Skip this Video
Download Presentation
Dr. Kemal Akkaya E-mail: [email protected]

Loading in 2 Seconds...

play fullscreen
1 / 36

Dr. Kemal Akkaya E-mail: [email protected] - PowerPoint PPT Presentation

  • Uploaded on

Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 12: Distributed Trust. Dr. Kemal Akkaya E-mail: [email protected] Trust Management in MANETs/WSNs.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Dr. Kemal Akkaya E-mail: [email protected]' - chidi

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Department of Computer ScienceSouthern Illinois University CarbondaleCS 591 – Wireless & Network SecurityLecture 12: Distributed Trust

Dr. Kemal Akkaya

E-mail: [email protected]

Wireless & Network Security 1

trust management in manets wsns
Trust Management in MANETs/WSNs

All participants actively contribute to network activities such as routing and packet forwarding

Special characteristics:

limited memory

perishable battery power

lower bandwidth

Two approaches:







Wireless & Network Security 2

limitations of network security
Limitations of network security
  • Distributed collaborative data processing
    • Network security -> Make sure that only authenticated nodes participate.
    • Network security cannot -> Verify if nodes function properly
  • Distributed data gathering
    • Network security can -> message integrity, confidentiality, secure relaying.
    • Network security cannot -> data authentication.

How do nodes trust each other?

How do nodes trust the information provided by other nodes?

Wireless & Network Security 3

  • Buchegger, S. and Le Boudec, J. 2002. Performance analysis of the CONFIDANT protocol. In Proceedings of the 3rd ACM international Symposium on Mobile Ad Hoc Networking &Amp; Computing (Lausanne, Switzerland, June 09 - 11, 2002). MobiHoc '02. ACM, New York, NY, 226-236.
  • Detect, prevent, and/or discourage:
    • No forwarding (of control messages or data)‏
    • Traffic deviation
      • Advertise many routes
      • Advertise routes too often
      • Advertise no routes
    • Route salvaging, rerouting to avoid a broken although no error has been observed
    • Lock of error messages, although an error has been observed (and vice versa)‏
    • Silent route change (tampering with message headers of either control or data packets)‏

Wireless & Network Security 4

reputation systems response to attacks
Reputation Systems response to Attacks
  • A different method to handling attacks is to prevent them:
    • Only allow good nodes onto the network
    • Secure key to access network
  • Reputation systems detect misbehavior and then try to thwart attacks.
    • A good idea even if other methods have been used to prevent attacks and secure access
  • Inspiration of CONFIDANT: Richard Dawkin's The Selfish Gene
    • Suckers
    • Cheats
    • Grudgers

Wireless & Network Security 5

confidant built on top of dsr
CONFIDANT built on top of DSR
  • Dynamic Source Routing (DSR)‏
    • Reactive/On-Demand routing
    • Nodes send a ROUTE REQUEST message
    • Neighbors add themselves to the source route and forward it on
    • If the receiving node is the destination or has a route to the destination it sends a REPLY message with the full route
    • First received ROUTE REPLY wins
    • Failed links can be salvaged by partial alternate route
    • Routes are cached for some period of time
  • Observed Behavior
    • 'Neighborhood Watch' behavior that is directly observed, overheard, by the node.
  • Reported Behavior
    • Share experienced misbehavior and learn from friends.

Wireless & Network Security 6

confidant components
CONFIDANT Components
  • The Monitor
    • Directly observes behavior
  • The Trust Manager
    • Sends and receives ALARMs
  • The Reputation System
    • Node Rating
  • The Path Manager
    • Route management based on Reputation
  • (Every nodes implements all of these components)‏

Wireless & Network Security 7

the monitor
The Monitor
  • Directly observes behavior
  • no forward (only observation implemented in this simulation)‏
  • Packet alteration
    • Data packets
    • Routing packets
  • Consistent claim of neighboring nodes
  • Any other observable metric

Wireless & Network Security 8

the trust manager
Generate an alarm on experienced or observed misbehavior.

Forward alarm on received report of misbehavior.

Maintain trust table to determine trustworthiness of alarm

Determining trust level algorithm is an open question in paper

Table of nodes and their rating.

Weighted between past rating and newly observed behavior and reported reputation.

Only negative experience is counted

Positive change and timeout are not addressed yet.

