Cooperative Games, Statistical Physics and Trust in Ad Hoc Networks

1
Cooperative Games, Statistical Physics and Trust
in Ad Hoc Networks
John S. Baras Institute for Systems
Research Department of Electrical and Computer
Engineering and Department of Computer Science
University of Maryland, College Park, MD 20742
Information Trust Institute, UIUC March 15, 2006
2
Thanks to

• Collaborators
• Tao Jiang, George Theodorakopoulos
• Funding sources
• ARL (CTA on CN), ARO CIP URI (Wireless
  Network Security), DARPA (Dynamic Coalitions)

3
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

4
Autonomic Wireless Networks

• Wireless networks, such as mobile ad hoc networks
  (MANET) and sensor networks
• No trusted centralized authority
• Resource (power, bandwidth, computation etc.)
  constraints
• Rapidly and dynamically changing topology and
  connectivity
• Uncertainty incompleteness of trust evidence
  trust values in -1, 1
• Distributed trust computation and locality of
  trust information exchanges
• Unique properties
• Each node is its own authority and it is selfish
• Networking functions (route discovery, packet
  forwarding and etc. ) rely on cooperation between
  nodes
• Cooperation utilizes local information and local
  interactions (between neighbors)

5
Cooperation and Games

• In distributed wireless networks
• Cooperation is restricted to only local
  interactions
• Decision is made by each node individually
• Nodes are self-interested
• Explain and analyze emergent properties
• Game theoretic methods
• Provide a framework for modeling individual
  interactions
• Understand complex global structures and dynamics
  of a system composed of a large number of agents
  with simple local interactions
• Guide for analytical approach
• Examples Ising spin glass models, prisoners
  dilemma
• Goal how to encourage nodes to collaborate in
  games?
• Incentive trust systems to promote cooperation
  and circumvent misbehaving nodes.

6
Trust Management in MANET

• Properties
• Short-time, online establishment
• Self-organized
• Uncertainty and incompleteness
• Locality (local information exchange)
• Distributed computation
• Negative or false evidence
• Components of our scheme
• Trust document distribution
• Distributed trust computation

7
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

8
Trust Document Distribution

• Swarm Intelligence based
• Biologically inspired biological swarms like
  ants, bees, etc.
• Evidence requests are delivered by sending out
  multiple but simple ant agents that travel the
  network and try to fetch information for the
  request.
• Properties
• Indirect communications between the agents (ants)
  (efficiency)
• Dynamic online optimization using local
  information
• 
  (adaptability, scalability)
• Advantages
• Preserve the diversity of evidence
• Reinforce good quality trust paths by feedback
• Discover new sources of evidence via random
  exploration of the network
• SI scheme can be used both for route discovery
  and trust evidence discovery (leads to methods
  for secure routing)

9
Comparison of Two Schemes
Swarm Intelligence Based Scheme
FREENET Based Scheme

• Exploration for new certificates by sending ants
  in random patterns with some known and adaptive
  probability
• Redundant path information provides emergent
  behavior

• Uses hashed keyword routing, instead of
  flooding
• Replication of the information where needed via
  caching

10
Ant-Based Evidence Distribution (ABED) --
Certificate Table

• The certificate table is similar with the
  distance-vector routing table. The main
  differences are
• Each entry corresponds to one certificate
• Values are the probabilities of choosing each
  neighbor as the next hop instead of the hop count
  to destinations

• Probability value Pji represents the chance of
  choosing i as the next node when searching for
  certj at node k and

11
ABED -- Types of ants

• Forward ants
• Unicast ants sent out to the neighbor with the
  highest probability in the certificate table.
• Broadcast ants sent out when either
• no path to the certificate has been explored
• the information the node has is outdated based
  on the density of pheromone
• Backward ants
• generated by source of requested certificate
• retraces the path of the forward ant back to the
  source
• induces certificate table modifications at each
  intermediate node according to some learning rule
  reinforcement

12
ABED -- Reinforcement Rule

• Reinforcement rule
• ?i goodness value of the link between current
  node k and its neighbor node i
• Example the inverse of bandwidth usage of link k
  ?i.
• ?i is the pheromone deposit, defined as
• , k gt 0 a constant,
  is a non-decreasing function of the path cost c
  (e.g. hop counts, delay)
• is the pheromone
  evaporation function
• a and ß are constants varied in different network
  environments

13
ABED Simulation

• Simulation is based on NS-2
• Number of nodes 300
• Simulation area 3km x 3km
• Transmission range 250m
• Network diameter around 12 hops
• Two schemes to compare
• Swarm-intelligence based (ABED)
• Freenet based

