 Hello, I'm Juno and today we'll be talking about modeling strategic trust in ad hoc IOT networks a Little bit about me. My name is Juno. I work as a red team consultant and I do security research I actually moved to Dallas from Alaska in 2018 and since them then have become heavily involved in the Dallas hacker community I got my start doing public speaking at Dallas Hackers Association, and I currently run DC 214 Dallas's DEFCON group Outside of the community. I also volunteer and teach with girls who code black girls code and Through some of the local schools. I've got my bachelor's degree in computer science and economics And I'm currently getting my graduate degree through NYU my contact information is up there if you have any questions Or want to know more about game theory? so what actually is game theory game theory is the interdisciplinary marriage of Statistics and behavioral economics. It's actually been used throughout history to model Strategy and choices during times of conflict and competition Game theorists or the Pentagon start the Pentagon really started hiring game theorists during the Cold War And now we'll actually see game theorists on staff Analyzing strategy at the Pentagon the NFL banks and throughout the globe Now there are a couple key points. We're going to want to keep in mind during this talk First of all is how economists define rationality is a little bit different than how Anyone else would rationality in economics is doing what's best for oneself every single time And this is how we and we need we need we need this to start modeling pay We need this definition to start modeling payoffs for rational actors The game is just the interaction that we'll be modeling and the players are the ones doing the interaction Whether those are individuals or devices and another idea We have to keep in mind is an idea of incomplete information where players are playing but they're they may not necessarily know Everything about the game that they're playing So a little bit of a roadmap We're actually going to start off with a common game theory example the prisoner's dilemma to sort of get into how we determine payoffs and how we break Down some of these scenarios in step-by-step to determine how choices are made and what the logical outcomes of the games actually are Next we'll actually take this to our case study on dynamic ad hoc networks based off of Based off of 5g vehicle networks We're going to start by again by defining payoffs and building out of decision made decision tree and matrix sees and Well after defining the payoffs we'll start to solve for the equilibrium's which are the logical outcomes of the game and see how players Choices informed those of others Our first example is the prisoner's dilemma And this is actually one of the most common game theory examples If you've ever opened an intro to psych or philosophy textbook or watched the pilot of pretty much any cop show You'll have seen the prisoner's dilemma before but in case you're not In case you're not familiar with it two individuals are arrested after committing a crime And they're separated and offered a deal Confess a choice that will call defect and only their partner will be charged or Stay silent a choice that will call cooperate If however, if both players defect both players are charged if both cooperate even without communication both get a lighter sentence and Here I've drawn a payoff matrix for our prisoner's dilemma with our with our players Alice and Bob Alice and Bob both have the choices to cooperate or defect Now a little bit about where these numbers came from each number just represents the amount of relative good to that player So for example if Alice chooses defect defect while Bob chooses to cooperate She gets that payoff of two which is the best possible outcome for her as a rational actor. That's the payoff she gets By getting by going free while similarly Bob gets the payoff of negative one the worst possible outcome or Being locked up Now this is just an example to show modeling This one scenario obviously doesn't Describe and all of the implications of the prisoner's dilemma. However, if you're interested in learning more about that, please check out my adversary village talk Now because Alice and Bob are separated they have no idea what each other is has chosen or is going to choose Essentially this game is played simultaneously each player makes their decision Independent of the other so all they have to go off of is what they believe their opponent will do So if Alice believes that Bob will choose to cooperate She'll choose to defect for that highest higher payoff of two Similarly if she believes Bob will choose to defect she'll choose to defect as well for that higher payoff of zero and Because Bob is in the exact same situation and has the exact same payoffs He will make the same choices as well choosing to defect it in either scenario This means the choice the outcome where both players defect is our Nash equilibrium That's the logical outcome of the game where players Where players analyze their their individual situation and make logical decisions best based on that Now obviously this is actually not the best outcome of game for anyone When both players choose to cooperate we have what's called the Pareto optimal outcome an outcome that is actually better for both players So what is the takeaway from this example? First of all is that the rational outcome is not always the best But this is meant to this is really meant to show an Example of how we can quantify motivations and break down each part of the interaction in order to determine what the rational strategy is And of course one thing we have to keep in mind especially for human-based games such as the prisoner's dilemma is In real life, of course, this doesn't happen in a vacuum But it's still it still provides a