Embed Size (px)
Citation preview
Trust Model Based Self-Organized Routing Protocol For Secure Ad Hoc Networks
Li XiaoqiCSE Department, CUHK29/04/2003
Outline
Introduction to Ad Hoc NetworksMotivation and Design GoalsTrust Model for Ad Hoc NetworksTrusted Self-Organized Routing ProtocolConclusionResearch Plan and Future Work
Now Come to:
Introduction to Ad Hoc NetworksMotivation and Design GoalsTrust Model for Ad Hoc NetworksTrusted Self-Organized Routing ProtocolResearch Plan and Future WorkConclusion
What is Ad Hoc Network
A kind of network without fixed infrastructure such as base stations or access points, which performs communications through wireless mediaWireless applications in:
Military OperationsDisaster ReliefMeeting Room Setup for ConferencePersonal Area Networking
Characteristics of Ad Hoc Networks
No fixed infrastructureEach node is a routerMulti-hop routing by nodes cooperationSelf-organization natureHigh mobilityProne to be attacked
Routing Protocols for Ad Hoc Networks
AODV:-Ad Hoc On-Demand Distance Vector Protocol
DSR:-The Dynamic Source Routing Protocol
DSDV: -Destination-Sequenced Distance Vector
Protocol
Overview of AODV
Discover routes when neededMainly two types of routing messages:
RREQ: Route RequestRREP: Route Reply
Fixed-length messagesOnly one mutable field: Hop Count
Route Discovery in AODV
Laptop
PDA
PDA
PDA
Laptop
Laptop
LaptopRREQ
RREPRREP
Broadcast
S
D
Now Come To:
Introduction to Ad Hoc NetworksMotivation and Design GoalsTrust Model for Ad Hoc NetworksTrusted Self-Organized Routing ProtocolConclusionResearch Plan and Future Work
Security Requirements in Ad Hoc Networks
ConfidentialityAuthenticityIntegrityAvailabilityNon-repudiationAccess Control
Attacks to Ad Hoc NetworksAttack Method Motivation/Result Influence to
Security Services
Eavesdropping Obtain contents of messages Loss of Confidentiality
Masquerading Impersonate good nodesRouting RedirectionRouting table poisoningRouting Loop, etc.
Loss of Authenticity
Modification Make a node denial of serviceObtain keys, etc.
Loss of Integrity
Tunneling Attract trafficRouting Redirection
Loss of Confidentiality and Availability
Flooding Denial of Service Loss of Availability
Dropping Destroy normal routing progress Loss of Non-reputation and Availability
Replaying/Delaying Destroy normal routing progressDestroy normal data transmission
Loss of Access Control and Integrity
Common Solutions for SecurityOften assume
A trusted authority to issue certificates.A centralized server to monitor the networks.A secret association between certain nodes.
DisadvantagesDestroy the self-organization nature of ad hoc networks.Limit the mobility of nodes.Single point of failureLess of efficiency and availability
Self-Organized Solutions for Security
PropertiesAuthenticate each other in a self-organized wayOften issue certificate of a public key by nodes cooperationOften need node monitoring mechanism
DisadvantagesNeed at least k neighbors to cooperateMonitoring mechanism is difficult to implement and is performance-consuming
Current Issues in Ad Hoc Networks
Lack of security considerationCentralized server or trusted third parties destroy the self-organization naturePure cryptographic solutions bring high overheadCurrent self-organized solutions lose flexibility
Our Solutions and Design GoalsDesign a suitable decentralized trust model that can be used for the security solutions of ad hoc networks.
Apply this trust model to design a flexible self-organized key management scheme.
Apply this trust model to design a secure and flexible self-organized routing protocol with lower overhead.
Demonstrate the principle of the trust model and the security advantages of the resulting ad hoc networks.
Now Come To:
Introduction to Ad Hoc NetworksMotivation and Design GoalsTrust Model for Ad Hoc NetworksTrusted Self-Organized Routing ProtocolResearch Plan and Future WorkConclusion
Trust Model for Ad Hoc Networks
Overview of trust theoryTrust is a basic aspect of human life.Trust is regarded as a measurable variable.Trust theory has been applied into the fields of E-Commerce
Organization of nodes in ad hoc networks is similar as human society
Apply trust theory to secure ad hoc networks
Previous Trust ModelsDirect and recommendation trust model
Continuous value to represent trust Basis of many other trust models
Recommendation protocol modelFocus on the exchange of trust information
Dempster-Shafer Theory based modelUpper and lower bound pair to represent trust Trust matrix to represent trust relationshipCombine two matrices using Dempster-Shafer theory
Previous Trust Models (Con’d)
Model using Fuzzy LogicTrust matrix to represent trust relationshipFuzzy logic to verify transactionsFuzzy logic to combine trust matrices
Model using Subjective LogicUse Opinion to represent trustOpinion includes belief, disbelief, uncertaintyCombine trust using subjective logic
Comparison of Trust Models
Single trust value vs. OpinionOpinion with belief, disbelief and uncertainty can express more information
Fuzzy logic vs. Subjective logicFuzzy logic operates on certain measures about fuzzy propositionsSubjective logic operates on uncertain measures about crisp propositions
Comparison of Trust Models (Con’d)
Shafer theory vs. Subjective logicBoth introduce uncertaintyNo need to set upper or lower bounds of trust described in Shafer theory
Design Issues of Trust Model
Definition of TrustRepresentation of TrustCombination of TrustExchange of Trust Information
Our Trust Model
Use ‘Opinion’ to define and represent trustCombine trust opinions using subjective logicDefine a trust recommendation protocol to exchange trust information
Definition and Representation of Trust
Opinion: a three-dimensional metricThe opinion about the trustworthiness of x, denoted by ωx , is the triple defined by:
b(x) represent belief: probability of believing x.d(x) represent disbelief: probability of disbelieving xu(x) represent uncertainty: probability of uncertainty about x’s trustworthiness
)(),(),( xuxdxbx
Definition and Representation of Trust (Con’d)
Property of Opinion:
b, d, u is in [0,1]b+d+u = 1
Opinion ωx
(0.4,0.1,0.5) can be represented in the right figure.
