Introduction OutOut eline Imagine an Ad-hoc network · based on a collaborative monitoring technique • Used for solving the selfish behavior • Nodes modeled as a members of a

Wireless Ad Hoc and Sensor Networks- Trust and Soft Security

WS 2010/2011WS 2010/2011

Prof. Dr. Dieter HogrefeDr. Omar Alfandi

OutlineOut e

• Introduction• Security techniques• Trust and reputation systems• Generic Trust and Reputation Model Scheme • Proposed models for ad hoc and sensor networks

– CONFIDANT– CORE

RFSN– RFSN

• Problems exist in reputation systems• Summary• Summary

2

Introduction

Imagine an Ad-hoc network

How can nodes in a cooperative communications

R l h h ?• Rely on each other?• Decide whether and with whom to interact in thiswhom to interact in this uncertain conditions?

These risks can be mitigated throughsoft security mechanisms

3

soft security mechanisms

OutlineOut e



RFSN– RFSN


4

Security Techniques

A: Hard security:• traditional way of protecting data by putting hard fencestraditional way of protecting data by putting hard fences

to maintain the CIA (Confidentiality, Integrity an availability) properties with:y) p p– Authentication– Access Control– etc.

• Leaves the security to some t l l b l th itexternal or global authority

• Reveals everything if they are bypassed• Example: Password

5

Security Techniques

B: Soft security:• protect something from harm in quite and unremarkable ways. • It is invisibly and after the fact• used for social control mechanism

– It is the participants themselves who are responsible for the security

– is collaborative and based on whole community

– doesn’t deny the existence of the malicious participantsof the malicious participants

– but avoid to interact with the malicious one

6

• Example: Trust and Reputation Systems

OutlineOut e



RFSN– RFSN


7

Notion of Trust

Trust is a directional relationship consists of:• Trustor• Trustee• Scope A B

Trustor Trustee

• A can trust on B if B acts as the same way that A yexpects! And It shows to what extend does A have the feeling of security on B

8

Trust Network: Web of Trust• Trust Network (Web of Trust):

The network of relationship between nodes that shows the level of trust - vertex ~ mobile nodenodes that shows the level of trust between them. - direct edge ~ level of trust

Alice Bob

0 9 0

1• Properties of Trust:– weighted, [0 = distrust, 1= trust]

bj ti / l 0.9

Carol0 6

Dave

– subjective/personal– asymmetric

0.2

– dynamict i 0.6– non-monotonic

– transitive

9

Transitivity of Trust

1Alice Bob

0.9 00 2 0.3

Carol0.6

Dave

0.2

?

10

Trust Metrics

Alice Bob1

• Is a measure of how a member of a group is trusted by the other member.

0.9 00.2 0.3

• Using existing edges for predicting values of trust for non existing edges

i t t t itiCarol

0.6Daveusing trust transition.

(if you trust someone then, you have some degree of trust in any one that

?g y

person trusts)

G l d t i t bTrust (Alice, Dave) = ?

• Goal: reduce uncertainty, by predicting how much each unknown people could be trusted.

11

Trust Management

Trust management is the activity of gathering,encoding analyzing and presenting evidenceencoding, analyzing and presenting evidencerelating to honesty and security with the purpose of making decisions regarding trust relationshipsof making decisions regarding trust relationships.

• Policy base trust management• Policy-base trust management• Reputation-based trust management

12

Policy-Based Trust

• Using policies to establish trust• Managing and exchanging credentials• Enforcing access policies• Using trusted third party for issuing and verifying

credentials• Example:

– PGP (Pretty Good Privacy)

13

Reputation-Based Trust

• Reputation:– The overall quality or character as seen or

j d d b l i ljudged by people in general• I trust you because of your good reputation• I trust you despite your bad reputationy p y p

• Reputation-based trustp– Using reputation to establish trust– Using the history of an entity’s

b h i / tibehaviors/actions – Combining first-hand knowledge

and recommendation made by othersand recommendation made by others

14

Reputation Network Architecture: Centralized

• Central authority (reputation center)– Collects all rating about

each participants who iseach participants who is rated by other members after a direct experience. D i t ti– Derives a reputation score for each participants.

– Makes all scores publicly p yavailable.

e.g. eBay

15

Reputation Network Architecture: Distributed

• No reputation centerDi t ib t d t– Distributed stores

• Where rating can be submitted

– Each participants • Records the opinion

b t thabout others • Provide this information

on request from relying q y gparty. e.g. Peer-to-Peer, Ad-hoc Networks

16

OutlineOut e



RFSN– RFSN


17

Generic Trust and Reputation Model Scheme

Gathering information 1

18

Gathering Information

• Gather its own opinion if there exist any direct i t ti

A B1

interactions:– First-hand information

Gather the idea of other

0.9 00.2 0.3

• Gather the idea of other nodes that A has contact with them:

C0.6

D

with them: – Second-hand information or

recommendation?

Trust (A,D) = ?

