Low Communication and Processing Overhead

homuskratΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

82 εμφανίσεις

Source
: IEEE Transactions on Parallel and Distributed
Systems, 2012.

Authors
:
Mahmoud, M.;
Shen
, X.

Speaker
: Le
Hai

Duong

A Secure Payment Scheme with

Low Communication and Processing Overhead
for Multihop Wireless Networks

Introduction (1/2)


Benefits of incentive schemes


Enforce fairness


Regulate
packet transmission


Discourage Message
-
Flooding
attacks


Efficiently charge for the
network services


Requirements


Fairness


Low overhead





Multihop

Wireless
Networks


Relaying packets through
many hops


Low cost in developing and
rural areas


Motivate cooperation in
relaying other’s data by
payment (or incentive)


Src

Dst

X

Y

Z

Introduction (2/2)


RACE


R
eport
-
based
p
A
yment

s
C
hem
E

for
MWNs


Lightweight payment reports (charges and rewards) without security
proof


Almost
no
cryptographic operations in clearing payments of fair
reports


Uses Evidences to solve disputes


Reduce storage via Evidence aggregation technique



Contribution
: is the first to verify the payment by
investigating the consistency of the nodes’ reports
without
:

-
Systematically submitting

-
Processing security tokens

-
False accusations


Related works (1/2)

Tamper
-
proof
-
device (TPD)
based

Receipt
-
based


Nuglets

(2004) [7]


SIP (2007)

[8]


CASHnet
(2005) [9]


Drawbacks


Compromised TPD


No communication if not
sufficient fund


Multihop

fails if not
enough credits




Offline Account Center (AC)


Store and manage nodes’ credit
accounts


More overhead than TPD


Sprite (2003) [11]


FESCIM (2011) [12]


PIS (2010) [13]


CDS (2010) [14]


ESIP (2011) [17]


Disadvantages:


Overwhelm the network with
receipt
-
per
-
message


Related works (2/2)

System models


Network model


Registered node A has symmetric key
K
A

, public/private key pair, and certificate.


Trusted Party contains


Account Center (
AC
) clears reports and identifies cheaters


Certificate Authority (
CA
) evicts cheating nodes


Long life network and nodes have long
term relationships with network (civilian
apps)


Charges and rewards


Charges source node for every message
sent


Intermediate nodes are only rewarded for
delivered messages


Any source routing protocol (e.g. DSR)


Nodes contact
Trusted Party

to submit
report/evidences, receive renewed
certificates, purchase credits


Connection via base station of cellular
networks,
WiFi

hotspots, or wired
networks

System models


Adversary model


Trusted Party is fully secure


Attackers


Have full control of the compromised nodes


Can work individually or collude with each other


Are rational, attack to gain more benefits (steal credits, pay less,
or even communication for free)

Proposed scheme
-

Overview

Four processes


Communication



Communication


Route establishment


Data transmission


Evidence composition


Payment report
composition/submission


Classifier


Identifying Cheaters


Credit
-
Account Update


Proposed scheme
-

Communication


(1) Route establishment

S

A

B

D

RREQ

RREQ_A

RREQ_B

RREP

RREP

RREP

-

Route Request (RREQ) packet

RREQ
:
{R, T
S
, TTL},
where
R = ID
S
ID
D

RREQ_A
:
R = ID
S
ID
A
ID
D

RREQ_B
:
R = ID
S
ID
A
ID
B
ID
D


-

Route Reply (RREP) packet


RREP
:
{R, h
(0)
,
Cert
D
,
Sig
D
(R, T
S
, h
(0)
)}
,

where
R =
ID
S
ID
A
ID
B
ID
D
and
h
(0)

is hash chain root,
h
(i
-
1)
= H(h
(
i
)
),
1

𝑖

𝐾


-

Intermediate nodes
A

and
B
store
Sig
D
(R, T
S
,
h
(0
)
)

and
h
(0
)

for composing
Evidence


1
i K
 
1
i K
 
authenticates
R
and
h
(0)

Time
-
To
-
Live is the number
of intermediate
nodes

Proposed scheme
-

Communication


(2) Data transmission

S

A

B

D

data_pkt

ACK

-

data_pkt
:

{R, X, T
S
, M
X
, Sig
s
(
R, X, T
S
,
H(M
X
))}

where

M
X
the message sent in
X
th

packet


-

ACK: h
(X)

e.g., for the second packet, the
ACK
is
h
(2)