0 0
0 11
1
)5.0,1.0,4.0(x
0. 5
0. 1
0. 4
Disbelief
Uncertainty
Belief
Combination of Trust
Discounting Combination Combine trusts along one pathCombine
Consensus CombinationCombine trusts from several pathsCombine
)()(
)(CA
CB
BA
),()(
)(CBA
CB
CA
A C
B
A
C
B
An Example of Combining Trust
A want to know B’s trustworthiness
A B
N3
N2
N1
Trust Recommendation Protocol
Exchange trust informationThree types of message:
TREQ: Trust RequestTREP: Trust ReplyTWARN: Trust Warning
Message structure
T y p e Re q u e s to r Re co m m e n d e r Re co m m e n d e e O p in io n C la s s Ex p iry
Our Trust Model vs. Subjective Logic Trust Model
Simplify the representation of trust, which is more suitable for ad hoc networksPropose a trust recommendation protocol to exchange trust informationHandle the dynamic of trust which is not mentioned in subjective logic
Now Come To:
Introduction to Ad Hoc NetworksMotivation and Design GoalsTrust Model for Ad Hoc NetworksTrusted Self-Organized Routing ProtocolResearch Plan and Future WorkConclusion
Assumption of Our Trusted Routing Protocol
Ability to recover node’s neighbors.Reliability of broadcasting one-hop messages Uniqueness of node’s IDCapability of monitoring behaviors of one-hop neighbors Key management has been done before
Node ModelOne node has an opinion about othersEach node maintains a trust table. For Example, A’s trust table is:
Initial opinion of a node in others’ eyes is (0,0,1)
General Framework
Tr us t
R e c o m m e ndat i o n
P r o t o c o l
Trust M ode l
Tr us t
C o m bi nati o n
Al go r i t h m
Cr ypt o gr aphi c R o ut i ng D i s c o ve r y
and M ai nt e nan c e
Tr ust e d R o ut i ng Dis c o ve r y
an d M ai nt e nanc e
Tr us t
U pdati ng
AL go r i t h m
B as i c A O D V R o ut in g P r o t o c o l
Trus te d R outing P rotoc ol
Cryptographic Technologies
Use cryptographic schemes to do routing in the beginning of this networkAdopt ideas in SAODV [42]
Digital signature: authenticate the non-mutable fields of the messagesHash chains: secure the only mutable field ‘hop count’
Overview of Trusted Self-Organized Routing Protocol
Effective when trust relationships have been established among most nodesBased on AODV routing protocolCriteria to determine whether a node can be trusted or not is:
belief≥0.5, disbelief<0.5, uncertainty<0.5
Nodes cooperate to decide a opinion
Trusted Routing Discovery
S
N 1 N 2
N 3
T
R R E Q
R R E P
L in k s
Ro u tin g Re q u e s t: S : is su e s RREQ . N 1 : v e r if ie s o p in io n s N 1 S , N 1 T . N 2 : v e r if ie s o p in io n s N 2 N 1 , N 2 S , a n d N 2 T . N 3 : v e r if ie s o p in io n N 3 N 2 .
Ro u tin g Re p ly : N 3 : h a s ro u te e n tr y to T, th e n is su e s RREP. N 2 : v e r if ie s o p in io n N 2 N 3 . N 1 : v e r if ie s o p in io n N 1 N 2 . S : v e r if ie s o p in io n S N 1 .
Trust Update Algorithm
Each value in a opinion is logically divided into 5 levels. Every 0.25 is one level.Successful verification for ten times:
belief+=0.25, disbelief-=0.125, uncertainty-=0.125
Failed verification for each time:belief-=0.125, disbelief+=0.25, uncertainty-=0.125
No verification during expiry timebelief-=0.375, disbelief+=0.125, uncertainty+=0.25
Trust Update Algorithm (Con’d)
If in opinion A to B, belief<0 or disbelief>1
Opinion(AB) will be changed to (0,1,0) Node A broadcast this opinion using TWARN messageNeighbors will re-calculate the opinion using trust combination algorithmB will be denied from A’s communication
Trusted Key Management
Use trust model into key managementAdvantages:
Self-organizationFlexible: no limitation of at least k neighborsLower overhead
AnalysisPerformance is increased
No need to perform cryptographic calculations for every packet lower overhead
Security is enhancedCombination of trust model, cryptographic schemes and monitor mechanism
More reasonable and flexibleGood nodes who become bad will be denied from network eventuallyBad nodes who turn to good will be allowed accessing network again soon
Now Come To:
Introduction to Ad Hoc NetworksMotivation and Design GoalsTrust Model for Ad Hoc NetworksTrusted Self-Organized Routing ProtocolConclusionResearch Plan and Future Work
Conclusion
A promising idea to apply trust model to secure ad hoc networksNode uses ‘opinion’ to judge if another node is trustableNodes cooperate to obtain a more accurate opinionTrusted routing protocol is
Self-organizedLower-overhead More reasonable
More secure More flexible
Research Plan and Future Work
A better trust combination algorithmA better way to apply trust model into key managementStudy monitor or intrusion detection issuesImprove trusted routing protocol to make it prevent or stand more attacksA detailed simulation evaluation using NS-2 or Glomosim simulators
Q&A
Thank you !
