VCG Under Sybil (False-name) Attacks -- a Bayesian Analysis

VCG is a classical combinatorial auction that maximizes social welfare. However, while the standard single-item Vickrey auction is false-name-proof, a major failure of multi-item VCG is its vulnerability to false-name attacks. This occurs already in the natural bare minimum model in which there are two identical items and bidders are single-minded. Previous solutions to this challenge focused on developing alternative mechanisms that compromise social welfare. We re-visit the VCG auction vulnerability and consider the bidder behavior in Bayesian settings. In service of that we introduce a novel notion, termed the granularity threshold, that characterizes VCG Bayesian resilience to false-name attacks as a function of the bidder type distribution. Using this notion we show a large class of cases in which VCG indeed obtains Bayesian resilience for the two-item single-minded setting.Comment: This is an extended version of an article to appear in AAAI-2020. Supporting code for generating the article's figures can be found at https://github.com/yotam-gafni/vcg_bayesian_fn

The Cost of Sybils, Credible Commitments, and False-Name Proof Mechanisms

Consider a mechanism that cannot observe how many players there are directly, but instead must rely on their self-reports to know how many are participating. Suppose the players can create new identities to report to the auctioneer at some cost $c$. The usual mechanism design paradigm is equivalent to implicitly assuming that $c$ is infinity for all players, while the usual Sybil attacks literature is that it is zero or finite for one player (the attacker) and infinity for everyone else (the 'honest' players). The false-name proof literature largely assumes the cost to be 0. We consider a model with variable costs that unifies these disparate streams. A paradigmatic normal form game can be extended into a Sybil game by having the action space by the product of the feasible set of identities to create action where each player chooses how many players to present as in the game and their actions in the original normal form game. A mechanism is (dominant) false-name proof if it is (dominant) incentive-compatible for all the players to self-report as at most one identity. We study mechanisms proposed in the literature motivated by settings where anonymity and self-identification are the norms, and show conditions under which they are not Sybil-proof. We characterize a class of dominant Sybil-proof mechanisms for reward sharing and show that they achieve the efficiency upper bound. We consider the extension when agents can credibly commit to the strategy of their sybils and show how this can break mechanisms that would otherwise be false-name proof

Towards Optimal Prior-Free Permissionless Rebate Mechanisms, with applications to Automated Market Makers & Combinatorial Orderflow Auctions

Maximal Extractable Value (MEV) has become a critical issue for blockchain ecosystems, as it enables validators or block proposers to extract value by ordering, including or censoring users' transactions. This paper aims to present a formal approach for determining the appropriate compensation for users whose transactions are executed in bundles, as opposed to individually. We explore the impact of MEV on users, discuss the Shapley value as a solution for fair compensation, and delve into the mechanisms of MEV rebates and auctions as a means to undermine the power of the block producer

Incentive-driven QoS in peer-to-peer overlays

A well known problem in peer-to-peer overlays is that no single entity has control over the software, hardware and configuration of peers. Thus, each peer can selfishly adapt its behaviour to maximise its benefit from the overlay. This thesis is concerned with the modelling and design of incentive mechanisms for QoS-overlays: resource allocation protocols that provide strategic peers with participation incentives, while at the same time optimising the performance of the peer-to-peer distribution overlay. The contributions of this thesis are as follows. First, we present PledgeRoute, a novel contribution accounting system that can be used, along with a set of reciprocity policies, as an incentive mechanism to encourage peers to contribute resources even when users are not actively consuming overlay services. This mechanism uses a decentralised credit network, is resilient to sybil attacks, and allows peers to achieve time and space deferred contribution reciprocity. Then, we present a novel, QoS-aware resource allocation model based on Vickrey auctions that uses PledgeRoute as a substrate. It acts as an incentive mechanism by providing efficient overlay construction, while at the same time allocating increasing service quality to those peers that contribute more to the network. The model is then applied to lagsensitive chunk swarming, and some of its properties are explored for different peer delay distributions. When considering QoS overlays deployed over the best-effort Internet, the quality received by a client cannot be adjudicated completely to either its serving peer or the intervening network between them. By drawing parallels between this situation and well-known hidden action situations in microeconomics, we propose a novel scheme to ensure adherence to advertised QoS levels. We then apply it to delay-sensitive chunk distribution overlays and present the optimal contract payments required, along with a method for QoS contract enforcement through reciprocative strategies. We also present a probabilistic model for application-layer delay as a function of the prevailing network conditions. Finally, we address the incentives of managed overlays, and the prediction of their behaviour. We propose two novel models of multihoming managed overlay incentives in which overlays can freely allocate their traffic flows between different ISPs. One is obtained by optimising an overlay utility function with desired properties, while the other is designed for data-driven least-squares fitting of the cross elasticity of demand. This last model is then used to solve for ISP profit maximisation

