Title: Cooperative Games, Statistical Physics and Trust in Ad Hoc Networks
1Cooperative Games, Statistical Physics and Trust
in Ad Hoc Networks
John S. Baras Institute for Systems
Research Department of Electrical and Computer
Engineering and Department of Computer Science
University of Maryland, College Park, MD 20742
Information Trust Institute, UIUC March 15, 2006
2Thanks to
- Collaborators
- Tao Jiang, George Theodorakopoulos
- Funding sources
- ARL (CTA on CN), ARO CIP URI (Wireless
Network Security), DARPA (Dynamic Coalitions) -
3Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
4Autonomic Wireless Networks
- Wireless networks, such as mobile ad hoc networks
(MANET) and sensor networks - No trusted centralized authority
- Resource (power, bandwidth, computation etc.)
constraints - Rapidly and dynamically changing topology and
connectivity - Uncertainty incompleteness of trust evidence
trust values in -1, 1 - Distributed trust computation and locality of
trust information exchanges - Unique properties
- Each node is its own authority and it is selfish
- Networking functions (route discovery, packet
forwarding and etc. ) rely on cooperation between
nodes - Cooperation utilizes local information and local
interactions (between neighbors)
5Cooperation and Games
- In distributed wireless networks
- Cooperation is restricted to only local
interactions - Decision is made by each node individually
- Nodes are self-interested
- Explain and analyze emergent properties
- Game theoretic methods
- Provide a framework for modeling individual
interactions - Understand complex global structures and dynamics
of a system composed of a large number of agents
with simple local interactions - Guide for analytical approach
- Examples Ising spin glass models, prisoners
dilemma - Goal how to encourage nodes to collaborate in
games? - Incentive trust systems to promote cooperation
and circumvent misbehaving nodes.
6Trust Management in MANET
- Properties
- Short-time, online establishment
- Self-organized
- Uncertainty and incompleteness
- Locality (local information exchange)
- Distributed computation
- Negative or false evidence
- Components of our scheme
- Trust document distribution
- Distributed trust computation
7Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
8Trust Document Distribution
- Swarm Intelligence based
- Biologically inspired biological swarms like
ants, bees, etc. - Evidence requests are delivered by sending out
multiple but simple ant agents that travel the
network and try to fetch information for the
request. - Properties
- Indirect communications between the agents (ants)
(efficiency) - Dynamic online optimization using local
information -
(adaptability, scalability) - Advantages
- Preserve the diversity of evidence
- Reinforce good quality trust paths by feedback
- Discover new sources of evidence via random
exploration of the network - SI scheme can be used both for route discovery
and trust evidence discovery (leads to methods
for secure routing)
9Comparison of Two Schemes
Swarm Intelligence Based Scheme
FREENET Based Scheme
- Exploration for new certificates by sending ants
in random patterns with some known and adaptive
probability - Redundant path information provides emergent
behavior
- Uses hashed keyword routing, instead of
flooding - Replication of the information where needed via
caching
10Ant-Based Evidence Distribution (ABED) --
Certificate Table
- The certificate table is similar with the
distance-vector routing table. The main
differences are - Each entry corresponds to one certificate
- Values are the probabilities of choosing each
neighbor as the next hop instead of the hop count
to destinations
- Probability value Pji represents the chance of
choosing i as the next node when searching for
certj at node k and
11ABED -- Types of ants
- Forward ants
- Unicast ants sent out to the neighbor with the
highest probability in the certificate table. - Broadcast ants sent out when either
- no path to the certificate has been explored
- the information the node has is outdated based
on the density of pheromone - Backward ants
- generated by source of requested certificate
- retraces the path of the forward ant back to the
source - induces certificate table modifications at each
intermediate node according to some learning rule
reinforcement
12ABED -- Reinforcement Rule
- Reinforcement rule
- ?i goodness value of the link between current
node k and its neighbor node i - Example the inverse of bandwidth usage of link k
?i. - ?i is the pheromone deposit, defined as
- , k gt 0 a constant,
is a non-decreasing function of the path cost c
(e.g. hop counts, delay) - is the pheromone
evaporation function - a and ß are constants varied in different network
environments
13ABED Simulation
- Simulation is based on NS-2
- Number of nodes 300
- Simulation area 3km x 3km
- Transmission range 250m
- Network diameter around 12 hops
- Two schemes to compare
- Swarm-intelligence based (ABED)
- Freenet based
14ABED Simulation Results
Hop count the number of hops that forward and
backward ants traversed in order to carry the
certificate back to the requester.
Delay the time elasped from sending out the
forward ant to receipt of the first backward ant.
