1 / 30

Robust Trust Establishment for MANETs

Robust Trust Establishment for MANETs. Network/Computer Security Workshop 2006 Lehigh University, Bethlehem, PA May 15-16, 2006. by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek Hejmo (GMU)

hall-reynolds
Download Presentation

Robust Trust Establishment for MANETs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robust Trust Establishment for MANETs Network/Computer Security Workshop 2006 Lehigh University, Bethlehem, PA May 15-16, 2006 by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek Hejmo (GMU) Roshan K. Thomas (SPARTA, Inc.)

  2. Agenda • Introduction – Problem Statement • Preliminaries: Overview of Hermes* • Trust Evaluation using Acknowledgements • Formulation of Opinions • Security Analysis • Simulation Results • Conclusions • * C. Zouridaki, B. L. Mark, M. Hejmo, R. K. Thomas, A Quantitative Trust Establishment Framework for Reliable Data Packet Delivery in MANETs. In Proc. 3rd ACM SASN’05, pp. 1-10, November 2005

  3. Each computer can communicate with every wireless enabled computer One of the computers is the “bridge” to the wired LAN Each mobile node gets connected to an access point The access point “bridges” the wireless LAN to a wired LAN Mobile Ad hoc NETworks (MANETs)vs. infrastructured wireless networks MANET IETF definition: a MANET is an autonomous system of mobile routers (and associated hosts) connected by wireless links; the union of which forms an arbitrary graph

  4. Key Issues and Our Scope • Source node S must rely on other nodes to forward its packets on multi-hop routes to destination node D • Secure and reliable handling of packets by intermediate nodes is difficult to ensure • A malicious node within a route may drop packets • Hermes • improves the reliability of packet forwarding over multi-hop routes in the presence of malicious nodes both with respect to packet forwarding and trust propagation • Hermes accurately computes Ti,j • Under the assumption that the behavior of a given node with respect to propagating trust is no worse than its behavior in forwarding packets • We extend Hermes to relax this assumption  3 types of misbehavior are considered

  5. Hermes Overview Phase 1 Phase 2 Phase 3 Collect Observation Data Utilize Information (collected in Phase 1) To form opinion P for each node Use opinions P (derived in Phase 2) To find the most “trusted” Route to D Hermes does not differentiate malicious packet forwarding behavior from packet loss due to congestion or link breakage.

  6. Hermes Overview - detailed Between neighbor nodes i, j observation data Trustworthiness T trust t confidence c • tє[0, 1] degree to which • a neighbor can be trusted • cє [0,1] measure of statistical dispersion of t Neighbors: nodes in transmission/reception range Tє [0,1] = f (t, c) Application of opinion metric to routing Between any pair of nodes i, m Averaged opinion Opinion P Routing opinion VR • Pє [0,1] = f (T) VRє [0,1] = f ( ) є [0,1] = f (P) over observation windows

  7. First-Hand Trust Evaluation • Bayesian Framework: • Random variable Rk є [0, 1], represents a notion of trust over an observation window W : mk= # of forwarded packets, nk= total # of packets • Suppose a prior pdf for Rk-1: • Then: • so: • At t = 0: • Trust & confidence, , are computed as: • At t = 0: beta(20, 20) beta(180, 20)

  8. Trustworthiness T / Accumulation of Evidence • (x,y)-ellipses in the unit square determine • the set of (t,c) pairs that are mapped to T as: • θ: [-π/2,0] and (x,y) determine • the mappingfrom (t, c) to T • Accumulation of Evidence • nodes snoop all received frames at the MAC layer & record • packet delivery statistics of neighbor nodes • Windowing mechanisms, systematically expire old observation data to: • improve the accuracy of the opinion metric • maintain the responsiveness of the system

  9. Extension: Trust Evaluation using Acknowledgements s i1 i2 i3 in d ACK NACK s i1 i2 i3 in d NACK s i1 i2 i3 in d FIN • Motivation: obtain first-hand information for non-neighbor nodes • ACK scheme: uses ACKs, timeouts, NACKs • Nodes collect information about downstream nodes

