Ad-Hoc Games and Packet Forwardng Networks



Similar documents
What is Candidate Sampling

An Interest-Oriented Network Evolution Mechanism for Online Communities

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

Recurrence. 1 Definitions and main statements

DEFINING %COMPLETE IN MICROSOFT PROJECT

A Secure Password-Authenticated Key Agreement Using Smart Cards

An Alternative Way to Measure Private Equity Performance

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Luby s Alg. for Maximal Independent Sets using Pairwise Independence

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign

Traffic State Estimation in the Traffic Management Center of Berlin

The Greedy Method. Introduction. 0/1 Knapsack Problem

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

The OC Curve of Attribute Acceptance Plans

denote the location of a node, and suppose node X . This transmission causes a successful reception by node X for any other node

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP)

General Auction Mechanism for Search Advertising

Extending Probabilistic Dynamic Epistemic Logic

1 Example 1: Axis-aligned rectangles

A Lyapunov Optimization Approach to Repeated Stochastic Games

Enabling P2P One-view Multi-party Video Conferencing

When Network Effect Meets Congestion Effect: Leveraging Social Services for Wireless Services

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

Answer: A). There is a flatter IS curve in the high MPC economy. Original LM LM after increase in M. IS curve for low MPC economy

On the Optimal Control of a Cascade of Hydro-Electric Power Stations

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic

A Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture

Project Networks With Mixed-Time Constraints

Analysis of Energy-Conserving Access Protocols for Wireless Identification Networks

Forecasting the Direction and Strength of Stock Market Movement

Calculating the high frequency transmission line parameters of power cables

Secure Network Coding Over the Integers

Nordea G10 Alpha Carry Index

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

Generalizing the degree sequence problem

J. Parallel Distrib. Comput.

Scalable and Secure Architecture for Digital Content Distribution

Reinforcement Learning for Quality of Service in Mobile Ad Hoc Network (MANET)

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

Feasibility of Using Discriminate Pricing Schemes for Energy Trading in Smart Grid

8 Algorithm for Binary Searching in Trees

BERNSTEIN POLYNOMIALS

How Sets of Coherent Probabilities May Serve as Models for Degrees of Incoherence

Efficient Bandwidth Management in Broadband Wireless Access Systems Using CAC-based Dynamic Pricing

Can Auto Liability Insurance Purchases Signal Risk Attitude?

Trust Formation in a C2C Market: Effect of Reputation Management System

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

RequIn, a tool for fast web traffic inference

Availability-Based Path Selection and Network Vulnerability Assessment

Data Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

Simple Interest Loans (Section 5.1) :

Trivial lump sum R5.0

A Resource-trading Mechanism for Efficient Distribution of Large-volume Contents on Peer-to-Peer Networks

LIFETIME INCOME OPTIONS

Multiple-Period Attribution: Residuals and Compounding

An RFID Distance Bounding Protocol

A New Paradigm for Load Balancing in Wireless Mesh Networks

Calculation of Sampling Weights

A role based access in a hierarchical sensor network architecture to provide multilevel security

v a 1 b 1 i, a 2 b 2 i,..., a n b n i.

Performance Analysis of Energy Consumption of Smartphone Running Mobile Hotspot Application

A Probabilistic Theory of Coherence

Cooperative Load Balancing in IEEE Networks with Cell Breathing

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks

Efficient Project Portfolio as a tool for Enterprise Risk Management

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

Energy Conserving Routing in Wireless Ad-hoc Networks

Research Article QoS and Energy Aware Cooperative Routing Protocol for Wildfire Monitoring Wireless Sensor Networks

Master s Thesis. Configuring robust virtual wireless sensor networks for Internet of Things inspired by brain functional networks

Frequency Selective IQ Phase and IQ Amplitude Imbalance Adjustments for OFDM Direct Conversion Transmitters

2008/8. An integrated model for warehouse and inventory planning. Géraldine Strack and Yves Pochet

Section 5.3 Annuities, Future Value, and Sinking Funds

NON-CONSTANT SUM RED-AND-BLACK GAMES WITH BET-DEPENDENT WIN PROBABILITY FUNCTION LAURA PONTIGGIA, University of the Sciences in Philadelphia

Distributed Multi-Target Tracking In A Self-Configuring Camera Network

Number of Levels Cumulative Annual operating Income per year construction costs costs ($) ($) ($) 1 600,000 35, , ,200,000 60, ,000

n + d + q = 24 and.05n +.1d +.25q = 2 { n + d + q = 24 (3) n + 2d + 5q = 40 (2)

Multi-Source Video Multicast in Peer-to-Peer Networks

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING

A Performance Analysis of View Maintenance Techniques for Data Warehouses

Relay Secrecy in Wireless Networks with Eavesdropper

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College

A DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATION-BASED OPTIMIZATION. Michael E. Kuhl Radhamés A. Tolentino-Peña

Time Value of Money Module

Section C2: BJT Structure and Operational Modes

A GENERIC HANDOVER DECISION MANAGEMENT FRAMEWORK FOR NEXT GENERATION NETWORKS

SUPPLIER FINANCING AND STOCK MANAGEMENT. A JOINT VIEW.

Vembu StoreGrid Windows Client Installation Guide

Transcription:

On Desgnng Incentve-Compatble Routng and Forwardng Protocols n Wreless Ad-Hoc Networks An Integrated Approach Usng Game Theoretcal and Cryptographc Technques Sheng Zhong L (Erran) L Yanbn Grace Lu Yang Rchard Yang Department of Computer Scence and Engneerng, SUNY at Buffalo, Buffalo, NY 1426 Networkng Research Lab, Bell Laboratores, Lucent Technologes, Murray Hll, NJ 7974 Department of Computer Scences, The Unversty of Texas, Austn, TX 78712 Department of Computer Scence, Yale Unversty, New Haven, CT 652 ABSTRACT In many applcatons, wreless ad-hoc networks are formed by devces belongng to ndependent users. Therefore, a challengng problem s how to provde ncentves to stmulate cooperaton. In ths paper, we study ad-hoc games the routng and packet forwardng games n wreless ad-hoc networks. Unlke prevous work whch focuses ether on routng or on forwardng, ths paper nvestgates both routng and forwardng. We frst uncover an mpossblty result there does not exst a protocol such that followng the protocol to always forward others traffc sadomnant acton. Then we defne a novel soluton concept called cooperatonoptmal protocols. We present Corsac, a cooperaton-optmal protocol consstng of a routng protocol and a forwardng protocol. The routng protocol of Corsac ntegrates VCG wth a novel cryptographc technque to address the challenge n wreless ad-hoc networks that a lnk s cost (.e., ts type) s determned by two nodes together. Corsac also apples effcent cryptographc technques to desgn a forwardng protocol to enforce the routng decson, such that fulfllng the routng decson s the optmal acton of each node n the sense that t brngs the maxmum utlty to the node. Addtonally, we extend our framework to a practcal rado propagaton model where a transmsson s successful wth a probablty. We evaluate our protocols usng smulatons. Our evaluatons demonstrate that our protocols provde ncentves for nodes to forward packets. Sheng Zhong was supported n part by NSF grants ANI-27399 and ANI-23838. Ths work was done whle Sheng Zhong was at Yale Unversty. Yang Rchard Yang was supported n part by NSF grants ANI-27399 and ANI-23838. L (Erran) L was partally supported by NSF NRT grant# ANI-335244. Permsson to make dgtal or hard copes of all or part of ths work for personal or classroom use s granted wthout fee provded that copes are not made or dstrbuted for proft or commercal advantage and that copes bear ths notce and the full ctaton on the frst page. To copy otherwse, to republsh, to post on servers or to redstrbute to lsts, requres pror specfc permsson and/or a fee. MobCom 5, August 28 September 2, 25, Cologne, Germany. Copyrght 25 ACM 1-59593-2-5/5/8...$5.. Categores and Subject Descrptors C.2.1. [Computer-Communcaton Networks]: Network Archtecture and Desgn Wreless communcaton General Terms Algorthms, Economcs, Securty, Desgn Keywords Mechansm desgn, game theory, securty, ncentves, wreless adhoc network 1. INTRODUCTION Many wreless ad-hoc networks are currently beng desgned or deployed, drven by the vson of any-tme, any-where connectvty [27, 36, 42] and the wde avalablty of wreless communcaton devces such as PDAs, cell-phones, and 82.11 access ponts. The functonng of such ad-hoc networks depends on the assumpton that nodes n the network forward each other s traffc. However, because forwardng packets consumes scarce resources such as battery power, when the nodes n the network belong to dfferent users, they may not have ncentves to forward each other s traffc. To stmulate nodes to forward each other s traffc, many methods have recently been proposed and evaluated (e.g., [3, 4, 5, 6, 22, 24, 3, 31, 39, 4, 47]). Gven the complexty and the subtlety of the ncentve ssues, researchers start to formally apply gametheoretc technques to analyze and desgn protocols n wreless ad-hoc networks, by modelng the nodes n the networks as selfsh users whose goals are to maxmze ther own utltes (e.g., [1, 3, 4, 5, 6, 39, 24, 29, 4, 44, 47]). Although much progress has been made n the last few years, several fundamental ssues reman unaddressed. A major lackng of prevous studes s that each study focuses on a sngle component. Specfcally, all prevous studes focus ether on the routng component (e.g., [1, 44]) or the packet forwardng component (e.g., [15, 24, 29, 47]). However, t s clear that both routng and packet forwardng are needed to buld a complete system. The routng component determnes a packet forwardng path from a source to a destnaton; t may also determne how many credts a node on the path wll receve after forwardng each packet. However, because the nodes on the path should receve credts f and only f they actually forward packets, we also need

