Department of Computer Science
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

Dr. Kemal Akkaya E-mail: [email protected] PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on
  • Presentation posted in: General

Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 12: Distributed Trust. Dr. Kemal Akkaya E-mail: [email protected] Trust Management in MANETs/WSNs.

Download Presentation

Dr. Kemal Akkaya E-mail: [email protected]

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Dr kemal akkaya e mail kemal cs siu

Department of Computer ScienceSouthern Illinois University CarbondaleCS 591 – Wireless & Network SecurityLecture 12: Distributed Trust

Dr. Kemal Akkaya

E-mail: [email protected]

Wireless & Network Security 1


Trust management in manets wsns

Trust Management in MANETs/WSNs

All participants actively contribute to network activities such as routing and packet forwarding

Special characteristics:

limited memory

perishable battery power

lower bandwidth

Two approaches:

Monitoring-based

CONFIDANT

Watchdog

Reputation-based

CORE

RFSN

Wireless & Network Security 2


Limitations of network security

Limitations of network security

  • Distributed collaborative data processing

    • Network security -> Make sure that only authenticated nodes participate.

    • Network security cannot -> Verify if nodes function properly

  • Distributed data gathering

    • Network security can -> message integrity, confidentiality, secure relaying.

    • Network security cannot -> data authentication.

How do nodes trust each other?

How do nodes trust the information provided by other nodes?

Wireless & Network Security 3


Confidant

CONFIDANT

  • Buchegger, S. and Le Boudec, J. 2002. Performance analysis of the CONFIDANT protocol. In Proceedings of the 3rd ACM international Symposium on Mobile Ad Hoc Networking &Amp; Computing (Lausanne, Switzerland, June 09 - 11, 2002). MobiHoc '02. ACM, New York, NY, 226-236.

  • Detect, prevent, and/or discourage:

    • No forwarding (of control messages or data)‏

    • Traffic deviation

      • Advertise many routes

      • Advertise routes too often

      • Advertise no routes

    • Route salvaging, rerouting to avoid a broken although no error has been observed

    • Lock of error messages, although an error has been observed (and vice versa)‏

    • Silent route change (tampering with message headers of either control or data packets)‏

Wireless & Network Security 4


Reputation systems response to attacks

Reputation Systems response to Attacks

  • A different method to handling attacks is to prevent them:

    • Only allow good nodes onto the network

    • Secure key to access network

  • Reputation systems detect misbehavior and then try to thwart attacks.

    • A good idea even if other methods have been used to prevent attacks and secure access

  • Inspiration of CONFIDANT: Richard Dawkin's The Selfish Gene

    • Suckers

    • Cheats

    • Grudgers

Wireless & Network Security 5


Confidant built on top of dsr

CONFIDANT built on top of DSR

  • Dynamic Source Routing (DSR)‏

    • Reactive/On-Demand routing

    • Nodes send a ROUTE REQUEST message

    • Neighbors add themselves to the source route and forward it on

    • If the receiving node is the destination or has a route to the destination it sends a REPLY message with the full route

    • First received ROUTE REPLY wins

    • Failed links can be salvaged by partial alternate route

    • Routes are cached for some period of time

  • Observed Behavior

    • 'Neighborhood Watch' behavior that is directly observed, overheard, by the node.

  • Reported Behavior

    • Share experienced misbehavior and learn from friends.

Wireless & Network Security 6


Confidant components

CONFIDANT Components

  • The Monitor

    • Directly observes behavior

  • The Trust Manager

    • Sends and receives ALARMs

  • The Reputation System

    • Node Rating

  • The Path Manager

    • Route management based on Reputation

  • (Every nodes implements all of these components)‏

Wireless & Network Security 7


The monitor

The Monitor

  • Directly observes behavior

  • no forward (only observation implemented in this simulation)‏

  • Packet alteration

    • Data packets

    • Routing packets

  • Consistent claim of neighboring nodes

  • Any other observable metric

Wireless & Network Security 8


The trust manager

Generate an alarm on experienced or observed misbehavior.

Forward alarm on received report of misbehavior.

Maintain trust table to determine trustworthiness of alarm

Determining trust level algorithm is an open question in paper

Table of nodes and their rating.

Weighted between past rating and newly observed behavior and reported reputation.

Only negative experience is counted

Positive change and timeout are not addressed yet.

Assume negative behavior is rare, and probably means node can never be trusted.

