Embed Size (px)
DESCRIPTION
Systematic Design of Trust Systems
Citation preview
Systematic Design of Trust Management Systems forWireless Sensor Networks : A Review
P. Raghu Vamsi and Krishna KantDepartment of Computer Science and Engineering
Jaypee Institute of Information Technology University, Noida, India.
[email protected], [email protected]
Abstract—Conventional cryptography methods alone are notadequate for secure routing in Wireless Sensor Networks (WSNs).These networks are more vulnerable to security attacks due totheir diverse applications, lack of supervision and limitationsin view of resource, processing and storage. To mitigate theseproblems, trust is widely used as a tool to provide bettersecurity by aiding routing protocols. In recent years, numerousresearchers have proposed wide variety of solutions based ontrust. However, all these solutions carry their own design. In thispaper, we attempt to present steps for a systematic design of trustmanagement systems for WSNs. In addition, we address the tech-niques followed by scholars in implementing trust frameworks.Furthermore, we provide discussion on state-of-the-art researchin designing trust systems with summary and comparisons.
Keywords—Trust, models and design, secure routing, aggrega-tion, intrusion detection.
I. INTRODUCTION
Wireless Sensor Networks (WSNs) are cost effective solu-tions to various applications ranging from domestic appliancesto war fields [1]. These networks consist of autonomous sens-ing and communication units called sensor nodes (or simplynodes) with limited processing capacity, energy and resource.WSNs are purely application specific and normally left unat-tended in a geographical region. These limitations often leadto exposed vulnerabilities and more prone to security attacks.Historically, security issues in WSNs have been studied byseveral researchers. However, it still remains a challengingproblem. Though traditional cryptography techniques and crosslayer encryption techniques are more powerful in providingsecurity, they can mitigate only insider attacks thereby notsuitable in all situations. In order to bypass the compromisedor malicious nodes, a multidisciplinary concept called TrustManagement has been studied by several researchers. Trusthas become a significant aid in routing, data aggregation andintrusion detection. However, there exist several reviews andsurveys which attempt to study common parameters amongdifferent trust models [2].
In [3-8], surveys have been presented on trust managementand security attacks along with their classifications. Severalauthors have proposed trust management schemes which havetheir own design considerations [35-41]. Lack of unity in de-sign of existing schemes becomes cumbersome to understandand implement trust systems. In this paper, we attempt topresent a systematic design of trust management so that asystem developer can implement system specifications effec-tively. In addition, we discuss state-of-the-art trust management
frameworks for secure routing, data aggregation and intrusiondetection.
In the proposed design, every node will maintain an agent,which is responsible for application layer, communicationlayer and trust management. This model sits between theapplication and communication layer of protocol stack. Thismodel is designed to suit a wide variety of trust modelsand applications. Broadly, our design (figure 1) is classifiedinto four major blocks: trust producer, trust manager, externalmanager, and trust consumer. Trust producer produces trustvalue based on the inputs received from the trust manager.Trust manager will share the produced trust value with externalmanager and trust consumer. External manager will take careof the authentication schemes such as identity verificationand mobility related issues. Trust consumer consists of threesub blocks: reputation manager, path manager and applicationmanager. These three sub blocks utilize the generated trustvalue to support a wide variety of applications. We explainthese blocks in section V, after presenting the literature re-view. This design is proposed only by considering referencesprovided in this article.
The rest of the paper is organized as follows: after dis-cussing background and preliminaries in section 2, section 3presents various trust models used in the literature. Section 4presents review on state-of-the-art trust management applica-tions and section 5 describe our proposed design in support ofpresented literature. Finally, conclusions are drawn in section6.
II. BACKGROUND AND PRELIMINARIES
In this section by providing background and preliminarieswe discuss the need for security in WSNs followed by termi-nologies used in trust management.
There are two classes of wireless networks; Mobile Ad hocNetworks (MANET) and Wireless Sensor Networks (WSNs).MANETs are cost effective solutions to wireless networks,having ad hoc deployment, rich in energy, processing andcommunication while compared to WSNs. WSNs has simi-lar characteristics and operating features like MANETs. Forexample, sensor nodes are deployed in ad hoc fashion ordropped from a helicopter in a war field, thereby topologyis unknown. Each node needs to sense the environment,identify their neighbors and forward data to the destination(base station). Because of the similarities, trust managementframeworks developed for MANETS are used for WSNs withlittle modifications.
2014 Fourth International Conference on Advanced Computing & Communication Technologies
978-1-4799-4910-6/14 $31.00 © 2014 IEEE
DOI 10.1109/ACCT.2014.28
208
Basically, the communication can be guaranteed only withpositive cooperation among nodes. In general, nodes in WSNsare application specific and designed with several constraintsrelated to energy, processing and computation and will workwith localized decisions. Due to application specific nature,and design limitations, WSNs are more prone to securityattacks at various levels of protocol stack. Traditional cryp-tography schemes have gained popularity in securing com-munication; they have proved to be significant in identifyinginsider attacks. In addition, these algorithms carry extensivecomputation and usually require thousands or millions ofmultiplication and addition operations to execute a single se-curity operation [9]. Hence, these are not suitable for resourceconstrained WSNs. So, there is a need to improve securitywhile maintaining low resource consumption.