Freenet scheme has a slow start period -- ABED
finds the best solution fast. Fast convergence
property highly desirable in mobile scenarios.
15ABED Simulation Results
Success rate the percentage of requests for
which the requester successfully obtains the
certificate.
Multiple paths are inherent in swarm
intelligence. If only one path is used for
request routing, a single failure leads to the
failure of the whole request. The multiple path
scheme is more resilient.
16Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
17Distributed Trust Computation Model
- The network is modeled as an undirected graph
G(V, E) - Vertex set V set of all nodes in the network
- Edge set E set of node pairs with trust
connections - Neighbor set Ni node j eij in E
- Neighbor set of agent i can represent
- Agents with which i is allowed to have a relation
- Giving rise to a logical interconnection network
- Relational graphs where neighbors are related
- Agents which i can sense, transmit or receive
information - Forming a physical wireless communication network
- Physical graphs where neighbors can communicate
directly
18Network Topology
- Random Graph (Erdös and Rényi, 1960)
- Nodes link to each other randomly
- Small-world model (Watts Strogatz,1998)
- Short average distance (six degree of separation)
- Large clustering coefficient
- Scale-free model (Barabási Albert, 1999)
- The distribution of degrees follows the power law
- Existence of hubs
- Rich get richer
- Recent research discovered lots of complex
networks being scale-free
19A Simple Distributed Trust Computation Policy
- Based on simple voting methods
- Voters
- Nodes that qualified as legitimate voters by
certificates signed by offline servers (have
trust evidence about node i) - Assume uniformly distributed in the network
- Policy decision based on threshold
- is the total number of votes node i
received (signed sum) - is the decision threshold
- is the number of is neighbors
20Simple Voting Scheme
- Number of positive votes on node i Vp,i 3
- Number of negative votes on node i Vn,i 1
- Effective votes Vi Vp,i - Vn,i 2
- Given ? 0.3, Vi gt ?Ni 1.8, node i is
designated trusted
21Trust Dynamics
Initial islands of trusts
- Trust revocation
- Changes in topology, membership, secure paths
- Referees of a node may change, trust evidence for
a node may change - Votes timeout or negative votes
22Trust Graph
- Trust graph GT(VT, ET)
- Induced subgraph of G(V, E) by VT
- VT is the set of nodes which are designated
trusted by the trust computation algorithm - ET e e in E and both ends of e are in VT
- Trust metric Psp percentage of trusted pairs
that are connected by one or more secure paths,
which are composed of trusted nodes - NPsecure is the number of trusted pairs that are
connected by one or more secure paths. - It is dependent of the cluster size and
connectivity of GT
23Random Graph Model
- Erdos and Renyi random graphs (ER model)
- When ? is small
- Most of nodes are considered to be trusted
- Psp is dominated by the edge presence probability
p in ER random graphs - Zero-one law in random graph theory is present
- Increasing the threshold ? results in
- Reducing the number of trusted nodes
- Increasing critical values
- Smaller Psp
Simulation results of Psp as function of
decision threshold ?
24Small-world Networks
Psp vs. ? after one iteration
Psp vs. ? in steady state
- Number of trusted paths increases as trust
spreads with each iteration - Different curves are with different shortcut
percentage Prw - Prw 0 represents a regular lattice
- Prw 1 converges to a random graph
- Observe the transition from lattices to random
graphs - With a relative small portion of shortcuts,
small-world networks facilitate the formation of
secure paths - The effects of topology are obvious, so any
distributed trust computation model should take
into account the topology properties
25Trust Revocation
- The trust revocation process is initiated
- when topology, membership or secure paths change
- when referees or trust evidence for a node
changes - when positive votes are timeout or new negative
votes are received
- Decision policy of the revocation process
- Revocation on a specific node, say B, usually
starts from few nodes that have negative
observations on B - A node A accepts the revocation on B, if it finds
that more than a threshold fraction F of its
neighbors revoke node B - Question can a revocation be accepted by a large
fraction of nodes in the network?
26Phase Transition of Revocation
- Revocation is launched from a randomly chosen
node in an Erdös-Rényi random graph with average
degree set as the Y-axis. - Global cascade area that lie inside of the
contour represents the percentage of nodes, which
accept the revocation, is greater than the value
corresponding to the contour (level surfaces of
histogram) - Phase transitions happen suddenly the steep of
the contours is very sharp, which represents
phase transitions
27Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
28Previous Work
- Decentralized path-inference protocols
- Combination of trust along and across paths
(Beth,1994) - Probability of finding a trust path from source
to target (Maurer, 1996) - Local interaction
- EigenTrust (Kamvar, 2003)
- PeerTrust (Xiong, 2004)
- Bayesian methods (Buchegger, 2003)
- Our work is similar with EigenTrust and
PeerTrust, which provided promising results. - However, results of EigenTrust and PeerTrust are
all based on simulations. - We analyze our local interaction rule using graph
theory. - We also provide a theoretical justification for
network management that facilitates trust
propagation.
