Sonja Buchegger

Performance analysis of the CONFIDANT protocol

Mobile ad-hoc networking works properly only if the participating nodes cooperate in routing and forwarding. However,it may be advantageous for individual nodes not to cooperate. We propose a protocol, called CONFIDANT, for making misbehavior unattractive; it is based on selective altruism and utilitarianism. It aims at detecting and isolating misbehaving nodes, thus making it unattractive to deny cooperation. Trust relationships and routing decisions are based on experienced, observed, or reported routing and forwarding behavior of other nodes. The detailed implementation of CONFIDANT in this paper assumes that the network layer is based on the Dynamic Source Routing (DSR) protocol. We present a performance analysis of DSR fortified by CONFIDANT and compare it to regular defenseless DSR. It shows that a network with CONFIDANT and up to 60% of misbehaving nodes behaves almost as well as a benign network, in sharp contrast to a defenseless network. All simulations have been implemented and performed in GloMoSim.

Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks

Devices in mobile ad hoc networks work as network nodes and relay packets originated by other nodes. Mobile ad hoc networks can work properly only if the participating nodes cooperate in routing and forwarding. For individual nodes it might be advantageous not to cooperate. The new routing protocol extensions presented in this paper make it possible to detect and isolate misbehaving nodes, thus making denying cooperation undesirable. In the presented scheme, trust relationships and routing decisions are made based on experienced, observed, or reported routing and forwarding behavior of other nodes. A hybrid scheme of selective altruism and utilitarianism is presented to strengthen mobile ad hoc network protocols in their resistance to security attacks, while aiming at keeping network throughput high. This paper focuses particularly on the network layer using the dynamic source routing (DSR) protocol as an example.

Self-policing mobile ad hoc networks by reputation systems

Node misbehavior due to selfish or malicious reasons or faulty nodes can significantly degrade the performance of mobile ad hoc networks. To cope with misbehavior in such self-organized networks, nodes need to be able to automatically adapt their strategy to changing levels of cooperation. Existing approaches such as economic incentives or secure routing by cryptography alleviate some of the problems, but not all. We describe the use of a self-policing mechanism based on reputation to enable mobile ad hoc networks to keep functioning despite the presence of misbehaving nodes. The reputation system in all nodes makes them detect misbehavior locally by observation and use of second-hand information. Once a misbehaving node is detected it is automatically isolated from the network. We classify the features of such reputation systems and describe possible implementations of each of them. We explain in particular how it is possible to use second-hand information while mitigating contamination by spurious ratings.

PeerSoN: P2P social networking: early experiences and insights

To address privacy concerns over Online Social Networks (OSNs), we propose a distributed, peer-to-peer approach coupled with encryption. Moreover, extending this distributed approach by direct data exchange between user devices removes the strict Internet-connectivity requirements of web-based OSNs. In order to verify the feasibility of this approach, we designed a two-tiered architecture and protocols that recreate the core features of OSNs in a decentralized way. This paper focuses on the description of the prototype built for the P2P infrastructure for social networks, as a first step without the encryption part, and shares early experiences from the prototype and insights gained since first outlining the challenges and possibilities of decentralized alternatives to OSNs.

A case for P2P infrastructure for social networks - opportunities & challenges

Online Social Networks like Facebook, MySpace, Xing, etc. have become extremely popular. Yet they have some limitations that we want to overcome for a next generation of social networks: privacy concerns and requirements of Internet connectivity, both of which are due to web-based applications on a central site whose owner has access to all data. To overcome these limitations, we envision a paradigm shift from client-server to a peer-to-peer infrastructure coupled with encryption so that users keep control of their data and can use the social network also locally, without Internet access. This shift gives rise to many research questions intersecting networking, security, distributed systems and social network analysis, leading to a better understanding of how technology can support social interactions. This paper is an attempt to identify the core functionalities necessary to build social networking applications and services, and the research challenges in realizing them in a decentralized setting. In the tradition of research-path defining papers in the peer-to-peer community [5, 14], we highlight some challenges and opportunities for peer-to-peer in the era of social networks. We also present our own approach at realizing peer-to-peer social networks.