Research in the field of MANETs has shown that qualityof service (QoS) is gradually affected when malicious nodespresent in the network. It turned the attention of researchersto adopt a human behavior pattern called trust. Similarities ofMANETs with WSNs lead to inherit trust models to work withWSNs. Basically; trust is an abstract concept, based on whichseveral definitions are available in the literature. The conceptof trust is used in many fields like psychology, sociology, an-thropology, economics, political science, and computer sciencerelated fields such as e-commerce, social networks etc [6].This concept has significantly gained attention in the field ofcommunication to incorporate security. However, trust is usedto define the degree of belief about the behavior of a particularentity. The trust calculation and establishment is carried out inassociation with routing protocols. While performing routing,every node maintains a trust manager to make routing decisionsand to predict the behavior of neighboring nodes. This helps inmitigating the potential risks such as dead or ambiguous pathsand security threats. The trust value can be useful to circulate awarning or alarm message among friend nodes about maliciousnodes. In case if the trust value is completely low the nodewill be isolated from the network.
Trust can be expressed as 7-tuple {a,b, l,s,c,k, t} [12].Where, a and b are two agents. These two agents can have atrust level l on a particular service s in a context c. This trustlevel is formed based on the degree of knowledge k aboutservice offered at time t. The degree of knowledge can beobtained from the sets D, R, and G. Where, D is set of directobservations {d1,d2, ..,dn}, R is a set of recommendations{r1,r2, ,rn} , and G is a set of gossip values {g1,g2, .,gn}.Due to page limit, detailed discussion on trust definitionsand security attacks are not covered in this article. Interestedreaders can find them in [3-11][16][18][20,21].
A node can obtain subjective observations about its neigh-bors [14][22]. In case, if a node calculates how much it trustsanother node in a subjective manner then it is said to be directtrust. Whenever trust management is incorporated in routing,each node needs to observe neighboring nodes and predictthe reputation by collecting evidences regarding behavior indischarging duties such as cooperation and integrity maintainedin packet forwarding, energy depletion, distance measurementetc. Trust of a node will be improved whenever it exhibitspositive behavior or other nodes have positive experienceswith it. However, these direct observations may become cum-bersome whenever a malicious node responds to every query
with out performing the required operation. In this case, twonodes may gossip trust information about third node so thatall three nodes indirectly come to know about each other trustinformation. This is said to be indirect trust. In addition tothese two ways, nodes can obtain recommendations from thetrusted third parties such as base station or relay nodes orcluster heads. Hence, a node can obtain trust information eitherdirectly by first hand, indirectly by second hand in distributedfashion or by receiving recommendations from trusted thirdparties in a centralized or hierarchical fashion.
In the literature, there exists several keywords which areused interchangeably with trust. These are trustworthiness,belief, reputation, confidence etc. However, they have cleardifferences. Belief is the probability of a node that decidesthe level of trust. For example, 0 indicates complete distrustand 1 indicates complete trust. In some cases, a node A mayor may not have belief probability to the actual trust level ofanother node B. It means that trust of node A on node B isnot up to the trustworthiness of node B. Hence, the expectedprobability of belief is trust and actual probability is said tobe trustworthiness. Miscalculation of trust and trustworthinessdifference will leave scope for poor risk estimation overvulnerabilities. In some cases, trust management alone is notsufficient in all operations, however, risk, quality of service andtrust need to be dealt separately before they are included in thetrust computation. For example, high priority transactions failto execute even though higher resources (such as bandwidth)are allocated in a low trusted environment. So, higher thetrust lower is the risk and vice-versa. In other words, trustmanagement is a form of risk management [24][25].
Trust has several properties. First, trust is not static; it isdynamic. Trust will be improved if any positive experiencestake place and decreases in opposite case. So, trust changesover time and type of transaction experienced. Second, trust isasymmetric which means two nodes may not have same truston each other. Third, trust is context dependent. The degree oftrust will be based on context and application involved. Fourth,trust is subjective. It has a quantitative level or degree of beliefover other nodes. Finally, trust is not transitive which meanslet ”→ ” is trust and A, B and C are three nodes, if A→ B,B→C then A→C is not guaranteed [28][29].
During early stage of network (i.e. after node placementand bootstrapping) each node exhibits positive behavior andcooperation. Security threats, vulnerabilities and attacks canbe expected as the network operations progress. A major issueto be considered in this context is how to bootstrap trust.From the time of node bootstrapping, trust values can begathered by nodes self experiences, direct observations (onehop neighbors), observations in coalition with neighbor nodes(multi hop) and by authenticating identity or certificates forevery significant transaction [42].
III. TRUST MODELS
In this section, we discuss various trust models used byresearchers to estimate trust and take action against maliciousnodes.
A. Arithmetic/Weighted mean trust model
A generic method to calculate trust by multiplying directand indirect trust is proposed in [13]. This method considers
209
Fig. 1. Block Diagram of Trust Management System Design
product of trust as reputation. Product of past actions and ob-servations are considered as direct reputation. Let A and B aretwo agents, A need to observe B for certain service s, at timet then the direct reputation of B is calculated as DRtA(B|s) =Ft(t, tk)∗σk. Where, Ft(t,T k) is a time dependent function andσk is the number of successful observations. Each positiveobservation is assigned value 1 and negative observation isassigned value -1. Ft gives higher relevance to the observed val-ues of σk . Indirect reputation will be calculated in similar wayby collecting information from friend nodes. Finally, total rep-utation is calculated as T R =Wk ∗ (DRtA(B|sk)+ IRtA(B|sk)).Where, Wk is weight associated with service sk. Trust concepthas been included with Greedy Perimeter Stateless Routing (T-GPSR) in [44]. T-GPSR considers two service criteria: numberof packets forwarded (Pf ) and number of packets forwardedwithout tampering (Pwt). The trust of a node is calculated asTrust(nodei)= (W (Pf )∗Pf +W (Pwt)∗Pwt). Where, W (Pf ) andW (Pwt) are weights associated for two services. In [45], weightis associated to packet and agent. An agent can forward thepacket only if it has trust value greater than trust associatedwith packet. A Similar work can be found in [47].
