiterer Ansatz namens Stamper, dessen Fokus die Erkennung von Gruppen bestehend aus Sybil Identitäten ist. Beide gezeigten Ansätze erschweren adaptive Angriffe und verbessern existierende Verteidigungsmechanismen

Towards trustworthy social computing systems

The rising popularity of social computing systems has managed to attract rampant forms of service abuse that negatively affects the sustainability of these systems and degrades the quality of service experienced by their users. The main factor that enables service abuse is the weak identity infrastructure used by most sites, where identities are easy to create with no verification by a trusted authority. Attackers are exploiting this infrastructure to launch Sybil attacks, where they create multiple fake (Sybil) identities to take advantage of the combined privileges associated with the identities to abuse the system. In this thesis, we present techniques to mitigate service abuse by designing and building defense schemes that are robust and practical. We use two broad defense strategies: (1) Leveraging the social network: We first analyze existing social network-based Sybil detection schemes and present their practical limitations when applied on real world social networks. Next, we present an approach called Sybil Tolerance that bounds the impact an attacker can gain from using multiple identities; (2) Leveraging activity history of identities: We present two approaches, one that applies anomaly detection on user social behavior to detect individual misbehaving identities, and a second approach called Stamper that focuses on detecting a group of Sybil identities. We show that both approaches in this category raise the bar for defense against adaptive attackers.Die steigende Popularität sozialer Medien führt zu umfangreichen Missbrauch mit negativen Folgen für die nachhaltige Funktionalität und verringerter Qualität des Services. Der Missbrauch wird maßgeblich durch die Nutzung schwacher Identifikationsverfahren, die eine einfache Anmeldung ohne Verifikation durch eine vertrauenswürdige Behörde erlaubt, ermöglicht. Angreifer nutzen diese Umgebung aus und attackieren den Service mit sogenannten Sybil Angriffen, bei denen mehrere gefälschte (Sybil) Identitäten erstellt werden, um einen Vorteil durch die gemeinsamen Privilegien der Identitäten zu erhalten und den Service zu missbrauchen. Diese Doktorarbeit zeigt Techniken zur Verhinderung von Missbrauch sozialer Medien, in dem Verteidigungsmechanismen konstruiert und implementiert werden, die sowohl robust als auch praktikabel sind. Zwei Verteidigungsstrategien werden vorgestellt: (1) Unter Ausnutzung des sozialen Netzwerks: Wir analysieren zuerst existierende soziale Netzwerk-basierende Sybil Erkennungsmechanismen und zeigen deren praktische Anwendungsgrenzen auf bei der Anwendung auf soziale Netzwerke aus der echten Welt. Im Anschluss zeigen wir den Ansatz der sogenannten Sybil Toleranz, welcher die Folgen eines Angriffs mit mehreren Identitäten einschränkt. (2) Unter Ausnutzung des Aktivitätsverlaufs von Identitäten: Wir präsentieren zwei Ansätze, einen anwendbar für die Erkennung von Unregelmäßigkeiten in dem sozialen Verhalten eines Benutzers zur Erkennung unanständiger Benutzer und ein weiterer Ansatz namens Stamper, dessen Fokus die Erkennung von Gruppen bestehend aus Sybil Identitäten ist. Beide gezeigten Ansätze erschweren adaptive Angriffe und verbessern existierende Verteidigungsmechanismen

