Download a game-theoretic approach - Security and Cooperation in Wireless

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Artificial intelligence in video games wikipedia , lookup

Prisoner's dilemma wikipedia , lookup

Minimax wikipedia , lookup

Evolutionary game theory wikipedia , lookup

Chicken (game) wikipedia , lookup

Transcript 
Mini-project of the Security and Cooperation in Wireless Networks course
ON THE OPTIMAL PLACEMENT OF MIX ZONES:
A GAME-THEORETIC APPROACH
Mathias Humbert
LCA1/EPFL
January 19, 2009
Supervisors:
Mohammad Hossein Manshaei
Julien Freudiger
Jean-Pierre Hubaux
MOTIVATIONS

Pratical case study on location privacy

Use of the relevant information from Lausanne’s traffic data

Game-theoretic model evaluating agents’ behaviors a priori

Incomplete information game analysis
2
OUTLINE
Lausanne traffic: a case study
 System model and mixing effectiveness
 Game-theoretic approach
 Game results:

A complete information game
 Numerical evaluations
 An incomplete information game


Conclusion and future work
3
LAUSANNE DOWNTOWN
Intersections’ statistics stored in 23 matrices (size = 5x5)
Place Chauderon
Place Chauderon:
Traffic matrix:
23 intersections
4
SYSTEM MODEL
Road network with N intersections
 Mobile nodes vs. Local passive adversary
 Nodes’ privacy-preserving mechanisms (at intersection i):


Active mix zone (cost = cim)



Passive mix zone (cost = cip)
Adversary’s tracking devices::


Traffic matrix:
cim = cip + ciq = pseudonyms cost + silence cost
Sniffing station (cost = cs)
Mobility parameters:
Relative traffic intensity λi
 Mixing effectiveness mi

mix
5
MIXING EFFECTIVENESS

Mixing: uncertainty for an adversary trying to match
nodes leaving the active mix zone to the entering ones
=> normalized entropy
=> relative traffic intensity
6
Smallest mixing between Chaudron & Bel-Air:
mi = 0 (no uncertainty for the adversary)
Greatest mixing at place Chaudron: mi = 0.74
GAME-THEORETIC APPROACH
G = {P, S, U}
 2 players: {mobile nodes, adversary}
 Nodes’ strategies sn,i (intersection i):

Active mix zone (AMZ)
 Passive mix zone (PMZ)
 Nothing (NO)


Adversary’s strategies sa,i :
Sniffing station (SS)
 Nothing (NO)
0 < λi, mi, cim, cs < 1

Payoffs:
Active mix zone
Nodes

Passive mix zone
Nothing
Adversary
Sniffing station
Nothing
(λimi-cip-ciq ; λi(1-mi)-cs)
(λi-cip-ciq ; 0)
(-cip
; λi-cs)
(0 ; λi-cs)
(λi- cip
; 0)
(0 ; 0)
7
COMPLETE INFORMATION GAME FOR ONE INTERSECTION
Probabilities:
Probabilities:
pi = (λi-cs) /λimi
1- pi
Sniffing station/SS
Nothing/NO
Active mix zone
AMZ
(λimi-cip-ciq ; λi(1-mi)-cs)
(λi-cip-ciq ; 0)
1- qi
Passive mix zone
PMZ
(-cip ; λi-cs)
(λi- cip ; 0)
0
Nothing
NO
(0 ; λi-cs)
(0 ; 0)
qi = min(ciq/λimi, 1)

Pure-strategy NE [theorem 1]:

Mixed-strategy NE:
8
N INTERSECTIONS-GAME
Global NE = Union of local NE
 Global payoffs at equilibrium defined as

Number of sniffing stations = Ws (upper bound)
 Game = two maximisation problems:

Nodes
Adversary
9
N INTERSECTIONS-GAME

Algorithm converging to an equilibrium [theorem 2]
As uia = 0 at mixed-strategy NE and assuming (wlos) that m1 < m2 < … < mn
Remove sniffing stations at
mixed NE first
Remove sniffing stations at
pure NE (Start with smallest
adversary’s payoff)
10
The nodes normally take advantage of the absence of
sniffing station to deploy a passive mix zone
NUMERICAL RESULTS: LOW PLAYERS’ COSTS
sniffing
stations:
Fixed (normalized) costs and unlimited
limited nbnb
of of
sniffing
stations
(Ws = 5):
11
NUMERICAL RESULTS: MEDIUM SNIFFING COST
Fixed (normalized) costs and unlimited
limited nbnb
of of
sniffing
sniffing
stations
stations:
(Ws = 5):
12
INCOMPLETE INFORMATION GAME FOR ONE INTERSECTION