14
ABED Simulation Results
Hop count the number of hops that forward and
backward ants traversed in order to carry the
certificate back to the requester.
Delay the time elasped from sending out the
forward ant to receipt of the first backward ant.
Freenet scheme has a slow start period -- ABED
finds the best solution fast. Fast convergence
property highly desirable in mobile scenarios.
15
ABED Simulation Results
Success rate the percentage of requests for
which the requester successfully obtains the
certificate.
Multiple paths are inherent in swarm
intelligence. If only one path is used for
request routing, a single failure leads to the
failure of the whole request. The multiple path
scheme is more resilient.
16
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

17
Distributed Trust Computation Model

• The network is modeled as an undirected graph
  G(V, E)
• Vertex set V set of all nodes in the network
• Edge set E set of node pairs with trust
  connections
• Neighbor set Ni node j eij in E
• Neighbor set of agent i can represent
• Agents with which i is allowed to have a relation
  
• Giving rise to a logical interconnection network
• Relational graphs where neighbors are related
• Agents which i can sense, transmit or receive
  information
• Forming a physical wireless communication network
  
• Physical graphs where neighbors can communicate
  directly

18
Network Topology

• Random Graph (Erdös and Rényi, 1960)
• Nodes link to each other randomly
• Small-world model (Watts Strogatz,1998)
• Short average distance (six degree of separation)
• Large clustering coefficient
• Scale-free model (Barabási Albert, 1999)
• The distribution of degrees follows the power law
• Existence of hubs
• Rich get richer
• Recent research discovered lots of complex
  networks being scale-free

19
A Simple Distributed Trust Computation Policy

• Based on simple voting methods
• Voters
• Nodes that qualified as legitimate voters by
  certificates signed by offline servers (have
  trust evidence about node i)
• Assume uniformly distributed in the network
• Policy decision based on threshold
• is the total number of votes node i
  received (signed sum)
• is the decision threshold
• is the number of is neighbors

20
Simple Voting Scheme

• Number of positive votes on node i Vp,i 3
• Number of negative votes on node i Vn,i 1
• Effective votes Vi Vp,i - Vn,i 2
• Given ? 0.3, Vi gt ?Ni 1.8, node i is
  designated trusted

21
Trust Dynamics

• Trust spreading

Initial islands of trusts

• Trust revocation
• Changes in topology, membership, secure paths
• Referees of a node may change, trust evidence for
  a node may change
• Votes timeout or negative votes

22
Trust Graph

• Trust graph GT(VT, ET)
• Induced subgraph of G(V, E) by VT
• VT is the set of nodes which are designated
  trusted by the trust computation algorithm
• ET e e in E and both ends of e are in VT

• Trust metric Psp percentage of trusted pairs
  that are connected by one or more secure paths,
  which are composed of trusted nodes
• NPsecure is the number of trusted pairs that are
  connected by one or more secure paths.
• It is dependent of the cluster size and
  connectivity of GT

23
Random Graph Model

• Erdos and Renyi random graphs (ER model)

• When ? is small
• Most of nodes are considered to be trusted
• Psp is dominated by the edge presence probability
  p in ER random graphs
• Zero-one law in random graph theory is present
• Increasing the threshold ? results in
• Reducing the number of trusted nodes
• Increasing critical values
• Smaller Psp

Simulation results of Psp as function of
decision threshold ?
24
Small-world Networks
Psp vs. ? after one iteration
Psp vs. ? in steady state

• Number of trusted paths increases as trust
  spreads with each iteration
• Different curves are with different shortcut
  percentage Prw
• Prw 0 represents a regular lattice
• Prw 1 converges to a random graph
• Observe the transition from lattices to random
  graphs
• With a relative small portion of shortcuts,
  small-world networks facilitate the formation of
  secure paths
• The effects of topology are obvious, so any
  distributed trust computation model should take
  into account the topology properties

25
Trust Revocation

• The trust revocation process is initiated
• when topology, membership or secure paths change
• when referees or trust evidence for a node
  changes
• when positive votes are timeout or new negative
  votes are received

• Decision policy of the revocation process
• Revocation on a specific node, say B, usually
  starts from few nodes that have negative
  observations on B
• A node A accepts the revocation on B, if it finds
  that more than a threshold fraction F of its
  neighbors revoke node B
• Question can a revocation be accepted by a large
  fraction of nodes in the network?

26
Phase Transition of Revocation

• Revocation is launched from a randomly chosen
  node in an Erdös-Rényi random graph with average
  degree set as the Y-axis.
• Global cascade area that lie inside of the
  contour represents the percentage of nodes, which
  accept the revocation, is greater than the value
  corresponding to the contour (level surfaces of
  histogram)
• Phase transitions happen suddenly the steep of
  the contours is very sharp, which represents
  phase transitions

27
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

28
Previous Work

• Decentralized path-inference protocols
• Combination of trust along and across paths
  (Beth,1994)
• Probability of finding a trust path from source
  to target (Maurer, 1996)
• Local interaction
• EigenTrust (Kamvar, 2003)
• PeerTrust (Xiong, 2004)
• Bayesian methods (Buchegger, 2003)
• Our work is similar with EigenTrust and
  PeerTrust, which provided promising results.
• However, results of EigenTrust and PeerTrust are
  all based on simulations.
• We analyze our local interaction rule using graph
  theory.
• We also provide a theoretical justification for
  network management that facilitates trust
  propagation.

