Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Chapter 3
Trust based Neighbor Identification in
WSN using Agents
Wireless Sensor Networks(WSNs) are vulnerable to attacks that compromises data confiden-
tiality, integrity and authentication. Secured routing in WSN should focus on identifying the
neighbors that are free from various types of attacks. It becomes a challenging task to iden-
tify the neighbors that are trustworthy since attackers make the nodes not only to pretend
as if they are trustworthy and free of any types of attacks but also create a feeling that they
are involved in avoiding any types of threats. In such a situation, traditional mechanisms
of security schemes may not be sufficient and thus we need intelligent schemes to overcome
such challenges. Software agent technology provides the promising secured routing mech-
anism where in autonomous agents are involved in identifying all types of security threats
and secured routes in WSN’s with the help of neighbor nodes that are trustworthy and the
routes may be created using such neighbors.
Fundamental components to decide upon a neighbor as trustworthy are wireless chan-
nel connecting the neighbor node and computation activity of a neighbor node. An adversary
may attack wireless channel in several forms such as jamming, radio interference, tampering,
collision, repeated requests, sybil attack, sink hole attack, black hole attack, worm hole at-
tack, hello flood attack, de-synchronization attack, reprogram attack,etc.[38]. Computation
52
Chapter 3. Trust based Neighbor Identification in WSN using Agents 53
activity of a sensor node plays significant role to perform various activities such as sensing
and interpreting different physical parameters, processing and storing the sensed data, ag-
gregating and communicating the data to neighbor nodes, etc.[39]. Attacks that affect the
computation activity of sensor nodes may be classified into two categories: (1) black out
attacks and (2) mis-behavioral attacks. A black out attack is one in which the node is not
able to perform any type of activity such as sensing the event, processing the data, commu-
nication with neighbors, etc. A node mis-behavioral attack is one in which the node exhibits
normal behavior but performs abnormal computations and this type of attack is difficult to
identify. For example, suppose a node is required to sense the current weather condition
(such as temperature, pressure, humidity, etc.) and report the same to its neighbor. In such
a situation, the mis-behaving node may correctly sense the environment; but it may alter
the position of the parameters in the data field to be communicated to the neighbor. Thus,
temperature, pressure, humidity will be read wrongly so that the network suffers in terms of
energy spent for such communication, time required to process and transmit to the neighbor.
A trusted neighbor node is one where it is free from two types of attacks listed above.
The task of securing wireless channel and computation activity of a node using tradi-
tional security mechanisms are not sufficient since such schemes do not possess intelligent
techniques. Effective deployment of security mechanism needs intelligence to identify such
security violations and should be able to take autonomous decisions intelligently. Since soft-
ware agents are suitable to take autonomous decisions and act intelligently, we use agent
technology to identify trustworthy neighbors against the two types of security violations in
WSNs.
Agents are software programs activated on an agent platform of a host. Agents use
their own knowledge base to achieve the specified goals without disturbing the activities of
the host. They have two important properties: mandatory and orthogonal, which differ-
entiates them from standard programs. Some of the mandatory properties are: autonomy,
reactive, proactive and temporally continuous. Some of the orthogonal properties are: com-
municative, mobile, learning and believable[40]. Mobile agent is an itinerant agent which
contains program, data, execution state information, migrates from one host to another host
Chapter 3. Trust based Neighbor Identification in WSN using Agents 54
in a heterogeneous network, and executes at a remote host until it completes a given task[41].
In this chapter, we propose a Trust based Neighbor Identication in Wireless Sensor
Networks (TNIWSN) using agents to identify trustworthy nodes in a network. The trusted
neighbor identification is necessary for routing the data through trustworthy neighbors and
avoid untrusted neighbors that are compromised by various threats. The proposed scheme
operates in following phases. (1) Defining safeguard agency that consists of one static agent
known as Safeguard Manager Agent (SMA) and one mobile agent known as Trusted Neighbor
Agent (TNA) and a knowledge base. (2) Safeguard agency identifies trustworthy neighbor
nodes using static and mobile agents by means of trust model that comprise of the probability
model and Message Authentication Code (MAC) model. The probability model identifies
trusted neighbors based upon the probabilities of trustworthiness of wireless channel and the
trustworthiness of sensor node. MAC model encrypts the message using the two keys k1 and
k2 are generated with k-ERF (Error Resilient Function) key generation process to ensure the
trustworthiness of neighbors identified by the probability model. (3) MAC’s are dynamically
computed by agents (either on sender node or on neighbor node) by generating keys with the
help of k-ERF. (4) Agents effectively identify possible security threats on wireless channel
and node. Simulation analysis shows that TNIWSN outperforms Neighbor based Malicious
Node Detection (NMND) in Wireless Sensor Networks in terms of average success ratio and
memory overhead.
3.1 Related Works
Some of the related works are as follows. Authors in [42] focus on the study of security
threats to the WSN that proposes a security solution using mobile agent technology. The
model is based on two requirements confidentiality and integrity. To maintain confidentiality
a software mobile agent based key management technique is proposed which consists of three
phases Initial key distribution phase, control phase, execution phase. For integrity the author
proposed agent based integrity maintenance model for WSNs.The owner creates dummy offer
signs with private key, encrypt with public key and then transmit. At the receiving host,
Chapter 3. Trust based Neighbor Identification in WSN using Agents 55
the message is decrypted using public key and private key.
A bio-inspired trust and reputation model in WSN (BTRM-WSN) is proposed in [43]
which is based on Ant Colony Systems (ACS) and aims at providing trust and reputation in
WSNs. Pheromone updating is carried out by ACS that includes measuring of the quality of
a path, how to punish or reward a server depending on dynamic behavior of pheromone. The
author in [44] proposes a method to defend against sink hole attacks using mobile agents.