Decentralized Online Social Networks

Current Online social networks (OSN) are web services run on logically centralized infrastructure. Large OSN sites use content distribution networks and thus distribute some of the load by caching for performance reasons, nevertheless there is a central repository for user and application data. This centralized nature of OSNs has several drawbacks including scalability, privacy, dependence on a provider, need for being online for every transaction, and a lack of locality. There have thus been several efforts toward decentralizing OSNs while retaining the functionalities offered by centralized OSNs. A decentralized online social network (DOSN) is a distributed system for social networking with no or limited dependency on any dedicated central infrastructure. In this chapter we explore the various motivations of a decentralized approach to online social networking, discuss several concrete proposals and types of DOSN as well as challenges and opportunities associated with decentralization.

A test-bed for misbehavior detection in mobile ad-hoc networks - how much can watchdogs really do?

Several misbehavior detection and reputation systems have been proposed for mobile ad-hoc networks, relying on direct network observation mechanisms, so-called watchdogs. While these approaches have so far only been evaluated in simulations and restricted to selfish packet dropping, we are interested in the capabilities of a watchdog detection component in a real network. In this paper, we present our test-bed implementation of misbehavior detection. Following an evaluation of both the feasibility and detectability of attacks on routing and forwarding in the dynamic source routing (DSR) protocol, we present the design of our test-bed. In order to add detection capabilities, we extend the concept of passive acknowledgment by mechanisms for partial dropping, packet modification, and fabrication detection. We combine DSR with Netfilter and APE to enable detection. We implement both attackers and detection and show their feasibility and limitations.

Security Games for Vehicular Networks

Vehicular networks (VANETs) can be used to improve transportation security, reliability, and management. This paper investigates security aspects of VANETs within a game-theoretic framework where defensive measures are optimized with respect to threats posed by malicious attackers. The formulations are chosen to be abstract on purpose in order to maximize applicability of the models and solutions to future systems. The security games proposed for vehicular networks take as an input centrality measures computed by mapping the centrality values of the car networks to the underlying road topology. The resulting strategies help locating most valuable or vulnerable points (e.g., against jamming) in vehicular networks. Thus, optimal deployment of traffic control and security infrastructure is investigated both in the static (e.g., fixed roadside units) and dynamic cases (e.g., mobile law enforcement units). Multiple types of security games are studied under varying information availability assumptions for the players, leading to fuzzy game and fictitious play formulations in addition to classical zero-sum games. The effectiveness of the security game solutions is evaluated numerically using realistic simulation data obtained from traffic engineering systems.

Enabling Secure Secret Sharing in Distributed Online Social Networks

We study a new application of threshold-based secret sharing in a distributed online social network (DOSN), where users need a means to back up and recover their private keys in a network of untrusted servers. Using a simple threshold-based secret sharing in such an environment is insufficiently secured since delegates keeping the secret shares may collude to steal the users private keys. To mitigate this problem, we propose using different techniques to improve the system security: by selecting only the most reliable delegates for keeping these shares and further by encrypting the shares with passwords. We develop a mechanism to select the most reliable delegates based on an effective trust measure. Specifically, relationships among the secret owner, delegate candidates and their related friends are used to estimate the trustworthiness of a delegate. This trust measure minimizes the likelihood of the secret being stolen by an adversary and is shown to be effective against various collusive attacks. Extensive simulations show that the proposed trust-based delegate selection performs very well in highly vulnerable environments where the adversary controls many nodes with different distributions and even with spreading of infections in the network. In fact, the number of keys lost is very low under extremely pessimistic assumptions of the adversary model.

Reputation Systems for Self-Organized Networks

Self-organized networks such as mobile ad-hoc, Internet-based peer-to-peer, wireless mesh and Fourth generation (4G) wireless networks depend on cooperation of nodes. Reputation systems help nodes decide with whom to cooperate and which nodes to avoid. They have been studied and applied almost separately in diverse disciplines such as economics, computer science, and social science, resulting in effort duplication and inconsistent terminology. We aim to bring together these efforts by outlining features and fundamental questions common to reputation systems in general. We derive methodologies to address these questions for both reputation system design and research from our own experiences and evaluations by simulation and analytical modeling. We argue for using deviation tests, discounting, passing on only first-hand information, introducing secondary response, and stressing the importance of identity.