29
Voting Scheme

• Voting rule (local policy)
• is the trust value of node i
• is the vote value (weight) of node j about
  node i
• Local voting rule
• Function f should satisfy the following
  properties
• The range of f is -1,1.
• Votes from neighbors with higher trust value are
  more credible, so they should carry larger
  weights.
• Policy threshold rule for trustworthiness of the
  target agent
• where is the threshold, which is a
  constant

30
Simple Voting Rule

• We use the weighted average as the voting rule,
  where weights are vote values (all quantities
  nonnegative)
• is the degree of node i
• n represents discrete time
• Assume is a constant, i.e. it doesnt
  change with time, which is true when considering
  the steady state
• The voting rule can be written in system
  equationwhere D diagd1 ,d2 ,, dN, T is a
  vector representing trust values of all nodes and
  V is the matrix of vote values

31
Convergence of Simple Voting Rule

• Voting without uncertainty
• For each pair (i, j) , if i and j are neighbors,
  then vij 1.
• V A, where A is the adjacency matrix of graph
  G, and D-1A is a stochastic matrix with the
  largest eigenvalue being 1.
• Let be the right eigenvector of D-1A
  corresponding to eigenvalue 1. then
• If , all nodes are
  trusted, and none is trusted otherwise.
  
• The initial
  trust values are very crucial.
• Voting with uncertainty
• 0 vij 1, D-1A is a semi-stochastic matrix.
• We proved ,
  so T?0. Trust cannot be established at
  all!!!

32
Voting with Headers

• We have shown that using the simple voting
  scheme, trust can only be established under
  certain strict conditions
• All votes value are 1 and the initial
  configuration must satisfy
• A single vote with value less than 1 will result
  in failure of trust establishment.
• We introduce the notion of headers
• Headers are pre-trusted agents and only vote for
  nodes that they fully trust.
• If node i is trusted with bi headers, it will
  get bi more votes with value 1. Let B diagb1
  , b2 ,, bN .
• The system equation changes to

33
Convergence of Voting with Headers

• Voting without uncertainty
• V A, and define .
  The system equation changes to
• If there is at least one node i such that bi gt 0,
  ((DB)-1A)n goes to 0. Therefore T(n) ? 1
  and all nodes are trusted.
• Voting with uncertainty
• Using the same technique as above, let
  . We are able to find the
  condition such that
• If we let , then all nodes are
  trusted.
• Theorem Given the threshold is ? , the number
  of headers for each node must satisfy
• This theorem proves, as well as provides, a
  network design method to establish a fully
  trusted network by introducing headers

34
Spreading Speed and Topology

• The time for updating rule to reach steady state,
  i.e., how fast the trust values converge.
• Perron-Frobenius Theorem in algebraic graph
  theory For a stochastic matrix A
• is the largest eigenvalue of A, which is 1
  and is the second largest eigenvalue of
  A.
• The convergence rate of An is of order
• Normalized adjacency matrices are stochastic
  matrices, therefore those with smaller
  converge faster.
• What kind of networks or which network topology
  has smaller second largest eigenvalue

35
Spreading Speed and Topology

• We consider the small-world model proposed by
  Watts and Strogatz in 1998
• High clustering coefficient and small average
  graphical distance between any pair.
• We use F-model, which is modeled by adding small
  number of new edges into a regular lattice.

• Adding just 1 more edges, spreading finishes in
  10 times less rounds.

36
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

37
Ising and Spin Glass Models

• Statistical Physics models for magnetization

• Orientation of each particles spin depends on
  its neighbors
• Ising Model behavior of simple magnets
• Spin Glass Model complex materials
• Math interpretation
• s s1, s2,, sn is a configuration of n
  particle spins, where sj 1 or -1 , spin j
  is up or down
• Hamiltonian, or Energy for configuration s

• Ising Model Jij J for all i, j
• Spin Glass Model Jij depend on i,j and can be
  random processes

38
Ising/SG Models and Games

• Ising and Spin Glass models can be interpreted as
  dynamic (repeated) games each particle selects
  its own spin to maximize its own payoff
• Ising model (Jij J) align its spin with the
  majority of neighbors spin
• High T, conservative agents, not willing to
  change, small payoffs
• Low T, aggressive agents, larger payoffs
• Collection of local decisions reduces the total
  energy of the interacting particles
• Statistical Mechanics primary object of interest
• Recent excitement computation of ground state,
  partition function Z, NP - complete, Replica
  Method
• Application to turbocodes, image restoration,
  neural networks, learning, associative memory,
  SAT, knapsack, SA, number parttioning, graph
  partitioning, CDMA, MIMO,
• Inspires an approach where trust is used as an
  incentive for cooperation
• si represents whether node i cooperates or not
  with neighbors
• Jij can be interpreted as the worth of player j
  to player i
• Cooperate or not based on benefit from
  cooperation and trust values of neighbors