A routing algorithm with multiple constraints is proposed based on mobile agents. It uses
mobile agents to collect information of all mobile sensor nodes to make every node aware of
the entire network so that a valid node will not listen the cheating information from malicious
or compromised node which leads to sink hole attack. The significant feature of the proposed
mechanism is that it does not need any encryption or decryption mechanism to detect the sink
hole attack. This mechanism does not require more energy than normal routing protocols
like AODV. The system proposes two algorithms. Agent navigation algorithm tells how
does a mobile agent gives network information to nodes and visits every node. Data routing
algorithm tells how a node uses the global network information to route data packets.
The work given in [45] presents a neighbor-based malicious node detection in WSN in
which malicious nodes are modeled as faulty nodes to lead to an incorrect decisions that
cannot be easily detected. Each sensor node makes a decision on the fault status of itself
and its neighboring nodes based on the sensor readings. Most erroneous readings due to
transient faults are corrected by filtering, while nodes with permanent faults are removed
using confidence level evaluation. Each node maintains confidence levels of itself and its
neighbors, indicating the track records in reporting past events correctly.
Security enforcement in WSN is proposed in [46] where the network is partitioned into
clusters, each having a high-end cluster head. The cluster heads are further equipped with
trusted computing technology such that they act as online trusted parties. Mutual Secure
Neighbor verification (MSN) in WSN is proposed in [47]. MSN is defined as the capability
of a node to verify the claim by another node placed within a certain physical distance from
the verifier. To mitigate the MSN problem, each node should announce its location and the
power level for transmission. Cooperative and base station verifications are used to detect
Chapter 3. Trust based Neighbor Identification in WSN using Agents 56
nodes that lie about their locations. The authors in [48] focus on the critical role played by
mobile agent(MA) for security and robustness of a WSN in addition to data fusion. The
design objectives JAID (Jamming Avoidance Itinerary Design) algorithm are as follows: (a)
to calculate near-optimal routes for MAs that incrementally fuse the data as they visit the
nodes and (b) in the face of jamming attacks against the WSN. It modifies the itineraries of
the MA’s to bypass the jammed area(s) while not disrupting the efficient data dissemination
from working sensors. If the number of jammed nodes is small, JAID only modifies the
pre-jamming scheduled itineraries to increase the algorithm’s promptness. Otherwise, JAID
re-constructs the agent itineraries excluding the jammed area(s). Another important feature
of JAID is the suppression of data taken from sensors when the associated successive readings
do not vary significantly. Data suppression also occurs when sensors’ readings are identical
to those of their neighboring sensors.
The authors in [49] highlights seven good reasons for using mobile agents for fault tol-
erant networks. Agents reduce the network load, enhance fault tolerant capability, provide
personal assistance, secure brokering, distributed information retrieval, support telecom-
munication networks services, work-flow applications and groupware-support for the flow
of information among coworkers, monitoring and notification-An agent can monitor a given
information source without being dependent on the system from which it originates. The au-
thors in [50] propose security goals for routing in sensor networks, show how attacks against
ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor net-
works, introduce two classes of novel attacks against sensor networks sinkholes and hello
floods, and analyze the security of all the major sensor network routing protocols. The au-
thors describe crippling attacks against all of them and suggest countermeasures and design
considerations.
A flexible security management framework to overcome the drawbacks of early research
is proposed in [51]. The security management framework is divided into eight models. The
node is checked for particular rule if it is satisfied then it is declared as valid node other-
wise invalid. The authors in [52] propose to use the mobile agent paradigm for reducing
and aggregating data in planar sensor network architecture. The proposed architecture is
Chapter 3. Trust based Neighbor Identification in WSN using Agents 57
called Mobile Agent based Wireless Sensor Network(MAWSN). Agents perform the follow-
ing functions: (1) eliminating data redundancy among sensors by application context-aware
local processing at the node level, (2) eliminating spatial redundancy among closely-located
sensors by data aggregation at the task level, (3) reducing communication overhead by con-
catenating data at the combined task level. The author uses four performance metrics Energy
consumption, Average End-to-end packet delay, energy delay, packet delivery ratio.
Use of Smartcards as a tamper resistant devices to offer security to WSN is proposed
[53]. Hardware cryptographic platform includes link level communication, transport proto-
col description, application interface description and demands for power consumption. The
authors specify that smartcards are highly standardized devices that offer common commu-
nication interface and can be used with cryptographic platform in accordance standards.
Secure hardware contains secret cryptographic key, which is used only for encrypting data
and this key is stored in the card which cannot be read. The authors in [54] propose an
Agent-based Trust and Reputation Management scheme (ATRM) for wireless sensor net-
works that considers bandwidth and delay overheads. The objective of the scheme is to
manage trust and reputation locally with minimal overhead in terms of extra messages and
time delay. ATRM scheme requires that a nodes trust and reputation information be stored
respectively in the forms of t-instrument and r-certificate by the node itself. Since, nodes
cannot manage and compute their own trust and reputation, ATRM requires that every node
locally hold a mobile agent that is in charge of administrating the trust and reputation of its
hosting node. In this sense, mobile agents provide nodes a one-to-one trust and reputation
management service.
The authors in [55] propose an agent-based approach that maintains the nodes current
status. The detection of a node is possible through the ratings of each node. Ratings of
a node are known through the ratio of packet forwarded by packets received. Further, the
ratings can also be done using the E-commerce models. In E-commerce models, each node
votes the successive node depending upon the ratio of packet forwarded by packets received.
The update ratings will be done through Sporas formula or Molinas formula or with a
combination of both models. The proposed agent-based framework also uses reputation of
Chapter 3. Trust based Neighbor Identification in WSN using Agents 58
a node through neighboring nodes as part of trust calculation. Authors in [56] present the
IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) architecture in WSN
where the routing can be automatically performed. It combines both the hierarchical Internet
protocol version 6 address structures and the secure address configuration algorithm. During
the mobility process, a mobile node does not need a care-of address, so the mobility handover
process includes neither the care-of address configuration operation nor the address-binding
operation. As a result, the mobility handover cost and delay are reduced and packet losses
caused by node failures are avoided. The key distribution scheme in WSN is proposed in
[57] where the cluster head is determined based on the probability of change in the average
path length. A security mechanism is proposed for the vital link and the ordinary link so as
to balance the energy consumption over all nodes.
