Post on 23-Feb-2016
description
Jin-Hee Cho & Ananthram Swami , Army Research Laboratory
Ing-Ray Chen, Virginia Tech
A Survey of Trust Management for Mobile Ad
Hoc Networks
Outline
• Background
• Motivation
• Multidisciplinary Trust Concept
• Trust, Trustworthiness, and Risk Assessment
• Trust Properties in MANETs
• Survey on Trust Management in MANETs
• Future Research Directions
Background
• Design Challenges in Mobile Ad Hoc Networks:– Resource constraints
energy, bandwidth, memory, computational power– High security vulnerability
open medium derived from inherent nature of wireless networks rapidly changing network topology due to node mobility or
failure, RF channel conditions decentralized decision making and cooperation (no centralized
authority) no clear line of defense
• Trust: the degree of subjective belief about the behavior of a particular entity.
Motivation
• Trust management is needed in MANETs with the goal of establishing a network with an acceptable level of trust relationships among participating nodes:– During network bootstrapping– To support coalition operation without predefined trust– For authentication for certificates generated by other parties when
links are down– To ensuring safety when entering a new zone
• Diverse applicability as a decision making mechanism for:– Intrusion detection– Key management– Access control– Authentication– Secure routing– Many others
Trust in Communications & Networking
• Trust in Communications & Networking– A set of relations among entities
participating in a protocol based on evidence generated by the previous interactions of entities within a protocol
– If the interactions have been faithful to the protocol, then trust will accumulate between these entities
– Context-aware trust: trust is the quantified belief of a trustor node regarding competence, honesty, security, and dependability of a trustee node in a specific context
Multidisciplinary
Concept of Trust
Sociology
Risking betrayal
Subjectivity
Economics
Incentive-based selfishness
Autonomic computing
automation reliability
Organizational management
risk assessment
Psychology
Cognitive process
Philosophy
Context-dependent moral
relationship
Communications & Networking
more...
security
reconfigurability
scalability
reliability
dependability
Trust, Trustworthiness, and Risk Assessment
• Definition (Trustworthiness): Trustworthiness is objective probability by which the trustee performs a given action on which the welfare of the trustor depends
• Definition (Trust): Trust is the subjective probability by which the trustor expects that the trustee performs a given action on which the welfare of the trustor depends
• Definition (Risk): risk is defined by the probability and the consequence of an incident. The risk value is given by the function r : P x C -> RV, where P is a set of trust values in [0,1], C is the set of consequence values and RV is the set of risk values.
1
1
Trustworthiness
Trust
b. misplaced trust
a. misplaced distrust
Trust =Trustworthiness
0.5
0.5
Trust Level [Solhaug et al., 2007]
Trust vs. Risk
• Trust-based decision making: a trust threshold is used to say yes/no
yes when t > trust threshold (t2 inthe graph)
• Risk-based decision making: a risk threshold is used to say yes/no
yes when r < high risk threshold (high risk zone in the graph)
In general when trust is high, risk is low but it really depends on the stake (consequence of failure). It is not enough to consider trust only and then say that trust is risk acceptance, trust is inverse to risk, or the like.
1
1
Stake
Trust 0.5
S2
S1
t1 t2
High risk
Medium risk
Low risk
Trust vs. Risk
[Solhaug et al. 2006,
Josang & LoPresti, 2004]
Trust Properties in MANETs
• Dynamic, not static– Trust in MANETs should be established
based on local, short-lived, fast changing over time, online only and incomplete information available due to node mobility or failure, RF channel conditions
– Expressed as a continuous value ranging from positive and negative degree
• Subjective– Different experiences derived from
dynamically changing network topology• Not necessarily transitive• Asymmetric, not necessarily
reciprocal– Heterogeneous entities
• Context-dependent– Sensing/Reporting vs. forwarding
Trust
Subjectivity
Dynamicity
AsymmetryContext-dependency
incomplete transitivity
Trust properties in MANETs.
Dynamicity
Weighted transitivity
Asymmetry
Subjectivity
Context-dependency
Discrete (or binary) trust value
Complete transitivity
Symmetry
0 2 4 6 8 10 12 14 16 18 20
20
19
2
5
5
2
3
1
Trust properties in existing trust management in MANETs.