A multiplayer game model to detect insiders in wireless sensor networks

Insiders might have incentives and objectives opposed to those of the belonging organization. It is hard to detect them because of their privileges that partially protect them. In Wireless Sensor Networks (WSNs), significant security issues arise, including compromised nodes by insiders that disrupt the normal network operation. Immediate defensive actions to isolate malicious nodes would mitigate any related impacts. A multiplayer game model is proposed as a solution to the problem of insider attacks in WSNs, the Game of Wireless Sensor Networks (GoWiSeN). It is an imperfect information game, formulated with the use of non-cooperative game theory, holding the assumption that all players are rational. The model consists of several Local Intrusion Detection Systems (LIDSs), which are located to different nodes and communicate with a Global Intrusion Detection System (GIDS). Each LIDS gives suggestions whether the monitoring node is trusted or not. The game is being played between a potential attacker, the nodes and the GIDS. The GIDS is responsible for making a final decision and for isolating a compromised node in case of an internal attack. The theoretical model represents these interactions in an extensive form game. The formal elements of the game are specified, the outcomes of the game are quantified by first specifying players’ preferences, and then, by using the von Neumann-Morgenstern utility function, and payoffs are obtained. The game is constructed and solved, by locating NE in pure and mixed strategies. Experimental evaluations conducted on real network datasets, using IDSs of different capabilities, simulate special cases and compromised nodes in a WSN, verify the model efficiency, and show how the game should be played

Essays on the Computation of Economic Equilibria and Its Applications.

The computation of economic equilibria is a central problem in algorithmic game theory. In this dissertation, we investigate the existence of economic equilibria in several markets and games, the complexity of computing economic equilibria, and its application to rankings. It is well known that a competitive economy always has an equilibrium under mild conditions. In this dissertation, we study the complexity of computing competitive equilibria. We show that given a competitive economy that fully respects all the conditions of Arrow-Debreu's existence theorem, it is PPAD-hard to compute an approximate competitive equilibrium. Furthermore, it is still PPAD-Complete to compute an approximate equilibrium for economies with additively separable piecewise linear concave utility functions. Degeneracy is an important concept in game theory. We study the complexity of deciding degeneracy in games. We show that it is NP-Complete to decide whether a bimatrix game is degenerate. With the advent of the Internet, an agent can easily have access to multiple accounts. In this dissertation we study the path auction game, which is a model for QoS routing, supply chain management, and so on, with multiple edge ownership. We show that the condition of multiple edge ownership eliminates the possibility of reasonable solution concepts, such as a strategyproof or false-name-proof mechanism or Pareto efficient Nash equilibria. The stationary distribution (an equilibrium point) of a Markov chain is widely used for ranking purposes. One of the most important applications is PageRank, part of the ranking algorithm of Google. By making use of perturbation theories of Markov chains, we show the optimal manipulation strategies of a Web spammer against PageRank under a few natural constraints. Finally, we make a connection between the ranking vector of PageRank or the Invariant method and the equilibrium of a Cobb-Douglas market. Furthermore, we propose the CES ranking method based on the Constant Elasticity of Substitution (CES) utility functions.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/64821/1/duye_1.pd