the packet-forwardng component to verfy that forwardng does happen. The desgns of both the routng component and the forwardng component are challengng: the routng component should dscover effcent packet forwardng paths (such as power-optmal paths) even when the nodes are selfsh and thus may try to cheat to mprove ther utltes; the packet-forwardng component should address the far exchange problem where no node wants to make a commtment before the others do [38]. Although both ndvdual components are challengng, t s more challengng to desgn and analyze a complete system that ntegrates both routng and forwardng, gven the nterdependency of the two components. In the more general networkng context, for scalable desgns, many network systems are desgned usng a layered archtecture; that s, an upper layer component reles on a lower layer component. Also, many network functons are mplemented n multple stages. However, there was no prevous methodology n nvestgatng the jont ncentve propertes of a system nvolvng multple components or stages where each component or stage needs to deal wth ncentve ssues. The ntegraton of multple components s partcularly challengng n wreless ad-hoc networks because the wreless and ad-hoc nature may make t mpossble to desgn protocols wth strong ncentve propertes. Consder the forwardng protocol. An deal forwardng protocol s one n whch power-effcent paths are dscovered; network nodes on the paths forward traffc; and followng the protocol s a domnant acton for each node [34]; that s, no matter what other nodes do, followng the protocol always brngs the maxmum utlty to a node. We call such a protocol a forwardngdomnant protocol. A forwardng-domnant protocol s more desrable than a protocol that acheves a Nash equlbrum, snce typcally there exst multple Nash equlbra [13] and t s hard to make a system converge to a desrable Nash equlbrum n a dstrbuted settng [26]. However, an ssue that has not been nvestgated before s whether a forwardng-domnant protocol exsts. If not, what s a good and feasble soluton concept? The unque propertes of wreless ad-hoc networks also mply that tools from game theory may not be drectly applcable or a drect applcaton may result n ncorrect results. Novel technques are needed to adapt classc game theory tools to the new settngs. Consder the classc VCG (Vckrey-Clark-Groves) mechansm [9, 2, 43], whch has been appled to route dscovery n wreless adhoc networks [1]. To dscuss the challenge of applyng VCG to wreless networks, we frst brefly revew the VCG mechansm as follows. Assume that each user has a prvate type (the noton of type n specfc settngs wll be clear later). A user declares ts type (whch may or may not be the true type) to a socal planner, who decdes an outcome to optmze a socal objectve and a payment to each user. The outcome and the payments are determned n such a way that reportng type truthfully s a domnant acton and thus the computed outcome s socally optmal. A classc applcaton of the VCG mechansm s the second-prce aucton. In ths problem, the type of each user s ts nternal value of a gven tem and the objectve of the planner s to choose the user who values the tem the most. Then accordng to the VCG mechansm, each user declares ts value of the tem (called a bd) to the planner, the planner assgns the tem to the user who makes the hghest bd, and ths user pays the second hghest bd. It can be shown that under ths mechansm, declarng the true value of the tem s a domnant acton of each user;.e., regardless of the declaratons of all other users, the best a user can do s to declare ts true value. Although the VCG mechansm has been appled to many networkng problems n general (e.g., [12, 33, 35]) and to routng protocols n partcular (e.g., [1, 11]), wreless ad-hoc networks pose unque challenges. Specfcally, the VCG mechansm assumes that each user has a prvate type whch s nternal to the user. Therefore, to apply VCG drectly, a user must be able to determne ts type by tself. In wreless ad-hoc networks, for the problem of powereffcent routng, the type of a node ncludes the power levels to reach ts neghbors. However, a node alone cannot determne these power levels because t needs feedbacks from ts neghbors [27]. Snce the nodes are non-cooperatve, these feedbacks may allow one node to cheat ts neghbors n order to rase ts own welfare. Such mutually-dependent types have not been addressed before, nether n the game theory communty nor n the networkng communty. Such mutual dependency s challengng to address; for example, the authors of [47] comment that VCG cannot be appled because there s no prvate type n wreless ad-hoc routng. Ignorng such mutual dependency may ntroduce serous flaws nto protocols. For example, n Secton 4.1, we show that the Ad-hoc VCG protocol [1] s flawed because t does not properly handle cheatng n estmatng power levels. Last, the prevous work (e.g., [1]) on game desgn for routng and forwardng n wreless ad-hoc networks uses the bnary lnk model where a packet s always receved f the transmsson power s above a threshold. Recent measurements suggest that a more realstc lnk model s that a packet s receved wth a probablty [1, 16, 45, 46]. We refer to such lnks as lossy lnks. It s not known how to deal wth lossy lnks n routng and forwardng when we consder ncentves. The objectve of ths paper s to address the above ssues. Our contrbutons can be summarzed as follows. We frst show that there does not exst a forwardng-domnant protocol; that s, n the context of wreless ad-hoc networks, there does not exst a protocol mplementng both routng and packet forwardng such that under the protocol nodes always forward packets, and that followng the protocol s a domnant acton. A key reason for the mpossblty result s that the success of packet forwardng depends on the cooperaton of all nodes on a path. However, snce the nodes n a wreless ad-hoc network are dstrbuted, there are cases where t s mpossble for the system to pnpont the msbehavng node when a falure occurs. Thus t s nfeasble to desgn a domnant protocol, because such a protocol requres that a node be cooperatve even when some other node s not cooperatve. Gven the mpossblty result and the prevous msunderstandng of domnant actons n wreless ad-hoc networks, we need to search for a new, feasble soluton concept n the context of wreless ad-hoc networks. Then we defne the novel concept of a cooperaton-optmal protocol for non-cooperatve selfsh users n a wreless ad-hoc network. The concept of a cooperaton-optmal protocol s novel n that t conssts of two sub protocols for the two stages of a node s routng-and-forwardng behavor: the routng protocol and the forwardng protocol. The requrements of a cooperaton-optmal protocol are weaker than those of a forwardng-domnant protocol. However, f feasble, t also stmulates cooperaton. We show the feasblty of the concept of cooperaton-optmal protocols by desgnng a cooperaton-optmal protocol called Corsac, a Cooperatonoptmal routng-and-forwardng protocol n wreless ad-hoc networks usng cryptographc technques. Specfcally, the routng protocol of Corsac uses cryptographc technques to prevent a node from cheatng n the drecton where the node can beneft. Thus, a combnaton of ncentve consderaton and securty technques allows us to provde a novel soluton to the mutually-dependent-type problem. The routng protocol s also ntegrated wth a novel data forwardng protocol based on cryptographc technques to enforce the routng decson. The routng and forward protocols are nte-

grated n such a way that fulfllng the routng decson s the optmal acton of each node n the sense that t brngs the maxmum expected utlty to the node. Thrd, we present technques that allow us to extend our results from the bnary lnk model to lossy lnk models [2, 1, 16, 25, 45, 46]. In these models, packet recepton s probablstc and the probablty s a functon of transmsson power. We evaluate our protocols usng smulatons, takng nto account the effects of MAC and rado propagaton. We evaluate the relatonshp among credt balance, the total energy spent n forwardng each other s traffc, and the poston of a node. We show that our protocols are far n that nodes forwardng more packets receve more credts. We evaluate the relatonshp among Eucldean dstance between the source and the destnaton of a sesson, the payment to the ntermedate nodes, and the energy consumed by the ntermedate nodes. We show that t s manly the topology, nstead of Eucldean dstance, whch determnes the payment. We evaluate the effects of stoppng a node from generatng new packets when ts credt balance s below a threshold. We also evaluate the effects of cheatng and show that followng our protocols brngs hgher utlty. The rest of the paper s organzed as follows. We frst descrbe our network model and an mpossblty result n Secton 2. Then we gve our new soluton concept n Secton 3. We present the desgn and analyss of our routng and forwardng protocols n Sectons 4 and 5, respectvely. We extend our work to lossy lnks n Secton 6. In Secton 7 we present our evaluaton results. We conclude n Secton 8. 2. NETWORK MODEL AND AN IMPOSSI- BILITY RESULT ON AD-HOC GAMES 2.1 A Model of Ad-hoc Games Consder an ad-hoc network formed by a fnte number of nodes N = {1, 2,...,N}. We assume that each node has only a dscrete set P of power levels at whch t can send packets (e.g., Csco Aronet cards and Access Ponts can be confgured wth a few power levels such as 1 mw, 5 mw, 2 mw, 3 mw, 5 mw and 1 mw [8]). For each (ordered) par of nodes (, j), we assume that there s a mnmum power level P,j at whch node can reach node j. That s, when node sends a packet, node j receves the packet f and only f node sends the packet at a power level greater than or equal to P,j. It s possble that P,j =, whch means that even f node sends a packet at ts maxmum power level, node j stll cannot receve the packet. The above transmsson model s a bnary model. In Secton 6, we wll extend our results to lossy lnk models. As n prevous approaches, we model routng and forwardng as uncooperatve strategc games n game theory [34]. We call the games ad-hoc games. In an ad-hoc game, each player s a node who may partcpate n routng and packet forwardng. A node chooses an acton a. Gven a communcaton protocol, the acton a may or may not follow the protocol. Specfcally, for each computatonal task the protocol requres node to complete, a may replace the task wth an arbtrary polynomal-tme algorthm; for each message the protocol requres node to send, a may ether wthhold the message or replace t wth an arbtrary message and send the new message at an arbtrary power level. However, to smplfy our model, we do not allow a to send more messages than t s supposed n the protocol. As a notatonal conventon, we use a to denote the actons of all nodes, and a the actons of all nodes except node. Note that both a and a are vectors. Sometme we wrte a =(a,a ) to denote that the acton profle a where node takes acton a and the other nodes take actons a. The acton profle a of all nodes decdes each node s utlty n ths game. A node s utlty u conssts of two parts: u = c + p, where c s node s cost, and p node s payment. In ths paper, both cost and payment ncur for data packets. We gnore the cost of control packets because control packets are n general smaller and are only generated at the begnnng of a sesson. We dstngush two cases n explanng cost and payment: If node s outsde the packet forwardng path, then clearly both c and p should be. If node s on the packet forwardng path, then c stands for the energy cost consumed n forwardng data packets, 1 and p stands for the credt t receves from the system for forwardng the data packets. Whenever an ntermedate node forwards a data packet at power level l, the correspondng cost s l α, where α s a cost-of-energy parameter. Here α reflects node s nternal states such as remanng battery and the valuaton of each unt of power. Note that both c and p are decded by the actons of all players: c = c (a); p = p (a). DEFINITION 1. In a non-cooperatve strategc game, a domnant acton of a player s one that maxmzes ts utlty no matter what actons other players choose [34]. Specfcally, a s node s domnant acton f, for any a a and any a, u (a,a ) u (a,a ). It s clear that an deal ad-hoc network s a network where forwardng others packets s a domnant acton. More precsely we have the followng defnton for a forwardng-domnant protocol: DEFINITION 2. In an ad-hoc game, a forwardng-domnant protocol s a protocol n whch 1) a subset of the nodes are chosen to form a path from the source to the destnaton; 2) the protocol specfes that the chosen nodes should forward data packets, and 3) followng the protocol s a domnant acton. 2.2 Non-exstence of Forwardng-Domnant Protocol As a surprsng result, we show that there s no forwardng-domnant protocol for ad-hoc games. THEOREM 1. There does not exst a forwardng-domnant protocol for ad-hoc games. PROOF. We prove by contradcton. Suppose that there exsts a forwardng-domnant protocol. Then we consder a source node S, a destnaton D, and a node dstrbuton n whch there s a lnk (, j) on the packet forwardng path such that P,j <, whch means that node j can receve packets sent by node ; 1 We focus on transmsson power consumpton because recevng power consumpton s generally fxed and thus can be ncluded at a fxed value. There are also effectve methods such IEEE 82.11 sleepng modes to reduce power consumpton n dle states.