good example for quantifying motivations and beginning to model rational strategy So now we'll be looking at cooperation between vehicular nodes on an ad hoc network Devices have the option to continuously share mutually beneficial information And here we see direct object-to-object communication Which means we must establish that this communication is trusted in the scenario There's also so there's also not a trusted third party and Sharing resources comes with a risk this raises questions about trust and security that need to be addressed before the type of network is deployed at a wide scale And there are a few Functions of this type of network that are important for our model. These networks are dynamic vehicles enter and exit after every interaction And there's no end user configuration for this As devices enter and leave the network. It's not a human initiated process Interaction is direct between vehicular devices and therefore has to be strategic is devices have to judge trustworthiness and This sort of setup facilitates deception First of all information lacks permanence because vehicles are moving on and off the network after every interaction There's often no repeated interaction between between nodes Additionally because the devices are communicating directly, there's not a trusted third party watching this communication So here's our payoff matrix For our vehicular nodes now what we're actually going to look at is the choices of a vehicle receiving Incoming data transmission the choice to accept or deny it and We'll actually have just the choice be by nature Whether this node that are receiving vehicle is interacting with is good or malicious Now of course if the receiving vehicle believes that the sender is good It will choose to accept the incoming data. They believe it's malicious then it will choose to deny Unlike in our prisoner's element example, we don't end up with a rational equilibrium So I actually took our payoff matrix and built it out into a decision tree The first move up at the top here is simply a move by nature nature determines at m percent whether a Sending node is malicious or non malicious Next is the choice of the sender the sender can choose to set to send data along or not and Next is the choice of the receiver to accept the data or not now notice the line between my receiver nodes here This is because this is a game with incomplete information the receiver only knows that it has received data It doesn't know whether the data came from a good or malicious sender So this line between the two nodes represents the fact that the receiver doesn't actually know where it is in the decision tree When it makes this decision So we're actually going to start by finding the expected payoff to each of the different players So the expected value to our receiver is going to be equal to m the percent likelihood that the other player is malicious multiplied by the payoff a receiver gets from receiving data from a malicious sender and That's going to be that negative payoff negative one payoff that we see on the decision the decision tree here Plus one minus m or the likelihood that the other player is not malicious multiplied by the payoff the receiver gets for receiving data from a good sender or that payoff of one that we see down here on the decision tree and We have a we can use this to determine the expected payoff for a good sender Now if you look at the decision tree will note that the payoff a good sender gets for not sending a Message zero is actually the same the sender gets for sending a message that is accepted So why would senders be motivated to send data in the first place? Well, that's because the the vast majority of the sender's Expected value actually comes from the potential payoff that it will receive from receiving information in return from the node that it sent data to you in The original interaction So the expected value to our good sender is actually going to be equal to a The likelihood that the receiver accepts the message multiplied by rs, which is actually a constant Based on the percent likelihood that the other player replies with data And are the likelihood that the other player stays on the network after this first interaction Multiplied by the expected value our sender receives or the expected value our sender will get as a receiver in the next interaction plus one minus a the likelihood that The data is not accepted by the receiver plus the payoff our good sender gets for Sending data that's not accepted that payoff of negative one that we say see here on the decision tree And last but not least we can also calculate the expected payoff to a malicious sender The expected value to a malicious sender of sending along data is going to be equal to a the likelihood that that data is accepted multiplied by the payoff our malicious sender gets for sending data that is received that payoff of one Plus one minus a or the likelihood that the receiver does not accept the message multiplied by the payoff our malicious sender gets For sending a message that's not received that payoff of negative one So now that we've determined the potential payoffs For each of our players we can start to look for a rational outcome to our game in equilibria And the way we're going to do that is actually through trial and error So we're going to start by looking to see if a separating equilibria works a separating equilibria is just where different players different types of players choose to do different things and We would have two possible to two possible separating equilibria One where good senders send data and malicious senders do not Now in this scenario receivers would choose to receive all messages if a hundred percent of them of data being transmitted comes from a good sender Then receivers would accept a hundred percent of the time however, if receiving