Verify if


-

Every node stores last
Sig
S
(
R, X, T
S
, H(M
X
))
and
h
(X
)
for composing

Evidence


1
i K
 
1
i K
 
data_pkt

data_pkt

ACK

ACK

(1) (2)
( )
h H h

h
(X)

:
delivered
X
messages

Sig
S
(R
, X, T
S
, H(M
X
))

:
delivered
X
-
1
message
s
and received
X
messages

Proposed scheme


Communication


(3) Evidence Composition


Evidences aggregation


H(…, H( H(PROOF(1), PROOF(2)),
PROOF(3)), …, PROOF(n))


Unmodifiable


Unforgeable


Undeniable


Source And destination
nodes can collude to
create fake
Evidences


Honest node can always
compose valid
Evidence

where
h
(v)

is the last received hash value

Proposed scheme

-

Communication



(4) Payment report composition / submission (1/2)

Flag bit

F = 0: not
received last ACK

F = 1: received last ACK

Proposed scheme



Communication


(4) Payment report composition / submission (2/2)

Update the lifetime of
Cert
A

Proposed scheme


Classifier

Rules for
fair

reports in the case of :

(a) session completed

(b) session broken during relaying the
X
th

message

(
c) session broken during relaying the
X
th

ACK


If a report cannot achieve one of the rules, then it’s classified as

cheating

(a)

(b)

(c)

(b)

Proposed scheme





Identifying Cheaters (1/2)


Request
Evidences

from nodes that submit report with more
payment


Compute the
PROOF
by generating the nodes’ signatures and
hashing them


Evidence

is valid if
Evidence’s

PROOF

= computed
PROOF

Proposed scheme





Identifying Cheaters (2/2)

Proposed scheme



Credit
-
Account Update


AC has to wait for all reports before clearing payments


Average clearance delay is
T
Cert
/2
(
T
Cert

is certificate lifetime)


Worst delay is
T
Cert

Performance (1/3 )

Performance (2/3 )

Performance (3/3)

X=3000

≈2300

≈118

Conclusions


Small size reports (≈ 24 bytes)


Fair reports are clear with almost no cryptographic
operations or processing overhead


Reduce communication and processing overheads
significantly


Effective implementation due to little storage required






References


[7]

L
.
Buttyan

and J.
Hubaux
, “Stimulating cooperation in
selforganizing

mobile
ad hoc networks”,
Mobile Networks and
Applications,vol
. 8, no. 5, pp. 579
-
592, October
2004.


[8]

Y
. Zhang, W. Lou, and Y. Fang, “A secure incentive protocol
for mobile
ad hoc networks”, ACM
Wireless Networks, vol. 13, no.
5, pp
. 569
-
582, October, 2007.


[9]

A.
Weyland
, “Cooperation and accounting in multi
-
hop
cellular networks
”, Ph.D. thesis,
University of Bern, November 2005.


[11]

S.
Zhong
, J. Chen, and R. Yang, “Sprite: A simple,
cheat
-
proof, credit
based system for mobile ad
-
hoc networks”, Proc. of
IEEE INFOCOM’03
, vol. 3, pp. 1987
-
1997, San Francisco, CA, USA
, March
30
-
April 3, 2003.


[12]

M. Mahmoud and X.
Shen
, “FESCIM: Fair, efficient, and
secure cooperation
incentive mechanism
for hybrid ad hoc networks”,
IEEE Transactions
on Mobile Computing (IEEE TMC), to appear.


[13]

M. Mahmoud, and X.
Shen
, "PIS: A practical incentive system
for multi
-
hop
wireless networks",
IEEE Transactions on
Vehicular
Technology
(IEEE TVT), vol. 59, no. 8, pp. 4012
-
4025, 2010.


[14]

M. Mahmoud and X.
Shen
, "Stimulating cooperation in multi
-
hop


wireless networks using cheating detection system", Proc.
IEEE
INFOCOM'10
, San Diego, California,
USA, March 14
-
19, 2010.


[17]

M. Mahmoud and X.
Shen
, “ESIP: Secure incentive protocol
with limited
use of public
-
key
cryptography for multi
-
hop wireless networks
”, IEEE
Transactions on Mobile Computing (IEEE TMC), vol
.
10
, no. 7, pp. 997
-
1010, July 2011.