P,l =, for any l j, whch means that any other node cannot receve any packet sent by node. 2 Fgure 1 shows the setup. S communcaton radus usng maxmum power Fgure 1: Illustraton of the setup for the mpossblty result. We compare two acton profles. All nodes except node have the same actons n both profles. In both acton profles, any node except, j follows the protocol fathfully. Also n both acton profles, j almost follows the protocol except that t behaves as f t dd not receve the data packet wth sequence number, even f t does receve the packet. 3 However, has dfferent actons n these two profles: the acton a means that fathfully follows the protocol and forwards all packets; the acton a means that follows the protocol except that t dscards the data packet wth sequence number. Obvously, by no means can the system dstngush these two acton profles, because packet s always dscarded and there s no way to know who dscards t. Therefore, these two profles brng the same payment to : p (a,a ) =p (a,a ). On the other hand, a has a greater cost than a because t forwards one more packet: Thus we get c (a,a ) >c (a,a ). p (a,a ) c (a,a ) <p (a,a ) c (a,a ), whch s equvalent to u (a,a ) <u (a,a ). Ths contradcts the defnton of domnant acton. Remark The above theorem apples only f each node s autonomous and has the freedom to choose ts behavor. If, for example, the nodes behavor s restrcted by nstalled tamper-proof hardware, then a forwardng-domnant protocol can be desgned. Specfcally, consder the extreme stuaton n whch each node s completely bult on tamper-proof hardware n ths case, any protocol that forwards all packets s a domnant soluton. However, ad-hoc networks formed by nodes wth tamper-proof hardware may not be the common case. 2 We can make sure that such (, j) exsts on the packet forwardng path by consderng a stuaton n whch every path from S to D contans a lnk that satsfes the two condtons. Therefore, no matter whch path s chosen as the packet forwardng path, there s always a par (, j) on the packet forwardng path that satsfes these condtons. 3 It can be the case that j s utlty s lower f t pretends that t dd not receve the packet when t does receve the packet; for example, see [47]. However, ths s a vald acton of j. j D Remark The above theorem s vald n not only our model, but also many alternatve models. For example, although our model assumes asymmetrc lnks (.e., P,j s not necessarly equal to P j,), the above theorem s also vald wth symmetrc lnks (.e., (, j), P,j = P j,), f relable overhearng s not avalable. Even f we assume symmetrc lnks plus relable overhearng, the above theorem s stll vald as long as the protocol cannot always use the maxmum power level for transmsson. Proofs under these models are smlar. 3. THE CONCEPT OF A COOPERATION- OPTIMAL PROTOCOL Gven the surprsng result that there s no forwardng-domnant protocol to ad-hoc games, we need to weaken the requrements so that feasble protocols can be desgned and the protocols stmulate cooperaton. Below we ntroduce the concept of a cooperatonoptmal protocol for wreless ad-hoc networks wth non-cooperatve selfsh users. Specfcally, the routng and forwardng behavor of a node occurs n two stages: the routng stage and the forwardng stage. Accordngly, each node s acton n the ad-hoc game s dvded nto two parts: ts subacton n the routng stage and ts subacton n the packet forwardng stage. In the routng stage, the nodes subactons jontly decde a routng decson the content of ths routng decson s all nodes forwardng subactons, whch specfy what each node s supposed to do n the forwardng stage. In the forwardng stage, the routng decson (.e., what each node s supposed to do n ths stage) and the nodes forwardng subactons (.e., what each node really does n ths stage) jontly decde each node s utlty. Formally, we have a =(a (r),a (f) ), where a (r) s node s subacton n the routng stage, and a (f) s s subacton n the forwardng stage. Let a denote the actons of all nodes, a (r) the routng subactons of all nodes, and a (f) the subactons of all nodes durng packet forwardng. A routng decson R s decded by the routng subactons of all nodes: R = R(a (r) ). Snce a routng decson conssts of all nodes supposed forwardng subactons â (f), we also wrte R =â (f). Fnally, each node s utlty u s decded by the routng decson R and the nodes actual subactons a (f) n the forwardng game: u = u (R,a (f) ). It s clear that utltes gven as above are consstent wth the orgnal defnton of utltes n ad-hoc games. Remark The possblty of dvdng a game nto stages has also been suggested by Fegenbaum and Shenker n ther PODC tutoral sldes [14]. The defntons above dvde an ad-hoc game nto two stages. 3.1 Defnng Soluton Concept to the Routng Stage DEFINITION 3. Gven a routng decson, the prospectve routng utlty of a node s the utlty that t wll acheve under the routng decson, f all nodes n the packet forwardng stage follow the routng decson (.e., f each node takes the forwardng subacton

desgnated by the routng decson). Formally, let R(= â (f) ) be a routng decson. Then node s prospectve routng utlty s u (R) = u (R, â (f) ). Note that u (p) depends only on R, and that R s decded by the routng subactons a (r). Therefore, u (p) s decded by a (r). Formally, we wrte u (R) = u (R) (a (r) ). DEFINITION 4. In a routng stage, a domnant subacton of a potental forwardng node s one that maxmzes ts prospectve routng utlty no matter what subactons other players choose n ths stage. Formally, a (r) routng stage f, for any ā (r) u (R) (a (r) s node s domnant subacton n the a (r), any a (r) ) u(r) (ā (r) ). (1) Remark In the above defnton, note that a (r), ā (r) are all program segments responsble for routng. Because these program segments mght contan con flps (due to usng probablstc algorthms), for practcal purpose, we requre only that Equaton (1) be satsfed wth hgh probablty, 4 where the probablty s computed over the con flps n the nvolved program segments. Also note that n the above defnton we follow the conventon of focusng on motvatng nodes to forward traffc (e.g., [1, 11, 21, 33]); therefore the defnton apples only to the potental forwardng nodes. DEFINITION 5. A routng protocol s a routng-domnant protocol to the routng stage f followng the protocol s a domnant subacton of each potental forwardng node n the routng stage. To fnsh defnng the routng stage, we also need to decde who should do the route computaton. To avod an onlne central node to perform all computaton, n our model, the destnaton of each sesson does the computaton. Because the destnaton does not need to pay any node, nether wll t receve any payment, t s lkely to be relable. Ths s partcularly true n a hybrd archtecture such as [24, 28, 39], where the destnaton s a base staton. If there s a possblty that the destnaton s not trustworthy n computaton, we can apply a samplng technque to valdate the computaton of the destnaton. That s, for a randomly chosen sesson, a node may ntate a valdaton sesson to check f the computaton s vald. The node or a central authorty collects the relevant nformaton sent to the destnaton and verfes the computaton. In the case that the central authorty s not avalable onlne, f a node detects cheatng, t can report all relevant nformaton to the central authorty offlne. If cheatng by a destnaton s detected, a hgh penalty s assessed (e.g., the destnaton s removed from the system). To prevent potental denal of servce attack on such a valdaton process, the number of sessons that can be sampled by a node should be lmted. 3.2 Defnng Soluton Concept to the Forwardng Stage The separaton of routng and forwardng facltates desgn. However, there was no prevous study n the context of networkng n analyzng the ncentve ssues of a system consstng of multple 4 Hgh probablty means 1 mnus a neglgble functon, whch decreases super-polynomally. See, e.g., [19], for a formal defnton of neglgble functons. nterdependent protocols. To analyze such systems, we adopt the concept of extensve games. Specfcally, we consder an extensve game model. Ths model can be represented as a game tree: each vertex of the game tree corresponds to a wreless node (but each wreless node corresponds to multple vertces n the game tree) and each edge gong out of the vertex stands for a possble decson by ths node n the forwardng stage. See Fgure 2 for an example of game tree. Clearly, each subtree of the game tree corresponds to a subgame and each path from the root down to a leaf corresponds to a possble set of decsons by the wreless nodes n the forwardng stage. In classc game theory, such a path s sad to be a subgame perfect equlbrum f t s a Nash equlbrum for every subgame. drop tamper Node 1 forward Node 2 drop tamper forward drop tamper Fgure 2: An example game tree. Last node forward DEFINITION 6. A forwardng protocol s a forwardng-optmal protocol to the forwardng stage under routng decson R f all packets are forwarded to ther destnatons n ths protocol and followng the protocol s a subgame perfect equlbrum under routng decson R n the forwardng stage. 3.3 Defnng Soluton Concept to the Ad-hoc Game DEFINITION 7. A protocol s a cooperaton-optmal protocol to an ad-hoc game f ts routng protocol s a routng-domnant protocol to the routng stage; for a routng decson R generated by the precedng routng subactons, ts forwardng protocol s a forwardng-optmal protocol to the forwardng stage under R. To fnd a cooperaton-optmal protocol to an ad-hoc game, we frst desgn a routng-domnant protocol to the routng stage and then an forwardng-optmal protocol to the forwardng stage. Combnng these two protocols together, we desgn a cooperaton-optmal to the ad-hoc game. 4. A ROUTING PROTOCOL FOR THE ROUTING STAGE In ths secton, we present a protocol for the routng stage. The routng decson s based on the well-known VCG mechansm. However, we wll frst show that, a straghtforward applcaton of VCG to ths problem (e.g., the Ad-Hoc VCG protocol [1]) s not a domnantsubacton soluton due to the specal propertes of wreless ad-hoc networks. Then, we construct a domnant-subacton soluton by combnng VCG wth a novel cryptographc technque.