Achieving reliability and fairness in online task computing environments

Mención Internacional en el título de doctorWe consider online task computing environments such as volunteer computing platforms running on BOINC (e.g., SETI@home) and crowdsourcing platforms such as Amazon Mechanical Turk. We model the computations as an Internet-based task computing system under the masterworker paradigm. A master entity sends tasks across the Internet, to worker entities willing to perform a computational task. Workers execute the tasks, and report back the results, completing the computational round. Unfortunately, workers are untrustworthy and might report an incorrect result. Thus, the first research question we answer in this work is how to design a reliable masterworker task computing system. We capture the workers’ behavior through two realistic models: (1) the “error probability model” which assumes the presence of altruistic workers willing to provide correct results and the presence of troll workers aiming at providing random incorrect results. Both types of workers suffer from an error probability altering their intended response. (2) The “rationality model” which assumes the presence of altruistic workers, always reporting a correct result, the presence of malicious workers always reporting an incorrect result, and the presence of rational workers following a strategy that will maximize their utility (benefit). The rational workers can choose among two strategies: either be honest and report a correct result, or cheat and report an incorrect result. Our two modeling assumptions on the workers’ behavior are supported by an experimental evaluation we have performed on Amazon Mechanical Turk. Given the error probability model, we evaluate two reliability techniques: (1) “voting” and (2) “auditing” in terms of task assignments required and time invested for computing correctly a set of tasks with high probability. Considering the rationality model, we take an evolutionary game theoretic approach and we design mechanisms that eventually achieve a reliable computational platform where the master receives the correct task result with probability one and with minimal auditing cost. The designed mechanisms provide incentives to the rational workers, reinforcing their strategy to a correct behavior, while they are complemented by four reputation schemes that cope with malice. Finally, we also design a mechanism that deals with unresponsive workers by keeping a reputation related to the workers’ response rate. The designed mechanism selects the most reliable and active workers in each computational round. Simulations, among other, depict the trade-off between the master’s cost and the time the system needs to reach a state where the master always receives the correct task result. The second research question we answer in this work concerns the fair and efficient distribution of workers among the masters over multiple computational rounds. Masters with similar tasks are competing for the same set of workers at each computational round. Workers must be assigned to the masters in a fair manner; when the master values a worker’s contribution the most. We consider that a master might have a strategic behavior, declaring a dishonest valuation on a worker in each round, in an attempt to increase its benefit. This strategic behavior from the side of the masters might lead to unfair and inefficient assignments of workers. Applying renown auction mechanisms to solve the problem at hand can be infeasible since monetary payments are required on the side of the masters. Hence, we present an alternative mechanism for fair and efficient distribution of the workers in the presence of strategic masters, without the use of monetary incentives. We show analytically that our designed mechanism guarantees fairness, is socially efficient, and is truthful. Simulations favourably compare our designed mechanism with two benchmark auction mechanisms.This work has been supported by IMDEA Networks Institute and the Spanish Ministry of Education grant FPU2013-03792.Programa Oficial de Doctorado en Ingeniería MatemáticaPresidente: Alberto Tarable.- Secretario: José Antonio Cuesta Ruiz.- Vocal: Juan Julián Merelo Guervó

Decentralized Resource Scheduling in Grid/Cloud Computing

In the Grid/Cloud environment, applications or services and resources belong to different organizations with different objectives. Entities in the Grid/Cloud are autonomous and self-interested; however, they are willing to share their resources and services to achieve their individual and collective goals. In such open environment, the scheduling decision is a challenge given the decentralized nature of the environment. Each entity has specific requirements and objectives that need to achieve. In this thesis, we review the Grid/Cloud computing technologies, environment characteristics and structure and indicate the challenges within the resource scheduling. We capture the Grid/Cloud scheduling model based on the complete requirement of the environment. We further create a mapping between the Grid/Cloud scheduling problem and the combinatorial allocation problem and propose an adequate economic-based optimization model based on the characteristic and the structure nature of the Grid/Cloud. By adequacy, we mean that a comprehensive view of required properties of the Grid/Cloud is captured. We utilize the captured properties and propose a bidding language that is expressive where entities have the ability to specify any set of preferences in the Grid/Cloud and simple as entities have the ability to express structured preferences directly. We propose a winner determination model and mechanism that utilizes the proposed bidding language and finds a scheduling solution. Our proposed approach integrates concepts and principles of mechanism design and classical scheduling theory. Furthermore, we argue that in such open environment privacy concerns by nature is part of the requirement in the Grid/Cloud. Hence, any scheduling decision within the Grid/Cloud computing environment is to incorporate the feasibility of privacy protection of an entity. Each entity has specific requirements in terms of scheduling and privacy preferences. We analyze the privacy problem in the Grid/Cloud computing environment and propose an economic based model and solution architecture that provides a scheduling solution given privacy concerns in the Grid/Cloud. Finally, as a demonstration of the applicability of the approach, we apply our solution by integrating with Globus toolkit (a well adopted tool to enable Grid/Cloud computing environment). We also, created simulation experimental results to capture the economic and time efficiency of the proposed solution