Download Anonymizing Web Services Through a Club Mechanism

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Nash equilibrium wikipedia , lookup

The Evolution of Cooperation wikipedia , lookup

Mechanism design wikipedia , lookup

Minimax wikipedia , lookup

Chicken (game) wikipedia , lookup

Evolutionary game theory wikipedia , lookup

Prisoner's dilemma wikipedia , lookup

Transcript 
Anonymizing Web Services Through a
Club Mechanism
With Economic Incentives
Mamata Jenamani
Leszek Lilien
Bharat Bhargava
Department of Computer Sciences and
Center for Education and Research in Information Assurance and Security (CERIAS)
Purdue University, West Lafayette, Indiana
Motivation
• Preserving privacy during Web transactions - a major
concern
• Failure of most commercial services in providing such
services
– Besides technical, many economic and social factors contribute
to the failures
• Anonymizing Web services – a solution for preserving
privacy on the Web
• Game theory – for economic analysis
Proposed Club Mechanism
• Anonymity through group co-operation – An anonymity
club
• A trustworthy central authority
– Randomly matching any two club members
– Can resolve conflict among club members
• Each member tries to maximize her profit
• Cheating – most rational alternative in each single
transaction
• Cooperating – most rational alternative in repeated
sequential transactions
Rules for the Sequential Strategy
•
Becoming a club member by paying a one time initiation fee F to the central
authority
•
Two members partner for an anonymizing Web transaction during the time
period t
•
Two members receive a benefit Pt each by maintaining anonymity and using
each other’s service
•
Two strategies: cooperate or defect
•
If Alice feels that Bob cheats her, she reports it to the central authority
- Pclaim the loss suffered by the complainant
•
The central authority investigates the fraud
If fraud is confirmed, Bob pays a fine f and Pclaim, Alice gets compensation
Pclaim and the central authority gets fine f.
Otherwise, Alice is charged with a false complaint and pays fine g to the central
authority.
•
The culprit who does not pay a fine or a compensation is expelled from the
club.
Prisoner’s Dilemma Played at Each Stage
Assumptions
• Both partners have symmetric privacy needs
• They have equal number of requests for anonymizing
• Benefit from privacy protection is higher than the benefits
received by sacrificing the partner’s privacy (i.e. Pt > lt)
• At each stage each agent has two choices: either to
defect (D) or to cooperate (C).
• The only Nash equilibrium for both players in this game is
to defect
PD Played at Each Stage – cont.
C
D
C
Pt , Pt
-Pt , Pt + lt
D
Pt + lt , -Pt
-Pt +lt , -Pt +lt
Payoff structure of the
Prisoner’s Dilemma game
• Pt be the benefit from privacy protection received by an agent within time
period t
• -Pt as the cost of privacy violation if it is suffered by an agent during that
period
– Pt’s are independently identically distributed random variables with a
common distribution P
– Pmax a value beyond which distribution P has no positive probability density,
– E(P) is the expectation of P
• lt be the benefit from disclosing the privacy of another agent
– a similar assumption for the random variable lt
– lmax as an estimate of the maximum possible benefit received by a defecting
agent
An Agent’s Time-Weighted Average Payoff
•
•
•
•
•
Discount factor  , 0    1
1
For interest rate i,  
1 i
Time weighted average payoff 
Payoff stream for time period t  t
Total (Lifetime) Payoff V

V
– using the relationship:
– and the formula for geometric series
– we get:   (1   )V

t




t

 
t
t 0
t 0
• Maximizing time weighted average payoff is
equivalent to maximizing total payoff
• Incentive for cooperation in a time period even
though defection is a dominant strategy at each
stage
Analysis of the Economic Incentives
• Conditions such as paying initiation fee and fine occur
at time period t0
• The total payoff starting from period t0 is:
E ( P)
E[ P0  P1  P2   P3  ....] 
1 
• The total payoff starting from period t1 is:
2
3
E ( P )
E[ P1  P2   P3  ....] 
1 
2
3
• Exploring conditions under which the proposed
sequential strategy motivates the agents to cooperate
Proposition 1
An agent will join the proposed anonymizing club, if the
initiation fee (given at time period t0) is less than the
difference between his total future payoff from this service
(starting from time period t1) and the maximum future payoff
from adopting any other privacy preserving technology, i.e. if
the following inequality is satisfied:
F
E ( P)  a
1
where a is the maximum of all expected payoffs from any
other privacy-preserving technology available at that time
period.
Proof
Proposition 2
An agent will cooperate at every stage in the sequential
repeated game, if the maximum value of the benefit from the
cheating behavior is less than the total future payoff (from t0)
minus the maximum payoff achievable in the current
transaction, i.e. if the following condition is satisfied:
l max
E (P)