B. Social Networks model
A trust model based on social networks is proposed in [34].It has four components: monitoring system, reputation system,trust manager and path manager. Monitoring component asses
the trust based on fairness in cooperation of nodes withnetwork dynamics. In this method incentive based technique isintroduced. Incentives will be provided to well behaving nodes.Punishment will be given to bad behaving nodes ranging fromraising warning message to complete isolation of node. Nodebehavior is assessed by monitoring surrounding nodes forcooperation in routing and forwarding of packets. With theobserved trust, path manager announces a best path to bypassmalicious nodes. Each node enters the system with low trustwhich increases based on its positive behavior.
C. Bayesian Theory
The behavior of nodes is unpredictable or uncertain in thenetwork dynamics. To predict the behavior, Bayesian theorymakes use of prior probability of events and is later updatedin the light of collected or available evidence. So, it is bestsuitable where uncertainty is present in node behavior. In[15], a beta reputation system is developed by using betaprobability density function (PDF). It models posterior rep-utation value by taking binary ratings as input. For a positiveexperience rating will be 1 and for a negative experiencerating will be 0. Reputation score is the expectation value ofbeta PDF. A beta PDF denoted by beta(p|α,β ) and can beexpressed by using gamma function (Γ). It is expressed asbeta (p|α,β ) = (Γ(α +β )/Γ(α)Γ(β ))∗ p(α−1) ∗ (1− p)(β−1).
210
Where, p is probability variable and 0 ≤ p ≤ 1, α,β > 0.The function is with restriction that the probability variablep �= 0 if α < 1 and p �= 1 if β < 1. Expectation is given byE(p) = α/(α +β ). And α,β are ratings of r positive and snegative outcomes with α = r+1 and β = s+1. A quantitativetrust establishment framework proposed in [42] makes use ofthis method.
D. Subjective Logic
Josang et.al [19] have proposed a trust model based on sub-jective logic for electronic commerce applications. Subjectivelogic opinion is denoted by opinion function w. An opinion isa quadruple where the components respectively correspond tob−belie f ,d−disbelie f ,u−uncertainty,a−relativeatomicity.The relative atomicity (a) is used for computing the expectedopinion as Beta distribution with subjective logic is used toevaluate opinion. The expectation value is given by E(p) =a/(a+b). Where, a = (2b/u+2a) and b = (2d/u+ s(1−a)).Works based on this model can be found in [36][43].
E. Fuzzy Logic Model
A fuzzy rule based inference consists of three steps. First,calculating degree to which the input and conditions of fuzzyrules are matched. Second, calculating fuzzy rule based on itsmatching degree. Third, combining the inferences in supportof all fuzzy rules into final decision. A trust model based onfuzzy logic is proposed in [26]. It consider trust (T) and distrust(U) in the range of 0 and 1 (i.e 0 ≤ T ≤ 1 and 0 ≤U ≤ 1).This method separates healthy nodes from abnormal nodes.The T and U values calculated between two nodes i and j areas follows
Minimum (T) = Minimum (Ti, Tj)Minimum (U) = Minimum (Ui, Uj)Maximum (T) = Maximum (Ti, Tj)Maximum (U) = Maximum (Ui, Uj)
Finally, T and U values are obtained as
T = avg(Ti, Tj) / (1-(avg(Ti, Uj)+avg(Tj, Ui)))U = avg(Ui, Uj) / (1-(avg(Ti, Uj)+avg(Tj, Ui)))
With T and U values, evaluation level of a node i is calculatedas E(nodei) = T/(T +U). There exists several works basedon fuzzy logic in [27].
F. Game Theory model
With Game Theory [39], one’s individual success can beassessed based on behavior of others in a strategic situation.Two approaches are followed in this method: cooperativeand non-cooperative games. In cooperative game, personalexperiences and recommendations from trusted nodes arethe source for information. The information is verified andfinalized by conducting voting. The draw back of this schemeis that information collection and its validation via votingconsumes network resources such as bandwidth. Where, innon-cooperative game, only personal experiences based ondirect observation are considered as source of information bynot allowing recommendations. Every node enters the networkwith an average trust and its trust value increases and decreases
Fig. 2. Applications of Trust Management in WSNs.
based on behavior. The Game theory works fine when gameis bidirectional. However, sensor nodes in WSNs process oneway transmission. Hence, this model cannot be aptly adaptedto WSNs.
G. Meta Heuristic Methods
In addition to existing methods, bio-inspired methods areadopted by researchers to improve the security. Ant basedadaptive trust model, a bio-inspired model based on swarmintelligence is proposed in [30]. It is a reactive evidencedistribution scheme. An attractive feature of swarm intelligenceis indirect communication through environment. Ants goingthrough a path deposit a chemical called pheromone. Thischemical expires over time. Any ant following the samepath deposit new concentration of pheromone in place of oldconcentration. Ants attracts to the pheromone and follow highconcentration pheromone path. In [30], Swarm intelligence isused to distribute trust certificates in distributed and mobileenvironment.
