16-05-2013, 03:27 PM
A Secure Payment Scheme with Low Communication and Processing Overhead for Multihop Wireless Networks
A Secure Payment Scheme.pdf (Size: 2.61 MB / Downloads: 67)
Abstract
We propose RACE, a report-based payment scheme for multihop wireless networks to stimulate node cooperation,
regulate packet transmission, and enforce fairness. The nodes submit lightweight payment reports (instead of receipts) to the
accounting center (AC) and temporarily store undeniable security tokens called Evidences. The reports contain the alleged charges
and rewards without security proofs, e.g., signatures. The AC can verify the payment by investigating the consistency of the reports,
and clear the payment of the fair reports with almost no processing overhead or cryptographic operations. For cheating reports, the
Evidences are requested to identify and evict the cheating nodes that submit incorrect reports. Instead of requesting the Evidences
from all the nodes participating in the cheating reports, RACE can identify the cheating nodes with requesting few Evidences.
Moreover, Evidence aggregation technique is used to reduce the Evidences’ storage area. Our analytical and simulation results
demonstrate that RACE requires much less communication and processing overhead than the existing receipt-based schemes with
acceptable payment clearance delay and storage area. This is essential for the effective implementation of a payment scheme
because it uses micropayment and the overhead cost should be much less than the payment value. Moreover, RACE can secure the
payment and precisely identify the cheating nodes without false accusations.
INTRODUCTION
IN multihop wireless networks (MWNs), the traffic originated
from a node is usually relayed through the other
nodes to the destination for enabling new applications and
enhancing the network performance and deployment [1].
MWNscan be deployed readily at low cost in developing and
rural areas. Multihop packet relay can extend the network
coverage using limited transmit power, improve area spectral
efficiency, and enhance the network throughput and capacity.
MWNs can also implement many useful applications
such as data sharing [2] and multimedia data transmission
[3]. For example, users in one area (residential neighborhood,
university campus, etc.) having different wireless-enabled
devices, e.g., PDAs, laptops, tablets, cell phones, etc., can
establish a network to communicate, distribute files, and
share information. However, the assumption that the nodes
are willing to spend their scarce resources, such as battery
energy, CPU cycles, and available network bandwidth, to
relay others’ packets without compensation cannot be held
for civilian applications where the nodes are autonomous and
aim to maximize their welfare.
RELATED WORKS
The existing payment schemes can be classified into
tamper-proof-device (TPD)-based and receipt-based
schemes. In TPD-based payment schemes [7], [8], [9], [10],
a TPD is installed in each node to store and manage its
credit account and secure its operation. For receipt-based
payment schemes [11], [12], [13], [14], [15], [16], [17], [18],
[19], [20], an offline central unit called the accounting center
stores and manages the nodes’ credit accounts. The nodes
usually submit undeniable proofs for relaying packets,
called receipts, to the AC to update their credit accounts.
In Nuglets [7], the self-generated and forwarded packets
by a node are passed to the TPD to decrease and increase
the node’s credit account, respectively. Packet purse and
packet trade models have been proposed. For the packet
purse model, the source node’s credit account is charged
the full payment before sending a packet, and each
intermediate node acquires the payment for relaying the
packet. For the packet trade model, each intermediate node
runs an auction to sell the packets to the next node in the
route, and the destination node pays the total cost of
relaying the packets. In SIP [8], after receiving a data packet,
the destination node sends a RECEIPT packet to the source
node to issue a REWARD packet to increment the credit
accounts of the intermediate nodes. In CASHnet [9], the
credit account of the source node is charged and a signature
is attached to each data packet.
SYSTEM MODELS
Network Model
For military and disaster recovery applications, the network
can be considered ephemeral because it is used for a specific
purpose and short duration. In this paper, we adopt the
network model used in [7], [8], [9], [10], [11], [12], [13], [14],
[15], [16], [17] that targets the civilian applications of
MWNs, where the network has long life and the nodes
have long-term relations with the network. As illustrated in
Fig. 1, the considered MWN has an offline TP and mobile
nodes. The TP contains the AC and the certificate authority
(CA).
Adversary Model
The mobile nodes are probable attackers but the TP is fully
secure. The mobile nodes are autonomous and self-interested
and thus motivated to misbehave. The TP is run by an
operator that is motivated to ensure the network proper
operation. As discussed in [24], it is impossible to realize
secure payment between two entities without a trusted third
party. The attackers have full control on their nodes and can
change their operation and infer the cryptographic data. The
attackers can work individually or collude with each other
under the control of one attacker to launch sophisticated
attacks. These strong assumptions are necessary due to
implementing payment in the network. Similar to [11], [12],
[13], [14], [15], [16], [17], [18], [19], [20], the attackers are
rational in the sense that they misbehave only when they can
achieve more benefits than behaving honestly. Particularly,
the attackers aim to steal credits, pay less, and communicate
for free. Table 2 gives the description of the used symbols in
this paper.
SECURITY ANALYSIS
Our security objective is preventing an attacker or even a
group of colluding attackers from achieving gains such as
stealing credits or paying less. The signatures of the source
node can ensure the messages’ integrity and authenticity
and secure the payment. Signatures and hash chains have
nonrepudiation property because it is computationally
infeasible to compute a node’s signature without knowing
the private key used in generating the signature, and to
compute hðiÞ from hði1Þ. This nonrepudiation property is
used to secure the payment by enabling the nodes to
compose valid Evidences and enabling the TP to verify the
Evidences to identify the cheating nodes.