The Trust Manager

The Reputation System

Wireless & Network Security 9


The path manager

The Path Manager

  • Path re-ranking according to security metric (re-rank route based on reputation).

  • Deletion of paths containing malicious nodes.

  • Action on receiving a request for a route from a malicious node (ignore request).

  • Action on receiving request for a route containing a malicious node in the source route (ignore, alert source).

Wireless & Network Security 10


Confidant results

CONFIDANT Results

Wireless & Network Security 11


Confidant results1

CONFIDANT Results

Wireless & Network Security 12


Watchdog and pathrater

Watchdog and Pathrater

  • S. Marti, T.J. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” Proc. MobiCom '00.

  • Extra facilities added to the network to detect and mitigate routing behavior.

  • Two extensions to DSR:

    • Watchdog identifies misbehaving nodes by overhearing transmissions

    • Pathrater avoids routing packets through these nodes

Wireless & Network Security 13


Watchdog

Watchdog

  • The watchdog is implemented by

    • maintaining a buffer of recently sent packets

    • compare each overheard packet to buffered packets to see if there is a match. If so, the packet in the buffer in removed and forgotten.

    • A certain timeout indicates a failure tally – count it and see if it exceeds a bandwidth threshold. If so, send a message back to the source.

  • Advantages

    • It can detect misbehavior at the forwarding level

  • Disadvantages

    • It might not detect a misbehaving node, due to

      • Ambiguous collisions

      • Receiver collisions

      • Limited transmission power

      • False misbehavior

      • Collusion

      • Partial dropping

Wireless & Network Security 14


Disadvantages

Disadvantages

  • Honest Nodes

    • Ambiguous collisions

    • Receiver collisions

  • Dishonest Nodes

    • Transmission power intentionally limited by a dishonest node

    • False misbehavior report by malicious node

    • Multiple dishonest nodes in collusion (groups of nodes)

    • Partial dropping by a dishonest node

Wireless & Network Security 15


Pathrater

PathRater

  • The pathrater, run by each node, combines knowledge of misbehaving nodes with link reliability data to pick the route.

  • Each node maintains a rating for every other node it knows about in the network

  • It calculates a path metric by averaging the node rating in the path. If there are multiple paths to the same destination, the path with the highest metric is chosen.

Wireless & Network Security 16


Simulation results

Simulation Results

  • Combined use of

    • WD – Watchdog

    • PR - PathRater

    • SRR – Extra Route Request

  • Two mobility scenarios

  • Performance Metrics

    • Throughput: The percentage of sent data packets actually received by the intended destinations

    • Overhead: The ratio of routing-related transmissions to data transmissions in a simulation

    • False positives: False positives occur when the Watchdog mechanism reports that a node is misbehaving when in fact it is not

  • Compromised nodes: from 0% to 40%

Wireless & Network Security 17


Throughput as of misbehaving nodes

Throughput as % of misbehaving nodes

Wireless & Network Security 18


Throughput as of misbehaving nodes1

Throughput as % of misbehaving nodes

Wireless & Network Security 19


Overhead as of misbehaving nodes

Overhead as % of misbehaving nodes

Wireless & Network Security 20


Overhead as of misbehaving nodes1

Overhead as % of misbehaving nodes

Wireless & Network Security 21


Throughput in presence of false detections

Throughput in presence of false detections

Wireless & Network Security 22


Reputation based trust core

Reputation based Trust: CORE

  • CORE: A Collaborative Reputation Mechanism to enforce node cooperation in Mobile Ad hoc Networks”.

  • Proposed by Michiardi and Molva to enforce node cooperation in MANETs based on a collaborative monitoring technique

  • Nodes modeled as a members of a community

  • The reputation is formed and updated along the time.

    • assigns more weight to the past observations than the current observations

  • Three types of reputation

    • subjective reputation

    • indirect reputation

    • functional reputation

Wireless & Network Security 23


Core details

CORE Details

  • Has two protocol entities

    • Requester

      • refers to a network entity asking for the execution of a function f

    • Provider

      • refers to any entity supposed to correctly execute the function f

  • Each node maintains

    • An RT Table for each function f

  • An entry in RT has:

    • unique ID

    • recent subjective reputation

    • recent indirect reputation

    • composite reputation for a predefined function

  • RTs updated in two situations:

    • during the request phase

    • during the reply phase

  • Each node is also equipped with a watchdog mechanism for promiscuous observation.