Assume negative behavior is rare, and probably means node can never be trusted.

The Trust Manager

The Reputation System

Wireless & Network Security 9

the path manager
The Path Manager
  • Path re-ranking according to security metric (re-rank route based on reputation).
  • Deletion of paths containing malicious nodes.
  • Action on receiving a request for a route from a malicious node (ignore request).
  • Action on receiving request for a route containing a malicious node in the source route (ignore, alert source).

Wireless & Network Security 10

confidant results

Wireless & Network Security 11

confidant results1

Wireless & Network Security 12

watchdog and pathrater
Watchdog and Pathrater
  • S. Marti, T.J. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” Proc. MobiCom '00.
  • Extra facilities added to the network to detect and mitigate routing behavior.
  • Two extensions to DSR:
    • Watchdog identifies misbehaving nodes by overhearing transmissions
    • Pathrater avoids routing packets through these nodes

Wireless & Network Security 13

  • The watchdog is implemented by
    • maintaining a buffer of recently sent packets
    • compare each overheard packet to buffered packets to see if there is a match. If so, the packet in the buffer in removed and forgotten.
    • A certain timeout indicates a failure tally – count it and see if it exceeds a bandwidth threshold. If so, send a message back to the source.
  • Advantages
    • It can detect misbehavior at the forwarding level
  • Disadvantages
    • It might not detect a misbehaving node, due to
      • Ambiguous collisions
      • Receiver collisions
      • Limited transmission power
      • False misbehavior
      • Collusion
      • Partial dropping

Wireless & Network Security 14

  • Honest Nodes
    • Ambiguous collisions
    • Receiver collisions
  • Dishonest Nodes
    • Transmission power intentionally limited by a dishonest node
    • False misbehavior report by malicious node
    • Multiple dishonest nodes in collusion (groups of nodes)
    • Partial dropping by a dishonest node

Wireless & Network Security 15

  • The pathrater, run by each node, combines knowledge of misbehaving nodes with link reliability data to pick the route.
  • Each node maintains a rating for every other node it knows about in the network
  • It calculates a path metric by averaging the node rating in the path. If there are multiple paths to the same destination, the path with the highest metric is chosen.

Wireless & Network Security 16

simulation results
Simulation Results
  • Combined use of
    • WD – Watchdog
    • PR - PathRater
    • SRR – Extra Route Request
  • Two mobility scenarios
  • Performance Metrics
    • Throughput: The percentage of sent data packets actually received by the intended destinations
    • Overhead: The ratio of routing-related transmissions to data transmissions in a simulation
    • False positives: False positives occur when the Watchdog mechanism reports that a node is misbehaving when in fact it is not
  • Compromised nodes: from 0% to 40%

Wireless & Network Security 17

throughput as of misbehaving nodes
Throughput as % of misbehaving nodes

Wireless & Network Security 18

throughput as of misbehaving nodes1
Throughput as % of misbehaving nodes

Wireless & Network Security 19

overhead as of misbehaving nodes
Overhead as % of misbehaving nodes

Wireless & Network Security 20

overhead as of misbehaving nodes1
Overhead as % of misbehaving nodes

Wireless & Network Security 21

throughput in presence of false detections
Throughput in presence of false detections

Wireless & Network Security 22

reputation based trust core
Reputation based Trust: CORE
  • CORE: A Collaborative Reputation Mechanism to enforce node cooperation in Mobile Ad hoc Networks”.
  • Proposed by Michiardi and Molva to enforce node cooperation in MANETs based on a collaborative monitoring technique
  • Nodes modeled as a members of a community
  • The reputation is formed and updated along the time.
    • assigns more weight to the past observations than the current observations
  • Three types of reputation
    • subjective reputation
    • indirect reputation
    • functional reputation

Wireless & Network Security 23

core details
CORE Details
  • Has two protocol entities
    • Requester
      • refers to a network entity asking for the execution of a function f
    • Provider
      • refers to any entity supposed to correctly execute the function f
  • Each node maintains
    • An RT Table for each function f
  • An entry in RT has:
    • unique ID
    • recent subjective reputation
    • recent indirect reputation
    • composite reputation for a predefined function
  • RTs updated in two situations:
    • during the request phase
    • during the reply phase
  • Each node is also equipped with a watchdog mechanism for promiscuous observation.