39
Spin Glass Cooperative Game

• Spin Glass model as a cooperative game (spin
  glass game)
• In
  , the weights wij frustrate the system
• Both positive and negative local feedback (e.g.
  wij?-1, 1)
• Interaction topology ( i.e. the matrix J Jij
  ) moderates effects pos. and neg. fback
• S ? N 1, 2, , N is a coalition, in which
  all nodes cooperate
• v(S) value of characteristic function of the
  game , v 2N?R maximum payoff S can get
  without cooperation from other nodes N /S.
• Model can be used to find what form or policy
  for Jij can induce all (or most) nodes to
  cooperate maximize the coalition

G (N, v)
6
2
J21
J12
3
Subset S1,2,3,4 v(S)J12J21J14J41J43J34
-J36 -J15
1
5
J34
J14
J41
4
J43
40
Cooperative Games and Dynamic Coalitions

• Have a number of players, some can be coalitions
  themselves
• How do they negotiate an acceptable DC security
  policies set?
• What are the properties of the final result the
  negotiated policy set?
• Is there an efficient scheme that gets us there?

• Cooperative games allow us to set up different
  types of games between the players, examine
  different concepts of solutions and values
• Can prove mathematically properties of the
  solution and value e.g. minimizes maximum
  dissatisfaction, is anonymous, is stable
• Can get iterative methods to get to solution
  (negotiation schema), can use all kinds of
  constraints, invariance to aV b scaling
  (preferences)
• Working on extensions to partial information,
  learning, robustness to uncertainties

41
Solution Concepts of Cooperative Games

• Core (stable, reasonable payoffs)
• The core gives each coalition at least as much as
  it could get by itself.
• No group of players has an incentive to split off
  the grand coalition N and form a smaller
  coalition S.
• Convex and average convex games have nonempty
  cores.
• Other solutions include stable sets and nucleolus
• Payoff allocation in coalitions
• An allocation vector x is individually rational
  if
• All solutions in the core are individually
  rational

42
Spin Glass Cooperative Game Properties

• Spin Glass game is a convex and superadditive
  game iff (net pos. effects)
• Shapley value
  in the core
• Not well understood in the regime of both
  negative and positive net effects
• Effects of interaction matrix structure
  (sparsity, neighborhood structure, range of
  interactions, strength of interactions) not well
  understood Topology effects in network analog
• Oriented Spin Glass Game G(N,v) where v now
  depends on both an interaction matrix J and a
  preference vector L a pair of char. fcns
• Replica method can be used to analyze various
  problems under various models and constraints on
  J and L

43
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

44
Cooperative Games with Negotiation

• Consider G (N, v), N as before but with
• G (N, v) convex, superadditive
• Theorem G (N, v) has a nonempty core. The
  payoff allocation to node i ,
  
  is in the core. Compute
  as follows
• This payoff allocation indicates a way to
  encourage cooperation
• Players with positive gain can negotiate with
  their neighbors by sacrificing certain gain
  (offering their partial gain ?ijJij )

45
Trust as Mechanism to Induce Collaboration

• Trust is an incentive for collaboration
• Nodes who refrain from cooperation get lower
  trust values
• They will be eventually penalized because other
  nodes tend to only cooperate with highly trusted
  ones.
• Assume, for node i, that the loss for not
  cooperating with node j is a nondecreasing
  function of Jji as f (Jji), and the new
  characteristic function is
• Theorem if ,
  the core is nonempty and
  
• is a feasible payoff
  allocation in the core.
• By introducing a trust mechanism, all nodes are
  induced to collaborate without any negotiation

46
Dynamics of Cooperation

• System model

• Two linked dynamics
• Trust propagation
• Game evolution

• The network is modeled as a discrete-time system

j all neighbors of i vij trust value node i
votes for node j
47
Game Evolution

• Strategy of node i
• ?ij 1 ( 0) represents that i cooperates (does
  not cooperate) with
• its neighbor j
• Payoff for node i when interacting with j
  xij Jij ?ij ?ji
• xij gt 0 (lt 0) positive link (negative link)
• Node selfishness ? cooperate with neighbors on
  positive links
• Strategy updates node i chooses ?ij 1 only if
  all of the following are satisfied
• Neighbor j has not been revoked
• Neighbor j is cooperative
• xij gt 0, or the cumulative payoff of i is less
  than the case when it unconditionally chooses
  ?ij 1.
• Trust propagation
• The threshold is chosen to ensure global
  revocation propagation
• Reestablishing period t once a node is revoked,
  in order to reestablish trust the revocation has
  to be nullified for t consecutive time steps