  10. Authentication of data and ACK/NACK packets Data MACs,d MACs,n MACs,2 MACs,1 packet s i1 i2 i3 in d ACK ACK r1d(k|0) r1n(k|0) r12(k|0) r11(k|0) ACK packet NACK s i1 i2 i3 in d ACK r12(k|1) r11(k|1) NACK packet

  11. Authentication of ACK/NACK packets • Let's consider • a path R = {s, i1, i2,…, in-1, in = d}, where n>1, • a packet p of sequence number k, • the shared key Kj,s • an one-way hash function h(.) • source constructs (n-1)+(n-2) hash chains, each of length three • (n-1) for ACK authentication • (n-2) for NACK authentication • to ensure that malicious intermediate nodes cannot discard the MAC field of another node without being detected • r0j (k|0) = (Kj,s|| k|| 0): first element for node ai for ACK auth. • r0j (k|1) = (Kj,s|| k|| 1): first element for node ai for NACK auth. • r1j (k|0), r1j (k|1) & r2j (k|0), r2j (k|1) are constructed by applying h(.) • For S: Data = data||k||r21(k|0)|| r22(k|0)|| r23(k|0)||…||r2n(k|0)|| r2d(k|0)||r21(k|1)|| r22(k|1)|| r23(k|1)||…||r2n(k|1)

  12. Trust Evaluation for Forwarding • node X keeps packet delivery statistics for all nodes y  • compute first-hand tX,y and cX,y according to the Bayesian framework  • mapped to TX,y: allows for fine-grained node comparison • Good nodes = T > Tdef, bad nodes = T ≤ Tdef • Goal of the scheme: to identify bad nodes • even if it means a good node might temporarily appear as faulty by sending valid NACKs • We assume that if node X forwards packet p, it will also forward the corresponding ACK or NACK of p

  13. Extended Hermes: without Recommendations Opinion Formulation Route Selection • Collect Data • MAC layer snooping for neighbors • ACK scheme for non-neighbors Calculate Routing Opinion Route Selection • Update Record • Packet delivery statistics Px=Tx Update Trustworthiness Tx

  14. Recommendations • Recommendations accelerate the convergence of the trust establishment procedures • Node i asks for recommendations to: • establish trust opinion for node m, when Ti,m < Taccept, • evaluate node j as a recommender • Good recommender: TR> Tdef, bad recommender: TR≤ Tdef • Node i asks for d recommendations: • Good recommenders, nodes for which TR< TRaccept, • Bad recommenders if necessary

  15. Algorithm of Recommendations for node i • while recommendations for node m are sought do • choose recommender set D; • obtain f ≤ d recommendations; • ifTi,m<Tacceptthen • temporarily place Ttmpi,m= max{Tj,m:j in D}; • end if • run RC-test for recommendation Tj,m, for every j in D; • update recommender trustworthiness TRi,j, for every j in D; • form opinion Pi,m; • end while

  16. Trustworthiness of Recommendations i j m i3 in d NACK • node i has Ti,m and received Tj,m from node j • The trustworthiness of the recommendation is evaluated as: • RC-test: |Ti,m-Tj,m| ≤ thr thr = threshold • The RC-test outcome determines how the trustworthiness of the recommender is updated • Exception: j is the upstream neighbor of m, m has initiated more than thr*100% NACKs

  17. Trustworthiness of Recommenders • Recommender Trustworthiness TRi,jis the trustworthiness that i places to j in respect to reliable propagation of trustworthiness values T • TR is updated according to the Bayesian framework as ~ beta(γ, δ) • γk = γk-1 + η & δk = δk-1 + η • η = 1, when RC-test succeeds • 0, when RC-test succeeds • tRk, cRk, TRk are computed as functions of γk and δk

  18. Definition of Opinion • Generalize the notion of trustworthiness  opinion • First-hand & second-hand information • max: because trustworthiness T • increases with the number of network observations • is of bigger value when it has not been propagated many times in the network as recommendation