29Voting Scheme
- Voting rule (local policy)
- is the trust value of node i
- is the vote value (weight) of node j about
node i - Local voting rule
- Function f should satisfy the following
properties - The range of f is -1,1.
- Votes from neighbors with higher trust value are
more credible, so they should carry larger
weights. - Policy threshold rule for trustworthiness of the
target agent - where is the threshold, which is a
constant
30Simple Voting Rule
- We use the weighted average as the voting rule,
where weights are vote values (all quantities
nonnegative) - is the degree of node i
- n represents discrete time
- Assume is a constant, i.e. it doesnt
change with time, which is true when considering
the steady state - The voting rule can be written in system
equationwhere D diagd1 ,d2 ,, dN, T is a
vector representing trust values of all nodes and
V is the matrix of vote values
31Convergence of Simple Voting Rule
- Voting without uncertainty
- For each pair (i, j) , if i and j are neighbors,
then vij 1. - V A, where A is the adjacency matrix of graph
G, and D-1A is a stochastic matrix with the
largest eigenvalue being 1. - Let be the right eigenvector of D-1A
corresponding to eigenvalue 1. then - If , all nodes are
trusted, and none is trusted otherwise.
- The initial
trust values are very crucial. - Voting with uncertainty
- 0 vij 1, D-1A is a semi-stochastic matrix.
- We proved ,
so T?0. Trust cannot be established at
all!!!
32Voting with Headers
- We have shown that using the simple voting
scheme, trust can only be established under
certain strict conditions - All votes value are 1 and the initial
configuration must satisfy - A single vote with value less than 1 will result
in failure of trust establishment. - We introduce the notion of headers
- Headers are pre-trusted agents and only vote for
nodes that they fully trust. - If node i is trusted with bi headers, it will
get bi more votes with value 1. Let B diagb1
, b2 ,, bN . - The system equation changes to
33Convergence of Voting with Headers
- Voting without uncertainty
- V A, and define .
The system equation changes to - If there is at least one node i such that bi gt 0,
((DB)-1A)n goes to 0. Therefore T(n) ? 1
and all nodes are trusted. - Voting with uncertainty
- Using the same technique as above, let
. We are able to find the
condition such that - If we let , then all nodes are
trusted. - Theorem Given the threshold is ? , the number
of headers for each node must satisfy - This theorem proves, as well as provides, a
network design method to establish a fully
trusted network by introducing headers
34Spreading Speed and Topology
- The time for updating rule to reach steady state,
i.e., how fast the trust values converge. - Perron-Frobenius Theorem in algebraic graph
theory For a stochastic matrix A - is the largest eigenvalue of A, which is 1
and is the second largest eigenvalue of
A. - The convergence rate of An is of order
- Normalized adjacency matrices are stochastic
matrices, therefore those with smaller
converge faster. - What kind of networks or which network topology
has smaller second largest eigenvalue
35Spreading Speed and Topology
- We consider the small-world model proposed by
Watts and Strogatz in 1998 - High clustering coefficient and small average
graphical distance between any pair. - We use F-model, which is modeled by adding small
number of new edges into a regular lattice.
- Adding just 1 more edges, spreading finishes in
10 times less rounds.
36Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
37Ising and Spin Glass Models
- Statistical Physics models for magnetization
- Orientation of each particles spin depends on
its neighbors - Ising Model behavior of simple magnets
- Spin Glass Model complex materials
- Math interpretation
- s s1, s2,, sn is a configuration of n
particle spins, where sj 1 or -1 , spin j
is up or down - Hamiltonian, or Energy for configuration s
- Ising Model Jij J for all i, j
- Spin Glass Model Jij depend on i,j and can be
random processes
38Ising/SG Models and Games
- Ising and Spin Glass models can be interpreted as
dynamic (repeated) games each particle selects
its own spin to maximize its own payoff - Ising model (Jij J) align its spin with the
majority of neighbors spin - High T, conservative agents, not willing to
change, small payoffs - Low T, aggressive agents, larger payoffs
- Collection of local decisions reduces the total
energy of the interacting particles - Statistical Mechanics primary object of interest
- Recent excitement computation of ground state,
partition function Z, NP - complete, Replica
Method - Application to turbocodes, image restoration,
neural networks, learning, associative memory,
SAT, knapsack, SA, number parttioning, graph
partitioning, CDMA, MIMO, - Inspires an approach where trust is used as an
incentive for cooperation - si represents whether node i cooperates or not
with neighbors - Jij can be interpreted as the worth of player j
to player i - Cooperate or not based on benefit from
cooperation and trust values of neighbors
39Spin Glass Cooperative Game
- Spin Glass model as a cooperative game (spin
glass game) - In
, the weights wij frustrate the system - Both positive and negative local feedback (e.g.