48
Results of Game Evolution

• Theorem
  , there exists t0, such that for a reestablishing
  period t gt t0
• The iterated game converges to Nash equilibrium
• In the Nash equilibrium, all nodes cooperate with
  all their neighbors.
• Comparison of games with (without) trust
  mechanism, strategy update

Percentage of cooperating pairs vs negative links
Average payoffs vs negative links
49
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

50
Trust Evaluation in Autonomic Networks

• The network is modeled as a directed graph G(V,E)
• G is the trust graph
• A directed link from node i to node j corresponds
  to the trust relation i has on j
• The weight Jij represents the opinion of i on j,
• Trust evaluation is to estimate the
  trustworthiness of nodes
• ti represents node i being either GOOD or BAD,
  denoted as ti1 or -1
• si is the estimated trust value of node i
• si is a subjective concept, while ti is an
  existing but unknown fact
• Objective to drive si as close to ti as possible
  based on available Jij

51
General Local Voting Rule

• In homogenous networks, the trustworthiness of an
  agent is based on other peers opinion
• Most straightforward scheme is to ask neighbors
  to vote for it
• Vote values are equal to Jij
• Properties of the voting rule
• Trustworthiness of voters ? weighted average
• Conflicting opinions ? effective votes
• Iterative voting rule
• Evaluation starts from a small set of trusted
  nodes
• Our interest is to study the evolution of the
  trust value estimates si and their value at the
  equilibrium

52
Stochastic Threshold Rule

• Assume binary voting result, i.e.,
• Threshold rule where
  
• Stochastic threshold rule with uncertainty
  parameter b

Zi(k) is the normalization factor
53
Stochastic Threshold Rule (cont)

• Update sequence random asynchronous updates
• Difficult to achieve synchronicity in autonomic
  networks
• The probability that node i is chosen as the
  target at each iteration is fixed as qi
• Markov chain interpretation

• Markov property The value of si at time k1 only
  depends on mi at time k
• Part of the Markov chain (right figure)
• Suppose S(k)1,-1,1,1, then S(k1) either flips
  one of the element in S(k) or stays at the state
  of S(k)

1,-1,1,1
Time k
s1
s4
s2
s3
1,-1,1,-1
1,-1,-1,1
1,1,1,1
-1,-1,1,1
k1
54
Convergence

• The steady state of the Markov chain
• If and , the
  voting rule converges to the steady state with a
  unique stationary distribution
• The unique stationary distribution is
• where
• and Z is the normalization function
• Criterion probability of correct estimation

55
Trust in Virtuous Networks
All nodes are good and have full confidence in
their neighbors. We study Pcorrect at steady
state.
Left figure The threshold should be less or
equal to 0, otherwise the trust estimate of each
node converges to -1. Right figure When
threshold is equal to 0 -- phase transition.
Small change on the parameter results in opposite
performance of the voting rule.
56
Virtuous Networks with Uncertainty

• All nodes are good, but because of uncertainty
  and incompleteness, Jijs are random variables
• Assume
• Assume that the probability of a good node having
  an incorrect opinion on its neighbors is pe

• Simulation results
• When pe is larger, the system more probably stays
  in the random phase.
• When pe is large enough (pe gt 0.15), the system
  always stays in the random phase.
• Theoretical analysis replica method in spin
  glasses

57
Networks with Adversaries

• Adversary model
• Independent adversaries do not collude.
• Collusive adversaries know each other, so they
  vote for other adversaries with value 1 and for
  good nodes with value -1.
• Random adversaries randomly assign confidence
  values on others
• Given all independent adversaries, we proved that
  Pcorrect is independent of the number
• of adversaries.
• Simulation results
• Independent adversaries
• overlapping with all good nodes
• Collusive adversaries easier
• to be detected
• Random adversaries most
• impact on performance

58
Network Topology

• Small-world model
• Prw represents short cuts fraction on a regular
  lattice
• Regular lattice Prw0 Random graph Prw1
• Prw in 0.1,0.01 is the area for the small world
  model

• The performance of the voting rule increases as
  Prw increases.
• A more random graph has shorter average distance
• Accuracy of trust information degenerates over
  the path length, so a short spreading path has
  more accurate information and leads to good result

59
General Local Rule

• Global rule (Jijs are all known) the posterior
  of the estimated trust vector S given
  observations Jijs
• where Z is the normalization factor.
• General local rule
• si is a Markov random field.
• We proved that the iterated local rule converges
  to the posterior PrS
• Voting rule
• When the probability that a node makes a wrong
  decision is fixed as pe, the general local rule
  is equivalent to the voting rule

60
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

61
Network Trust ComputationDirect and Indirect
Ways

• Network of users (Neighboring pattern)
• Internet, ad-hoc, P2P, online community
• Protocol (predescribed behavior)
• Routing, MAC, Downloading protocol, Social
  protocol
• Users can either follow or break the protocol (C
  or D)
• Neighbors monitor each others actions

62
Direct Network Trust
Wireless Ad-Hoc Network Physical Graph
Follow protocol Receive/forward neighbors
packetsKeeps network connected, but spends energy
2
1
7
4
6
3
5
8
63
Direct Network Trust

• Direct trust is based on past interactions
  between User A and User B.
• It is As belief about Bs future behavior.
• Helps A decide what to do next.