3.2 Our contributions
The proposed agent based trusted neighbor identification scheme in WSN is motivated by
observing several drawbacks of existing trustworthy neighbor identification schemes that are
severely suffering from vulnerabilities of wireless channel and sensor node. In this paper, we
propose an agent based trusted neighbor identification in WSN that uses probabilities of the
channel and node along with the MAC model for their trustworthiness. Our previous work
[12] discussed trusted neighbor identification in WSN using only MAC model. The work was
not supported by probability model and also lacked detailed formulation of components of
the scheme. This paper provides an extension to the work by providing detailed functioning
of the scheme, examples and simulation based performance analysis.
Our contribution in the paper are as follows: (1) defining trust model that comprises
probability model and MAC model to find security violations of wireless channel and sensor
node, (2) employing agents to carry the encrypted message to the neighbor nodes, (2) using
agents to identify trustworthy neighbors, (3) engage agents to dynamically update trustwor-
thiness of neighbor nodes, and (4) simulation analysis in terms of average success ratio and
memory overhead and comparing our results with NMND.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 59
3.3 Trusted Neighbor Identification
A sensor node willing to transmit the information to the sink node securely is required to
do so by finding the trusted neighbors through which the routes can be set up. It becomes
important to identify the trusted neighbors since the neighbors may be compromised by
various types of attacks. The challenge is to find trustworthy neighbors. The fundamental
requirement to identify trustworthy neighbors depends upon two components. (1) Trustwor-
thiness of a channel connecting the neighbors and (2) trustworthiness of a neighbor node
itself. These components are discussed in trust model.
3.3.1 Trust Model
Possible threats to the sensor networks from adversaries are in terms of threats to the wire-
less channel and threats to sensor nodes. The wireless channel in WSN is prone to several
attacks as there is no control over the packets transmitted. The trustworthiness of wireless
channel means a channel that provides complete security of data in terms of authenticity,
confidentiality and integrity, etc. for transmission. Wireless channel may be made more
secured if the information to be transmitted on the channel is hidden by using cryptographic
techniques. The behaviors that are used to evaluate trustworthiness of wireless channel are
ensuring secure communication and secure transmission of data over the channel. Secured
communication schemes are implemented by various means such as cryptographic techniques,
efficient key distribution and management techniques[58][59]. A secure transmission refers to
a process that involves protecting access to proprietary data as it is being transferred from
a point of origin to a point of termination[60][61]. Secure communication involves a bidi-
rectional communication with usage of processes like encryption, decryption, cryptographic
approaches, efficient key management and strategic algorithms.
One of such cryptographic mechanisms is generating Message Authentication Code
(MAC) and encrypting the resulting message thus providing authenticity, confidentiality
and integrity. Misbehavior of a neighbor node is another major concern since it is difficult
to identify whether a node is compromised. A compromised node may seem to be a normal
Chapter 3. Trust based Neighbor Identification in WSN using Agents 60
node but the processing of data is affected thereby the wrong computations yield unexpected
results. To handle such type of attacks, one needs intelligent techniques wherein the affected
communication and processing platforms are easily identified. We develop a trust model
that is required to tackle security violations of wireless channel and sensor nodes.
Trust model consists of the probability model and MAC model. The probability model
identifies trusted neighbors based upon the probabilities of trustworthiness of wireless channel
and the trustworthiness of sensor node. MAC model encrypts the message using the two
keys k1 and k2 generated with k-ERF to ensure the trustworthiness of neighbors identified
by the probability model.
Probability Model
The probability model to identify trustworthy neighbors is described as follows. Let a sensor
node have n number of neighbor nodes among which let [TN ] be the set of trustworthy
neighbor nodes.[TN ] contains the list of neighbor nodes which are differentiated as trusted
or untrusted by probabilities values. Our objective is to find [TN ] at a node that are
trustworthy neighbors. The two components that estimate [TN ] are the trustworthiness of
wireless channel connecting the neighbors and the trustworthiness of each neighbor node.
Let Pr(trust channel)i be the probability that the wireless channel to ith neighbor node is
trustworthy and Pr(trust node)i be the probability that the ith neighbor node is trustwor-
thy. Since Pr(trust channel)i and Pr(trust node)i are independent events, Pr(TN)i, the
probability that ith neighbor node is trustworthy defined at a node is given by equation 3.1.
Pr(TN)i = Pr(trust channel)i × Pr(trust node)i (3.1)
where 0 < Pr(TN)i ≤ 1, 0 < Pr(trust channel)i ≤ 1 and 0 < Pr(trust node)i ≤ 1.
Pr(trust channel)i and Pr(trust node)i are computed by agents as discussed in section 3.4.
A node having its neighbors list is defined as a set [TN ] as given by equation 3.2.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 61
[TN ] = Concat[Pr(TN)i] (3.2)
for i = 1, 2, 3...n, where n is the number of neighbor nodes. Concat[Pr(TN)i] represents
concatenated set of non-negative real numbers such that 0 < [Pr(TN)i] ≤ 1. Equation
3.2 represents all the neighbor nodes of a node. The ith neighbor node is trustworthy if
Pr(TN)i ≥ θ, where θ (0 < θ ≤ 1) is a threshold that decides the neighbor node as trust-
worthy. Finally, [TN ] is updated with binary values with the following rule: If Pr(TN)i ≥ θ,
then Pr(TN)i = 1, else Pr(TN)i = 0. Since each binary value in [TN ] represents the status
of a neighbor node, all trustworthy neighbor nodes will have its corresponding bit in [TN ]
as 1. The threshold θ is application dependent and it is set by the administrator.