4.1 VCG Payment To motvate our desgn, we frst brefly descrbe a straghtforward applcaton of VCG to ths problem. (Ths s a smplfed verson of the Ad-Hoc VCG protocol [1]. We omt some detals of [1] to make the presentaton clearer.) Suppose that the destnaton collects the cost for each node to reach each of ts neghbors (where a neghbor s a node that the node under dscusson can reach at some power level l P). Denote the lowest (clamed-)cost path from the source S to the destnaton D by LCP (S, D); denote the lowest (clamed- )cost path from the source S to the destnaton D that does not nclude node by LCP (S, D; ). Then the destnaton smply chooses LCP (S, D) as the packet forwardng path from S to D, and the payment to node s p = cost(lcp (S, D; )) cost(lcp (S, D) {}), where the functon cost() sums the costs of all lnks on a path, LCP (S, D) {} conssts of the lnks on the LCP but wth the lnk startng from node removed, f node s on the path. The above descrpton assumes that the cost of each lnk s known to the transmtter of the lnk. However, the transmtter of a wreless lnk needs the recever s feedback to estmate the lnk cost, namely the requred power level. Handlng cheatng n estmatng lnk cost s a challengng task. Below we wll show that the lnk-cost estmaton scheme of the Ad-Hoc VCG protocol [1] s flawed; therefore ther overall protocol does not preserve ncentve compatblty. S Cost of lnk AB: A cheats only: 6 Gven A cheats, B cheats: 2 True cost: 1 4? 4 A B 6 6 C Fgure 3: Illustraton: VCG alone does not guarantee the exstence of a domnant-subacton soluton n routng. Consder the lnk-cost estmaton algorthm used n the Ad-hoc VCG protocol (see Equaton (2) of [1]). The transmtter sends a plot sgnal at a gven power level P emt ; the recever sends back the rato R between receved power level and target (mnmal) power level; and then the transmtter determnes ts transmsson power level P = P emt /R so that the operatonal power level s acheved at the recever. Gven ths protocol to determne lnk power level (.e., lnk cost), we have a smple example shown n Fgure 3 to show that a straghtforward applcaton of VCG cannot be a domnant-subacton soluton. Suppose that the real cost of lnk AB should be 1 (e.g., P emt = 5 and R = 5). Recall that a domnant subacton of B must be the best choce of B no matter what subactons other nodes (such as A) choose. Therefore, t s enough for us to consder the followng specfc subacton of A (wth an attempt to overclam ts lnk cost): A sends at P emt =5; after recevng the feedback about the rato R between receved and target power level at the recever, nstead of clamng 5/R, node A clams 5/R 6. Then, f B does not cheat, the clamed cost of lnk AB wll be 5/5 6=6; f B chooses a cheatng subacton (to underclam the cost by reportng R = 15), the clamed cost of lnk AB can be decreased back to 2. D Wth ths subacton of A, f B does not cheat, then the LCP s the lower path n the fgure, B receves zero payment and has a utlty of. If B takes the above cheatng subacton, t receves a payment of 12-4-2=6 whch covers ts cost of 4 on lnk BD and results n a postve utlty of 2. Therefore, wth ths subacton of A, t s benefcal for B to cheat. Consequently, truthfully helpng A to report the cost s not a domnant subacton of B by the defnton of domnant subacton. 5 Note that the above example uses a bnary estmaton scheme. We can show smlar examples usng other estmaton schemes such as the well-known SNR based scheme. We remark that the proof of Ad-Hoc VCG [1] s nvald n the case llustrated above. In the proof of ther Lemma 2, they argue that a node lke B n Fgure 3 wll not underclam the cost of AB because, wth the underclamed cost, A wll not be able to reach B n the data transmsson phase. However, ths argument becomes nvald f A cheats. Just as shown n Fgure 3, wth a cheatng A, when B underclams the cost of AB, the clamed cost (= 2) s stll hgher than the real cost (= 1) of the lnk. Therefore, A should stll be able to reach B n ths case, and so the proof s flawed. The above problem s a drect consequence of mutually dependent types. Wth prvate types, ths problem does not exst. To see ths, we look at the same example. However, ths tme each node can determne the costs of ts outgong lnks by tself. Therefore, f the clamed cost of AB s 3 when A takes a cheatng subacton and B does not cheat, then the clamed cost of AB s stll 3 when A takes the same cheatng subacton and B takes any cheatng subacton. As a result, B s cheatng s no longer benefcal. (To gan more nsght, nterested readers can refer to the proof n [11] that VCG mechansms result n domnant acton f each user has a prvate type.) Consequently, the man remanng techncal challenge s how to prevent neghbors from cheatng n determnng lnk cost. Below we present a cryptographc technque to address ths ssue. 4.2 Prevent Cheatng n Determnng Lnk Costs Consder a node and ts neghbor j. There are two possbltes of cheatng by node j regardng the cost P,j: Case (A): node j cheats by makng P,j greater. Case (B): node j cheats by makng P,j smaller. In case (A), because we choose the lowest clamed-cost path, node j becomes less lkely to be on the packet forwardng path (and thus less lkely to get pad). Even f node j s stll on the packet forwardng path, ts payment wll decrease. In summary, ths knd of cheatng s not benefcal to node j. Therefore, f we can fnd a way to prevent case (B), then we can prevent a neghbor from cheatng. We prevent case (B) usng a cryptographc technque. Node sends pseudo-random test sgnals at ncreasng power levels. Each test sgnal contans the cost nformaton of node at the correspondng power level. We requre that node j report all the test sgnals t receves to the destnaton. Because test sgnals sent at lower power levels are not receved by node j drectly and other nodes who can hear s sgnals can not relay them to j under our model n Secton 2, node j has no way to report such a test sgnal to the destnaton. 6 Fnally, the destnaton translates node j s reported test 5 Note that ths example does not nvolve any colluson, because a colludng group maxmzes the group s overall utlty n some sense (e.g., sum of group members utltes), whle n our example, we only consder the utlty of one sngle node, B. 6 Note that ths s a bnary lnk model. We wll consder a more general lossy lnk model n Secton 6.