A
B
64
Autonomous Computation

• Each user computes his own opinions about others
• No centralized trusted authority
• Each users opinion is based on locally available
  information
• Reduces bandwidth consumption
• Reduces delay

65
Indirect Network Trust
User 8 asks for access to User 1s files.User 1
and User 8 have no previous interaction
What should User 1 do?
2
1
7
Use transitivity of trust (i.e. use references)
4
6
3
5
8
66
Indirect Network Trust

• Indirect Trust
• A trusts B, B trusts C
• What can A say about C ?
• Assumption Transitivity of Trust (at least
  partial)
• Usefulness User A benefits from others
  interactions
• Caveat Others interactions are second hand
  information (use carefully)

67
Why Compute Trust?

• Why compute trust when we could give each user a
  list with trusted nodes?
• The network and the users change
• New users join, old users depart, users move
  around, links break.
• User behavior changes
• Network nodes may become compromised, so others
  will change their trust towards them.

68
Related Work

• Kreps, Wilson
• Chain-Store Game for Reputation
• Morselli, Bhattacharjee, Katz
• Game Theory for Trust
• Reiter, Stubblebine
• Importance of Independent Trust Paths
• Levien, Aiken
• Attack Resistance

69
Direct Trust
2
1
7
4
6
3
5
8
70
Direct Trust

• User i
• is of type ti?Good, Bad
• chooses action ai?C,D, i1N
• receives payoff RiR(ai,a?(i),ti)
• wants to maximize his own payoff (local behavior)

71
Direct Trust

• Payoff is decomposed as sum of pairwise payoffs
  along each link

4
C
7
D
C
6
72
Direct Trust

• Questions we are investigating
• How can connectivity (collaboration) be achieved?
• How quickly can it be achieved?
• How many bad nodes can destroy it?
• Within our framework, the following parameters
  affect the answers to the above questions.
• Payoffs
• Strategies
• Topology

73
Direct Trust

• What is the Good vs Good game?
• Positive Maximize Network Connectivity
• Negative Energy is scarce

Connectivity-Energy
D
C
-Energy
C
Nothing
D
74
Direct Trust

• What is the Good vs Bad Game?
• Good wants same as before
• Bad wants the exact opposite

D
C
C
Zero-sum game!
D
75
Game Theory

• Nash Equilibrium

D
C
C
Example GamePrisoners Dilemma
D
Strategy for User i
76
Direct Trust

• Payoffs with randomized strategies and known types

77
Direct Trust

• Extension Prior probability (reputation) for
  user types
• Bayes-Nash equilibrium
• Strategy for User i

evolving reputation
78
Direct Trust

• How are payoffs computed now?i.e. average
  not only over the neighbors strategies, but also
  over their type (G or B)

79
Direct Trust

• Problems we are studying
• Repeated interactions
• Take history into account (reputation, profiling)

Strategy of User i for step n
Probability (reputation) update for User i
80
Direct Trust

• Two sequences evolving with time
• Vector of actions (strategies), time 1n
• Set of vectors of neighbor probabilities
  (reputations), time 1n

81
Direct Trust

• We are looking for an equilibrium that maximizes
  the total payoff of Good nodes (connectivity
  under energy constraints)
• In a real situation additional requirements may
  apply
• Finite User memory size
• Simple strategies

82
Direct Trust

• Where is trust in all this?
• RememberDirect trust is based on past
  interactions between User A and User B.It is As
  belief about Bs future behavior.Helps A decide
  what to do next.
• Trust is how users use the history of past
  actions to decide what to do next.
• Quantified with updated probabilities
  (reputations) pi.

83
Indirect Trust System model

• System mapped to a weighted, directed graph
• Vertices entities/users
• Edges direct trust relations
• Weights w(i,j) How much i trusts j
• Establish an indirect trust relation, between
  users that have not had direct interactions
• Remember We assume that trust is transitive
• 
  (at least partially)

84
Mathematical Framework

• Trust computation as a path problem on a graph
• Information about j that is useful to i
  ?Directed paths from i to j
• Combine information along each path, and then
  aggregate across paths
• Use a framework for path problems on graphs

85
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

86
Semirings-Definitions

• Semiring A triplet , s.t. for
  
• ? is associative and commutative
• ? is associative
• ? distributes over ?