wij?-1, 1) - Interaction topology ( i.e. the matrix J Jij
) moderates effects pos. and neg. fback - S ? N 1, 2, , N is a coalition, in which
all nodes cooperate - v(S) value of characteristic function of the
game , v 2N?R maximum payoff S can get
without cooperation from other nodes N /S. - Model can be used to find what form or policy
for Jij can induce all (or most) nodes to
cooperate maximize the coalition
G (N, v)
6
2
J21
J12
3
Subset S1,2,3,4 v(S)J12J21J14J41J43J34
-J36 -J15
1
5
J34
J14
J41
4
J43
40Cooperative Games and Dynamic Coalitions
- Have a number of players, some can be coalitions
themselves - How do they negotiate an acceptable DC security
policies set? - What are the properties of the final result the
negotiated policy set? - Is there an efficient scheme that gets us there?
- Cooperative games allow us to set up different
types of games between the players, examine
different concepts of solutions and values - Can prove mathematically properties of the
solution and value e.g. minimizes maximum
dissatisfaction, is anonymous, is stable - Can get iterative methods to get to solution
(negotiation schema), can use all kinds of
constraints, invariance to aV b scaling
(preferences) - Working on extensions to partial information,
learning, robustness to uncertainties
41Solution Concepts of Cooperative Games
- Core (stable, reasonable payoffs)
- The core gives each coalition at least as much as
it could get by itself. - No group of players has an incentive to split off
the grand coalition N and form a smaller
coalition S. - Convex and average convex games have nonempty
cores. - Other solutions include stable sets and nucleolus
- Payoff allocation in coalitions
- An allocation vector x is individually rational
if - All solutions in the core are individually
rational
42Spin Glass Cooperative Game Properties
- Spin Glass game is a convex and superadditive
game iff (net pos. effects) - Shapley value
in the core - Not well understood in the regime of both
negative and positive net effects - Effects of interaction matrix structure
(sparsity, neighborhood structure, range of
interactions, strength of interactions) not well
understood Topology effects in network analog - Oriented Spin Glass Game G(N,v) where v now
depends on both an interaction matrix J and a
preference vector L a pair of char. fcns - Replica method can be used to analyze various
problems under various models and constraints on
J and L
43Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
44Cooperative Games with Negotiation
- Consider G (N, v), N as before but with
- G (N, v) convex, superadditive
- Theorem G (N, v) has a nonempty core. The
payoff allocation to node i ,
is in the core. Compute
as follows - This payoff allocation indicates a way to
encourage cooperation - Players with positive gain can negotiate with
their neighbors by sacrificing certain gain
(offering their partial gain ?ijJij )
45Trust as Mechanism to Induce Collaboration
- Trust is an incentive for collaboration
- Nodes who refrain from cooperation get lower
trust values - They will be eventually penalized because other
nodes tend to only cooperate with highly trusted
ones. - Assume, for node i, that the loss for not
cooperating with node j is a nondecreasing
function of Jji as f (Jji), and the new
characteristic function is - Theorem if ,
the core is nonempty and
- is a feasible payoff
allocation in the core. - By introducing a trust mechanism, all nodes are
induced to collaborate without any negotiation
46Dynamics of Cooperation
- Two linked dynamics
- Trust propagation
- Game evolution
- The network is modeled as a discrete-time system
j all neighbors of i vij trust value node i
votes for node j
47Game Evolution
- Strategy of node i
- ?ij 1 ( 0) represents that i cooperates (does
not cooperate) with - its neighbor j
- Payoff for node i when interacting with j
xij Jij ?ij ?ji - xij gt 0 (lt 0) positive link (negative link)
- Node selfishness ? cooperate with neighbors on
positive links - Strategy updates node i chooses ?ij 1 only if
all of the following are satisfied - Neighbor j has not been revoked
- Neighbor j is cooperative
- xij gt 0, or the cumulative payoff of i is less
than the case when it unconditionally chooses
?ij 1. - Trust propagation
- The threshold is chosen to ensure global
revocation propagation - Reestablishing period t once a node is revoked,
in order to reestablish trust the revocation has
to be nullified for t consecutive time steps
48Results of Game Evolution
- Theorem
, there exists t0, such that for a reestablishing