sgnals to derve the correspondng costs and selects the mnmum cost for node to reach node j. To acheve the above goal, suppose that node shares key k,d wth the destnaton D. Also suppose that the dentfer of the sesson s (S, D, r), where r s a random number used to dstngush dfferent sessons wth source S and destnaton D. Then, for each avalable power level l (n ncreasng order), node computes a test sgnal h l by encryptng [S, D, r, l, α ] (where α s a cost-ofenergy parameter representng the cost of unt energy at node ) usng key k,d and attachng a Message Authentcaton Code (MAC) usng the same key. Snce only and D know k,d, only and D can compute these test sgnals (h l s). Furthermore, h l s protected by the MAC so that t s nfeasble for any other node to tamper wth h l. Note that, n the above formula, S, D, and r cannot be omtted because we do not want dfferent sessons to use the same h l. To set up a shared key k,d between node and destnaton D, we use the well-known Dffe-Hellman key exchange n cryptography: suppose that node has a prvate key k and a publc key K = g k, and that D has a prvate key k D and a publc key K D = g k D (where g s a prmtve root n a group where computng dscrete logarthm s hard). Then we have k,d = g k k D = (K D) k =(K ) k D. Note that node can get k,d by computng (K D) k and D can get t by computng (K ) k D. Readers who are not famlar wth cryptography can read references such as [41] for detals. 4.3 Protocol for the Routng Stage Gven the precedng soluton, next we present our routng protocol. The protocol s an on-demand routng protocol n that the source ntates a route dscovery after recevng a sesson from the applcaton layer. (For ease of presentaton, n the followng protocol descrpton we assume, P = P.) 4.3.1 Source node s test sgnals Source S starts a sesson of M packets. Source S dvdes the packets nto M/b blocks, where b s the number of packets n a block. Source S pcks a random number r. Let H be a cryptographc hash functon. S computes r = H M/b (r ). (Note that r depends on the number of blocks n the sesson ths property wll be useful n the packet forwardng protocol.) For each power level l P(n ncreasng order), S sends out (TESTSIGNAL, [S, D, r], [S, h l ]) at power level l, where h l contans an encrypton of [S, D, r, l, α S] usng key k S,D and a MAC of the encrypton usng the same key. 4.3.2 Intermedate node s test sgnals Upon recevng (TESTSIGNAL, [S, D, r], [P, h]) from an upstream neghbor P, an ntermedate node does the followng. Node sends out (ROUTEINFO, [S, D, r], [P,, h ]) at power level P ctr (where P ctr s a power level for control messages such that the communcaton graph s connected when all lnks use power level P ctr for transmsson). Here h s computed by encryptng h usng key k,d. For ntegrty, ths message s protected by a MAC usng key k,d. If the TESTSIGNAL s the frst one receves for sesson (S, D, r), then for each l P(n ncreasng order), node sends out (TESTSIGNAL, [S, D, r], [, h l]) at power level l, where h l contans an encrypton of [S, D, r, l, α ] usng the key k,d and a MAC of the encrypton usng the same key. 4.3.3 Route nformaton forwardng Upon recevng (ROUTEINFO, [S, D, r], [P,, h]), an ntermedate node j does the followng: If ths ROUTEINFO s new to node j, then node j sends out (ROUTEINFO, [S, D, r], [P,, h]) at power level P ctr. 4.3.4 Destnaton protocol Destnaton D mantans a cost matrx for each sesson (S, D, r). Each entry of ths matrx s an array of power level and cost-ofenergy parameter. Upon recevng (TESTSIGNAL, [S, D, r], h) from neghbor P, D decrypts h, verfes the MAC usng the key k P,D, and translates h to the correspondng power level l and cost-ofenergy parameter α P. D records (l, α P ) n the cost matrx s entry for lnk (P, D). Upon recevng (ROUTEINFO, [S, D, r], [P,, h]), D decrypts h, verfes the packet s MAC usng key k,d, and translates h to the correspondng power level l and cost-ofenergy parameter α P. D records (l, α P ) n the cost matrx s entry for lnk (P, ). After collectng all lnk cost nformaton, D checks, for each lnk, that the cost-of-energy parameter does not change. Then D chooses the mnmum power level n record for each lnk, whch determnes the mnmum lnk cost together wth the cost-of-energy parameter. D computes the lowest cost path from S to D n ths cost graph, usng Djkstra s algorthm. Denote the computed lowest cost path by LCP (S, D). LCP (S, D) s the chosen path for packet forwardng. Recall that the lowest cost path n the graph wthout node by LCP (S, D; ). Then the unt payment (.e., the payment for one data packet) to node s p = cost(lcp (S, D; )) cost(lcp (S, D) {}). (Note that all the above computaton can be fnshed n O(N 3 ) tme.) 4.4 Analyss of the Routng Protocol THEOREM 2. If the destnaton s able to collect all nvolved lnk costs, then the protocol gven n Secton 4.3 s a routng-domnant protocol to the routng stage. be the subacton of node n the routng stage that follows the protocol fathfully. Let ā (r) be a dfferent sub-acton. Let a (r) be an arbtrary subacton profle of all other nodes n ths stage. We wll show that a (r) PROOF. Consder node. Let a (r) u (R) (a (r) ) u(r) (ā (r) ). We note that the dfference n node s subacton (ā (r) versus ) can only lead to dfference n the clamed costs of lnk (, j) s a (r) and/or lnk (j, ) s (whch, n turn, may nfluence the routng decson and the prospectve utlty). Because we are usng VCG payment, the prospectve utlty of node s ndependent of clamed costs of lnk (, j) s. So t s enough to consder the dfference n clamed costs of lnk (j, ) s. Note that our cryptographc technque prevents node from reducng costs of lnk (j, ) s (wth hgh probablty). Therefore, wth ā (r), the clamed costs of lnk (j, ) s can

only be greater or unchanged. For smplcty, let us assume that the cost of only one lnk (j, ) s ncreased by ā (r). (If more than one such lnk costs are ncreased, we can prove the result smlarly, by consderng the change of one lnk cost at a tme.) There are three cases: (1) Wth a (r), node s not on the packet forwardng path. In ths case, wth ā (r), node s stll not on the packet forwardng path, because ncreasng an upstream neghbor s cost to reach a node cannot move ths node tself to the lowest cost path. Therefore, u (R) (a (r) )=u(r) (ā (r) )=. (2) Wth a (r), node s on the packet forwardng path, but the lnk (j, ) s not (.e., node j s not the upstream neghbor of node along ths path). Then wth ā (r) (.e., wth ncreased cost of lnk (j, )), the packet forwardng path s not changed. Because the lnk (j, ) s not on LCP (S, D), cost(lcp (S, D)) s not changed. Because the lnk (j, )) has an end pont, t cannot be on LCP (S, D; ); thus cost(lcp (S, D; )) s not changed. Therefore, p s not changed. Consderng the cost of s not changed as well, we know that s prospectve utlty s not changed: u (R) (a (r) )=u(r) (ā (r) ). (3) Wth a (r), node s on the packet forwardng path, and so s the lnk (j, ) (.e., node j s the upstream neghbor of node along ths path). Then wth ā (r), we wll have a greater cost(lcp (S, D)). Therefore, p decreases and so does the prospectve utlty: u (R) Thus we fnsh the proof. (a (r) ) >u(r) (ā (r) ). Remark Note that a routng-domnant protocol works n practce only f the computed payments can be enforced, and that the enforcement of payments s addressed n the forwardng stage. Remark All the above analyss gnores the cost of control messages. Remark Our proof covers all possble subactons, ncludng clamng false power levels and clamng false cost-of-energy parameters. 5. A SECURE FRAMEWORK FOR THE PACKET FORWARDING STAGE In the precedng secton we have descrbed our routng protocol, n ths secton we descrbe our packet forwardng protocol. 5.1 Desgn Technques We frst descrbe our desgn technques. 5.1.1 Block confrmaton usng reversed hash chan For effcency, data packets of a sesson wth M packets are transmtted n blocks. Each block conssts of b packets (except the last block n a sesson whch may have fewer packets). After the transmsson of each block, the destnaton gves the ntermedate nodes a confrmaton, whch proves that they have succeeded n transmttng ths block. Only after gettng ths confrmaton wll the ntermedate nodes contnue to forward the next block. We gve a very effcent way to mplement block confrmatons usng reversed hash chan. Recall that H s a cryptographc hash functon. Let r be a random number selected by the source of a sesson. The source computes r m = H m (r ) for block m. Because there are altogether M/b blocks, we let r = r M/b. The source makes r publc and computes r M/b m as the confrmaton of the m-th block. Therefore, t s very easy for any ntermedate node (and any outsder) to verfy ths confrmaton by checkng r = H m (r M/b m ). On the other hand, t s nfeasble for any ntermedate node to forge the confrmaton of any block that has not been successfully transmtted to the destnaton. Note that, when an ntermedate node receves the confrmaton of the m-th block, t can drop the confrmaton of the (m 1)-th block because the m-th block s confrmaton actually proves that all the frst m blocks have been successfully transmtted. 5.1.2 Mutual decson to resolve conflct It s stll possble that the source and the ntermedate nodes dsagree about whether the next block (.e., the block mmedately after the last one that has a confrmaton) has been successfully transmtted. To elmnate the ncentves to cheat, we use a technque called mutual decson [23]. That s, the source decdes whether the ntermedate nodes should be pad for the next block, whle the ntermedate nodes decde whether the source should be charged for ths block. Note that no node wll decde payment/charge to tself for ths block. Therefore, every node has no ncentve to cheat. Specfcally, the source sends the encrypted confrmaton at the end of the correspondng block to the destnaton, and the destnaton releases the (decrypted) confrmaton f t has receved the block successfully. If an ntermedate node has transmtted a block but does not get the confrmaton, t submts the routng decson to the system (e.g. the central bank n [47]) so that the source s stll charged for ths block. 5.2 Protocol for Packet Forwardng 5.2.1 Routng decson transmsson phase Upon fnshng the routng dscovery phase, the destnaton D sends the routng decson ([S, D, r],lcp(s, D),P S, {(P,p ) s an ntermedate node on LCP (S, D)}), wth a dgtal sgnature along the reversed path of LCP (S, D), where P (resp., P S) s the power level that node should use to forward (resp., send) data packets and p s the unt payment node should receve. Each ntermedate node forwards the routng decson at a power level that can reach the upstream neghbor of the forward path of LCP (S, D). For ease of explanaton, we assume lnks are bdrectonal n ths secton. 5.2.2 Data transmsson phase Upon recevng the sgned routng decson, the source verfes the dgtal sgnature accompaned the decson. If the sgnature s vald, the source enters the data transmsson phase. In ths phase, the source and the ntermedate nodes send data packets at the computed power levels (P S or P n the routng decson, respectvely). The source node sends out data packets n blocks. Recall that each block contans b packets. Together wth the last data packet n the m-th block, the source sends out r M/b m = H M/b m (r ) (whch s encrypted usng key k S,D = K k S D ). Then t wats for a confrmaton before t sends the next block. Once the source sends out packets n a block, the ntermedate nodes forward them along LCP (S, D) to the destnaton. After fnshng a block, the ntermedate nodes also wat for a confrmaton before they start forwardng the next block. Once the destnaton receves all the packets n a block, t decrypts r M/b m. It