87
Semirings-Definitions

• ? is used to combine edge weights along a
  path
• ? is used to combine path weights

a?b
a
b
a
a?b
b
88
Semiring Computation
2
1
7
4
6
3
5
8
89
Semirings-Examples

• Shortest Path Problem
• Semiring
• ? is and computes total path delay
• ? is and picks shortest path
• Bottleneck Problem
• Semiring
• ? is and computes path bandwidth
• ? is and picks highest bandwidth

90
Trust Semiring PropertiesPartial Order

• Combined along-a-path weight should not increase
  
• Combined across-paths weight should not decrease

a
b
2
3
1
a
b
91
Computing Indirect Trust
2
1
7
4
6
3
5
8
92
Trust Path Semiring

• The weights have two components (t,c), jointly
  called an opinion.
• Trust
• Degree of trustworthiness
• Confidence
• Accuracy of trust value assignment, confidence
  interval
• Example
• Out of 100 interactions, 90 are good ? (t, c)
• Out of 1000 interactions, 900 are good ? (t't,
  c'gtc)

93
Trust Path Semiring

• 0 ? trust, confidence ? 1
• ? is
• ? is

94
Attacks to Indirect Trust

• Remember Remote Access Control
• User 8 wants but may not deserve access.
• ATTACK the trust computation!
• Aim Increase t1?8 to a level that would grant
  access.
• How?
• Edge attack change opinion on an edge (trick a
  node into forming false opinion)
• Node attack change any opinion emanating from a
  node (gain complete control of a node)

95
Attacks to Indirect Trust
Edge Attack
2
1
7
4
6
3
5
8
96
Attacks to Indirect Trust
Node Attack
2
1
7
4
6
3
5
8
97
Game Theory for Attacks

• Model Combined x-node, y-edge attack
• Given topology, weights and semiring
• What is the maximum damage can cause?
• Which nodes/edges are more likely to be attacked?
  (these will need extra protection)
• Given topology and semiring
• Designer chooses weights secretly from attacker
  to Minimize the Maximum damage the attacker can
  cause.

98
Computing Indirect Trust

• Path interpretation
• Linear system interpretation

99
Computing Indirect Trust

• To include pre-trusted nodes
• So, we can now define a linear systemwith
  fixed input

100
Computing Indirect Trust

• Treat as a linear system
• We are looking for its steady state.
• Benefits
• Result of computation linked explicitly to
  properties of matrix W
• Easier to see effect of attacks, of pre-trusted
  nodes, of changes in the topology (manipulation
  of W).
• Speed of convergence linked to circuits of W.

101
Trust Computation Simulation

• Initially designate Good and Bad nodes
• Aim eventually classify all nodes correctly

102
Outline

• Distributed trust in MANET
• Trust document distribution
• Trust (and Mistrust) spreading and dynamics
• Effects of topology on convergence
• Spin glasses and cooperative games
• Collaboration via trust schemes
• Trust evaluation in autonomic networks
• Trust evaluation direct and indirect ways
• Trust computation via linear iterations in
  semirings
• Conclusions and future work

103
Conclusions and Future Research

• Analyzed and evaluated fundamental methods to
  induce collaboration in wireless networks with
  mobile nodes
• Focused on distributed schemes using only local
  interactions
• Developed and analyzed a cooperative game
  framework and showed that negotiation between
  agents can induce collaboration
• Developed a distributed trust establishment,
  propagation and maintenance scheme and showed
  that it can also induce collaboration
• Showed that trust propagation displays phase
  transitions
• Investigated the linked dynamics of trust
  propagation and game evolution and showed the
  benefits in inducing collaboration
• Developed mathematical models for direct and
  indirect trust evaluation using coupled dynamics
  of iterative games and reputation evolution
• Developed distributed trust computation based on
  path semirings
• Methods inspired from statistical physics of spin
  glasses
• Future directions include analysis of networks
  with dynamic topologies, robustness of these
  collaboration inducing mechanisms, identification
  of parameters (including topology types) that
  influence the dynamics and qualities of
  collaborative behavior

104
Publications

• Tao Jiang and John S. Baras, Ant-based Adaptive
  Trust Evidence Distribution in MANET,
  Proceedings of 2nd International Workshop on
  Mobile Distributed Computing (MDC04), in
  conjunction with the Intern. Conference on
  Distributed Computing Systems, pp. 588-593,
  Tokyo, Japan, March 2004.
• John S. Baras and Tao Jiang, Dynamic and
  Distributed Trust for Mobile Ad-Hoc Networks,
  Proceedings of 24th Army Science Conference,
  Orlando, Florida, December 2004.
• John S. Baras and Tao Jiang, Cooperative Games,
  Phase Transitions on Graphs and Distributed Trust
  In MANET, invited paper, Proceedings 2004 IEEE
  Conference on Decision and Control, pp. 93-98,
  December 2004, Bahamas.
• John S. Baras and Tao Jiang, Managing Trust in
  Self-organized Mobile Adhoc Networks, invited
  paper, Wireless and Mobile Security Workshop,
  Network and Distributed Systems Security
  Symposium, February 2005, San Diego, USA.
• Tao Jiang and John S. Baras, Autonomous Trust
  Establishment, 2nd International Network
  Optimization Conference (INOC), February 2005,
  Lisbon, Portugal.
• Tao Jiang and John S. Baras, Graph Algebraic
  Interpretation of Trust Establishment in
  Autonomic Networks, submitted, 2005.