H. Markov chain model
In a multicast MANET environment, to evaluate trust theMarkov chain analysis is used in [51]. This approach has twosteps: evaluating trust value and distributing trust certificatesfor key management. Trust value is evaluated based on Markovchain analysis in which each one hop neighbor trust valueis assessed based on their previous trust performance. Theestimated trust value is distributed among all nodes. Amongthe trust values, highest trust value node will be selected ascertification authority for key management.
IV. TRUST MANAGEMENT APPLICATIONS
In this section, applications supported by trust managementare discussed. Trust concept is widely used in applicationssuch as access control, key management, secure routing, dataaggregation, and intrusion detection.
A. Secure Routing
1) TARF: Trust Aware Routing Framework [35]: Thisframework is a universal and reusable platform used to developapplications, products and solutions. A robust, energy awareand trust aware routing framework for dynamic WSNs isproposed in [35]. This framework effectively deals with energyand trust. It works with loose time synchronization, geographicinformation and effectively deals with harmful routing attackssuch as selective forwarding, wormhole, sink hole and sybilattacks. Energy watcher and Trust manager are the two maincomponents in TARF. Energy watcher keeps track of onehop delivery by a node along with energy cost (E) incurred.Where, Trust manager checks for network loops and base
211
station broadcasts. In addition, each node maintains an energytable which consists of node id of source node, a forwardedsequence interval [a, b] with a significant length, energycost and trust level (T ) (a value varies between 0 and 1)of its neighbor (N). Based on the threshold values, a nodeselects next hop to forward information. Finally, energy costis reported to the selected hop for further decisions. A nodeN selects next node through evaluating each neighbor b basedon trade off between T Nb and ENb ∗T Nb. Node N will prefera significantly higher trust value to choose next hop neighbor.Energy watcher computes energy cost as ENb = ENb + Eb.Where, ENb is the average energy cost for delivering a datapacket from node N to its neighbor b with one hop. Selectionof neighboring node b is based on the trust value in two cases,i.e, with routing loops and with delivery ratio. TARF is pluggedwith Collection Tree Routing Protocol (CTP) [55] which is anefficient, robust and reliable protocol for highly dynamic linktopology. TARF effectively deals with wormhole and sinkholeattacks, however, it needs to be extended to deal with otherrouting attacks such as attacks on energy.
2) A Trust Aware Geographic Routing Scheme (ATSR)[41]: A reputation based trust scheme with location basedrouting is proposed in ATSR [41]. ATSR is a scalable geo-graphical routing approach with low complexity and is adoptedto cope with large network dimensions. It makes use of directand indirect trust to detect and avoid malicious node activity. Inaddition, energy awareness is introduced by simple weightedrouting cost functions. Cost calculation is performed withlocalized decisions, there by complex path calculations areavoided and energy consumption requirements are consideredwith topology maintenance. Let x and y are two nodes, nodex is confident of trust value it has calculated for node y onlyif it has performed an adequate number of interactions withnode y. Each sensor node in the network maintains a trustrepository to store trust information per neighbor and trustmetrics. The trust metrics to be monitored in the direct trustare packet forwarding, network layer acknowledgment, packetprecision, node authentication and confidentiality, reputationresponse, reputation validation and remaining energy. Indirecttrust value is calculated in case of newly initialized nodesor newly appeared nodes (in case of mobility). To calculateindirect trust, source node randomly selects on node perquadrant so that only four unicast reputation requests and fourunicast reputation responses are generated. This overcomes thedrawback of broadcast messages. Reputation calculation takesplace in the indirect trust to assess the confidence of newlyinitialized nodes or newly arrived nodes. In ATSR, routingdecisions are based on localized information. The packets areforwarded to a node with three factors: highly trusted, asclose to destination as possible and remaining energy. ATSRis a protocol designed to efficiently detect attacks like black-hole, gray-hole, colluding, unexpected modification, selfishbehavior, bad-mouthing, conflicting behavior, sybil and trafficanalysis attacks.
3) HATWA: Heuristic Approach based Trust Worthy Ar-chitecture [37]: A Heuristic Approach based Trust WorthyArchitecture for WSN (HATWA) is proposed in [37]. HATWAconsiders the challenges of the trust system and focuses oncollaborative mechanism for trust evaluation and maintenance.This architecture is capable of fulfilling security, reliability,mobility and performance requirements for reliable commu-
nication while being readily adaptable to different applica-tions. Only few trust management schemes such as GTMS[49] Group based Trust Management Scheme discuss aboutmobility. HATWA works well in terms of communicationoverhead, memory requirements and energy consumption thanGTMS. HATWA consists of three models: security, mobilityand reliability. The trust value of a node security model willbe high when it has secure routing protocol, access control andencryption of the routed packets. In mobility model, localiza-tion issue helps to locate the nodes in the terrain. Mobilityof the node can be estimated based on the destination andsource node location. The process of data fusion, negligiblepacket loss, low delay and the optimum energy consumptionduring transmission and reception of packets leads to reliablecommunication. The trust value in the network is representedas a continuous variable which runs over a specific range 1to +1. HATWA works in four stages. In the first stage trustvalue is calculated based on the fault tolerant managementmechanism. In second stage, a secure routing protocol isselected. In stage three, trust calculation is performed withmobility concerns. Finally in fourth stage, energy / powermanagement included for power and energy requirements forHATWA.
In [46], trust based cluster head selection is proposedin hierarchical routing. Some other related works for securerouting are [31][33][48][53][54].
