Embed Size (px)
Citation preview
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks
Li Xiaoqi, GiGiOctober 28, 2003
Oct. 28, 2003 CSE Dept. of CUHKPage 2
Outline
• Introduction• Background: Subjective logic and
AODV• Framework of TAODV• Trust model for TAODV• Routing operations in TAODV• Analysis• Conclusion and future work
Oct. 28, 2003 CSE Dept. of CUHKPage 3
Introduction to MANETs
• Mobile Ad Hoc Networks (MANETs)– No fixed infrastructure– Self-organized routing– Prone to be unstable and insecure
• Previous Secure Solutions for MANETs– Require each node to testify itself by
showing its digital signature at all times– Need a super-trusted third-party to provide
authentication
Oct. 28, 2003 CSE Dept. of CUHKPage 4
Introduction to TAODV
• Make use of trust relationships among nodes
• Need not request and verify signature at each time of communication, just like human society
• TAODV: a secure routing protocol based on trust model for MANET
Oct. 28, 2003 CSE Dept. of CUHKPage 5
Background: Subjective Logic
• Subjective logic– Represent trust relationship formally– Define how to combine different trust
information together– Map all kinds of evidences to trust
representation space
• We derive our trust model for TAODV from subjective logic
Oct. 28, 2003 CSE Dept. of CUHKPage 6
Background: AODV
• AODV– Ad Hoc On-Demand Distance Vector Rout
ing Protocol for MANETs– Two main routing messages:
• RREQ: Routing REQuest• RREP: Routing REPly
• We extend AODV by adding trust information into its routing messages
Oct. 28, 2003 CSE Dept. of CUHKPage 7
Framework of TAODV
Oct. 28, 2003 CSE Dept. of CUHKPage 8
Trust Model for TAODV: Representation of trust
• Use Opinion to represent trust:– A three-dimensional metric–
• -- Probability of node A believing in node B
• -- Probability of node A disbelieving in node B
• -- Probability of node A’s uncertainty about B
–
ABb
),,( AB
AB
AB
AB udb
ABdABu
1 AB
AB
AB udb
Oct. 28, 2003 CSE Dept. of CUHKPage 9
Trust Model for TAODV: Combination of trust
• Discounting Combination: – Combine trusts along one path– Combine
• Consensus Combination:– Combine trusts from several
paths– Combine
)()(
)(CA
CB
BA
),()(
)(CBA
CB
CA
A C
B
A
C
B
Oct. 28, 2003 CSE Dept. of CUHKPage 10
Trust Model for TAODV: Mapping from evidences to opinion space
• Mapping function:
– p : positive evidences– n : negative evidences
Oct. 28, 2003 CSE Dept. of CUHKPage 11
Routing Operations in TAODV
• Trust Recommendation• Trust Judgement• Route Table Extension• Trust Update• Routing Messages Extensions• Trusted Routing Discovery
Oct. 28, 2003 CSE Dept. of CUHKPage 12
Trust Recommendation
• Exchange trust information• Two types of messages:
– TREQ: Trust REQuest– TREP: Trust REPly
• Message structure:
Oct. 28, 2003 CSE Dept. of CUHKPage 13
Message Structures of TREQ & TREP
TREQ TREP
Oct. 28, 2003 CSE Dept. of CUHKPage 14
Trust Judgement
b d u Actions>0.5
Request and verify digital signature
>0.5
Distrust a node for an expiry time
>0.5
Trust a node and continue routing
≤0.5
≤0.5
≤0.5
Request and verify digital signatureb – belief d – disbelief u – uncertainty 0.5 – threshold
Oct. 28, 2003 CSE Dept. of CUHKPage 15
Route Table Extension
• Add three fields into original route table– Positive events– Negative events– Opinion
• New route table format
DestIP
… NextHop
..
.State
Expiry
PositiveEvents
NegativeEvents
Opinion
Oct. 28, 2003 CSE Dept. of CUHKPage 16
Trust Update
• Update of Evidences– Successful Communication Positive events: p++
– Failed Communication Negative events: n++• Update of opinion
– Mapping from evidence space– Combination from different recommendations
• Update fashion– Periodical update if high packets frequency– On-demand update if lower packets frequency
Oct. 28, 2003 CSE Dept. of CUHKPage 17
Routing Messages Extensions
• Add trust information into original AODV routing messages
• RREQ TRREQ• RREP TRREP• Message structure:
Oct. 28, 2003 CSE Dept. of CUHKPage 18
Message Structures of TRREQ & TRREP
TRREQ TRREP
Oct. 28, 2003 CSE Dept. of CUHKPage 19
• N receives TRREQ from N1. It will then perform such behaviors as follows:
1. Broadcast TREQ to request N1’s opinions2. Obtain trust recommendation from N2, N3, N4:
3. Combine these three opinions together into4. Judge the next behavior using trust judgment
criteria
Trusted Routing Discovery
S
N1
N2
N
N4
N3
DTRREQ TRREQ
N receives TRREQ from N1.It will performs such behaviors:
Oct. 28, 2003 CSE Dept. of CUHKPage 20
5. If uncertainty>threshold, N requests and verifies N1’s signature
6. If N1 passes trust authentication or signature authentication, N will rebroadcast TRREQ
7. If N1 does not pass any authentication, N will not trust N1 and drop this TRREQ
8. Update the value of opinion using trust update rules
Trusted Routing Discovery
S
N1
N2
N
N4
N3
DTRREQ TRREQ TRREQ
TRREQ TRREQ
TRREPTRREP
Oct. 28, 2003 CSE Dept. of CUHKPage 21
Analysis
• Computation overheads of each set of authentication operations– Cost of each set of trust operations is O(162v) (v is the no. of average neighbors)
– Cost of each set of signature operations is O(k3) (k is the length of signature)
Oct. 28, 2003 CSE Dept. of CUHKPage 22
Analysis (con’d)• Number of authentication
operations when given a certain traffic volume.
E.g.: n routing messages– No. of signature operations: n– No. of trust operations:
•t – average packets interval•e – trust expiry time•U will never be larger than n
Oct. 28, 2003 CSE Dept. of CUHKPage 23
Analysis (con’d)
• Security – Combination of trust authentication
and signature authentication secure
– Combination of different recommendations objective
– Customization of trust threshold flexible
Oct. 28, 2003 CSE Dept. of CUHKPage 24
Conclusion and Future Work
• TAODV is a secure routing protocol with– Less computation overheads – Flexible security levels
• Optimize trusted routing discovery algorithm
• Establish fast response mechanism when being attacked
• Perform detailed simulation evaluation
Q&A
Thank You! Thank You!