For example, a node X computes trustworthy neighbors list in [TN ] by entering prob-
ability values corresponding to its neighbor nodes [1, 2, 3, 4, 5, 6, 7] as shown in Figure 3.1.
X
1
2
3
4
5
7
Z
WY
6
0.23
0.01
0.56
0.78
0.26
0.34
0.98
Figure 3.1: Trusted Neighbor Node Selection
Corresponding to 7 neighbors, the probability values in [TN ] of node X are given in
equation 3.3.
[TN ] = [0.98, 0.23, 0.01, 0.56, 0.78, 0.26, 0.34] (3.3)
Suppose, the threshold θ = 0.25, then the trusted neighbors list is updated with binary
Chapter 3. Trust based Neighbor Identification in WSN using Agents 62
numbers as shown in equation 3.4.
[TN ] = [1, 0, 0, 1, 1, 1, 1] (3.4)
Thus, among 7 neighbor nodes, only 5 nodes are trustworthy (i.e., node 1, node 4, node
5, node 6 and node 7) and node 2, node 3 are not trustworthy. Further, MAC model ensures
the trustworthiness among trusted neighbors identified by probability model. That means,
among 5 trustworthy neighbors found by probability model, some of them may proved to be
untrusted using MAC model.
MAC Model
The cryptographic systems are designed to perform complicated encryption and the creation
of message authentication becomes challenging in spite of various attacks from adversaries.
Many protocols are designed based on the assumption that the hosts posses a secret random
string known as key and it is conveniently taken for granted that the entire key is kept secret
from an adversary. There might be a possibility that an adversary may detect a part or
entire key which is called as key exposure problem and it has significant practical interests.
The keys required for obtaining MAC and encrypted message are generated by Exposure
Resilient Function (ERF)[62].
The reason for using ERF for the key generation is that it provides highly randomness
in the generated key such that if any part of the key is known to the adversary, it is not
possible to recover the entire key. We introduce the mechanism of MAC generation using
ERF and we describe how the scheme is implemented to identify the trusted neighbors in
order to maintain confidentiality, authentication and integrity.
In specific, we use an adaptive k-ERF to generate a random key. k-ERF is defined as
a function f for a random input seed s. Suppose (P (A(s)) = 1) represents the probability
that an adversary reads all the s bits out of R bits such that k bits cannot be read by the
adversary is given in Equation 3.5.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 63
|Pr[A(s) = 1]− Pr[A(R) = 1]| ≤ ǫ (3.5)
where k = R− s and ǫ→ 0.
The process of generating MAC using k-ERF is shown in Figure 3.2.
Message
+
Message+MAC
k1
+Transmitted message
k2
k−ERF k−ERF
Figure 3.2: MAC generation to identify trusted neighbors
The MAC encrypted message is sent to the neighbors that are found to be trustworthy
by probability model. Re-computation of MAC on neighbor nodes ensures the trustworthi-
ness of the wireless channel and the sensor node thereby endorsing the trusted neighbors
identified by the probability model.
3.4 Trusted Neighbor Identification using Agents
Software agents are used to identify the trusted neighbors with the help of trust model
discussed in section 3.3.1. Trusted Neighbor Identification using Agents in WSN comprises
of Safeguard Agency (SA) and a Knowledge Base (KB) as shown in Figure 3.3. Routing
Agency (RA) shown in dotted box in the figure helps in establishing secured routes through
trusted nodes identified by SA. The components of RA, its functioning and secured routing
is discussed in chapter 4.
We use Safeguard Agency for the purpose where in agents take decisions autonomously
by establishing secured communication with neighbors.
SA comprises of agents and a KB. A static agent known as Safeguard Manager Agent
(SMA) triggers mobile agent known as Trusted Neighbor Agent (TNA). SMA and TNA
Chapter 3. Trust based Neighbor Identification in WSN using Agents 64
KB
SMA
Safeguard
TNA
TNA
Agent dispatches
Agent Arrives
Routing
Agency(SA)
Agency(RA)
Figure 3.3: Secured Routing Agency
identify trusted neighbors that are free from various types of attacks. RA comprises of a
static agent known as Route Manager Agent (RMA) and mobile agents known as Route
Construction Agent (RCA) and Route Sustenance Agent (RSA). RMA and RCA construct
secured routes from a source node to a sink node with the help of only trusted neighbors that
are identified by safeguard agency. Once the secured routes are constructed, it is equally
important to sustain the routes for the complete duration of data transfer. RMA and RSA
perform the task of route sustainability against security violations. KB consists of various
information used by the agents to identify trusted neighbors.
Trusted neighbors are identified in every node proactively, i.e., trusted neighbors are
updated regularly so that the RA constructs the routes only with trusted neighbors thereby
avoiding possible security violations. Trusted neighbor based routing operates in two phases:
(1) Identifying trusted neighbors using SA and (2) constructing secured routes using RA.
In this paper, we propose the scheme for trusted neighbor identification using SA and
the scheme of routing with trusted neighbors using RA will be our future work.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 65
Agent Structure
The packet structure of an agent and its attributes to perform the given task of neighbor
node identification is given in Table 3.1.
Table 3.1: Agent packet structure and its attributesAgent class Agent header Agent functions Agent dataStatic Src. & Destn. Static & mobile InformationMobile Addresses, lifetime, agent functions needed to perform
Clone number, etc. agent functions
Agent class: There are two types of agents- static agents and mobile agents. Static
agents perform various tasks at the node such as monitoring the performance of the node,
creating mobile nodes and deploy them for specific application, take autonomous decisions,
etc. Whereas mobile agents perform the task assigned by the static agent by visiting other
nodes and taking autonomous decisions at the visited node, returning the refined information
to the static agent. Agent header: This field contains source address, visiting node address,
lifetime of an agent, clone number, etc.