sends r M/b m n clear-text back along LCP (S, D), as a confrmaton of ths block. Upon recevng the confrmaton of the mth block, each ntermedate node verfes that r = H m (r M/b m ). If ths s correct, then the ntermedate node saves the confrmaton (whch replaces the prevously saved confrmaton n ths sesson) and forwards t back along LCP (S, D). Upon recevng the confrmaton of one block, the source node starts sendng the next block. Suppose that, n a sesson, the last confrmaton saved by node s r M/b m. Then all node j before on the path gets a payment of p j b m from the source by submttng ths confrmaton to the system. If some packets n the (m +1)-th block have been transmtted but the confrmaton s never receved, then the ntermedate nodes submt the routng decson to the system so that the system charges the source node p b n addton. Note that ths amount of credt does not go to the ntermedate nodes, but goes to the system. 5.3 Analyss of the Packet Forwardng Protocol THEOREM 3. Suppose that R s a routng decson computed by the routng subactons desgnated by the protocol n Secton 4.3. Assume that, for any node on the packet forwardng path, the computed payment s greater than the cost. Then the protocol presented n Secton 5.2 s a forwardng-optmal protocol to the packet forwardng stage under R. PROOF. We use a standard game-theoretc technque, backward nducton, to gve our proof. Usng ths technque, we start from the end of the forwardng stage and show that the ntermedate nodes should forward the confrmaton of the last block as specfed n the protocol; then we go back n tme and show that each node makng a decson n the forwardng stage should follow the protocol; thus, we can conclude that followng the protocol s a subgame perfect equlbrum. It s clear that each ntermedate node should forward the confrmaton of the last block because we gnore the cost of control packets (no matter they forward control packets or not, they get the same amount of payment and have the same amount of cost). Gong back one step n tme, we fnd that, for the same reason, the destnaton should send out ths confrmaton. Furthermore, we note that the last node on the path before the destnaton should forward the last packet to the destnaton, because otherwse t would not get the confrmaton and would lose the payment for the last block. Therefore, each node on the path should also forward the packet gven that the nodes after t would forward the packet. A smlar argument works for every packet n the last block. Then we go back to the last-but-one block and have a smlar argument for ths block. Fnally, we go back to the routng decson transmsson phase. In the phase, note that the ntermedate nodes cannot tamper wth the routng decson because t s protected by a dgtal sgnature. If an ntermedate node drops or corrupts the routng decson packets, then the sesson stops and t has a utlty of. Because the payment would be greater than the cost f the sesson does not stop, t s a better choce for the node to forward the routng decson packets. Remark The precedng theorem requres the condton that for any node on the packet forwardng path, the computed payment s greater than the cost. Ths condton s necessary to avod the scenaro that f the payment s equal to the cost, then a slght dsturbance wll cause the node to behave dfferently. Ths condton s practcal n that t s unlkely that a node wll cooperate f the payment s just enough to cover the cost. THEOREM 4. Our complete protocol, ncludng the routng protocol n 4.3 and the packet forwardng protocol n 5.2, s a cooperatonoptmal protocol to ad-hoc games under prevous condtons. PROOF. Ths mmedately follows from Theorems 2 and 3. 6. EXTENSION TO LOSSY LINKS In the precedng sectons, we study ad-hoc games usng the bnary lnk model, whch assumes that there exsts a power threshold for each lnk, such that any packet sent at ths power level or above can be receved, and that any packet sent at any lower power level cannot be receved. However, n some networks, we may need to consder lossy lnks (see, e.g., [2, 1, 25, 16, 45, 46]). For such lnks, packets receptons are probablstc n the sense that each packet s receved wth a probablty, and the probablty s decded by the power level at whch the packet s sent. In ths secton, we show how to extend our work for the bnary lnks to these lossy lnks. Wth such lossy lnks, there are three questons that need to be addressed: (1) For each lnk, how do we estmate the transmsson success rate at each power level? (2) For each lnk, gven the transmsson success rate at each power level, how do we choose the power level at whch data packets should be sent? (3) How do we adapt our protocols to lossy lnks, usng the answers to (1) and (2)? 6.1 Estmatng Transmsson Success Rate Consder a lnk (, j). Suppose that, when node sends a packet at power level l, the transmsson success rate, (.e., the probablty that node j receves ths packet,) s S,j(l). What we need to do s to estmate S,j(l) for l P. To estmate S,j(l), we let node send N s packets. Suppose that node j receves N r of them. If we smply estmate S,j(l) based on these N s packets, then clearly our estmate of S,j(l) s Ŝ,j(l) = Nr. N s However, we actually have more nformaton that we can use for estmatng S,j(l): We know that S,j(l) s a monotoncally ncreasng functon of l. 7 Therefore, we can use the followng algorthm to estmate S,j(l): (For notatonal smplcty, we present the algorthm for the case P = {1, 2,...,P max}. It s straghtforward to extend ths algorthm to any power level set P.) For l =1,...,P max, set x(l) = Nr N s. Set Ŝ,j(1) = x(1). For l =2,...,P max, fx(l) max l <l{x(l )}, then set Ŝ,j(l) = x(l); otherwse leave ths entry empty, because ths entry volates the knowledge that S,j(l) must be ncreasng. For l =2,...,P max, fŝ,j(l) s an empty entry, do the followng: Case A: There s a non-empty entry after Ŝ,j(l). Then suppose that the nearest non-empty entry before Ŝ,j(l) s Ŝ,j(l ), and that the nearest non-empty entry after t s Ŝ,j(l ). We gve an estmate of S,j(l) usng a lnear nterpolaton based on these two values: Ŝ,j(l) =((l l)ŝ,j(l )+(l l )Ŝ,j(l ))/(l l ). 7 We may even know more than that. For example, certan analytcal expressons can be derved for the transmsson success rate n some lnk models [37]. However, because these models are stll under nvestgaton, we do not utlze such nformaton.

Case B: There s no non-empty entry after Ŝ,j(l). Then suppose that the nearest non-empty entry before Ŝ,j(l) s Ŝ,j(l ). We gve an estmate of S,j(l) usng a lnear nterpolaton based on Ŝ,j(l ) and an magnary transmsson success rate of 1 at power level P max +1: Ŝ,j(l) = ((P max +1 l)ŝ,j(l ) +(l l ))/(P max +1 l ). The above algorthm computes an optmstc estmate n the sense that t never underestmates the transmsson success rate at any power level based on the transmsson success rates at other power levels. Ths property wll be useful when we desgn our routng protocol for lossy lnks. 6.2 Choosng Power Level Gven the estmated transmsson success rates, we need to choose a power level for each lnk at whch the data packets are sent. For each power level l, we consder the rato S,j(l)/l; our choce s the power level that maxmzes ths rato. Formally, we choose L = arg max S,j(l)/l. (2) l We have the followng result: LEMMA 1. For a lnk (, j), suppose that node resends each data packet untl t s receved by node j. 8 Then sendng data packets at power level L has the mnmum expected power consumpton. Remark At any node, the cost s proportonal to the power consumpton. Therefore, our choce of power level also mnmzes the cost. 6.3 Adaptng to Lossy Lnks Usng the results presented above, we can easly adapt our protocol to lossy lnk models. In the routng stage, we need to update the protocol as the followng: When a source node S sends TESTSIGNAL, t sends N s packets at each power level, where N s s a constant. Specfcally, for l P, S sends out (TESTSIGNAL, [S, D, r], [S, h l,t ]) (for t =1, 2,...,N s) at power level l, where h l,t = H(k S,D, [[S, D, r, l, t],σ]). In the above, σ s a MAC of [S, D, r, l, t] usng key k S,D. Smlarly, when an ntermedate node sends TESTSIGNAL, t sends N s packets at each power level. Specfcally, for l P, node sends out (TESTSIGNAL, [S, D, r], [, h l,t]) (for t =1, 2,...,N s) at power level l, where h l,t = H(k,D, [[S, D, r, l, t],σ]). In the above, σ s a MAC of [S, D, r, l, t] usng key k,d. If an ntermedate node receves TESTSIGNAL, no matter t s the frst one from the upstream neghbor or not, node sends out a correspondng ROUTEINFO packet. When the destnaton node D receves a TESTSIGNAL (no matter t s the frst one from the upstream node or not) or 8 We assume that the node j gves an acknowledgment sgnal such as CTS after t receves the packet. We gnore the cost of ths acknowledge sgnal because t s very small. ROUTEINFO, node D translates the pseudo-random value to the correspondng power level and records t. After collectng all the lnk cost nformaton, D checks, for each lnk, that the cost-of-energy parameter does not change. Then D counts how many packets are receved at each power level for each lnk, and estmates the transmsson success rates as we show above. Node D pcks a power level for each lnk as we show above, and proceeds to compute the VCG payment. THEOREM 5. Suppose that the estmaton algorthm of transmsson success rates gves accurate results. (That s, the algorthm outputs accurate transmsson success rates f the nput were really the number of packets receved.) If the destnaton s able to collect all lnk costs, then the updated protocol presented above s a domnant-subacton soluton to the routng stage n the lossy lnk models. Remark The above theorem apples only f the estmaton s accurate. If the estmaton has certan errors, then theoretcally the protocol s no longer a domnant-subacton soluton. However, because a node normally does not have suffcent knowledge about the estmaton errors n each partcular sesson, t s unlkely that a node can beneft by explotng such errors. Furthermore, t s possble to acheve approxmate domnant-subacton n the sense that the beneft of cheatng s small and bounded. When VCG payments or outcomes cannot be computed exactly due to computatonal or communcaton complexty, how to archve approxmate domnant acton s stll under actve study n algorthmc game theory [32]. We leave ths to our future work. To adapt our forwardng protocol to lossy lnks, we only need to requre that each ntermedate node keeps resendng each data packet untl t s receved by the next hop node. THEOREM 6. Suppose that the estmatng algorthm of transmsson success rates gves accurate results. Let R be the routng decson computed by the routng subactons desgnated by the protocol n Secton 4.3. Assume that, for any node on the packet forwardng path, the computed payment s always greater than the cost. Then, the updated forwardng protocol s a forwardngoptmal protocol to the packet forwardng stage under routng decson R. 7. EVALUATIONS In ths secton we evaluate our protocols. 7.1 Smulaton Setup To perform the evaluatons, we mplement our protocols usng the GloMoSm smulaton package [17]. Our protocols are mplemented n the applcaton layer to allow maxmum flexblty. We bypass the routng layer and use source routng. We use IEEE 82.11 (at 2 Mbps) as the MAC layer to capture contentons. We also modfy the propagaton and rado layer to be able to send at multple power levels. We perform smulatons n varous setups. In ths paper we report the results from one typcal setup to evaluate and llustrate the behavors of our protocols. The setup conssts of 3 nodes that are randomly dstrbuted n an area of 2 by 2 meters. Each node has two transmsson power levels at 7 and 14 dbm. The α value of each node s 1. The propagaton model s free space model and addng nose does not change the results much. The connectvty of the nodes are shown n Fgure 5.

