On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks
description
Transcript of On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks
![Page 1: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/1.jpg)
On the Tradeoff betweenTrust and Privacy
in Wireless Ad Hoc NetworksMaxim…...….RayaReza…….….ShokriJean-Pierre..Hubaux
LCA1, EPFL, Switzerland
The Third ACM Conference on Wireless Network Security (WiSec‘10) March 2010 Hoboken, NJ, USA
![Page 2: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/2.jpg)
The Trust-Privacy Tradeoff
Entity-centric trust• Trust is built in each entity
• The cost is reduced privacy
Data-centric trust• Trust is built in the data
• Entities can keep privacy
2
priva
cyse
curit
y
securityprivacy
![Page 3: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/3.jpg)
The Dilemma of Data-Centric Trust
• Data increasingly comes from multiple sources
• Mobile devices reflect their users’ preferences and hence characterize them
3
Ephemeral network
Users are not fully hidden behind their data!
More contributions = More accurate trust
![Page 4: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/4.jpg)
The Privacy-Preserving Gene
• Building data-centric trust is a collective effort• Users might lose some of their privacy• What if entities are privacy-preserving?• A privacy-preserving entity maximizes its privacy• Game theory: A selfish entity optimizes its utility• Privacy-preservation = Selfishness
4
How to build data-centric trust in ephemeral networks with privacy-preserving entities?
![Page 5: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/5.jpg)
Example: VANET• CA pre-establishes
credentials offline• Entities communicate
attributes (e.g., credentials, location)
• Communication is sequential
• There are deadlines on making decisions
• Benign entities disseminate truthful info
• Adversaries disseminate false info
5
![Page 6: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/6.jpg)
Trust-Privacy Games• Problem: privacy-preserving entities building data-centric
trust in the presence of privacy-preserving attackers• Game theory can help by modeling situations where the
decisions of players affect each other
• Attacker-Defender Game GAD
• Trust Contribution Game GTC
• Similar to eBay auctions: privacy = money.• But, privacy cannot be «reimbursed»
6
![Page 7: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/7.jpg)
7
A D
Minimum required trust threshold
Start
Deadline
Time ……
A D
![Page 8: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/8.jpg)
8
A D
Start
Deadline
Time ……
A D
Winner
![Page 9: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/9.jpg)
9
A D
Start
Deadline
Time
Attacker-Defender Game: captures at the macroscopic level the competition between attackers and defenders to support their respective versions of the truth
ADG
![Page 10: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/10.jpg)
10
A D
Start
Deadline
Time
TCG
ADG
Trust Contribution Game: defines at the microscopic level the individual amounts of privacy to be contributed by entities in each side to collectively win GAD
![Page 11: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/11.jpg)
Attacker-Defender Game
11
Access to channel is probabilistic
Theorem: The strategy (W,W) is the Perfect Bayesian Equilibrium of GAD
• Players– Attackers– Defenders
• Strategies– Wait (W)– Send (S)
Start
Deadline
![Page 12: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/12.jpg)
Trust Contribution Game
12
Theorem: The Subgame Perfect Equilibrium of GTC is defined by:
* 0kt
No entity contributes!
![Page 13: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/13.jpg)
Game with Incentives
13re
war
d fo
r pla
ying
ear
ly
Start
Deadline
Theorem: The equilibrium of is defined by:
K: # of users
ITCG
*2
( 1)k
r KtK
Corollary: The strategy (S,S) can be enforced in GAD by choosing appropriate reward r. I
Incentives help
![Page 14: On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks](https://reader035.fdocuments.in/reader035/viewer/2022070422/5681638a550346895dd47982/html5/thumbnails/14.jpg)
Conclusion
• Data-centric trust can reduce privacy losses compared to entity-centric trust
• Privacy-preserving entities are selfish by definition and need a game-theoretic analysis
• Without incentives, privacy-preserving entities do not contribute to trust establishment
14