B. Data Aggregation
Larger the WSNs huge the redundancy in data. For ex-ample, in a temperature monitoring application, sensor nodesin a region will sense and report almost same readings tobase station even though one reading is sufficient. It leads toenergy depletion, lower network life time, and disconnectionof network. To overcome this, an aggregated data in terms ofaverage, count, maximum, minimum, median, most frequentsamples, most uniform samples etc., can be reported. Thisprocedure is said to be data aggregation. In [36], a frameworkis proposed for data aggregation and fault tolerance to enhancethe correctness and trustworthiness of collected informationin wireless multimedia sensor networks. This is developedby extracting statistical characteristics from different sourcesand extending Josang [19] trust model (trust transfer and trustcombination). This framework can evaluate discrete and con-tinuous data streams through uniform mechanisms. The entiresensor networks system is classified into layers (level 1, 2,3..n). Each level consists of sensor nodes grouped into clusters.Each cluster consists of cluster head, which is responsible fordata aggregation and forwards data to the aggregation in thehigher level. This process is carried out recursively up to basestation. Each sensor node calculates self trust worthiness ofcollected data by a procedure called Memory Depth, (it isdefined as the number of stored historical data which representsthe temporal correlation). If the memory depth is zero, thenode self data trustworthiness is one. Aggregation determinesthe trustworthiness of aggregated result by spatial correlationamong sensor nodes in an aggregation set and aggregationbreadth. Aggregation breadth is the number of children takingpart in data aggregation. Sink node receives the aggregatedresults from the lower level aggregation, fuses them to obtainthe final report, and determines the resulting trustworthiness.
212
Some other works related to data aggregation can be found in[32].
C. Intrusion Detection
An iterative algorithm for trust management and adversarydetection for delay-tolerant networks is proposed in ITRM[38]. Delay-tolerant networking (DTN) is an approach to com-puter network architecture that seeks to address the technicalissues in heterogeneous networks that may lack continuousnetwork connectivity. Examples of such networks are thoseoperating in mobile or extreme terrestrial environments, orplanned networks in space. Vehicular, planetary/interplanetary,military/tactical, disaster response, underwater and satellitenetworks are some examples of DTN. This work Proposes agraph based iterative algorithm inspired by success of messagepassing techniques for decoding low density parity checkcodes over bipartite graphs. ITRM effectively deals with DTNswith sparseness. ITRM effectively detects the malicious nodeseven in the presence of attacks on the trust and detectionmechanisms. ITRM proves more effective than the Bayesianframework.
A statistical technique called sequential hypothesis testingused to detect suspect regions is proposed in ZoneTrust [39]. Instatistics, sequential analysis or sequential hypothesis testingis used for analysis where the sample size is not fixed inadvance. Instead data are evaluated as they are collected, andfurther sampling is stopped in accordance with a predefinedstopping rule as soon as significant results are observed. Thusa conclusion may sometimes be reached at a much earlier stagethan would be possible with more classical hypothesis testingor estimation, at consequently lower financial and/or humancost. ZoneTrust detects even substantial fraction of nodes whilereducing false positive and false negative rates. This detectiontechnique is modeled using game theoretic analysis. Optimalstrategies are defined for attacker and defender. ZoneTurstproves that node compromise is greatly limited by defenderif attacker and defender follow optimal strategies.
A hierarchical dynamic trust management protocol forclustered heterogeneous wireless sensor networks is proposedin [40]. In this, a two layer trust management technique isproposed to effectively deal with selfish or malicious nodesand combined quality of service (Qos) metrics and social trustderived from social networks to achieve optimal values. Thismethod is shown best in both detection and false positive prob-ability than conventional anomaly based intrusion detectiontechniques.
Related works on intrusion detection can be found in[50][52]. Comparison of trust management frameworks withrespect to application type, topology, network type, securityattacks consideration, scalability and trust observations areprovided in table 1.
V. TRUST MANAGEMENT SYSTEM DESIGN
In this section, we explain systematic design of trustmanagement system (figure 1). It is clear that each node shouldbe social aware rather than transaction aware to estimate trustvalue of neighboring nodes. Each sensor node consists of fivelayers in protocol stack. Layers above the networks layersare responsible for processing security applications. So, in
this design it is assumed that every node maintains an agentwhich is responsible for application layer and communicationmiddleware. This design sits between application and commu-nication middle ware. To be aware of the services processedby neighbor nodes, each node needs to be in promiscuousmode. During this mode medium access of data link layerwill not respond to any requests it receives. However, a nodecan receive all packets passing through its radio range.
Proposed trust management design consists of four subblocks: trust producer, trust manager, trust consumer andexternal manager. Communication between all four blocksis bidirectional. Trust manager is central authority of allblocks and responsible for initiating trust composing. It isobserved from previous sections that based on requirementsof application, information collection is initiated. Informationis gathered based on the observation such as traffic flows,packet forwarding, communication path, energy of node, nodecooperation and packet dropping. Depending on applicationrequirements weights can be assigned for the observations.All observations collected by data collector are classified asdirect, indirect or recommendation. By using collected data,trust models are applied to estimate the trust or reputationvalue. Generated trust values are carefully recorded by recordkeeper to create friend lists, trust and reputation records.Generated records are stored along with time stamp so thathistorical observations will help in judging suitable actions.A thread of trust producer associates continuously with trustmanager so that trust records are periodically accessed withquery processing sub system. In [17], Geographic Hash Table(GHT) approach has been proposed to store trust values so thatdata operations are carried out with simple put() and get()functions. In [43], an efficient, robust and scalable method isproposed to manage trust and decision making in unattendedWSNs. This method use GHT to store trust values. In [23], aquery processing system is proposed to extract required trustvalues. In [34], an alarm system is proposed to raise cautionabout malicious nodes. However, alarm is generally requiredif the trust value gradually decreases for certain period. Itmeans that a node needs to have adequate interaction with theneighbor nodes. Alarm cannot be raised for low trust valuewith very few interactions. As the trust manager accesses therecord storage periodically, caution alarm can be raised if anyabnormalities are identified.