Private and censorship-resistant communication over public networks

Society’s increasing reliance on digital communication networks is creating unprecedented opportunities for wholesale surveillance and censorship. This thesis investigates the use of public networks such as the Internet to build robust, private communication systems that can resist monitoring and attacks by powerful adversaries such as national governments. We sketch the design of a censorship-resistant communication system based on peer-to-peer Internet overlays in which the participants only communicate directly with people they know and trust. This ‘friend-to-friend’ approach protects the participants’ privacy, but it also presents two significant challenges. The first is that, as with any peer-to-peer overlay, the users of the system must collectively provide the resources necessary for its operation; some users might prefer to use the system without contributing resources equal to those they consume, and if many users do so, the system may not be able to survive. To address this challenge we present a new game theoretic model of the problem of encouraging cooperation between selfish actors under conditions of scarcity, and develop a strategy for the game that provides rational incentives for cooperation under a wide range of conditions. The second challenge is that the structure of a friend-to-friend overlay may reveal the users’ social relationships to an adversary monitoring the underlying network. To conceal their sensitive relationships from the adversary, the users must be able to communicate indirectly across the overlay in a way that resists monitoring and attacks by other participants. We address this second challenge by developing two new routing protocols that robustly deliver messages across networks with unknown topologies, without revealing the identities of the communication endpoints to intermediate nodes or vice versa. The protocols make use of a novel unforgeable acknowledgement mechanism that proves that a message has been delivered without identifying the source or destination of the message or the path by which it was delivered. One of the routing protocols is shown to be robust to attacks by malicious participants, while the other provides rational incentives for selfish participants to cooperate in forwarding messages

Photo response non-uniformity based image forensics in the presence of challenging factors

With the ever-increasing prevalence of digital imaging devices and the rapid development of networks, the sharing of digital images becomes ubiquitous in our daily life. However, the pervasiveness of powerful image-editing tools also makes the digital images an easy target for malicious manipulations. Thus, to prevent people from falling victims to fake information and trace the criminal activities, digital image forensics methods like source camera identification, source oriented image clustering and image forgery detections have been developed. Photo response non-uniformity (PRNU), which is an intrinsic sensor noise arises due to the pixels non-uniform response to the incident, has been used as a powerful tool for image device fingerprinting. The forensic community has developed a vast number of PRNU-based methods in different fields of digital image forensics. However, with the technology advancement in digital photography, the emergence of photo-sharing social networking sites, as well as the anti-forensics attacks targeting the PRNU, it brings new challenges to PRNU-based image forensics. For example, the performance of the existing forensic methods may deteriorate due to different camera exposure parameter settings and the efficacy of the PRNU-based methods can be directly challenged by image editing tools from social network sites or anti-forensics attacks. The objective of this thesis is to investigate and design effective methods to mitigate some of these challenges on PRNU-based image forensics. We found that the camera exposure parameter settings, especially the camera sensitivity, which is commonly known by the name of the ISO speed, can influence the PRNU-based image forgery detection. Hence, we first construct the Warwick Image Forensics Dataset, which contains images taken with diverse exposure parameter settings to facilitate further studies. To address the impact from ISO speed on PRNU-based image forgery detection, an ISO speed-specific correlation prediction process is proposed with a content-based ISO speed inference method to facilitate the process even if the ISO speed information is not available. We also propose a three-step framework to allow the PRNUbased source oriented clustering methods to perform successfully on Instagram images, despite some built-in image filters from Instagram may significantly distort PRNU. Additionally, for the binary classification of detecting whether an image's PRNU is attacked or not, we propose a generative adversarial network-based training strategy for a neural network-based classifier, which makes the classifier generalize better for images subject to unprecedented attacks. The proposed methods are evaluated on public benchmarking datasets and our Warwick Image Forensics Dataset, which is released to the public as well. The experimental results validate the effectiveness of the methods proposed in this thesis