nodes were accepting incoming data a hundred percent of the time our malicious senders Would she would choose to set would choose to would choose to send data as well in order to get that In order to get that higher payoff for having sent malicious data that was accepted than the payoff for having sent nothing So this this ends this isn't a logical outcome isn't an outcome at all and the separating equilibria fails similarly our other separating equilibria fails in a similar way if Malicious senders choose to send data and good senders do not then receiving nodes will Will choose to not accept data a hundred percent of the time and if this is happening It's not going to be worth it for those malicious nodes to send data in the first place So they will choose not so they will not send So this this separating equilibria fails as well because it's not a viable outcome So now we're going to look for a pooling equilibria Where all senders choose to send messages and senders are going to be malicious and percent of the time Receivers are going to choose to accept messages a percent of the time So our expected payoff to the receiver is going to be m multiplied by negative one That payoff they get from receiving from a malicious sender Plus one minus m the likelihood the sender is not malicious Multiplied by one the payoff the receiver gets from receiving data from a good sender And this actually simplifies down to one minus two at and We can We can do the same thing to find the payoff for a non-malicious sender The expected value is going to be equal to a Multiplied by our constant rs the likelihood that the receiver Stays on the network for another interaction interaction and sends data in return multiplied by the payoff The sending node would get being a receiver in the future Plus one minus a the likelihood the data is not accepted multiplied by the payoff of sending data that's not accepted And that simplifies down to this so When we look at our so when we look at our expected value to our receivers we can we can compare the expected value of Accepting a message the expected value of not which is always zero and If we graph this we find that the they intersected m is equal to point five So if m is less than 50 percent meaning less than 50 percent of sending nodes are malicious then the expected value The expected value to receiver To of accepting is higher than the expected value of not accepting and if more than 50 percent of Sending nodes are malicious the expected value of not accepting is higher than the expected value of accepting Where at m equals 50 percent the receiving node it is actually forced into indifference so as m increases the expected value of accepting a message and Therefore the value of a The likelihood that the receiver will choose to accept the incoming message decreases And we can do the same thing for our expected values who are malicious senders When we graph when we graph it against a we find we find that as As a increases the likelihood the message accepts so does the expected value to a malicious sender of sending data When a is greater than 50 percent It's worth it for a malicious sender to send data when a is less than 50 percent It isn't the expected value of not sending is higher than the expected value of sending And when a is equal to 50 percent when receivers are accepting 50 percent of the time again These malicious senders are actually forced into indifference And what's cool is actually when we begin to compare or is now when we compare that to our payoff for Our good senders Which ends up which ends up being based directly on the Directly on the payoffs for our malicious senders and receivers As m increases the expected payoff for good senders decrease or decreases And as a increases the payoff for good senders increases So the actions of the other players is what ultimately informs What how often good senders are going to send data In conclusion, humanity kind of messed up when we decided that the computers should be talking to each other And then again when we decided that they should be talking to each other directly and making their own decisions about who to trust So in conclusion determining trust is complex in the best of scenarios And even more complex in a dynamic network without a trusted third party to inform the players We can use a game theoretic approach to mathematically motivate trust and cooperation Each node must look at the expected value that comes from each interaction And this judgment is directly informed by the interactions of the other players on the network A couple questions I'm commonly asked is where do the payoffs come from And I would say determining payoffs is actually one of the hardest parts of game theory The payoffs I've used in these examples I put together myself to make the math come out clean and hopefully easy enough to follow But when determining payoffs in real world scenarios I often try to rank the outcomes for each player Because the number really stands for the amount of good that each player gets from each potential outcome Now of course there are a lot of limitations to this Often players especially in human based games can have unknown motivations that we aren't able to account for So there is a lot of trial and error in building up accurate models And this kind of ties into can this be used practically Because as these examples get more real world they get more and more complicated And the answer is yes, maybe I can't write it out by hand But there are a lot of people using computers to use game theory to model these interactions even more accurately And here I have some of my sources and further reading if you're interested in this and want to learn more Thank you so much for coming to my presentation My name is Juno and please feel free to reach out if you have any questions or want to know more Thank you!