Revocation Games in Ephemeral Networks

An ephemeral network is usually defined by the very short-lived and heterogeneous nature of interactions among self-organizing wireless devices. The wide penetration in everyday gadgets of radio technologies operating in unlicensed frequency spectrum, such as Bluetooth or 802.11 WLANs, accentuates the risk involved in communicating with unknown nodes, especially in hostile environments. Thus, misbehavior in ephemeral networks poses a serious threat to both well-behaving nodes and the network itself. The lack of centralized infrastructure and control makes such networks vulnerable to abuses, resulting in local service degradations and interruptions. Due to the short-lived and heterogeneous contacts among nodes, the reputation mechanisms based on repeated interactions are hard to establish and thus local revocation schemes seem to better cope with the highly volatile network model. In this report, we present a fully distributed scheme for local revocation of public-key certificates using a game-theoretic approach, in which each node selfishly decides on its actions and where, for each action, there is an associated cost and benefit. By providing incentives, dynamic costs and thanks to the history of previous behavior, our payoff model establishes the best course of actions for all the involved devices on-the-fly, such that the resulting revocation generates the least cost for the collectivity of players, i.e. a successful revocation that is also socially optimal. Based on the analytical results, we then formally define such algorithm and evaluate its performance through simulations. We show that our scheme is both accurate and effective in quickly removing malicious devices from the network

Revocation Games in Ephemeral Networks

A frequently proposed solution to node misbehavior in mobile ad hoc networks is to use reputation systems. But in ephemeral networks - a new breed of mobile networks where contact times between nodes are short and neighbors change frequently - reputations are hard to build. In this case, local revocation is a faster and more efficient alternative. In this paper, we define a game-theoretic model to analyze the various local revocation strategies. We establish and prove the conditions leading to subgame- perfect equilibria. We also derive the optimal parameters for voting-based schemes. Then we design a protocol based on our analysis and the practical aspects that cannot be captured in the model. With realistic simulations on ephemeral networks we compare the performance and economic costs of the different techniques

Data-centric trust in ephemeral networks

New network types require new security concepts. Surprisingly, trust – the ultimate goal of security – has not evolved as much as other concepts. In particular, the traditional notion of building trust in entities seems inadequate in an ephemeral environment where contacts among nodes are often short-lived and non-recurrent. It is actually the trustworthiness of the data that entities generate that matters most in these ephemeral networks. And what makes things more interesting is the continuous "humanization" of devices, by making them reflect more closely their owners' preferences, including the human sense of costs. Hence, in this thesis we study the notion of data-centric trust in an ephemeral network of rational nodes. The definition of a new notion requires specifying the corresponding basis, measures, and raison d'être. In the following chapters, we address these issues. We begin by defining the system and security models of an example ephemeral network, namely a vehicular network. Next, we delve into the subject of revocation in vehicular networks, before creating and analyzing a game-theoretic model of revocation, where the notion of cost-aware devices makes its first appearance in this thesis. This model not only makes possible the comparison of different revocation mechanisms in the literature, but also leads to the design of an optimal solution, the RevoGame protocol. With the security architecture in place, we formally define data-centric trust and compare several mechanisms for evaluating it. Notably, we apply the Dempster-Shafer Theory to cases of high uncertainty. Last but not least, we show that data-centric trust can reduce the privacy loss resulting from the need to establish trust. We first create a model of the trust-privacy tradeoff and then analyze it with game theory, in an environment of privacy-preserving entities. Our analysis shows that proper incentives can achieve this elusive tradeoff

Data-centric Misbehavior Detection in VANETs

Detecting misbehavior (such as transmissions of false information) in vehicular ad hoc networks (VANETs) is very important problem with wide range of implications including safety related and congestion avoidance applications. We discuss several limitations of existing misbehavior detection schemes (MDS) designed for VANETs. Most MDS are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners, e.g. for gaining access to a particular lane. Because of this (\emph{rational behavior}), it is more important to detect false information than to identify misbehaving nodes. We introduce the concept of data-centric misbehavior detection and propose algorithms which detect false alert messages and misbehaving nodes by observing their actions after sending out the alert messages. With the data-centric MDS, each node can independently decide whether an information received is correct or false. The decision is based on the consistency of recent messages and new alert with reported and estimated vehicle positions. No voting or majority decisions is needed, making our MDS resilient to Sybil attacks. Instead of revoking all the secret credentials of misbehaving nodes, as done in most schemes, we impose fines on misbehaving nodes (administered by the certification authority), discouraging them to act selfishly. This reduces the computation and communication costs involved in revoking all the secret credentials of misbehaving nodes.Comment: 12 page