We generate traffc randomly. The start of a sesson (namely a source-destnaton par) at a node (n whch ths node s the source) s a Posson arrval. The expected tme nterval between two sessons from the same node s 6 seconds. The destnaton of each sesson s pcked unformly from all nodes except the source. The number of packets n each sesson s unformly dstrbuted from 1 to 1, wth packet sze beng 124 bytes. 7.2 Evaluaton Results credt balance 2 15 1 5 node 14 node 23 node 3 node 19 node 15 node 22 node 2 node 2 node 13 node 5 node 28 2 15 1 11 16 26 2 19 9 28 2 21 7 15 27 3 29 8 14 24 5 18 23 17 22 5 1 4 13 12 6 25 1 5 1 15 2 Credt Balance Energy Cost -5 energy cost -1 1 2 3 4 5 6 7 8 9 seconds (a) credt balance 1 9 8 7 6 5 4 3 2 1 node 14 node 23 node 3 node 19 node 15 node 22 node 2 node 2 node 13 node 5 node 28 1 2 3 4 5 6 7 8 9 seconds (b) forwardng energy cost Fgure 4: A network wth 3 nodes runnng for 15 mnutes. We start our evaluaton by observng the credt balance of the nodes (namely the total credt receved by forwardng others traffc mnus the total credt pad n order to send one s own traffc). Fgure 4 (a) shows the credt balances of the nodes for a duraton of 15 mnutes. The ntal credt of each node s. We observe that the credt balances of some nodes ncrease monotoncally whle those of some other nodes decrease monotoncally. Fgure 4 (b) shows the accumulatve energy the nodes spent n forwardng others traffc. Comparng Fgure 4 (a) wth Fgure 4 (b), we observe that the nodes accumulatng more credts also spend more energy n forwardng others traffc. Thus t shows that the protocols are far. Fgure 5 nvestgates the relatonshp among credt balance, the total energy spent n forwardng others traffc, and the poston of a node. In ths fgure, we draw two crcles at each node. The area of the sold crcle represents the credt balance of a node (after shftng to make all credt balance non-negatve), and that of the dashed Fgure 5: A network wth 3 nodes. The ID s of the nodes are labeled. A lnk between two nodes ndcates that they are neghbors. To avod too many lnks, lnks between nodes at close locatons are not drawn. The credt balance and forwardng energy cost at the end of 15 mnutes are represented by the szes of the crcles. crcle shows the energy the node spent n forwardng others traffc. We can observe that the poston and connectvty of a node are the major factors whch determnes the number of packets a node forwards as well as the payment t receves for forwardng each packet. In general the nodes n the center of the network forward more packets, thus earnng more credts. Ths can be observed from the fgure snce the larger crcles are n general n the center of the network. However, nodes 1, 3, 21, although at the permeter, also earn more credts because they are on the crtcal paths of some other nodes. Fgure 6 further nvestgates the relatonshp among Eucldean dstance of the source and the destnaton of a sesson, the payment to the ntermedate nodes, and the energy consumed by the ntermedate nodes. In ths fgure, we plot two ponts for each sesson. One pont has ts x coordnate as the Eucldean dstance from the source to the destnaton, and y coordnate as the total credts the source pays; the other pont has ts x coordnate as the Eucldean dstance from the source to the destnaton, and y coordnate as the total cost the other nodes used to forward packets for ths sesson. It s clear from ths fgure that payment s almost always hgher than cost when there are ntermedate nodes forwardng packets. We also observe that payment and forwardng energy cost can exhbt nterestng behavors. For the sessons wth node 19 as the source, at short dstance, payment and cost are both zero because node 19 can reach ts destnatons drectly. Then, the further away the destnaton, the hgher the forwardng energy cost other nodes spent, and the hgher the payment to the ntermedate nodes. On the other hand, for sessons wth node 28 as the source, although the forwardng energy cost s n general ncreasng, the payment exhbts nterestng behavors. At low dstance, the payment s ether very low or very hgh. The explanaton s that f the destnaton s at the lower half of the network, snce node 3 s a crtcal pont, then node 28 needs to make a hgh payment because the alternatve path s

credt/energy cost 18 16 14 12 1 8 6 4 2 3 6 9 12 15 18 dstance (a) node 19 as sesson source credt/energy cost 18 16 14 12 1 8 6 4 2 5 1 15 2 25 dstance (b) node 28 as sesson source Fgure 6: Relatonshp among Eucldean dstance, payment, and forwardng energy cost. The ponts labeled wth + are payment and those wth x are forwardng energy cost. the long path through the upper half of the network; on the other hand, f the destnaton s at the upper half of the network, the competton between nodes 21 and 26 reduces the payment. At long dstance, namely for destnatons at the opposte sde of the network, node 28 has two alternatve paths wth smlar energy costs; thus the payment can be even lower. Our system assumes that each node wll always forward packets f dong so can maxmze ts utlty, and always generate packets f there s a request for communcaton from the applcaton layer. One nterestng experment s that a node wll no longer generate any new packets after ts credt balance s below a threshold. Ths s reasonable snce f a node can have very negatve credt balance, then other nodes may not have ncentves to forward ts packets. Parts (a) and (b) of Fgure 7 show the evoluton of credt balances and forwardng energy cost. The threshold s -3. We observe that the threshold prevents the credt balances of nodes 5, 22 and 2 from droppng below -3. As a result, nodes 5, 22 and 2 wll stop generatng new packets after ther balances are below the threshold, forward others packets to earn credts, and then generate ther own packets after they have earned enough credts. A negatve effect of ths threshold, however, s that t may also reduce the total throughput of the network. Fgure 8 verfes the reducton of the total packets delvered n the network. We observe that at the begnnng the network wth the threshold and that wthout the threshold acheve smlar throughput. However, as tme evolves, the threshold approach clearly slows down. Fnally we study the effects of cheatng. Snce we have already establshed the ncentve-compatblty of our protocols, the results are manly to llustrate the negatve effects of cheatng. Specfcally, we study the effects when an ntermedate node tres to cheat by falsely reportng the costs of the lnks from tself to ts neghbors. Ths can be done by sendng values that are ether hgher or lower than the true costs n the transmtted TESTSIGNAL s. Parts (a) and (b) of Fgure 9 show the evolutons of credt balances and forwardng energy cost of node 3 n four dfferent settngs: node 3 cheats or s honest, and the other nodes cheat or are honest. In these evaluatons, a node cheats by sendng a cost that s hgher than the true cost; the results for sendng a cost that s lower than true cost are worse snce packets may be dropped. For the settngs where the other nodes cheat, a node cheats wth probablty.5. We observe from the fgures that node 3 accumulates the hghest amount of credts when t s honest and the others try to cheat. On the other credt balance energy cost 2 15 1 5 12 1 8 6 4 2 node 14 node 23 node 3 node 19 node 15 node 22 node 2 2 4 6 8 1 12 14 16 18 seconds node 14 node 23 node 3 node 19 node 15 node 22 node 2 (a) credt balance 2 4 6 8 1 12 14 16 18 seconds (b) forwardng energy cost Fgure 7: A network wth 3 nodes runnng for 3 mnutes wth balance threshold.

credt balance 18 16 14 12 1 8 6 4 2 honest when others cheatng cheatng when others cheatng -2 honest when others honest cheatng when others honest -4 2 4 6 8 1 12 14 16 18 seconds (a) credt balance energy cost 7 6 5 4 3 2 1 honest when others cheatng cheatng when others cheatng honest when others honest cheatng when others honest 2 4 6 8 1 12 14 16 18 seconds (b) forwardng energy cost Fgure 9: Node 3 cheats or follows the protocols when the other nodes n the network cheat or follow the protocols. packets 3 25 2 15 1 5 delvered packets delvered packets wth threshold 2 4 6 8 1 12 14 16 18 seconds Fgure 8: Reducton n throughput after usng threshold. hand, when t tres to cheat but the others are honest, node 3 accumulates the least amount of credts. It s clear that followng the protocols brngs the hghest utlty to node 3. 8. CONCLUSION AND FUTURE WORK Wreless ad-hoc networks are often formed by nodes belongng to ndependent enttes. These nodes do not have to cooperate unless they have ncentves to do so. Therefore, both routng and packet forwardng become games. We propose the feasble noton of cooperaton-optmal protocols and desgn the frst ncentve-compatble, ntegrated routng and forwardng protocol n wreless ad-hoc networks. Combnng ncentve mechansms and securty technques to address the ssue that a lnk s cost s not prvate but s determned by two nodes, we desgn novel routng protocols for both determnstc lnk models and probablstc lnk models. We show that followng the protocols s a domnant acton for ths stage. We also show that there does not exst a forwardngdomnant protocol. The mplcaton of ths result s that, forwardng others traffc may not always result n maxmal utlty for a node. A node may choose not to forward n some cases n order to maxmze ts utlty, dependng on other nodes actons. We propose an effcent forwardng protocol based on the use of hash chans n cryptography to delver payments. Our smulaton results demonstrate that our protocols provde ncentves for node to forward packets. There are many avenues for further exploraton. In ths paper, we consdered only the ntegraton of routng and forwardng. If a network s capacty lmted, nodes may charge congeston prce n addton to energy cost. Thus, we may have to deal wth ncentve ssues n meda access control (e.g., [7]) and congeston control as well. Applcaton layer may also have ts ncentve ssues [18]. Of partcular nterest s a general model that can ntegrate solutons for these layers wth the soluton proposed n ths paper. We have assumed farly general node acton space. A possble research drecton s to desgn practcal and effcent solutons wth the support of secure hardware to lmt a node s acton space. Other nterestng and related open questons nclude key management n ad-hoc network, ssues related wth node churns, moblty, ntermttently reachable nodes, colludng selfsh nodes, and malcous nodes. In partcular, our use of cryptographc technques to solve game theory problems n wreless ad-hoc networks s novel. Ths paper shows the frst example and we beleve that t s a promsng drecton and can be appled n many other settngs such as congeston control games. Acknowledgments We thank the students at Yale who took CS434/534 n the sprng of 24 for ther feedback to our protocols. We thank Joan Fegenbaum for gvng us valuable comments. We are also grateful to the revewers and the shepherd Mchael Wallbaum for ther valuable comments whch mprove the paper. 9. REFERENCES [1] L. Anderegg and S. Edenbenz. Ad hoc-vcg: a truthful and cost-effcent routng protocol for moble ad hoc networks wth selfsh agents. In Proceedngs of the Nnth Internatonal Conference on Moble Computng and Networkng (Mobcom), San Dego, CA, Sept. 23. [2] H. Balakrshnan and R. Katz. Explct loss notfcaton and wreless web performance. In Proceedngs of IEEE Globecom Internet Mn-Conference, 1998. [3] S. Buchegger and J.-Y. Le Boudec. Nodes bearng grudges: Towards routng securty, farness, and robustness n moble ad hoc networks. In Proceedngs of the Tenth Euromcro