period t gt t0 - The iterated game converges to Nash equilibrium
- In the Nash equilibrium, all nodes cooperate with
all their neighbors. - Comparison of games with (without) trust
mechanism, strategy update
Percentage of cooperating pairs vs negative links
Average payoffs vs negative links
49Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
50Trust Evaluation in Autonomic Networks
- The network is modeled as a directed graph G(V,E)
- G is the trust graph
- A directed link from node i to node j corresponds
to the trust relation i has on j - The weight Jij represents the opinion of i on j,
- Trust evaluation is to estimate the
trustworthiness of nodes - ti represents node i being either GOOD or BAD,
denoted as ti1 or -1 - si is the estimated trust value of node i
- si is a subjective concept, while ti is an
existing but unknown fact - Objective to drive si as close to ti as possible
based on available Jij
51General Local Voting Rule
- In homogenous networks, the trustworthiness of an
agent is based on other peers opinion - Most straightforward scheme is to ask neighbors
to vote for it - Vote values are equal to Jij
- Properties of the voting rule
- Trustworthiness of voters ? weighted average
- Conflicting opinions ? effective votes
- Iterative voting rule
- Evaluation starts from a small set of trusted
nodes - Our interest is to study the evolution of the
trust value estimates si and their value at the
equilibrium
52Stochastic Threshold Rule
- Assume binary voting result, i.e.,
- Threshold rule where
- Stochastic threshold rule with uncertainty
parameter b
Zi(k) is the normalization factor
53Stochastic Threshold Rule (cont)
- Update sequence random asynchronous updates
- Difficult to achieve synchronicity in autonomic
networks - The probability that node i is chosen as the
target at each iteration is fixed as qi - Markov chain interpretation
- Markov property The value of si at time k1 only
depends on mi at time k - Part of the Markov chain (right figure)
- Suppose S(k)1,-1,1,1, then S(k1) either flips
one of the element in S(k) or stays at the state
of S(k)
1,-1,1,1
Time k
s1
s4
s2
s3
1,-1,1,-1
1,-1,-1,1
1,1,1,1
-1,-1,1,1
k1
54Convergence
- The steady state of the Markov chain
- If and , the
voting rule converges to the steady state with a
unique stationary distribution - The unique stationary distribution is
- where
- and Z is the normalization function
- Criterion probability of correct estimation
55Trust in Virtuous Networks
All nodes are good and have full confidence in
their neighbors. We study Pcorrect at steady
state.
Left figure The threshold should be less or
equal to 0, otherwise the trust estimate of each
node converges to -1. Right figure When
threshold is equal to 0 -- phase transition.
Small change on the parameter results in opposite
performance of the voting rule.
56Virtuous Networks with Uncertainty
- All nodes are good, but because of uncertainty
and incompleteness, Jijs are random variables - Assume
- Assume that the probability of a good node having
an incorrect opinion on its neighbors is pe
- Simulation results
- When pe is larger, the system more probably stays
in the random phase. - When pe is large enough (pe gt 0.15), the system
always stays in the random phase. - Theoretical analysis replica method in spin
glasses
57Networks with Adversaries
- Adversary model
- Independent adversaries do not collude.
- Collusive adversaries know each other, so they
vote for other adversaries with value 1 and for
good nodes with value -1. - Random adversaries randomly assign confidence
values on others - Given all independent adversaries, we proved that
Pcorrect is independent of the number - of adversaries.
- Simulation results
- Independent adversaries
- overlapping with all good nodes
- Collusive adversaries easier
- to be detected
- Random adversaries most
- impact on performance
58Network Topology
- Small-world model
- Prw represents short cuts fraction on a regular
lattice - Regular lattice Prw0 Random graph Prw1
- Prw in 0.1,0.01 is the area for the small world
model
- The performance of the voting rule increases as
Prw increases. - A more random graph has shorter average distance
- Accuracy of trust information degenerates over
the path length, so a short spreading path has
more accurate information and leads to good result
59General Local Rule
- Global rule (Jijs are all known) the posterior
of the estimated trust vector S given
observations Jijs - where Z is the normalization factor.
- General local rule
- si is a Markov random field.