Agent functions: Specific functions of agents include MAC computation, carrying keys
to the visiting nodes, destroying itself either at the expiry of its lifetime or the visited node
is found to be untrustworthy, etc. ⁀Agent data: It is the information needed to perform agent
functions.
The details of agents and their functions are discussed in the following section.
3.4.1 Identification of Trusted Neighbors using Safeguard Agency
In this section, we discuss the procedure to identify the trusted neighbors by SA. SA identifies
the trusted neighbors against channel and node vulnerabilities. The structure of SA on a
node willing to identify its trusted neighbors is shown in Figure 3.4 which contains agents
SMA, TNA, k-ERF generator and a Knowledge Base (KB). Suppose the SA in node 2
Chapter 3. Trust based Neighbor Identification in WSN using Agents 66
wishes to identify its trusted neighbors, the SMA triggers the mobile agent TNA to visit its
neighbors and identify whether the neighbor is a trusted one.
1
2
3
4
5
67
8
9
1211
10SMA
TNA
k−ERFGenerator
Safeguard Agency
SMA: Safeguard Manager AgentTNA: Trusted Neighbor Agent
Sensor Ntework
KB
Figure 3.4: Safeguard agency for trusted neighbor identification
The MAC computation and encrypting the message is given in Algorithm 2. The
secured message M to be communicated to the neighbor is comprised of information such
as source address (SRC .ADDR.), destination address (DESTN .ADDR.), Time Stamp(TS ),
nonce (NONCE ) and agent code (AGENTCODE ). The message is broken into blocks Mi,
where i = 1, 2, ...n. For each block Mi, MAC is computed with the key k1 generated using
the k-ERF model given in Equation 3.5 and the final encrypted message ENC is obtained
by encrypting the MAC appended message with k2. SMA generates the number of TNA’s
equivalent to the number of neighbors presently existing and each TNA carries the message
ENC to the respective neighbors.
Knowledge Base
The knowledge base maintained by each node is organized in two parts: one part is node
knowledge base (node KB) and the other part is neighbor node’s knowledge base (neighbor
Chapter 3. Trust based Neighbor Identification in WSN using Agents 67
Algorithm 2 Encryption of a Message by SMA
1: Begin2: Initialize input data as M ; M = {M1, M2, M3, ..., Mn};3: Mi = {SRC.ADDR., DEST.ADDR., TS, NONCE, AGENTCODE}; for i = 1, 2, ...n;4: Generate 2 keys k1 and k2 using k-ERF;5: C0 ← 0;6: C[k]=array of length k;7: for i = 0 to n− 1 do8: Compute MAC with following steps;9: Ci+1 = E(k1, Mi+1 ⊕ Ci);
10: Ci ← Ci+1;11: C[k] = Ci+1;Ci+1 are stored in an array C[k];12: end for13: C = C[1]⊕ C[2]⊕ C[3]⊕ ....⊕ C[n];14: Final encrypted message ENC = E(k2, C);15: End
node KB). KB in SA helps to identify trusted neighbors using trust model. The components
of node KB are: node address, neighbor node address, TS, k1, k2, ENC, [TN ], θ and nonce.
The components of neighbor node KB are: Pr(trust channel) and Pr(trust node). Tables
3.2 and 3.3 depict the organization of node KB and neighbor node KB, respectively.
Table 3.2: Node KBNode address 172.121.253.4TS 2012-11-14 T2:30 UTCk1, k2 128 bitsENC Encrypted Message[TN] [1, 0, 0, 1, 1, 1, 1]θ 0.22NONCE 02
Table 3.3: Neighbor node KB172.121.253.6 Pr(trust channel) 0.63
Pr(trust node) 0.54
The specific purpose of KB components are listed below.
• Node address: It is the address of a node willing to identify its trustworthy neighbors.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 68
• TS: It is the maximum amount of time required to perform trusted neighbor identi-
fication mechanism. If TNA brings the information about a neighbor within a time
stamp, then the information is accepted (based on this information, the node may be
proved to be trustworthy or untrustworthy); else the node is rejected assuming the
node as not trustworthy.
• k1 and k2: Random keys generated by k-ERF generator for encrypting the message
using MAC.
• ENC: Encrypted message.
• [TN ]: List of all the neighbor nodes (in binary) that depicts whether the nodes are
trustworthy or untrustworthy.
• θ: Probability threshold, used to differentiate trusted and untrusted neighbors.
• Nonce: Used to identify the session uniquely.
A node also maintains the data related to its neighbors in Neighbor node KB. For
example, the components corresponding to a neighbor 172.121.253.6, the node 172.121.253.4
maintains the following data.
• Pr(trust channel): It is the probability of a channel to the neighbor node being trust-
worthy.
• Pr(trust node: It is the probability of a neighbor node being trustworthy.
Similarly, the node 172.121.253.4 maintains the data related to all its neighbors.
Functioning of Agency
Safeguard Agency (comprising of SMA and TNA) is responsible for identifying trusted
neighbors. The sequence of operations performed by SMA and TNA are discussed in this
section.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 69
• Safeguard Manager Agent (SMA): It is a static agent in SA that gets activated whenever
a node wishes to identify its trusted neighbors. The functions of SMA are as follows. (1)
Creates TNA and clones number of TNA’s equal to the number of neighbor nodes. (2)
TNA’s visit neighbor nodes and compute Pr(trust channel) based on bit errors, (3)
On visited neighbor node, TNA gets Pr(trust node) computed by visited node SMA,
as SMA has the knowledge of security level of that node. (4) SMA of originator node
computes Pr(TN) based on the Pr(trust channel) and Pr(trust node) brought by
TNA from neighbor node and calculates the set of trusted neighbor nodes [TN ] with
a given threshold θ. (5) SMA of originator node generates k1 and k2 using k-ERF
generator. (6) Computes MAC using k1 and encrypts the sum of message Mi and
MAC using k2 and generates encrypted message ENC as shown in Figure 3.2. (7)
Sender SMA generates a NONCEn1. (8) Each TNA carries the copy of ENC and
NONCEn1 to the SMA of visited neighbor node that are listed in [TN ]. (9) The
SMA of neighbor node decrypts ENC using k2 to obtain (Message + MAC) and
further computes MAC using k1 for the message (note that k1 and k2 are the same
keys brought by TNA to visited neighbor SMA). (10) Compare MAC computed by
visited node SMA with the MAC appended to the message. (11) If the time required
to perform steps 9 and 10 is greater than TS, then go to step (a), else go to step (b):
(a) stop processing and kill TNA, (b) if both the MAC’s are matched then visited
node SMA generates ack packet (that includes NONCEn2) by encrypting with k2
and hands over encrypted ack to TNA. (12) If MAC computed by visited node SMA
does not match with the MAC appended to the message, it kills the TNA and do not
send any message to originator node SMA.