Workshop on Parallel, Dstrbuted and Network-based Processng, 22. [4] S. Buchegger and J.-Y. Le Boudec. Performance analyss of the CONFIDANT protocol: Cooperaton of nodes - farness n dynamc ad-hoc networks. In Proceedngs of the Thrd ACM Symposum on Moble Ad Hoc Networkng and Computng (MobHoc), Lausanne, Swtzerland, June 22. [5] L. Buttyan and J. P. Hubaux. Enforcng servce avalablty n moble ad-hoc WANs. In Proceedngs of the Frst ACM Workshop on Moble Ad Hoc Networkng and Computng (MobHoc), Boston, Massachusetts, Aug. 2. [6] L. Buttyan and J. P. Hubaux. Stmulatng cooperaton n self-organzng moble ad hoc networks. ACM Journal for Moble Networks (MONET), specal ssue on Moble Ad Hoc Networks, summer 22. [7] M. Cagalj, S. Ganerwal, I. Aad, and J. P. Hubaux. On selfsh behavor n csma/ca networks. In Proceedngs of IEEE INFOCOM, Mam, Florda, USA, March 25. [8] Csco Systems Inc. Data sheet for csco aronet, 24. [9] E. Clarke. Multpart prcng of publc goods. Publc Choce, 11:17 33, 1971. [1] D. D. Couto, D. Aguayo, J. Bcket, and R. Morrs. A hgh-throughput path metrc for mult-hop wreless routng. In Proceedngs of the Nnth Internatonal Conference on Moble Computng and Networkng (Mobcom), San Dego, CA, Sept. 23. [11] J. Fegenbaum, C. Papadmtrou, R. Sam, and S. Shenker. A BGP-based mechansm for lowest-cost routng. In Proceedngs of the 21st Symposum on Prncples of Dstrbuted Computng, Monterey, CA, July 22. [12] J. Fegenbaum, C. Papadmtrou, and S. Shenker. Sharng the cost of multcast transmssons. Journal of Computer and System Scences (Specal ssue on Internet Algorthms), 63:21 41, 21. [13] J. Fegenbaum and S. Shenker. Dstrbuted algorthmc mechansm desgn: Recent results and future drectons. In Proceedngs of the Sxth Internatonal Workshop on Dscrete Algorthms and Methods for Moble Computng and Communcatons, ACM Press, Sept. 22. [14] J. Fegenbaum and S. Shenker. Incentves and Internet algorthms. Tutoral gven at PODC 23. Avalable at http://www.cs.yale.edu/ jf/podc3.ppt, July 23. [15] M. Felegyhaz, L. Buttyan, and J. P. Hubaux. Equlbrum analyss of packet forwardng strateges n wreless ad hoc networks the statc case. In Proceedngs of Personal Wreless Communcatons (PWC), Vence, Italy, 23. [16] D. Ganesan, B. Krshnamachar, A. Woo, D. Culler, D. Estrn, and S. Wcker. Complex behavor at scale: An expermental study of low-power wreless sensor networks. Techncal Report UCLA/CSD-TR 2-13, Computer Scence Department, UCLA, July 22. [17] GloMoSm. http: //pcl.cs.ucla.edu/projects/glomosm/. [18] M. Goemans, L. E. L, V. S. Mrrokn, and M. Thottan. Market sharng games appled to content dstrbuton n ad-hoc networks. In Proceedngs of the Ffth ACM Symposum on Moble Ad Hoc Networkng and Computng (MobHoc), New York, NY, USA, 24. [19] O. Goldrech. Foundatons of Cryptography: Volume 1, Basc Tools. Cambrdge Unversty Press, Aug. 21. [2] T. Groves. Incentves n teams. Econometrca, 41:617 663, 1973. [21] J. Hershberger and S. Sur. Vckrey prces and shortest paths: What s an edge worth? In Proceedngs of the 42nd Annual Symposum on Foundatons of Computer Scence, Las Vegas, Nevada, Oct. 21. [22] E. Huang, J. Crowcroft, and I. Wassell. Rethnkng ncentves for moble ad hoc networks. In Proceedngs of ACM SIGCOMM Workshop on Practce and Theory of Incentves and Game Theory n Networked Systems, Portland, OR, Sept. 24. [23] M. Jakobsson. Rppng cons for a far exchange. In Advances n cryptology, EUROCRYPT, 1995. [24] M. Jakobsson, J. P. Hubaux, and L. Buttyan. A mcropayment scheme encouragng collaboraton n mult-hop cellular networks. In Proceedngs of Fnancal Crypto, La Guadeloupe, Jan. 23. [25] A. Konrad, B. Zhao, A. Joseph, and R. Ludwg. Explct loss notfcaton and wreless web performance. In Proceedngs the Fourth ACM Internatonal Workshop on Modelng, Analyss and Smulaton of Wreless and Moble Systems, Rome, Italy, July 21. [26] D. M. Kreps. Game Theory and Economc Modelng. Oxford Press, 1991. [27] Y.-B. Ln and I. Chlamtac. Wreless and Moble Network Archtectures. John Wley and Sons, 2. [28] H. Luo, R. Ramjee, P. Snha, L. L, and S. Lu. UCAN: A unfed cellular and ad-hoc network archtecture. In Proceedngs of the Nnth Internatonal Conference on Moble Computng and Networkng (Mobcom), San Dego, CA, Sept. 23. [29] R. Mahajan, M. Rodrg, D. Wetherall, and J. Zahorjan. Experences applyng game theory to system desgn. In Proceedngs of ACM SIGCOMM Workshop on Practce and Theory of Incentves and Game Theory n Networked Systems, Portland, OR, Sept. 24. [3] S. Mart, T. Gul, K. La, and M. Baker. Mtgatng routng msbehavor n moble ad hoc networks. In Proceedngs of the Sxth Internatonal Conference on Moble Computng and Networkng (Mobcom), Boston, MA, Aug. 2. [31] P. Mchard and R. Molva. Core: A collaboratve reputaton mechansm to enforce node cooperaton n moble ad hoc network. In Proceedngs of Communcatons and Multmeda Securty Conference (CMS), Portoroz, Sept. 22. [32] N. Nsan and A. Ronen. Computatonally feasble VCG mechansms. In Proceedngs of the ACM Symposum on Electronc Commerce (EC), Mnneapols, MN, Oct. 2. [33] N. Nsan and A. Ronen. Algorthmc mechansm desgn. Games and Economc Behavor, 35:166 196, 21. [34] M. J. Osborne and A. Rubensten. A Course n Game Theory. The MIT Press, 1994. [35] C. Papadmtrou. Algorthms, games, and the Internet. In Proceedngs of the 33rd Annual Symposum on Theory of Computng, Heraklon, Crete, Greece, July 21. [36] C. Perkns. Ad Hoc Networkng. Addson-Wesley, 2. [37] T. Rappaport. Wreless Communcatons: Prncples and Practce. Prentce Hall, 2nd edton, Dec. 21. [38] I. Ray and I. Ray. Far exchange n e-commerce. SIGecom Exchange, 3(2):9 17, 22. [39] N. B. Salem, L. Buttyan, J. P. Hubaux, and M. Jakobsson. A chargng and rewardng scheme for packet forwardng n

mult-hop cellular networks. In Proceedngs of the Fourth ACM Symposum on Moble Ad Hoc Networkng and Computng (MobHoc), Annapols, MD, June 23. [4] V. Srnvasan, P. Nuggehall, C.-F. Chassern, and R. Rao. Cooperaton n wreless ad hoc networks. In Proceedngs of IEEE INFOCOM, San Francsco, CA, Apr. 23. [41] D. R. Stnson. Cryptography: Theory and Practce. CRC Press, 1995. [42] C.-K. Toh. Ad Hoc Moble Wreless Networks: Protocols and Systems. Prentce Hall PTR, 21. [43] W. Vckrey. Counterspeculaton, auctons, and compettve sealed tenders. Journal of Fnance, 16:8 37, 1961. [44] W. Wang, X.-Y. L, and Y. Wang. Truthful multcast n selfsh wreless networks. In Proceedngs of the Tenth Internatonal Conference on Moble Computng and Networkng (Mobcom), Phladelpha, PA, Sept. 24. [45] A. Woo and D. Culler. Tamng the underlyng challenges of relable multhop routng n sensor networks. In Proceedngs of the Frst ACM Conference on Embedded Networked Sensor Systems (SenSys), Los Angles, CA, Nov. 23. [46] J. Zhao and R. Govndan. Understandng packet delvery performance n dense wreless sensor networks. In Proceedngs of the Frst ACM Conference on Embedded Networked Sensor Systems (SenSys), Los Angles, CA, Nov. 23. [47] S. Zhong, J. Chen, and Y. R. Yang. Sprte, a smple, cheat-proof, credt-based system for moble ad-hoc networks. In Proceedngs of IEEE INFOCOM, San Francsco, CA, Apr. 23.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information