Wireless & Network Security 24

reputation based trust in wsns
Reputation based Trust in WSNs
  • S. Ganeriwal and M. Srivastava. Reputation-based framework for high integrity sensor networks. In proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN ’04), October 2004 pp. 66-77.
  • The first reputation and trustbased model designed and developed exclusively for sensor networks.
  • Distributed, symmetric reputation-based model that uses both first-hand and second-hand information for updating reputation values.
  • Nodes maintain the reputation and trust values for only nodes in their neighborhood.

Wireless & Network Security 25

reputation based framework for sensor networks rfsn
Reputation based framework for sensor networks (RFSN)

Embedded in every social network is a web of trust

  • How does human societies evolve?
    • Principle of reciprocal altruism
      • Be nice to others who are nice to you
    • When faced with uncertainties
      • Trust them who have the reputation of being trustworthy

Proposed solution: Form a similar community of

trustworthy nodes in the network over time

Wireless & Network Security 26

why this approach
Why this approach?
  • Sensor network already follow a community model
    • Individual nodes do not have any utility
    • Collaborative information gathering, data processing and relaying.
  • Missing element is trust….
    • Nodes are dumb and they collaborate with every node.
    • Internal adversaries exploit this very fact!
    • Faulty sensors results in equally detrimental effects.
  • RFSN incorporates intelligence into nodes
    • Exposes trust as an explicit metric!
    • Cooperate with ONLY those nodes that are trustworthy.

Wireless & Network Security 27

architecture of rfsn
Architecture of RFSN






Second hand


  • Observe the action of other nodes – Watchdog mechanism
  • Develop a perception of other nodes over time – Reputation
  • Share experiences to facilitate community growth – Second hand information
  • Predict their future behavior – Trust
  • Cooperate/Non-cooperate with trustworthy nodes – Behavior

Wireless & Network Security 28

integration of approaches
Integration of approaches






Second hand


Protocol Development


Data Analysis



Decision theory

Development of high integrity sensor networks will be a combination

of techniques from different fields

Wireless & Network Security 29

reputation representation
Reputation representation
  • Probabilistic formulation
    • Use beta distribution to represent reputation of a node.

Reputation of node j from the perspective of node i

  • Why beta distribution?
    • Simple to store: Just characterized by 2 parameters.
    • Intuitive:α and β represents magnitude of cooperation and non-cooperation.
    • Efficient: Easy reputation updates, integration, trust formulation.
  • Maintain reputation for just neighboring nodes
    • Use locality – Provides scalability.

Wireless & Network Security 30

reputation propagation
Reputation propagation
  • What to propagate?
    • Constraints
      • Information about goodnodes – Saves from bad mouthing attacks
      • Independent information – Critical to derivation in earlier slide

Wireless & Network Security 31

simulation study neslsim
Simulation study - NESLsim

Consistent data


Routing module

  • Simulation set up
    • Comparison with DUMB-RFSN
      • Representative of heuristic based approaches.
      • Metric : Trust between node i and j.
      • Parameter choices : Threshold (0.9), Initialization (Beta(1,1)).



Wireless & Network Security 32

bad mouthing attacks
Bad Mouthing Attacks

Attack:Propagate false badreputation information about good nodes

Countermeasure:Good Reputation System

Set up:Node j cooperates fully

Scenario 1:1 malicious child

RFSN: Completely resilient.

DUMB-RFSN: Node i will conclude wrongly node j to be malicious.

Wireless & Network Security 33

bad mouthing attacks contd
Bad Mouthing Attacks (Contd..)

Set up:Node j cooperates fully

Scenario 2:4 malicious children,

1 good child

RFSN: Neglects bad nodes. Selectively takes advantage of 1 good node.

DUMB-RFSN: Performance is more worse.

Wireless & Network Security 34

ballot stuffing
Ballot Stuffing

Attack:Malicious nodes propagate false good reputation information.

Countermeasure:Weight the second hand information appropriately

Set up:Node j is malicious and colludes with malicious children nodes.

Scenario 1:1 malicious child

DUMB-RFSN: Node i will conclude node j to be trustworthy.

RFSN: Completely resilient.

Wireless & Network Security 35


Wireless & Network Security 36