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Game Theory Meets Network Security and Privacy

This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by game-theoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physical and MAC layers, application layer security in mobile networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, security problems, players, and game models are identified and the main results of selected works, such as equilibrium analysis and security mechanism designs are summarized. In addition, a discussion on advantages, drawbacks, and the future direction of using game theory in this field is provided. In this survey, we aim to provide a better understanding of the different research approaches for applying game theory to network security. This survey can also help researchers from various fields develop game-theoretic solutions to current and emerging security problems in computer networking

OREN: Optimal Revocations in Ephemeral Networks

Public-key certificates allow a multitude of entities to securely exchange and verify the authenticity of data. However, the ability to effectively revoke compromised or untrustworthy certificates is of great importance when coping with misbehavior. In this paper, we design a fully distributed local certificate revocation scheme for ephemeral networks - a class of extremely volatile wireless networks with short-duration and short-range communications - based on a game-theoretic approach. First, by providing incentives, we can guarantee the successful revocation of the malicious nodes even if they collude. Second, thanks to the records of past behavior, we dynamically adapt the parameters to nodes' reputations and establish the optimal Nash equilibrium (NE) on-the-fly, minimizing the social cost of the revocation. Third, based on the analytical results, we define OREN, a unique optimal NE selection protocol, and evaluate its performance through simulations. We show that our scheme is effective in quickly and efficiently removing malicious devices from the network

Performance Analysis of Authentication Protocols in Vehicular Ad Hoc Networks

Traditionally traffic safety was addressed by traffic awareness and passive safety measures like solid chassis, seat belts, air bags etc. With the recent breakthroughs in the domain of mobile ad hoc networks, the concept of vehicular ad hoc networks (VANET) was realised. Safety messaging is the most important aspect of VANETs, where the passive safety (accident readiness) in vehicles was reinforced with the idea of active safety (accident prevention). In safety messaging vehicles will message each other over wireless media, updating each other on traffic conditions and hazards. Security is an important aspect of safety messaging, that aims to prevent participants spreading wrong information in the network that are likely to cause mishaps. Equally important is the fact that secure communication protocols should satisfy the communication constraints of VANETs. VANETs are delay intolerant. Features like high speeds, large network size, constant mobility etc. induce certain limitations in the way messaging can be carried out in VANETs. This thesis studies the impact of total message size on VANET messaging system performance, and conducts an analysis of secure communication protocols to measure how they perform in a VANET messaging system

Detecting Rogue Nodes In Vehicular Ad-hoc Networks (DETER)

Vehicular ad hoc Networks (VANETs) are self-organizing networks of vehicles equipped with radios and processors. VANETs are very promising as they can make driving safer by improving road awareness through sharing of information from sensors. Vehicles communicate with each other wirelessly to exchange information and this exchange of information is susceptible to attacks of different kinds. There are some very important issues that need to be resolved before VANETs can be deployed on large scale. Security and privacy issues are undoubtedly the most important factors that need to be resolved. Amongst various problems to be solved in VANETs is the issue of rogue nodes and their impact on the network. This thesis discusses the problems associated with the security and privacy of vehicular networks in the presence of rogue nodes. The rogue nodes can share / inject false data in the network which can cause serious harm. The techniques proposed make VANETs secure and prevent them from the harmful impact of rogue nodes. The proposed work makes the network safer by making it fault tolerant and resilient in the presence of rogue nodes that can be detected and reported. As VANETs are highly dynamic and fast moving so, a data centric scheme is proposed that can determine if a node is rogue or not just by analysing its data. The work then enhances the developed mechanism by applying hypothesis testing and other statistical techniques to detect intrusions in the network by rogue nodes. The technique is simulated using OMNET++, SUMO and VACAMobil and the results obtained have been presented, discussed and compared to previous works. In order to prevent rogue nodes from becoming part of the VANETs this thesis also presents a novel framework for managing the digital identity in the vehicular networks. This framework authenticates the user and the vehicle separately from two authorities and allows him to communicate securely with the infrastructure using IBE (Identity Based Encryption). The proposed technique also preserves the privacy of the user. The proposed scheme allows traceability and revocation so that users can be held accountable and penalised. The results have been compared to previous works of similar nature. The thesis also discusses the Sybil attack and how to detect them using game theory in a VANET environment