• Trusted Neighbor Agent (TNA): It is a mobile agent generated by SMA. The functions
of TNA are as follows. (1) Visits the neighbor node and computes Pr(trust channel)
based on bit errors. (2) Returns with Pr(trust channel) of the channel and Pr(trust node)
of visited node. (3) Carry ENC and NONCEn1 computed by SMA to a neighbor
node along with the generated keys k1 and k2 and the same is handed over to the
SMA in the visited node. (4) Returns the ack and NONCEn2 generated by SMA of
Chapter 3. Trust based Neighbor Identification in WSN using Agents 70
the visited neighbor to SMA of originator node. (5) If visited neighbor node SMA
is not successful in computing correct MAC, TNA is destroyed by the visited node
SMA.
The purpose of finding trusted neighbors using the probability model is that it identifies se-
curity violations of the channel and the sensor node thereby it provides a means of first level
security in finding trusted neighbors. The purpose of computing the MAC and encrypting
the message for a given data at both the nodes (sender node and its neighbor node) and
comparing them is to achieve authentication, confidentiality and integrity. These security
features that have been incorporated in agent based system are as follows. (1) Authenti-
cation: Since the secret keys (k1 and k2) are known only to the sender and its neighbor
nodes, if the MAC brought by TNA from originator node matches with the MAC com-
puted at its neighbor, then neighbor is assured that message is not altered. This is because
an adversary can only alter the message but not the MAC as the keys are not known to
the adversary. Thus, it is not possible for the adversary to alter the message. Thus, au-
thentication is achieved. (2) Confidentiality: The message concatenated with MAC at the
sender is encrypted using secret key k2 and the encrypted message is carried by TNA. The
neighbor node decrypts the encrypted message brought by TNA with the same key k2. The
result of decryption is to obtain the message concatenated with MAC. At both sender and
its neighbor node, same key k2 is used and as the key k2 remains secret throughout the
transmission, the message leakage is not possible thus providing the confidentiality of data.
(3) Integrity: Since the agent based scheme uses proper sequence numbers to keep track of
transmitted messages and the adversary cannot alter the sequence numbers, the integrity of
the data is achieved.
Sometimes, the identification of trustworthy nodes in WSN using agents may be a
problem to handle security threats for resource constrained sensor motes. However, we
deploy agents to perform trustworthy neighbor node identification and monitoring security
violations. If the node is resource constrained, the agent dies there itself and such node
is eliminated from the network. Hence, the resource constrained sensor motes may also be
involved in the process.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 71
3.5 Simulation Model
Agent based trusted neighbor selection scheme is simulated in various network scenarios to
assess the performance and effectiveness of the approach. Event driven simulation is used
in which the execution of various functions takes place at discrete events in a chronological
sequence. Simulation environment for the proposed work consists of four models: (1) Net-
work model, (2) Trust model, (3) Propagation model and (4) Traffic model. The models are
discussed below.
• Network model: A sensor network is generated in an area of l× b square meters. It
consists of N number of nodes that are assumed to be connected to a base station at
the boundary of a network.
• Trust model: Trust model consists of Pr(TN) computed by agents which is used
to identify first level trusted neighbors based on the threshold θ and MAC model to
confirm the trustworthy neighbors.
• Propagation model: Free space propagation model is used with propagation constant
β. Transmission range of a node is r for a one-hop distance.
• Traffic model: Constant bit rate model is used to transmit fixed size packets, Trpkts.
Coverage area around each node has a bandwidth, BWsingle−hop, shared among its
neighbors.
3.5.1 Simulation procedure
The proposed scheme is simulated using the following simulation inputs. l = 1000 mtrs., b
= 1000 mtrs., N =[50 to 300], Pr(TN)= 0 and 1, θ=[0 to 0.2], r = 350 mtrs., Trpkts =
multiples of 1000, BWsingle−hop = 500 Kbps.
Simulation procedure involves following steps.
1. Generate sensor network environment: The nodes are randomly deployed in a fixed
Chapter 3. Trust based Neighbor Identification in WSN using Agents 72
area and the topology changes for every instant defined by simulation inputs. Within
certain interval, the performance evaluation is carried out.
2. Agents visit the neighbor node and bring channel and node probability for their trust-
worthiness using probability model.
3. Agents ensure trustworthiness of channel and node using MAC model.
4. Compute performance parameters of the system: Performance parameters are assessed
and plotted with different variables.
The following performance parameters are assessed.
• Average Success Ratio (ASR): It is the average of Success Ratios (SR). SR for single
node in the network is defined as a ratio of number of trustworthy neighbor nodes
identified by agent based scheme to the actual number of trustworthy neighbor nodes.
SR at a node is given by the equation 3.6.
Success Ratio(SR) =Number of trustworthy neighbor nodes identified
Actual number of trustworthy neighbor nodes(3.6)
ASR is defined for certain number of randomly selected nodes in a network as given in
equation 3.7.