Frameworks [41][45] consider reputation manager in as-sociation with trust manager. However, a certificate issued byaccumulating trust value from surrounding nodes. Hence, trustis consumed by reputation. In case, trust value is decreasedcontinuously over time it reflects reputation. So we assumereputation as consumer of trust. Reputation value is sharedby path manager to make decision about route discovery orrearranging the path. Application support block can directlyutilize the reputation without involvement of path manager.However, application like secure routing, key managementneed to work in coalition with path manager. Trust manageralso responsible for external manager to make decisions forany external operations. External manager is responsible formobility related issues. For example, during mobility, a nodemay discover new nodes or its previous neighbors can beabsconded. In addition, each node needs to ensure safety andsecurity before entering into the unknown regions. In somecases, nodes may not participate in communication due to
213
TABLE I. COMPARISON OF KEY MANAGEMENT SCHEMES
Paper Application Topology Network Type Attacks Addressed Scalability Observations and model
[35] Routing Dynamic Homogeneous Selective forwarding, wormhole,sinkhole and Sybil
Yes Direct observations with energyawareness
[36] Data Aggregation Static Homogeneous Attacks related to data aggregation Yes Subjective logic and statisticalmethods.
[37] Routing Dynamic Heterogeneous Attacks related to energy and mo-bility
Yes Direct and indirect observations.
[38] Intrusion detection Dynamic Homogeneous Packet drop and packet injection,Bad mouthing, Random attacks ontrust management
Limited Direct and indirect observationswith reputation model.
[39] Intrusion detection Static Homogeneous Physical tampering attacks, Repro-gramming
Limited Direct and indirect observationswith statistical techniques.
[40] Routing and intrusion detection Static Heterogeneous Intrusion detection Yes Developed statistical models, So-cial trust metrics derived from so-cial networks, Stochastic Petrinettechnique to analyze protocol per-formance.
[41] Routing Dynamic Homogeneous All attacks related to geographicrouting protocols
Yes Reputation model developed forgeographic routing.
energy depletion, node failure or propagation channel failure.Hence, trust models should support mobility module to takecare of location, identity verification and channel failures.Moreover, this design can be customized based on the appli-cation requirement. It also helps system developer to explorepatterns which are reusable for broad array of applications.
VI. CONCLUSION
In this article, systematic design of trust managementsystem is presented with support of state-of-the-art trust sys-tems design methods. It is an attempt to create a commonnomenclature of trust management systems design. This designcan be customized to use with application requirements. Thismodel aims at trust composing by keeping in view of limi-tations of sensor nodes. In future, we attempt to differentiateall the models quantitatively so that suitable designs can bedeveloped for ready made usage. Designing trust managementframeworks based on taxonomy of routing algorithms andapplications are also part of our future work.
REFERENCES
[1] I.F.Akyildiz, W.Su, Y Sankarasubramaniam, E. Cayirci, ”Wireless SensorNetworks: A Survey”, Computer Networks, Elsevier, Pages 393-422,Volume 38, Issue 4, 15 March 2002.
[2] Marcela Mejia, Nestor Pena, Jose L Munoz, Oscar Espanza, A Reviewof trust modeling in adhoc networks”, Internet Research, Vol 19, issue1, pp 88-104, 2010.
[3] Kannan Govindan, Prasant Mohapatra, ”Trust computations and TrustDynamics in Mobile Adhoc Networks: A Survey”, IEEE Communica-tions Surveys and Tutorials, vol 14, No 2, Second Quarter 2012.
[4] M. Carmen Fern andez-Gago, Rodrigo Rom an, Javier Lopez, A Surveyon the Appli-cability of Trust Management Systems for Wireless SensorNetworks”, proceedings of Third International Workshop on SecPerU2007.
[5] Kannan Govindan, Prasant Mohapatra, Tarek F. Abdelzaher, ”Trust-worthy Wireless Net-works: Issues and Applications (Invited Paper),”ised, pp.253-258, 2010 International Symposium on Electronic SystemDesign, 2010.
[6] Jin-Hee Cho ,Swami, A. ; Ing-Ray Chen, A Survey on Trust Managementfor Mo-bile Adhoc Networks”, IEEE Communications surveys andtutorials, volume 3, No 4, Fourth quarter 2011.
[7] Jin-Hee Cho ,Swami, A. ; Ing-Ray Chen, ”A Survey on Trust Manage-ment for Mo-bile Adhoc Networks”, IEEE Communications surveys andtutorials, volume 3, No 4, Fourth quarter 2011.
[8] Yanli Yu, Keqiu Li, Wanlei Zhou, Ping Li, ”Trust mechanism in wire-less sensor networks: attack analysis and countermeasures”, Journal ofNetwork and com-puter Applications 35 (2012) 867-880.
[9] Yong wang, Garhan Attebury, Byrav Rammurthy, ”A Survey of SecurityIssues in Wire-less Sensor Networks”,IEEE Communication Surveys andTutorials, 2nd Quarter, No 2, Vol 8, 2006.