ADDRESSING SELFISHNESS IN THE DESIGN OF COOPERATIVE SYSTEMS

I sistemi distribuiti cooperativi, tra cui in particolare i sistemi peer-to-peer, sono oggi alla base di applicazioni Internet di larga diffusione come file-sharing e media streaming, nonch\ue9 di tecnologie emergenti quali Blockchain e l'Internet of Things. Uno dei fattori chiave per il successo di un sistema cooperativo \ue8 che i nodi che vi partecipano mettano a disposizione della comunit\ue0 una parte delle proprie risorse (es. capacit\ue0 di calcolo, banda, spazio disco). Alcuni nodi, poich\ue9 controllati da agenti autonomi e indipendenti, potrebbero tuttavia agire egoisticamente e scegliere di non condividere alcuna risorsa, spinti dall'obiettivo di massimizzare la propria utilit\ue0 anche se a danno delle prestazioni dell'intero sistema. Affrontare l'egoismo dei nodi rappresenta dunque un'attivit\ue0 imprescindibile per lo sviluppo di un sistema cooperativo affidabile e performante. Nonostante il grande numero di tecniche ed approcci presenti in letteratura, tale attivit\ue0 richiede elaborazioni complesse, manuali e laboriose, nonch\ue9 conoscenze approfondite in vari domini di applicazione. Obiettivo di questa tesi \ue8 di fornire strumenti sia pratici che teorici per semplificare lo studio e il contrasto dei comportamenti egoistici nei sistemi cooperativi. Il primo contributo, basato su un'analisi esaustiva dello stato dell'arte sull'egoismo in sistemi distribuiti, presenta un framework di classificazione finalizzato all'identificazione e comprensione dei comportamenti egoistici pi\uf9 importanti su cui concentrarsi durante la progettazione di un sistema cooperativo. Come secondo contributo, presentiamo RACOON, un framework per la progettazione e configurazione di sistemi cooperativi resilienti all'egoismo dei nodi. L'obiettivo di RACOON \ue8 di semplificare tali attivit\ue0 fornendo una metodologia generale e semi-automatica, capace di integrare in un dato sistema pratici meccanismi di incentivo alla cooperazione, attentamente calibrati in modo da raggiungere gli obiettivi di resilienza e performance desiderati. A tal fine, RACOON impiega sia strumenti analitici appartenenti alla teoria dei giochi che metodi simulativi, che vengono utilizzati per fare previsioni sul comportamento del sistema in presenza di nodi egoisti. In questa tesi presentiamo inoltre una versione estesa del framework, chiamata RACOON++, sviluppata per migliorare l'accuratezza, flessibilit\ue0 e usabilit\ue0 del framework originale. Infine, come ultimo contributo del lavoro di tesi, presentiamo SEINE, un framework per la rapida modellazione e analisi sperimentale di vari tipi di comportamenti egoistici in un dato sistema cooperativo. Il framework \ue8 basato su un nuovo linguaggio specifico di dominio (SEINE-L) sviluppato per la descrizione degli scenari di egoismo da analizzare. SEINE fornisce inoltre supporto semi-automatico per l'implementazione e lo studio di tali scenari in un simulatore di sistemi distribuiti selezionato dallo stato dell'arte.Cooperative distributed systems, particularly peer-to-peer systems, are the basis of several mainstream Internet applications (e.g., file-sharing, media streaming) and the key enablers of new and emerging technologies, including blockchain and the Internet of Things. Essential to the success of cooperative systems is that nodes are willing to cooperate with each other by sharing part of their resources, e.g., network bandwidth, CPU capability, storage space. However, as nodes are autonomous entities, they may be tempted to behave in a selfish manner by not contributing their fair share, potentially causing system performance degradation and instability. Addressing selfish nodes is, therefore, key to building efficient and reliable cooperative systems. Yet, it is a challenging task, as current techniques for analysing selfishness and designing effective countermeasures remain manual and time-consuming, requiring multi-domain expertise. In this thesis, we aim to provide practical and conceptual tools to help system designers in dealing with selfish nodes. First, based on a comprehensive survey of existing work on selfishness, we develop a classification