Wireless & Network Security 24


Reputation based trust in wsns

Reputation based Trust in WSNs

  • S. Ganeriwal and M. Srivastava. Reputation-based framework for high integrity sensor networks. In proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN ’04), October 2004 pp. 66-77.

  • The first reputation and trustbased model designed and developed exclusively for sensor networks.

  • Distributed, symmetric reputation-based model that uses both first-hand and second-hand information for updating reputation values.

  • Nodes maintain the reputation and trust values for only nodes in their neighborhood.

Wireless & Network Security 25


Reputation based framework for sensor networks rfsn

Reputation based framework for sensor networks (RFSN)

Embedded in every social network is a web of trust

  • How does human societies evolve?

    • Principle of reciprocal altruism

      • Be nice to others who are nice to you

    • When faced with uncertainties

      • Trust them who have the reputation of being trustworthy

Proposed solution: Form a similar community of

trustworthy nodes in the network over time

Wireless & Network Security 26


Why this approach

Why this approach?

  • Sensor network already follow a community model

    • Individual nodes do not have any utility

    • Collaborative information gathering, data processing and relaying.

  • Missing element is trust….

    • Nodes are dumb and they collaborate with every node.

    • Internal adversaries exploit this very fact!

    • Faulty sensors results in equally detrimental effects.

  • RFSN incorporates intelligence into nodes

    • Exposes trust as an explicit metric!

    • Cooperate with ONLY those nodes that are trustworthy.

Wireless & Network Security 27


Architecture of rfsn

Architecture of RFSN

Watchdog

mechanism

Reputation

Trust

Behavior

Second hand

information

  • Observe the action of other nodes – Watchdog mechanism

  • Develop a perception of other nodes over time – Reputation

  • Share experiences to facilitate community growth – Second hand information

  • Predict their future behavior – Trust

  • Cooperate/Non-cooperate with trustworthy nodes – Behavior

Wireless & Network Security 28


Integration of approaches

Integration of approaches

Watchdog

mechanism

Reputation

Trust

Behavior

Second hand

information

Protocol Development

Monitoring

Data Analysis

Statistics….

Cryptography

Decision theory

Development of high integrity sensor networks will be a combination

of techniques from different fields

Wireless & Network Security 29


Reputation representation

Reputation representation

  • Probabilistic formulation

    • Use beta distribution to represent reputation of a node.

Reputation of node j from the perspective of node i

  • Why beta distribution?

    • Simple to store: Just characterized by 2 parameters.

    • Intuitive:α and β represents magnitude of cooperation and non-cooperation.

    • Efficient: Easy reputation updates, integration, trust formulation.

  • Maintain reputation for just neighboring nodes

    • Use locality – Provides scalability.

Wireless & Network Security 30


Reputation propagation

Reputation propagation

  • What to propagate?

    • Constraints

      • Information about goodnodes – Saves from bad mouthing attacks

      • Independent information – Critical to derivation in earlier slide

Wireless & Network Security 31


Simulation study neslsim

Simulation study - NESLsim

Consistent data

module

Routing module

  • Simulation set up

    • Comparison with DUMB-RFSN

      • Representative of heuristic based approaches.

      • Metric : Trust between node i and j.

      • Parameter choices : Threshold (0.9), Initialization (Beta(1,1)).

j

i

Wireless & Network Security 32


Bad mouthing attacks

Bad Mouthing Attacks

Attack:Propagate false badreputation information about good nodes

Countermeasure:Good Reputation System

Set up:Node j cooperates fully

Scenario 1:1 malicious child

RFSN: Completely resilient.

DUMB-RFSN: Node i will conclude wrongly node j to be malicious.

Wireless & Network Security 33


Bad mouthing attacks contd

Bad Mouthing Attacks (Contd..)

Set up:Node j cooperates fully

Scenario 2:4 malicious children,

1 good child

RFSN: Neglects bad nodes. Selectively takes advantage of 1 good node.

DUMB-RFSN: Performance is more worse.

Wireless & Network Security 34


Ballot stuffing

Ballot Stuffing

Attack:Malicious nodes propagate false good reputation information.

Countermeasure:Weight the second hand information appropriately

Set up:Node j is malicious and colludes with malicious children nodes.

Scenario 1:1 malicious child

DUMB-RFSN: Node i will conclude node j to be trustworthy.

RFSN: Completely resilient.

Wireless & Network Security 35


Comparison

Comparison

Wireless & Network Security 36


  • Login