 Pmax
1
Proof
Proposition 3
A defector who is proven guilty is willing to pay the fine, if it is
lower than the difference between his total future payoff
(starting from t1) and the compensation claimed by his
partner, i.e. if the following condition is satisfied:
E ( P)
f 
 Pclaim
(1   )
Proof
Proposition 4
If a player’s complaint is proven false, he is willing to pay the
fine imposed on him, if it is lower than his total future payoff
(starting from t1), i.e. if the following condition is satisfied:
E ( P )
g
(1   )
Proof
Theorem
The proposed sequential strategy is an equilibrium strategy if
the fine is imposed following conditions in Propositions 3 and
4, i.e., if:
f 
E ( P)
 Pclaim
(1   )
and
E ( P )
g
(1   )
The average payoff for an agent in this strategy is:
  E( P)  (1   ) F
Proof
Future Work
•
Consideration of agent’s belief in the fairness of the central
authority
•
Consideration of the fixed costs associated with starting the
service
•
Defining the minimum number of participants starting a club
•
Considering the cost involved in running the matching algorithm another variable cost, such as annual club membership
•
The probabilistic modeling of cheating behavior of individual
agents
•
Consideration of unequal privacy concerns of individual agents
•
Consideration of unequal number of anonymizing transactions
Proof of Proposition 1
If the agent joins the club, he contributes F to the club fund at time period t0 and receives benefits from time period t1
onwards making the total payoff
V  F 

 P
i
i
t 1
So, the time-weighted average payoff of the agent is:
  (1   ) F  (1   ) E[ P1  P2  2  P3 3  ....]
As t   , we get:
  (1   ) F  E ( P)
An agent will join the club if his lifetime average payoff is greater than the maximum of all expected payoffs, a , from any
other alternative privacy-preserving mechanisms available at that time period, that is, if:
 (1   ) F  E ( P)  a
Hence, we get:
E ( P )  a
1
Interestingly, since the average payoff from the alternative service is a , the total payoff starting from time period t0 from that
F

service turns out to be

t 0
t
a
a
.
1
Back
Proof of Proposition 2
If an agent at certain stage defects, is found guilty, and does not pay the fine, his club membership will be revoked.
Therefore, although his present payoff is (Pt+lt) (from Figure 1) his future payoff will be 0 for not availing the service. So, a
rational agent will prefer to cooperate starting at time period t0 if his total payoff from cooperating exceeds his total payoff
from defecting, that is, if:
(1   ) E[ P0  P1  P2  2  P3 3  ....]  (1   )( P0  l 0 )  0
Hence, we get:
E( P)  (1   )( P0  l0 )
Considering the upper bounds for P and l, the condition becomes:
E( P)  (1   )( Pmax  l max )
Hence:
E ( P)
l max 
 Pmax
1
Back
Proof of Proposition 3
If a defector does not pay the fine, his club membership will be revoked, and he can no more avail the service. Thus, his
payoff will be 0 in all future transactions. His present payoff will be (Pt+lt) (from Figure 1). If his total payoff from not
paying the fine exceeds his payoff from paying the fine, then he will prefer not to pay. Consequently the condition for paying
the fine (starting from current time period t0) is that the total payoff after paying the fine exceeds total payoff after not paying
the fine, that is:
(1   )( P0  l 0  f  Pclaim )  (1   ) E[ P1  P2  2  P3  3  ....]  (1   )( P0  l0 )  0
Equivalently:
(1   )( P0  l 0 )  (1   )( f  Pclaim )  E ( P)  (1   )( P0  l 0 )
Hence:
E ( P )
f
 Pclaim
(1   )
Back
Proof of Proposition 4
Arguing in the similar manner as above, we can justify that the condition for paying fine by a false complainant is that the
total payoff with paying the fine exceeds total payoff after not paying the fine, i.e.:
(1   )( P0  g )  (1   ) E[ P1  P2  2  P3 3  ....]  (1   ) P0  0
Hence:
E ( P )
g
(1   )
Back
Proof of the Theorem
Based on Propositions 3 and 4, if the above two conditions are satisfied at each time period ti, then - based
on the optimality principle of dynamic programming - we know that one time deviation from the proposed
strategy will not be profitable for any rational agent. So, the agents will cooperate and will receive an
average payoff E( P)  (1   ) F (following the arguments of the proof of Proposition 1).
Back
Related documents
Probability and Statistics – Expected Value Worksheet
Probability and Statistics – Expected Value Worksheet
Idea Web Template
Idea Web Template
A change detection model for non-stationary k-armed bandit problems
A change detection model for non-stationary k-armed bandit problems
Probability Review
Probability Review
Lecture 5: Mixed strategies and expected payoffs
Lecture 5: Mixed strategies and expected payoffs
PowerPoint **
PowerPoint **
SarbarTursunovaSlides
SarbarTursunovaSlides
Key
Key
View/Open
View/Open
Chapter 20 - McGraw Hill Higher Education
Chapter 20 - McGraw Hill Higher Education