- We proved that the iterated local rule converges
to the posterior PrS - Voting rule
- When the probability that a node makes a wrong
decision is fixed as pe, the general local rule
is equivalent to the voting rule
60Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
61Network Trust ComputationDirect and Indirect
Ways
- Network of users (Neighboring pattern)
- Internet, ad-hoc, P2P, online community
- Protocol (predescribed behavior)
- Routing, MAC, Downloading protocol, Social
protocol - Users can either follow or break the protocol (C
or D) - Neighbors monitor each others actions
62Direct Network Trust
Wireless Ad-Hoc Network Physical Graph
Follow protocol Receive/forward neighbors
packetsKeeps network connected, but spends energy
2
1
7
4
6
3
5
8
63Direct Network Trust
- Direct trust is based on past interactions
between User A and User B. - It is As belief about Bs future behavior.
- Helps A decide what to do next.
A
B
64Autonomous Computation
- Each user computes his own opinions about others
- No centralized trusted authority
- Each users opinion is based on locally available
information - Reduces bandwidth consumption
- Reduces delay
65Indirect Network Trust
User 8 asks for access to User 1s files.User 1
and User 8 have no previous interaction
What should User 1 do?
2
1
7
Use transitivity of trust (i.e. use references)
4
6
3
5
8
66Indirect Network Trust
- Indirect Trust
- A trusts B, B trusts C
- What can A say about C ?
- Assumption Transitivity of Trust (at least
partial) - Usefulness User A benefits from others
interactions - Caveat Others interactions are second hand
information (use carefully)
67Why Compute Trust?
- Why compute trust when we could give each user a
list with trusted nodes? - The network and the users change
- New users join, old users depart, users move
around, links break. - User behavior changes
- Network nodes may become compromised, so others
will change their trust towards them.
68Related Work
- Kreps, Wilson
- Chain-Store Game for Reputation
- Morselli, Bhattacharjee, Katz
- Game Theory for Trust
- Reiter, Stubblebine
- Importance of Independent Trust Paths
- Levien, Aiken
- Attack Resistance
69Direct Trust
2
1
7
4
6
3
5
8
70Direct Trust
- User i
- is of type ti?Good, Bad
- chooses action ai?C,D, i1N
- receives payoff RiR(ai,a?(i),ti)
- wants to maximize his own payoff (local behavior)
71Direct Trust
- Payoff is decomposed as sum of pairwise payoffs
along each link
4
C
7
D
C
6
72Direct Trust
- Questions we are investigating
- How can connectivity (collaboration) be achieved?
- How quickly can it be achieved?
- How many bad nodes can destroy it?
- Within our framework, the following parameters
affect the answers to the above questions. - Payoffs
- Strategies
- Topology
73Direct Trust
- What is the Good vs Good game?
- Positive Maximize Network Connectivity
- Negative Energy is scarce
Connectivity-Energy
D
C
-Energy
C
Nothing
D
74Direct Trust
- What is the Good vs Bad Game?
- Good wants same as before
- Bad wants the exact opposite
D
C
C
Zero-sum game!
D
75Game Theory
D
C
C
Example GamePrisoners Dilemma
D
Strategy for User i
76Direct Trust
- Payoffs with randomized strategies and known types
77Direct Trust
- Extension Prior probability (reputation) for
user types - Bayes-Nash equilibrium
- Strategy for User i
evolving reputation
78Direct Trust
- How are payoffs computed now?i.e. average
not only over the neighbors strategies, but also
over their type (G or B)
79Direct Trust
- Problems we are studying
- Repeated interactions
- Take history into account (reputation, profiling)
Strategy of User i for step n
Probability (reputation) update for User i
80Direct Trust
- Two sequences evolving with time
- Vector of actions (strategies), time 1n
- Set of vectors of neighbor probabilities
(reputations), time 1n
81Direct Trust
- We are looking for an equilibrium that maximizes
the total payoff of Good nodes (connectivity
under energy constraints) - In a real situation additional requirements may
apply - Finite User memory size
- Simple strategies
82Direct Trust
- Where is trust in all this?
- RememberDirect trust is based on past
interactions between User A and User B.It is As
belief about Bs future behavior.Helps A decide
what to do next. - Trust is how users use the history of past
actions to decide what to do next. - Quantified with updated probabilities
(reputations) pi.
83Indirect Trust System model
- System mapped to a weighted, directed graph
- Vertices entities/users
- Edges direct trust relations
- Weights w(i,j) How much i trusts j
- Establish an indirect trust relation, between
users that have not had direct interactions - Remember We assume that trust is transitive
-
(at least partially)
84Mathematical Framework
- Trust computation as a path problem on a graph
- Information about j that is useful to i
?Directed paths from i to j - Combine information along each path, and then
aggregate across paths - Use a framework for path problems on graphs
85Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
86Semirings-Definitions
- Semiring A triplet , s.t. for
- ? is associative and commutative
- ? is associative
- ? distributes over ?