Assumptions:



Nodes do not know the sniffing cost
Instead, they have a probability distribution on cost’s type
Theorem 3: one pure-strategy Bayesian Nash equilibrium (BNE)
with strategy profile
defined by:
with
(probability that the adversary installs a
sniffing station) defined using the probability distribution on cost’s type
Suboptimal BNE, such as (AMZ, NO) or (PMZ, SS) for nodes’ payoff
can occur if nodes’ belief on sniffing station cost’s type is inacurrate
13
N INTERSECTIONS INCOMPLETE INFORMATION GAME

Potential algorithm to converge to a Bayesian Nash
equilibrium (ongoing work):
Complete knowledge for the
adversary => remove sniffing stations
leading to smallest payoffs at BNE
Nodes know Ws => put passive
mix zones where adversary’s
expected payoffs are the smallest
14
CONCLUSION AND FUTURE WORK
Prediction of nodes’ and adversary’s strategic behaviors using
game theory
 Algorithms reaching an optimal (Bayesian) NE in complete
and incomplete information games



Concrete application on a real city network


In incomplete information game, significant decrease of nodes’
location privacy due to lack of knowledge about adversary’s payoff
Nodes and adversary often adopting complementary strategies
Future work

Evaluation of the incomplete information game with the real traffic
data and various probability distributions on sniffing station cost
15
NUMERICAL EVALUATION OF OPTIMAL STRATEGIES
WITH VARIABLE COSTS
2) Limited
1)
Unlimited
number of SS:
16
BACKUP: MIXING EFFECTIVENESS COMPUTATION

Mixing: uncertainty for an adversary trying to match
nodes leaving the active mix zone to the entering ones
=> entropy
 => relative traffic intensity


Dfdf

Dfdf

dfd
17
BACKUP: BAYESIAN NE FOR THE INCOMPLETE
INFORMATION GAME @ ONE INTERSECTION

Nodes do not know the sniffing cost

Instead, they have a probability distribution on cost’s type

Theorem 3: one pure-strategy Bayesian Nash equilibrium (BNE) with strategy profile
defined by:
With
(probability that the adversary installs a
sniffing station) defined using the cdf of the cost’s type:
Suboptimal BNE, such as (AMZ, NO) or (PMZ, SS) for nodes’ payoff
can occur if nodes’ belief on sniffing station cost’s type is inacurrate
18
BACKUP: MOTIVATION
Master project [1]: study of mobile nodes’ location privacy
threatened by a local adversary
 Application of this work on a practical and real example
 Collaboration with people of TRANSP-OR research group at EPFL
 Lausanne’s traffic data based on actual road measurements and
Swiss Federal census (more on this in next slide)
 Selection of the relevant information from the traffic data
 New game-theoretic model in order to exploit the provided
data and evaluate nodes’ location privacy
 Incomplete information game to better model the players’
19
knowledge on payoffs and behaviors of other participants

[1] M. Humbert , Location Privacy amidst Local Eavesdroppers, Master thesis, 2009
Related documents
Obesity Makes Intubation More Difficult
Obesity Makes Intubation More Difficult
COEN 252 Computer Forensics
COEN 252 Computer Forensics
Definition of `civil resistance`
Definition of `civil resistance`
Some Examples of Networks in Cytoscape
Some Examples of Networks in Cytoscape
here
here
cs739-intro - Computer Sciences User Pages
cs739-intro - Computer Sciences User Pages
Six Degrees of Separation
Six Degrees of Separation
Survey: Distributed Operating Systems Introduction 1 Network
Survey: Distributed Operating Systems Introduction 1 Network
A second look at Shoup`s lemma - Prosecco
A second look at Shoup`s lemma - Prosecco
Chapter 4 PowerPoint
Chapter 4 PowerPoint
MA/CSSE 473 – Design and Analysis of Algorithms In
MA/CSSE 473 – Design and Analysis of Algorithms In