105
Publications

• John S. Baras and Tao Jiang, Cooperation, Trust
  and Games in Wireless Networks, invited paper,
  in Proceedings of Symposium on Systems, Control
  and Networks, honoring Professor P. Varaiya, pp.
  183-202, Birkhauser, June 2005.
• G. Theodorakopoulos, J. S. Baras, Trust
  Evaluation in Ad-Hoc Networks, Proceedings of
  ACM Workshop on Wireless Security (WiSe 2004),
  pp. 1-10, Philadelphia, Pennsylvania, October 1,
  2004. (Best Paper Award).
• George Theodorakopoulos and John S. Baras, On
  Trust Models and Trust Evaluation Metrics for
  Ad-Hoc Networks, JSAC special issue on security
  in wireless ad-hoc networks, Vol. 24, No. 2, pp.
  318-328, February 2005.
• Tao Jiang and John S. Baras, Trust Evaluation in
  Anarchy A Case Study on Autonomous Networks, to
  appear in Proceedings of 2006 INFOCOM, April
  2006, Barcelona, Spain.
• Tao Jiang and John S. Baras, Cooperation in Ad
  hoc Communication Networks A Cooperative Game
  Approach, MSRI Workshop Mathematics of Relaying
  and Cooperation in Communication Networks, April
  2006, Berkeley, CA.
• George Theodorakopoulos and John S. Baras,
  Iterated Games on Graphs for Direct trust
  Evaluation, submitted, 2006.

106

• Thank you!
• baras_at_isr.umd.edu
• http//www.isr.umd.edu/people/baras

107

• BACK up Slides

108
Cooperative Games

• Cooperative Game in characteristic function form
  G N, v, N 1, 2, , N, v 2N?R , on
  all subsets S (coalitions) of N
• S a coalition, v(S ) is interpreted as the
  maximum utility S can get without the cooperation
  of players in N \ S
• G superadditive S, T ? N, S ?T ?, v(S ? T )
  ? v(S ) v(T )
• G monotone S ? T implies v(S ) ? v(T)
• G convex for each i?N, S ? T, implies di(S )
  ? di(T )
• increasing marginal
• returns contribution of i
• G rational v(N ) ? ?iv(i)

109
Cooperative Games and Payoffs

• Feasible payoff vectors
• Efficient payoff vectors
• Individually rational payoff vectors
• Solution s associates with each game G a
  subset of I(N,v) Characterized
  either by math relations or axioms Captures
  different notions of desirable properties of
  solutions
• x dominates y through coalition S (x ?S y) if
  xi gt yi, i?S, x(S) ? v(S)
• x dominates y (x ? y) if x ?S y for some
  coalition S

110
Cooperative Games Solution Concepts

• Core (stable, reasonable payoffs) gives each
  coalition at least as much as could get by itself
• Convex and average convex games have nonempty
  cores
• For a set of games the core is the unique
  solution that is individually rational,
  superadditive, nonempty and satisfies the reduced
  game property

• Stable sets V? I , there is no x, y ?V s.t. x?y,
  and if y?V, there is x?V s.t. x?y

• Nucleolus excess e(S, x) v(S ) x(S )
  measure of dissatisfaction
  of coalition S for payoff x Set
  ?(x) (e(S, x))S ?N solution obtained by
  min ?(?(x)) x ? I(N, v).
  Minimize maximal complaint.
• The Nucleolus is always in the core

111
Cooperative Games Solution Concepts

• Nucleolus is the individually rational payoff
  that lexicographically minimizes the excess
  vector
• Leads to iterative procedure for getting there
• Use a small set of linear programs that
  iteratively minimize the highest excess, then the
  second highest excess, etc.
• A solution concept is the Nucleolus if and only
  if it is anonymous (ind. of payer labeling),
  covariant (ind. of scale expressing preferences),
  satisfies the reduced game property

• Shapley Value solution ? with components the
  expected marginal contribution made by i when
  entering coalition N
• T is a carrier, if v(S ) v(S ?T), v(S ) ?i?S
  ?i (v). Shapley Value is the unique solution
  that has this property, is anonymous and
  additive
• For convex games Shapley Value is in the core

• Kernel, Bargaining Set consider coalition
  structures, their stability, objections and
  counterobjections