Classification of Trust Management
Risk Management
Risk Assessment Risk Mitigation
Trust Management
Trust Update
Trust Revocation
Trust Establishment
Risk Control
trust evidence collection, trust generation, trust
distribution, trust discovery, and trust
evaluation
[Solhaug et al., 2006]
Attacks in MANETs
• By the nature of attack and the types of attackers [Liu et al., 2004]– Passive Attacks: when an unauthorized
party gains access to an asset but does not modify its content, (e.g., eavesdropping or traffic analysis)
– Active Attacks : masquerading (impersonation attack), replay (retransmitting messages), message modification, DoS (e.g., excessive energy consumption)
• By the legitimacy of attackers [Liu et al., 2004]– Insider attacks: authorized member– Outsider attacks: illegal user
Attacks considered in existing trust management in MANETs.
Collusion attack
Routing loop
Blackhole
Grayhole
DoS
False information
Packet related
New comer
Identity related
Blackmailing
Replay
Selective misbehaving
General misbehaving
General selfish
0 1 2 3 4 5 6 7 8 9 1011121314151617
Number of works
Type
s of
att
acks
Metrics for Measuring Network Trust in MANETs
• Network trust has been evaluated by general performance metrics, e.g., detection accuracy, goodput (useful information bits/sec), throughput (data bits/sec), overhead, delay, network utility, route usage (for secure routing), packet dropping rate, etc.
• Recently, trust level as a metric has been used, e.g., trust level of a network path or session
Throughput
Overhead
Detection accuracy
Goodput
Packet dropping rate
Utility
Delay
Route usage
Trust level
Others
0 1 2 3 4 5 6 7 8 9 10 11 12
Number of works
Met
rics
Metrics used for evaluating network trust
Composite Trust Metrics
Quality-of-Service (QoS) Trust
• Competence, dependability, reliability, successful
experience, and reputation or recommendation
representing capability to complete an assigned “task”
• Examples are the node’s energy lifetime,
computational power level, and capability to complete
packet delivery
Social Trust
• Use of the concept of social networks
• Friendship, similarity, common interest, social
connectivity, honesty, and social reputation or
recommendation derived from direct or indirect
interactions
Trust Management in MANETs based on Design Purpose
2000
2001
2002
2003
2004
2005
2006
2007
2008
0 1 2 3 4 5 6 7 8 9 10
Secure routing
Authentication
Intrusion detection
Access control
Key Management
Trust evaluation
Trust evidence distribution
Trust computation
General trust level identificationNumber of works
Year
Summary of existing trust management schemes in MANETs based on specific design purposes
Trust-based Applications in MANETs
Secure Routing• Detect and isolate
misbehaving nodes (selfish or malicious)
• Reputation management • Extension of the existing
routing protocols (e.g., DSR, AODV) using trust concept
• Incentive mechanism to induce cooperation
• Revocation + redemption possible
Authentication• Use trust to authenticate nodes or routing paths• Use direct evidence (certificates or observations
of packet forwarding behavior) plus second hand information (e.g., recommendation)
• Extension of the existing routing protocols (e.g., DSR, Zone Routing Protocol)
Key Management• Establish keys between nodes based on their trust relationships
• Trust-based PKI
• Distributed - each node maintains its public/private keys
• Hierarchical – a CA is elected based on trust
Trust-based Applications in MANETs (Cont.)
Intrusion Detection• Trust as a basis for developing
an intrusion detection system (IDS)
• Trust-based IDS provides audit and monitoring capabilities to enhance security
• Evaluating trust and identifying intrusions can be integrated together to build a trustworthy environment
Access Control• Use trust for decision making of
access control to MANET resources
• Trust-based admission control (role-based)
• A node can use resources if it is trusted by k trusted nodes
• Can integrate with policy-based access control (with a proof of identity or certificate)
Issues for Future Trust Management in MANETs
• How should we select a trust metric that can reflect the unique properties of trust in MANETs?
• What constitutes trust? Is it multi-dimensional with multiple trust components? Should we have a different set of trust components reflecting the application characteristics and node behavior (including selfish/malicious behavior)?
• How can trust contribute to scalability, reconfigurability, security, and reliability of the network?
• How should a trust protocol be designed to achieve adaptability to rapidly changing MANET environments?
• How do we design a trust system to reflect adequate tradeoffs, e.g., altruism vs. selfishness, and effectiveness vs. efficiency?
• Can we identify optimal trust protocol settings under various network and environmental conditions?
Questions?
Contact us at:
Jin-Hee Cho (jinhee.cho@arl.army.mil), Army Research Laboratory
Ananthram Swami (aswami@arl.army.mil) , Army Research Laboratory
Ing-Ray Chen (irchen@vt.edu), Virginia Tech