framework to identify and understand the most important selfish behaviours to focus on when designing a cooperative system. Second, we propose RACOON, a unifying framework for the selfishness-aware design and configuration of cooperative systems. RACOON provides a semi-automatic methodology to integrate a given system with practical and finely tuned mechanisms to meet specified resilience and performance objectives, using game theory and simulations to predict the behaviour of the system when subjected to selfish nodes. An extension of the framework (RACOON++) is also proposed to improve the accuracy, flexibility, and usability of RACOON. Finally, we propose SEINE, a framework for fast modelling and evaluation of various types of selfish behaviour in a given cooperative system. SEINE relies on a domain-specific language for describing the selfishness scenario to evaluate and provides semi-automatic support for its implementation and study in a state-of-the-art simulator.Les syst\ue8mes distribu\ue9s collaboratifs, en particulier les syst\ue8mes pair-\ue0-pair, forment l\u2019infrastructure sous-jacente de nombreuses applications Internet, certaines parmi les plus populaires (ex\ua0: partage de fichiers, streaming multim\ue9dia). Ils se situent \ue9galement \ue0 la base d\u2019un ensemble de technologies \ue9mergentes telles que la blockchain et l\u2019Internet des Objets. Le succ\ue8s de ces syst\ue8mes repose sur la contribution volontaire, de la part des n\u153uds participants, aux ressources partag\ue9es (ex : bande passante r\ue9seau, puissance de calcul, stockage de donn\ue9es). Or ces n\u153uds sont des entit\ue9s autonomes qui peuvent consid\ue9rer comme plus avantageux de se comporter de mani\ue8re \ue9go\uefste, c\u2019est-\ue0- dire de refuser de collaborer. De tels comportements peuvent fortement impacter les performances et la stabilit\ue9 op\ue9rationnelles du syst\ue8me cible. Prendre en compte et pr\ue9venir les comportements \ue9go\uefstes des n\u153uds est donc essentiel pour garantir l\u2019efficacit\ue9 et la fiabilit\ue9 des syst\ue8mes coop\ue9ratifs. Cependant, cela exige du d\ue9veloppeur, en d\ue9pit de la grande quantit\ue9 de techniques et d\u2019approches propos\ue9es dans la litt\ue9rature, des connaissances multisectorielles approfondies. L'objectif de cette th\ue8se est de concevoir et \ue9tudier de nouveaux outils th\ue9oriques et pratiques pour aider les concepteurs de syst\ue8mes distribu\ue9s collaboratifs \ue0 faire face \ue0 des n\u153uds \ue9go\uefstes. La premi\ue8re contribution, bas\ue9e sur une analyse exhaustive de la litt\ue9rature sur les comportements \ue9go\uefstes dans les syst\ue8mes distribu\ue9s, propose un mod\ue8le de classification pour identifier et analyser les comportements \ue9go\uefstes les plus importants sur lesquels il est important de se concentrer lors de la conception d'un syst\ue8me coop\ue9ratif. Dans la deuxi\ue8me contribution, nous proposons RACOON, un framework pour la conception et la configuration de syst\ue8mes coop\ue9ratifs r\ue9silients aux comportements \ue9go\uefstes. Outre un ensemble de m\ue9canismes d'incitation \ue0 la coop\ue9ration, RACOON fournit une m\ue9thodologie semi-automatique d\u2019int\ue9gration et de calibration de ces m\ue9canismes de mani\ue8re \ue0 garantir le niveau de performance souhait\ue9. RACOON s\u2019appuie sur une analyse du syst\ue8me cible fond\ue9e sur la th\ue9orie des jeux et sur des simulations pour pr\ue9dire l\u2019existence de n\u153uds \ue9go\uefstes dans le syst\ue8me. RACOON a \ue9t\ue9 \ue9tendu en un deuxi\ue8me framework, RACOON++. Plus pr\ue9cis, plus flexible, RACOON++ offre \ue9galement une plus grande facilit\ue9 d'utilisation. Une derni\ue8re contribution, SEINE, propose un framework pour la mod\ue9lisation et l'analyse des diff\ue9rents types de comportements \ue9go\uefstes dans un syst\ue8me coop\ue9ratif. Bas\ue9 sur un langage d\ue9di\ue9, d\ue9velopp\ue9 pour d\ue9crire les sc\ue9narios de comportement \ue9go\uefstes, SEINE fournit un support semi-automatique pour la mise en \u153uvre et l'\ue9tude de ces sc\ue9narios dans un simulateur choisi sur la base de l\u2019\ue9tat de l\u2019art (PeerSim)