[10] Chris Karlof, David Wagner, ”Secure Routing in Wireless Sensor Net-works: Attacks and Counter Measures”, Ad hoc Networks, Special Issueon Sensor Networks protocols and applications, Elsevier Publication,Volume 1, Issues 2-3, Pages 211-350, September 2003.
[11] Yan (Lindsay) Sun, Zhu Han, K. J. Ray Liu, ”Defense of Trust Manage-ment Vulnerabili-ties in Distributed Networks”, IEEE CommunicationsMagazine, February 2008.
[12] Licia Capra,”Engineering Human Trust in Mobile System Collabora-tions”, proceedings of SIGSOFT 04, Oct 31-Nov 6, 2004.
[13] Michiardi, P. and Molva, R, ”CORE: A collaborative reputation mech-anism to enforce node cooperation”, proceeding of IFIP, 2002.
[14] Mohit Virendra, Murtuza Jadliwala, Madhusudhanan Chandrasekaran,Shambhu Upadhyaya, ”Quantifying trust in mobile adhoc networks”,proceedings of KIMAS 2005, April 18-21, 2005, Waltham, MA, USA.
[15] Audun Jsang, Roslan Ismail, ”The Beta Reputation System”, proceed-ings of 15th Bled Electronic Commerce Conference, Bled, Slovenia, June17 - 19, 2002.
[16] Aurlien Francillon, Claude Castelluccia, ”Code Injection Attacks onHarvard-Architecture Devices”, proceedings of CCS08, October 2731,2008.
[17] Sylvia Ratnasamy, Brad Karp, LiYin, Fang Yu, Deborah Estrin, RameshGovindan, Scott Shenker,” GHT: A Geographic Hash Table for Data-Centric Storage”, Proceedings of First ACM WSNA, 2002.
[18] Alexander Becher, Zinaida Benenson, Maximillian Dornseif, ”Tam-pering with Motes: Real-World Physical Attacks on Wireless SensorNetworks”, proceedings of Third Interna-tional Conference, SPC, April18-21, 2006.
[19] Audun Josang, ”An Algebra for Assessing Trust in Certification Chain”Proceedings of the Network and Distributed Systems Security Sympo-sium (NDSS’99).
[20] Anthony D. Wood John A. Stankovic, ”Denial of Service in SensorNetworks”, IEEE computer magazine, pp 48-56, October 2002.
[21] Sergio Marti, T.J. Giuli, Kevin Lai, and Mary Baker, ”MitigatingRouting Misbehavior in Mobile Ad Hoc Networks”, proceedings ofMOBICOM 2000, Boston MA, USA.
[22] Matthew J. Probst and Sneha Kumar Kasera, ”Statistical Trust Establish-ment in Wireless Sensor Networks”, proceedings of Parallel and ICDS,2007.
[23] Vladimir Oleshchuk, Vladimir Zadorozhny, ”Trust-Aware Query Pro-cessing in Data In-tensive Sensor Networks”, proceedings of ICSTA,2007.
[24] Asad Amir Pirzada and Chris McDonald,” Establishing Trust In PureAd-hoc Networks”, proceedings of 7th Australasian Computer ScienceConference, 2004.
[25] Kuan Lun Huang, Salil S. Kanhere, Wen Hu, ”Are You ContributingTrustworthy Data? The Case for a Reputation System in ParticipatorySensing”, proceedings of MSWiM10, October 1721, 2010.
214
[26] Tae Kyung Kim, and Hee Suk Seo, ”A Trust Model using Fuzzy Logicin Wireless Sensor Network”, World Academy of Science, Engineeringand Technology 18 2008.
[27] H. Xia, Z. Jia, L. Ju, Y. Zhu, ”Trust management model for mobile adhoc network based on analytic hierarchy process and fuzzy theory”, IETwireless sensor systems, Vol. 1, Iss. 4, pp. 248266, 2011.
[28] Mawloud Omar, Yacine Challal, and Abdelmadjid Bouabdallah, ”FullyDistributed Trust Model based on Trust Graph for Mobile Ad hocNetworks”, Computers and Security 28 (2009) 199 214.
[29] Saurabh Ganeriwal and Mani B. Srivastava, ”Reputation-based Frame-work for High Integ-rity Sensor Networks”, proceedings of SASN04,October 25, 2004.
[30] Tao Jiang, John S. Baras, ”Ant-based Adaptive Trust Evidence Distri-bution in MANET”, Proceedings of the 24th ICDCSW, 2004.
[31] Huaizhi Li, Mukesh Singhal, ”A Secure Routing Protocol for Wire-less Ad Hoc Networks”, Proceedings of the 39th Hawaii InternationalConference on System Sciences 2006.
[32] Suat Ozdemir, ”Functional reputation based reliable data aggregationand transmission for wireless sensor networks”, Computer Communica-tions 31 (2008) 39413953.
[33] K.D. Kang, K. Liu, and N. Abu-Ghazaleh, ”Securing GeographicRouting in Wireless Sen-sor Networks”, Proceedings of the 9th AnnualNYS, 2006.
[34] Sonja Buchegger, Jean-Yves Le Boudec, ”Performance Analysis of theCONFIDANT Pro-tocol”, proceedings of MOBIHOC02,June 9-11, 2002.
