01-02-2013, 11:07 AM
FESCIM: Fair, Efficient, and Secure Cooperation Incentive Mechanism for Multi-hop Cellular Networks
FESCIM.pdf (Size: 679.66 KB / Downloads: 29)
Abstract
In multi-hop cellular networks, the mobile nodes
usually relay others’ packets for enhancing the network performance
and deployment. However, selfish nodes usually do not
cooperate but make use of the cooperative nodes to relay their
packets, which has a negative effect on the network fairness and
performance. In this paper, we propose a fair and efficient incentive
mechanism to stimulate the node cooperation. Our mechanism
applies a fair charging policy by charging the source and
destination nodes when both of them benefit from the communication.
To implement this charging policy efficiently, hashing
operations are used in the ACK packets to reduce the number of
digital-signature operations. Moreover, reducing the overhead of
the payment cheques is essential for the efficient implementation
of the incentive mechanism due to the large number of payment
transactions. Instead of generating a cheque per message, a
small-size cheque can be generated per route, and a cheque submission
scheme is proposed to reduce the number of submitted
cheques and protect against collusion attacks.
INTRODUCTION
MULTI-HOP cellular network (MCN) [1], [2], [3], [4], is a
network architecture that incorporates the ad hoc characteristics
into the cellular system. A node’s traffic is usually
relayed through other nodes to the destination. The network
nodes commit bandwidth, data storage, CPU cycles, battery
power, etc, forming a pool of resources that can be shared by
all of them. The utility that the nodes can obtain from the
pooled resources is much higher than that they can obtain on
their own. The considered MCN is used for civilian applications
where the network has long life and the mobile nodes are
supposed to have long-term relations with the network. Multihop
packet relay can reduce the dead areas by extending the
communication range of the base stations without additional
costs. It can also reduce the energy consumption because
packets
RELATED WORK
In tamper-proof device (TPD) based incentive mechanisms
[17], [18], [19], [20], [21], a TPD is installed in each node to
manage its credit account and secure its operation. In Nuglets
[17], [18], the self-generated and forwarding packets are
passed to the TPD to decrease and increase the node’s credit
account, respectively. The packet purse and the packet trade
models have been proposed. In the packet purse model, only
the source node pays by loading some credits in each packet
before sending it. Each intermediate node acquires the amount
of credits that cover the packet’s relaying cost. In the packet
trade model, each intermediate node runs an auction to sell the
packets to the following node in the route. In this way, each
intermediate node earns some credits and the destination node
pays the total packet relaying cost. In SIP [19], after receiving
a data packet, the destination node sends a payment RECEIPT
packet to the source node to issue a REWARD packet to increment
the credit accounts of the intermediate nodes. In
CASHnet [20], [21], the source node’s traffic credit account is
charged and a signature is attached for each data packet. Upon
receiving the packet, the destination node’s traffic credit account
is also charged and a digitally signed ACK packet is sent
back to increase the helper credit accounts of the intermediate
nodes. Users regularly visit service points to buy traffic credits
with real money and/or transfer helper credits to traffic credits.
SYSTEM MODELS
Network and Communication Models
As shown in Fig. 1, the considered MCN includes an accounting
center, a set of base stations, and mobile nodes. The
AC stores and manages the credit accounts of the nodes, and
generates private/public key pair and certificate with unique
identity for each node. Once the AC receives a cheque, it updates
the accounts of the participating nodes. The base stations
are connected with each other and with the AC by a backbone
network that may be wired or wireless. FESCIM can be implemented
on the top of any routing protocol, such as DSR
[32] and AODV [33], to establish an end-to-end communication
session provided that the full identities of the nodes in the
route are known to the source and destination nodes. It is important
to include these identities in the source and the destination
node’s signatures to compose valid cheques.
Threat and Trust Models
Since the mobile nodes are autonomous and self-interested,
the attacker has full control on his node, and thus he can
change its operation. The attackers work individually or collude
with each other under the control of one attacker to
launch sophisticated attacks. The attackers are rational in the
sense that they misbehave when they can achieve more benefits
than behaving honestly. Specifically, the attackers attempt
to steal credits, pay less, and communicate freely. The mobile
nodes are probable attackers because they are motivated to
misbehave to increase their welfare, but the AC is fully secure.
It is impossible to realize secure payment between two entities
without trusted third party [34]. For the trust models, the network
nodes fully trust the AC to correctly perform billing and
auditing, but the AC does not trust any node or base station in
the network. The network nodes also trust their operators’ base
stations but do not trust those of other operators.
Payment Model
A fair charging policy is to support cost sharing between the
source and destination nodes when both of them benefit from
the communication. In order to make FESCIM flexible, the
payment-splitting ratio is adjustable and service-dependent,
e.g., a DNS server should not pay for name resolution. For
rewarding policy, some incentive mechanisms, such as [35],
consider that a packet relaying reward is proportional to the
incurred energy in relaying the packet. It is difficult to implement
this rewarding policy in practice without involving complicated
route discovery process and calculation of en-route
individual payments. Therefore, similar to [19], [25], [28],
[29], we use fixed rewarding rate, e.g., λ credits per unit-sized
packet.
SECURITY ANALYSIS
For Double-Rewarding attack, the attacker attempts to illegally
increase its rewards by submitting a cheque multiple
times. In order to thwart the attack and identify the attackers,
the AC checks whether the cheque has been deposited using
the cheque unique identifier (Si). For Double-Spending attack,
the attacker attempts to generate identical cheques for different
sessions to pay once. Two cheques cannot have the same
identifier because it contains the identities of the session nodes
and time stamp. For Cheque-Forgery-and-Manipulation attack,
the attackers attempt to forge cheques or manipulate valid
cheques to increase their rewards. This is not possible with
using secure hash function and signature scheme because it is
not possible to forge or modify the source and destination
nodes’ signatures and to compute the private keys from the
public ones.
PERFORMANCE EVALUATION
In this section, we evaluate the cheques’ overhead in terms
of the cheque size and the number of generated cheques. We
also evaluate the overhead of the signed and hash-chain based
ACKs in terms of energy consumption and end-to-end packet
delay.
Simulation Setup
In our simulation, we consider RSA signature scheme and
SHA-1 hash function with digest length of 20 bytes [39], [40].
Although the signature tags of the DSA and ECDSA signature
schemes are shorter than that of the RSA, these schemes increase
the end-to-end delay significantly because the verifying
operations performed by the intermediate and destination
nodes are computationally more demanding than the signing
operations performed by the source node. In [41], it is shown
that the verification time of the 1024-bit RSA is more than 31
and 45 times faster than those of the 168-bit ECDSA and
1024-bit DSA, respectively, and the signature generation is
measured to be around 8 and 6 times slower. According to
NIST guidelines [42], the secure private keys should have at
least 1024 bits.
CONCLUSION AND FUTURE WORK
In this paper, we have proposed a fair, efficient, and secure
cooperation incentive mechanism for MCN. In order to fairly
and efficiently charge the source and destination nodes, the
lightweight hashing operations are used to reduce the number
of public-key-cryptography operations. Moreover, to reduce
the overhead of the payment cheques, one small-size cheque is
generated per session instead of generating a cheque per message,
and Probabilistic cheque submission scheme has been
proposed to reduce the number of submitted cheques and protect
against the collusion attack. Extensive analysis and simulations
have demonstrated that our incentive mechanism can
secure the payment and significantly reduce the overhead of
storing, submitting, and processing the cheques. In addition,
replacing the destination node’s signatures with the hashing
operations can charge the source and destination nodes almost
computationally free.