Suicide for the common good

Very simple, yet interesting paper: Suicide for the common good: a new strategy for credential revocation in self-organizing systems.

Problem: Credential revocation in self-organizing systems.

Existing Solution: If a node believes another has misbehaved,
then it can carry out punishment.

Complication: A malicious node can falsely accuse legitimate
ones.

Proposal: Upon detecting a node M engaging in some illegal activity,
A broadcasts a signed suicide note which includes the
identities of both A and M. The other nodes in the network
then verify the signature and, if correct, revoke both
A and M.

Assumptions:
1. Attacker benefit from removing one innocent node must
be less than the benefit of having a malicious node
placed inside the network.
2. Honest nodes share common interest
(this is reasonable whenever the nodes are deployed by a single
entity (e.g., a sensor network deployed on a battlefield)
).
3. An absence of unforgeable, independently verifiable
and conclusive proof.
4. Low likelihood of two good nodes accusing each other.
5. Difficult to prevent malicious nodes from issuing false
claims.

2 Responses to “Suicide for the common good”

  1. neal says:

    I haven’t read the paper, but what is the benefit of revoking both the accuser and accused when illegal behavior has been detected?

  2. d.quercia says:

    Upon detecting malicious behavior, the accuser notifies other nodes. However, the accuser may also lie, i.e., may falsely accuse other nodes. That is where this scheme helps – the accuser has no incentive to lie.