87Semirings-Definitions
- ? is used to combine edge weights along a
path - ? is used to combine path weights
a?b
a
b
a
a?b
b
88 Semiring Computation
2
1
7
4
6
3
5
8
89Semirings-Examples
- Shortest Path Problem
- Semiring
- ? is and computes total path delay
- ? is and picks shortest path
- Bottleneck Problem
- Semiring
- ? is and computes path bandwidth
- ? is and picks highest bandwidth
90Trust Semiring PropertiesPartial Order
- Combined along-a-path weight should not increase
- Combined across-paths weight should not decrease
a
b
2
3
1
a
b
91 Computing Indirect Trust
2
1
7
4
6
3
5
8
92Trust Path Semiring
- The weights have two components (t,c), jointly
called an opinion. - Trust
- Degree of trustworthiness
- Confidence
- Accuracy of trust value assignment, confidence
interval - Example
- Out of 100 interactions, 90 are good ? (t, c)
- Out of 1000 interactions, 900 are good ? (t't,
c'gtc)
93Trust Path Semiring
- 0 ? trust, confidence ? 1
- ? is
- ? is
94Attacks to Indirect Trust
- Remember Remote Access Control
- User 8 wants but may not deserve access.
- ATTACK the trust computation!
- Aim Increase t1?8 to a level that would grant
access. - How?
- Edge attack change opinion on an edge (trick a
node into forming false opinion) - Node attack change any opinion emanating from a
node (gain complete control of a node)
95Attacks to Indirect Trust
Edge Attack
2
1
7
4
6
3
5
8
96Attacks to Indirect Trust
Node Attack
2
1
7
4
6
3
5
8
97Game Theory for Attacks
- Model Combined x-node, y-edge attack
- Given topology, weights and semiring
- What is the maximum damage can cause?
- Which nodes/edges are more likely to be attacked?
(these will need extra protection) - Given topology and semiring
- Designer chooses weights secretly from attacker
to Minimize the Maximum damage the attacker can
cause.
98 Computing Indirect Trust
- Path interpretation
- Linear system interpretation
99 Computing Indirect Trust
- To include pre-trusted nodes
- So, we can now define a linear systemwith
fixed input
100 Computing Indirect Trust
- Treat as a linear system
- We are looking for its steady state.
- Benefits
- Result of computation linked explicitly to
properties of matrix W - Easier to see effect of attacks, of pre-trusted
nodes, of changes in the topology (manipulation
of W). - Speed of convergence linked to circuits of W.
101Trust Computation Simulation
- Initially designate Good and Bad nodes
- Aim eventually classify all nodes correctly
102Outline
- Distributed trust in MANET
- Trust document distribution
- Trust (and Mistrust) spreading and dynamics
- Effects of topology on convergence
- Spin glasses and cooperative games
- Collaboration via trust schemes
- Trust evaluation in autonomic networks
- Trust evaluation direct and indirect ways
- Trust computation via linear iterations in
semirings - Conclusions and future work
103Conclusions and Future Research
- Analyzed and evaluated fundamental methods to
induce collaboration in wireless networks with
mobile nodes - Focused on distributed schemes using only local
interactions - Developed and analyzed a cooperative game
framework and showed that negotiation between
agents can induce collaboration - Developed a distributed trust establishment,
propagation and maintenance scheme and showed
that it can also induce collaboration - Showed that trust propagation displays phase
transitions - Investigated the linked dynamics of trust
propagation and game evolution and showed the
benefits in inducing collaboration - Developed mathematical models for direct and
indirect trust evaluation using coupled dynamics
of iterative games and reputation evolution - Developed distributed trust computation based on
path semirings - Methods inspired from statistical physics of spin
glasses - Future directions include analysis of networks
with dynamic topologies, robustness of these
collaboration inducing mechanisms, identification
of parameters (including topology types) that
influence the dynamics and qualities of
collaborative behavior
104Publications
- Tao Jiang and John S. Baras, Ant-based Adaptive
Trust Evidence Distribution in MANET,
Proceedings of 2nd International Workshop on
Mobile Distributed Computing (MDC04), in
conjunction with the Intern. Conference on
Distributed Computing Systems, pp. 588-593,
Tokyo, Japan, March 2004. - John S. Baras and Tao Jiang, Dynamic and
Distributed Trust for Mobile Ad-Hoc Networks,
Proceedings of 24th Army Science Conference,
Orlando, Florida, December 2004. - John S. Baras and Tao Jiang, Cooperative Games,
Phase Transitions on Graphs and Distributed Trust
In MANET, invited paper, Proceedings 2004 IEEE
Conference on Decision and Control, pp. 93-98,
December 2004, Bahamas. - John S. Baras and Tao Jiang, Managing Trust in
Self-organized Mobile Adhoc Networks, invited
paper, Wireless and Mobile Security Workshop,
Network and Distributed Systems Security
Symposium, February 2005, San Diego, USA. - Tao Jiang and John S. Baras, Autonomous Trust
Establishment, 2nd International Network
Optimization Conference (INOC), February 2005,
Lisbon, Portugal. - Tao Jiang and John S. Baras, Graph Algebraic
Interpretation of Trust Establishment in
Autonomic Networks, submitted, 2005.