[35] Guoxing Zhan, Weisong Shi, Julia Deng, ”Design and Implementationof TARF: Trust Aware Routing Framework for WSNs”, IEEE Transac-tions on Dependable and Secure Computing, pp 184-197, Vol 9, No 2,March/April 2012.
[36] Sun, Y, Luo, H, Das. S. ”A Trust-Based Framework for Fault-TolerantData Aggregation in Wireless Multimedia Sensor Networks”, IEEETransaction on Dependable and Secure Computing, Issue 99, 2012.
[37] V. R. Sarma Dhulipala, N. Karthik, RM. Chandrasekaran ”A NovelHeuristic Approach Based Trust Worthy Architecture for Wireless SensorNetworks”, Wireless Personal Communications, DOI 10.1007/s11277-012-0688-1, 2012.
[38] Erman Ayday, Faramarz Fekri, ”An Iterative Algorithm for TrustManagement and Adver-sary Detection for Delay-Tolerant Networks”,IEEE Transactions on Mobile Computing, Vol 11, No 9, PP 1514-1531,September 2012.
[39] Jun-Won, Matthew Wright, Sajal K. Das, ”ZoneTrust: Fast Zone-BasedNode Compro-mise Detection and Revocation in Wireless Sensor Net-works Using Sequential Hypothesis Testing”, IEEE Transaction on De-pendable and Secure Computing, Vol 9, No 4, pp 494-510, July/August2012.
[40] Fenye Bao, Ing-Ray Chen, MoonJeong Chang, and Jin-Hee Cho,”Hierarchical Trust Man-agement for Wireless Sensor Networks and ItsApplications to Trust Based Routing and Intrusion Detection”, IEEETransactions on Network and Service Management, Vol 9, No 2, pp169-183, June 2012.
[41] Theodore Zahariadis, Panagiotis Trakadas, Helen C, Leligou, SotirisManiatis, Panagiotis Kar, ”A Novel Trust-Aware Geographical RoutingScheme for Wireless Sensor Net-works”, Wireless Pers Commun DOI10.1007/s11277-012-0613-7, Springer, Published Online 15 April 2012.
[42] C. Zouridaki B.L. Mark M.Hejmo, R.K. Thomas, ”A QuantitativeTrust Establishment Framework for Reliable Data Packet Delivery inMANETs”, proc of SANS, Nov 5, 2007.
[43] Yi Ren, Vladimir I, Zadorozhny, Vladimir A Oleshchuk, Frank Y Li,”A Novel Approach to Trust Management in Unattended Wireless SensorNetworks ”, IEEE Transactions on Mobile Computing 2013 ( To Appear).
[44] AA Pirzada, C McDonald , ”Trusted Greedy Perimeter Stateless Rout-ing”, proceedings of ICON 2007.
[45] Nael Abu Gazaleh, Kyoung Don Kang and Ke Liu, ”Towards ResilientGeographic Rout-ing in WSNs”, Proceedings of Q2Winter, Oct 13, 2005.
[46] Garth V. Crosby, Niki Pissinou, James Gadze,” A Framework for Trust-based Cluster Head Election in Wireless Sensor Networks”, Proceedingsof DSSNS, 2006.
[47] Ka-Shun Hung, King-Shan Lui, and Yu-Kwong Kwok, ”A Trust Based
Geographical Routing Scheme in Sensor Networks”, proceedings ofIEEE WCNC, March 2007.
[48] Marie E. G. Moe, Bjarne E. Helvik, Svein J. Knapskog, ”TSR:Trust-based Secure MANET Routing using HMMs”, proceedings ofQ2SWinet08, October 2728, 2008.
[49] Riaz Ahmed Shaikh, Hassan Jameel, Sungyoung Lee, Saeed Rajput andYoung Jae Song, ”Trust Management Problem in Distributed WirelessSensor Networks”, Proceedings of the 12th IEEE RTCSA, 2006.
[50] Idris M. Atakli, Hongbing Hu, Yu Chen, Wei-Shinn Ku, Zhou Su, ”Ma-licious Node Detec-tion in Wireless Sensor Networks using WeightedTrust Evaluation”, proceedings of SpringSim, 2008.
[51] Ben-Jye Chang ,Szu-Liang Kuo, Ying-Hsin Liang and De-Yu Wang,”Markov Chain-based Trust Model for Analyzing Trust Value in Dis-tributed Multicasting Mobile Ad Hoc Networks”, proceedings of IEEEAsia-Pacific Services Computing Conference, 2008.
[52] Daojing He, Chun Chen, Sammy Chan, Jiajun Bu, and Athanasios V.Vasilakos,” ReTrust: Attack-Resistant and Lightweight Trust Manage-ment for Medical Sensor Networks”, IEEE Transactions on InformationTechnology in Biomedicine, Vol 16, No 4, July 2012.
[53] Laura Gheorghe, Rzvan Rughini, Nicolae pu, ”Trust and Energy-aware Routing Pro-tocol for Wireless Sensor Networks”, proceedingsof ICWMC 2012.
[54] Pedro B. Velloso, Rafael P. Laufer, Daniel de O. Cunha, Otto CarlosM. B. Duarte, and Guy Pujolle, ”Trust Management in Mobile Ad HocNetworks Using a Scalable Maturity-ased Model”, IEEE Transactions onnetwork and service management, vol 7, No 3, Sep-tember, 2010.
[55] Omprakash Gnawali, Rodrigo Fonseca, Kyle Jamieson, David Moss,Philip Levis, ”Collection Tree Protocol”, proceedings of SenSys09,November 46, 2009.
215