Average Success Ratio(ASR) =
∑Kk SRk
K(3.7)
where K is the number of randomly selected nodes among all the nodes in a network
for which trusted neighbors are identified.
• Memory Overhead: It is defined as the total memory required (in bytes) to store Node
KB, Neighbor Node KB and agent codes for identifying trusted neighbors.
• Communication Overhead: It is defined as the total number of control packets that are
necessary to identify trustworthy neighbors.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 73
• Energy Consumption: It is the average energy in joules consumed for transmission and
reception of packets for all the nodes in a network to identify trustworthy neighbors.
• Agent Overhead: It is defined as the additional number of control packets required to
define the agency and their activities that are necessary to implement trusted neighbor
selection in WSN.
3.6 Results
The simulation is carried out on Pentium IV machine using ’C’ language. The analysis of
performance parameters are given in this section.
3.6.1 Analysis of Average Success Ratio (ASR)
θθθθ 10
20
30
40
50
60
70
80
90
100
50 100 150 200 250 300
Ave
rag
e S
ucc
ess
Ra
tio (
%)
No of Nodes
Average Success Ratio Vs. No of Nodes
TNIWSN, =0.1TNIWSN, = 0.2
NMND, = 0.2NMND, = 0.1
Figure 3.5: Average Success Ratio Vs Number of nodes
ASR is assessed through simulation to find the effectiveness of the scheme with the
varying number of nodes in a network as shown in Figure 3.5. We find that there is an
increase in ASR with increase in the number of nodes for two threshold values θ =0.1 and
0.2. This is due to the fact that there is a possibility that the number of neighbor nodes for
a selected node increases with increase in total number of nodes in a network. Among the
Chapter 3. Trust based Neighbor Identification in WSN using Agents 74
10
20
30
40
50
60
70
80
90
100
50 100 150 200 250 300
Ave
rag
e S
ucc
ess
Ra
tio (
%)
No of Nodes
Average Success Ratio Vs. No of Nodes
TNIWSN, K = 8TNIWSN, K = 6
NMND, K = 8NMND, K = 6
Figure 3.6: Average Success Ratio Vs Number of nodes
existing neighbor nodes, the number of trusted neighbors identified by agents also increases.
The number of trustworthy neighbors identified with agents increases since the agents use two
stage mechanism to identify such neighbors; first stage being trusted neighbor identification
by agents using probability model and the second stage being the use of MAC model to
ensure the trustworthiness of neighbor nodes. The number of nodes at which agents apply
trust model also increases with increase in number of nodes. We also observe that ASR is
higher for lower probability threshold value (θ) and it is less for higher θ. This illustrates
that agents are effective in capturing the trustworthy neighbors by using trust model and
autonomously taking decisions immediately to identify trusted channel and trusted nodes.
The behavior of ASR with varying number of nodes for different values of K is shown
in Figure 3.6. As in earlier case, here also ASR increases with increase in the number of
nodes. ASR is more for higher value of K is observed since agents may identify more number
of trustworthy neighbors as K increases. This is because, a neighbor node may be identified
as untrustworthy by one selected node, whereas due to increase in K, the same neighbor
node may be proved to trustworthy by another node. Thus, agents are effective in identifying
trustworthy nodes. For the obvious reasons, ASR increases with the increase in total number
of nodes in a network.
Figure 3.7 shows the increase in ASR with increasing K and ASR is more for higher
Chapter 3. Trust based Neighbor Identification in WSN using Agents 75
10
20
30
40
50
60
70
80
90
100
5 6 7 8 9 10
Ave
rag
e S
ucc
ess
Ra
tio (
%)
K
Average Success Ratio Vs. K
TNIWSN, Nodes=200TNIWSN, Nodes=100
NMND, Nodes=200NMND, Nodes=100
Figure 3.7: Average Success Ratio Vs Number of selected nodes(K)
number of nodes. This is because there is a possibility of more number of neighbors for any
given node and among them, the chance of having higher number of trustworthy neighbors
is more.
In all the cases ASR in TNIWSN is better then NMND because NMND hardly detects
malicious nodes behaving normally and detects only malicious nodes with some intelligence
which might behave differently from normal nodes.
3.6.2 Analysis of Memory Overhead
Additional memory required to store Node KB, Neighbor Node KB and agent codes is shown
in Figure 3.8 with the number of nodes(K) at which trusted node selection scheme is applied
for 150 and 250 node topology. As the selected number of nodes(K) increases where the
proposed scheme is applied, there is an increase in neighbor nodes and hence the memory
required to store such neighbor information in node’s database increases. However, rate of
increase in memory overhead is more after K=8 because there may be multiple KB entries
in database of selected nodes for a given neighbor node and hence such duplicate database
entry increases memory overhead.
In TNIWSN, the memory overhead is due to the memory required to store various
Chapter 3. Trust based Neighbor Identification in WSN using Agents 76
1000
1500
2000
2500
3000
5 6 7 8 9 10
Me
mo
ry o
verh
ea
d (
No
of
byt
es)
K
Memory overhead Vs. K;
TNIWSN, No of Nodes= 150 TNIWSN, No of Nodes= 250
NMND, No of Nodes= 150NMND, No of Nodes= 250
Figure 3.8: Memory overhead vs. Number of selected nodes(K)
databases and agents on each trustworthy nodes thereby eliminating storage requirement of
untrusted nodes. Whereas, in NMND, since the scheme is event driven there may be many
fault events triggered due to faulty nodes and malicious nodes; intentionally or unintention-
ally. Under all such events, NMND invokes malicious node identification and overheads for
such detection increases.
Figure 3.9 shows memory overhead with simulation time. The oscillatory nature of
memory storage depicts the type of node distribution and the effective number of neighbor
nodes for which the database is maintained at selected nodes. However, we observe that the
memory overhead is higher for more number of nodes in a given topology.
