Packet Purse Model

BY: GAURAV KHANNA

Enforcing service availability in mobile ad-hoc WANs

Terminodes Project:

A 10-year research program, to investigate “Mobile ad-hoc wide area networks”.

Free, amateur, wireless ad-hoc network covering wide area, operates at unlicensed frequencies.

Networking functions embedded in terminals themselves.

Self-organized, autonomous, independent of any fixed infrastructure.

Two aspects of availability in terminode networks

Stimulation for cooperationo Scarcity of energy makes users have little interest in service

provision, so they are not cooperative towards each othero Short term and cooperative env.(an ad-hoc network) vs long

term and uncooperative env.(a terminode network)

Prevention of overloadingo Overloading the network with a malicious denial-of-service

attack or a user sending too much informationo Need a mechanism that makes DOS attacks expensive and

discourages users from flooding

Approach of stimulating co-operation and congestion prevention

Introduced the concept of money and service charges.

Terminodes that used a service should be charged and terminodes that provided a service should be remunerated.

Introduced a terminode currency that is called nuggets.

Nuggets have no monetary value, and they can only be used within terminode networks.

Motivates each terminode to increase its number of nuggets

Packet purse model for rewarding the packet forwarding service

The originator of the packet pays for the packet forwarding service.

When sending the packet, the originator loads it with a number of nuggets sufficient to reach the destination.

Forwarding terminode acquires one or several nuggets from the packet, increasing the stock of its nuggets;

The number of nuggets depends on the direct connection on which the packet is forwarded (long distance requires more nuggets).

If a packet does not have enough nuggets to be forwarded, then it is discarded.

7

7

7

7

7

A

B

C

D

E

7 Stock of nuggets at the terminodes

Step 1:

2

7

7

7

7

A

B

C

D

EStep 2:

5

2

8

7

7

7

A

B

C

D

EStep 3:

4

2

8

9

7

7

A

B

C

D

EStep 4:

2

Problems to be solved in PPM

The originator of a packet should be denied the re-use of the nuggets that it loaded in the packet purse.

A forwarding terminode should be denied taking more nuggets out of the packet than it deserves for the packet forwarding (i.e., “packet robbery” should be prevented).

Each intermediary should be forced to indeed forward the packet after having taken the nuggets out of it.

The integrity of the packet purse should be protected during transit.

The replay of a packet purse should be detected.

Detachment of a packet purse from its original packet and re-use of it with another packet should be impossible.

Assumptions

Tamper resistant security module (SM) Behavior modification impossible

Public key infrastructure authenticate each other, establish secure comm. links

Slowly changing neighborhood tracking neighbors, establish shared secrets

Omni directional antennae can be heard by all neighbors

Symmetry of the neighbor relationship

Reliable communication between neighbors channel in between is reliable

Pricing nuggets to be loaded, acquired

Terminodes are greedy behavior depends on both battery status and no. of nuggets

No network operator self organized

Packet purse header and packet forwarding protocol

Pros

Stimulation for cooperation and prevention of overloading and efficient

Robustness

legitimate increase of the nugget counter

Assumption; a tamper-proof security module

Using cryptographic checksums (i.e., the Purse Authentication Code and the Ack Authentication Code) stops generation of fake packet purses or acks

Replay of nuggets is prevented by Counter of each module

Fair exchange

A misbehaving party may cause some damage to a correctly behaving one, but it also loses something or atleast cannot gain anything (apart from malicious joy) with the misbehavior

Cons

Difficult to estimate the number of nuggets that are required to reach a given destination.

If the originator underestimates this number, then the packet will be discarded, and the originator loses its investment in this packet.

If the originator over-estimates the number, then the packet will arrive, but the originator still loses the remaining nuggets in the packet.

Reference

Buttyán, Levente, and Jean-Pierre Hubaux. "Enforcing service availability in mobile ad-hoc WANs." Proceedings of the 1st ACM international symposium on Mobile ad hoc networking & computing. IEEE Press, 2000.