105Publications
- John S. Baras and Tao Jiang, Cooperation, Trust
and Games in Wireless Networks, invited paper,
in Proceedings of Symposium on Systems, Control
and Networks, honoring Professor P. Varaiya, pp.
183-202, Birkhauser, June 2005. - G. Theodorakopoulos, J. S. Baras, Trust
Evaluation in Ad-Hoc Networks, Proceedings of
ACM Workshop on Wireless Security (WiSe 2004),
pp. 1-10, Philadelphia, Pennsylvania, October 1,
2004. (Best Paper Award). - George Theodorakopoulos and John S. Baras, On
Trust Models and Trust Evaluation Metrics for
Ad-Hoc Networks, JSAC special issue on security
in wireless ad-hoc networks, Vol. 24, No. 2, pp.
318-328, February 2005. - Tao Jiang and John S. Baras, Trust Evaluation in
Anarchy A Case Study on Autonomous Networks, to
appear in Proceedings of 2006 INFOCOM, April
2006, Barcelona, Spain. - Tao Jiang and John S. Baras, Cooperation in Ad
hoc Communication Networks A Cooperative Game
Approach, MSRI Workshop Mathematics of Relaying
and Cooperation in Communication Networks, April
2006, Berkeley, CA. - George Theodorakopoulos and John S. Baras,
Iterated Games on Graphs for Direct trust
Evaluation, submitted, 2006.
106- Thank you!
- baras_at_isr.umd.edu
- http//www.isr.umd.edu/people/baras
107 108Cooperative Games
- Cooperative Game in characteristic function form
G N, v, N 1, 2, , N, v 2N?R , on
all subsets S (coalitions) of N - S a coalition, v(S ) is interpreted as the
maximum utility S can get without the cooperation
of players in N \ S - G superadditive S, T ? N, S ?T ?, v(S ? T )
? v(S ) v(T ) - G monotone S ? T implies v(S ) ? v(T)
- G convex for each i?N, S ? T, implies di(S )
? di(T ) - increasing marginal
- returns contribution of i
- G rational v(N ) ? ?iv(i)
109Cooperative Games and Payoffs
- Feasible payoff vectors
- Efficient payoff vectors
- Individually rational payoff vectors
- Solution s associates with each game G a
subset of I(N,v) Characterized
either by math relations or axioms Captures
different notions of desirable properties of
solutions - x dominates y through coalition S (x ?S y) if
xi gt yi, i?S, x(S) ? v(S) - x dominates y (x ? y) if x ?S y for some
coalition S
110Cooperative Games Solution Concepts
- Core (stable, reasonable payoffs) gives each
coalition at least as much as could get by itself - Convex and average convex games have nonempty
cores - For a set of games the core is the unique
solution that is individually rational,
superadditive, nonempty and satisfies the reduced
game property
- Stable sets V? I , there is no x, y ?V s.t. x?y,
and if y?V, there is x?V s.t. x?y
- Nucleolus excess e(S, x) v(S ) x(S )
measure of dissatisfaction
of coalition S for payoff x Set
?(x) (e(S, x))S ?N solution obtained by
min ?(?(x)) x ? I(N, v).
Minimize maximal complaint. - The Nucleolus is always in the core
111Cooperative Games Solution Concepts
- Nucleolus is the individually rational payoff
that lexicographically minimizes the excess
vector - Leads to iterative procedure for getting there
- Use a small set of linear programs that
iteratively minimize the highest excess, then the
second highest excess, etc. - A solution concept is the Nucleolus if and only
if it is anonymous (ind. of payer labeling),
covariant (ind. of scale expressing preferences),
satisfies the reduced game property
- Shapley Value solution ? with components the
expected marginal contribution made by i when
entering coalition N - T is a carrier, if v(S ) v(S ?T), v(S ) ?i?S
?i (v). Shapley Value is the unique solution
that has this property, is anonymous and
additive - For convex games Shapley Value is in the core
- Kernel, Bargaining Set consider coalition
structures, their stability, objections and
counterobjections