3.6.3 Analysis of Communication Overhead
Communication overhead to identify trusted neighbors is shown in Figure 3.10 for both
TNIWSN and NMND with increase in number of nodes for (K = 6, 8).
Communication overhead is observed to be higher for higher value of K and it is
increasing with increase in number of nodes. This is because, as the density of neighbor
nodes increases with increase in total number of nodes in a network, various control packets
increase corresponding to the density of nodes. More number of control packets are needed
Chapter 3. Trust based Neighbor Identification in WSN using Agents 77
500
1000
1500
2000
2500
3000
500 1000 1500 2000 2500 3000
Me
mo
ry o
verh
ea
d (
No
of
byt
es)
Simulation time (in seconds)
Memory overhead Vs. Simulation time
TNIWSN, No of Nodes= 150TNIWSN, No of Nodes= 250
NMND, No of Nodes= 150NMND, No of Nodes= 250
Figure 3.9: Memory overhead vs. simulation time
in NMND compared to TNIWSN since the sensor nodes send alarm signals every time to
its neighbors whenever it detects unusal pattern in event driven mode. In periodic mode,
each sensor node periodically sends a report to its neighbors, regardless of the occurrence
of an event. In both cases of event driven and periodic modes, the communication overhead
increases. Whereas in TNIWSN, the communication overhead is kept at a minmum value
since mobile agents avoid the nodes if they identify vulnerability in the message.
3.6.4 Analysis of Energy Consumption
Energy consumption in joules with increasing number of nodes is given in Figure 3.11 for
TNIWSN and NMND. We see that the energy consumption is less for received packets
(Rxpkts) than transmitted packets (Txpkts). Since the agents in TNIWSN do not return
back if the visited node is found to be compromised (all such agents die there itself) thereby
it reduces the power consumption required to bring the compromised node information back
to the original node. However, NMND needs proactive and reactive alarm messages to be
exchanged between the nodes to identify vulnerability patterns that lead to higher traffic
and corresponding energy consumption as compared to TNIWSN.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 78
200
300
400
500
600
700
800
900
1000
1100
50 100 150 200 250 300
Co
mm
un
ica
tion
ove
rhe
ad
(p
ack
ets
)
No of Nodes
Communication overhead Vs. No of Nodes
TNIWSN, K = 6TNIWSN, K = 8
NMND, K = 6NMND, K = 8
Figure 3.10: Communication overhead vs. No of nodes
3.6.5 Analysis of agent overhead
The additional number of control packets necessary to implement the agent based scheme
with number of nodes is shown in Figure 3.12.
We see that agent overhead is increased with increase in number of neighbor nodes
since additional number of agents are required to identify trusted neighbors. The increase in
agent overhead is remaining constant after 200 nodes since agents take autonomous decisions
to identify trusted neighbors by visiting one node to another and if a visited node is found
to be untrustworthy, agents kill themselves. With the increase in number of nodes, more
agents will be killed thereby agent overhead almost remains constant. Significance of the
agents is observed for large scale networks where there is a negligible agent overhead with
increase in number of nodes in a network.
3.6.6 Benefits of Using Agents
Agent based trusted neighbor selection offers flexibility, scalability, efficiency, adaptability
and maintainability. We explain below how they are achieved by using the proposed scheme.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 79
0
0.05
0.1
0.15
0.2
0.25
0.3
100 150 200 250 300 350 400 450 500
En
erg
y co
nsu
mp
tion
(J)
No of Nodes
Energy consumption Vs. No of Nodes
TNIWSN, RxpktsTNIWSN, Trpkts
NMND, RxpktsNMND, Trpkts
Figure 3.11: Energy consumption vs. No of nodes
Flexibility: Agents are flexible to implement trusted node identification in WSN. For ex-
ample, TNA’s generated by SMA clone themselves to visit neighbor nodes and identify
trustworthiness of visited nodes. Scalability: The scheme may scale to larger networks since
agents function in a distributed fashion thereby it provides similar security level as that of
smaller networks. Efficiency: Network efficiency is improved since TNA and SMA agents
take autonomous decisions in order to identify trustworthy neighbors. Adaptability: SMA
and TNA adapt themselves to dynamic behavior of the network nodes and correctly elimi-
nate untrustworthy neighbor nodes. Maintainability: The components of old agents may be
inherited in the components of new agents and thus the network maintainability improves
with varying conditions. Encapsulation of a protocol: A mobile agent can be coded to per-
form aggregated tasks such as identification of trustworthy neighbor nodes. Thus, TNA’s
encapsulate the protocols that are customized based on functionality.
Whereas reputation based schemes of trusted neighbor identification operate over a
dynamic cost function or multiple cost functions that do not possess flexibility, scalability,
adaptability and encapsulation of protocols.
Chapter 3. Trust based Neighbor Identification in WSN using Agents 80
Agent Overhead 100
110
120
130
140
150
160
170
180
190
50 100 150 200 250 300
No
of
Co
ntr
ol P
ack
ets
(b
yte
s)
No of Nodes
No of Control Packets(agents)Vs. No of Nodes;
Figure 3.12: Agent Overhead
3.7 Summary
In this chapter, we proposed an idea of identifying trustworthy neighbors in WSN using
agents through Safeguard Agency. Agents effectively perform the function of finding trusted
neighbors using probability based trust model and MAC model ensuring higher security.
Two phases are involved in identifying trusted neighbors: in the first phase, agents visit all
the neighbors and bring probability of all the neighbors using trust model and in the second
phase, agents ensure the trusted neighbors using MAC model. Simulation analysis shows
that there is an improvement in average success ratio of finding trustworthy neighbors with
little overheads due to the usage of agents. Memory overhead is essential since it requires
memory storage to store various node related and neighbor node related information to
identify trusted neighbors. The results of TNIWSN outperform compared to the results of
NMND.
In the next chapter, we design a routing scheme using trusted neighbors identified in
this chapter to route the information to a base station or sink node.