  19. Extended Hermes: with Recommendations Opinion Formulation Trustworthiness Formulation Choose Recommender Set • Collect Data • MAC layer snooping for neighbors • ACK scheme for non-neighbors Run RC-test Update Recommender Trustworthiness • Update Record • Packet delivery statistics • Calculate Opinion • Combine first-hand trustworthiness • & second-hand opinion Update Trustworthiness Tx Route Selection Calculate Routing Opinion Route Selection

  20. Security Properties of Extended Hermes • Ability to model independence in malicious behaviors • Robustness against multiple false recommendations • Convergence in the identification of bad nodes • Resilience against multiple, concurrent and colluding attacks • Independence from attack probability and placement • Resilience against duplication and replay

  21. Simulation Results • 10 nodes • randomly placed in a 500 x 500 m area • wireless radio transmission range = 250 m • traffic flows are generated randomly, as a function of • number of network nodes • min and max allowed number of nodes on a route •  one or more attackers may participate per flow •  attackers may be neighbors or non-neighbors • Nodes (randomly chosen) exhibit four types of behavior: • Type I: Good nodes and good recommenders; • Type II: Bad nodes and good recommenders; • Type III: Good nodes and bad recommenders; • Type IV: Bad nodes and bad recommenders.

  22. Simulation 1: Network View • 8 random traffic flows, along different paths • number of nodes on a route: min=4, max = 7 • Nodes 1, 3,4,5,8,9,10: Type I • Node 7: Type II: forwards 20% of packets • Node 6: Type III: propagates recommendations of P = 0.5 • Node 2: Type IV: forwards 20% of packets, propagates recommendations of P = 0.5 • Source nodes send 100 data packets/round • trustworthiness parameters are set as x = sqrt(2) and y = sqrt(9) • threshold thr=0.1

  23. Simulation 1: Opinion of good node/recommender for all other nodes after (a) 1, (b) 3, (c) 10, (d) 30 rounds

  24. Simulation 1: Network view Pi,j, TRi,j (a) Opinion Pi,j (b) Trustworthiness TRi,j

  25. Simulation 1: Network View Pi,j (a) with (b) without Recommendations (b)

  26. Simulation 1: Node Behavior Changes • nodes 1,4,5,8,9, 10: Type I • nodes 2,6: bad recommenders, propagating P = 0,5 • node 3: Type II • node 2 is good: rounds 1-5, bad: 6-50 (Type III  Type IV) • node 7 is bad: rounds 1-10, good 11-50 (Type II  Type I) • node 6: Type III • Good nodes = forward 100% packets • Bad nodes = forward 20% packets • Threshold thr = 0,1

  27. Simulation 2: Convergence Comparison • BN-recognition %: the % of all bad nodes that are recognized as bad by all the members of the network • nodes 1,3,4,5,8,9,10: Type I • node 7: Type II • node 6: Type III • node 2: Type IV • Good nodes: forward 100% of packets • Bad nodes 20% • Good recommenders propagate valid trust values • Bad recommenders send P = 0,5 • Initially: 1 flow, add: 1 flow/round • number of nodes on a route = 5 • Threshold thr = 0.1 • Trustworthiness parameters: x = sqrt(2), y=sqrt(9)

  28. Simulation 3: Hermes 2 vs. Hermes • 10 nodes, 5 traffic flows • Node 9: Bad, forwards 20% of packets • Hermes: bad nodes = bad recommenders  Tdef used for trustworthiness calculation of nodes downstream of bad node • We simulated that: node 9 = bad recommender that propagates P = Tdef • Other nodes forward 90% of packets

  29. Conclusion • Main contributions of extended Hermes: • an acknowledgement scheme for first-hand trust information with respect to non-neighbor nodes • a recommendation scheme that is robust against the propagation of false trust information • Summary of extensions to Hermes: • allows nodes to form accurate opinions for any network node • models the independence of malicious behavior with respect to packet forwarding and trust propagation • identifies the effect of attacks by individual or colluding malicious nodes

  30. Thank you! • Questions?

More Related