Trust (C,D) = 0.6Trust (B,D) = 0

19

Generic Trust and Reputation Model Scheme Gathering

information 1

2 Scoring & RankingRanking

20

Scoring and RankingA B1

• A considers the recommendations according to hi i i b t th

0.9

D

00.2 0.3

his opinion about the recommenders:

C0.6

D

??Trust (A,D) = ?

Trust (A,B) = 1T t (A D) 1 0 0

Trust (A,D) = ?

( , )Trust (B,D) = 0

T t (A C) 0 9

Trust (A,D) = 1x0=0 Trust (A,D) =(0 + 0.54)/2 =

0.27

Trust (A,D) =(0 + 0.54)/2 =

0.27Trust (A,C) = 0.9Trust (C,D) = 0.6

Trust (A,D) = 0.9x0.6=0.54

21

Generic Trust and Reputation Model Scheme Gathering

information 1

2 Scoring & RankingRanking

Perform TransactionEvaluating received service

3

unsatisfied

Punish Reward

satisfied4 Update

First-hand

22

Punish Rewardinformation

OutlineOut e



RFSN– RFSN


23

Some Proposed Models

• CONFIDANTSonja Buchegger, Jean-Yves Le Boudec"Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes -Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes Fairness In Dynamic Ad-hoc NeTworks)."Proceedings of MobiHoc 2002, Lausanne, June 2002.

• CORE• COREP. Michiardi and R. Molva. CORE: A COllaborative REputation mechanism to enforce node cooperation in Mobile Ad Hoc Networks. Communication and Multimedia

Security, September, 2002.• RFSN

S. Ganeriwal and M. Srivastava. Reputation-based framework for high integrity sensor networks. In proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN ’04), October 2004

24

OutlineOut e



RFSN– RFSN


25

CONFIDANT

• Its Goal is to detect, prevent, and discourage:– Selfishness (not forwarding of control messages or data) – Traffic deviation

• Advertise many routes• Advertise routes too oftenAdvertise routes too often• Advertise no routes

– Route salvaging, rerouting to avoid a broken although no error h b b dhas been observed

– Lock of error messages, although an error has been observed (and vice versa) ( )

– Silent route change (tampering with message headers of either control or data packets)

26

CONFIDANT Protocol

• Is built on DSR (Dynamic Source Routing)• Observes Behaviour

– 'Neighbourhood Watch' behaviour that is directly observed, h d b th doverheard, by the node

• Reports BehaviourShare experienced misbehaviour and learn from friends– Share experienced misbehaviour and learn from friends

• Make decision based on Behaviour

27

CONFIDANT Components

• Monitor– Directly observes behaviour

• Trust Manager– Sends and receives ALARMs

• Reputation System– Node Rating

P th M• Path Manager– Route management based on Reputation

Each node has all of these components locally

28

CONFIDANT Components

29

Monitor

• Directly observes behaviour of 1-hop neighbourhood

• By listening to the transmission of the next node detects any packet alteration

D t k t– Data packets– Routing packets

• Registers deviation from normal behaviour• Registers deviation from normal behaviour and reports to the reputation system if bad behaviour occurs

• Forwards received ALARMS to the trust manager for evaluation

30

Trust Manager

• Handles all incoming and outgoing ALARM messages experienced or observed misbehaviour.

• Consists of three components:– Alarm table: contains information about received ALARMs

T t t bl t t l l f th d t d t i i th– Trust table: manages trust level of the node to determining the trustworthiness of the originator of ALARM

– Friends list: contains all friends a node has

• Forward ALARM on received report of misbehaviour to all friends

31

Reputation System

• Manage the table of nodes and their rating• Only negative experience is counted• Ratings are changed only if the malicious behaviour has

occurred at least a threshold number of time • Ratings are updated according to the rate function• Rate function assigns greatest weighted to personal

experience and newly observed behaviour• If the rating of any node falls below a predetermined

th h ld P th M ill b ll dthreshold, Path Manager will be calledAssume negative behaviour is rare, and probably means

d b t t d!node can never be trusted!32

Path Manager

• Decision maker• Path re-ranking according to

security metric (re-rank route based on reputation)

• Deletes path containing malicious nodesT k ti• Takes necessary action upon receiving a request for route from a misbehaving nodefrom a misbehaving node (ignore request)

33

Example: Reputation in MANETs• Node A‘s view of the network• A wants to send packets to D via C

34

OutlineOut e



RFSN– RFSN


35

CORE

• Proposed to enforce node cooperation in MANETs based on a collaborative monitoring technique

• Used for solving the selfish behavior• Nodes modeled as a members of a community• The reputation is formed and updated along the time

– assigns more weight to the past observations than the current observationsobservations

• Three types of reputation– subjective reputation– subjective reputation – indirect reputation– functional reputation

• Different weights to different functions like packet forwarding, etc.

36

CORE• Has two protocol entities

– Requester: refers to a network entity asking for the execution of a function f– Provider: refers to any entity supposed to correctly execute the function fProvider: refers to any entity supposed to correctly execute the function f

• Each node maintains– An RT (Reputation Table) for each function f

• An entry in RT has:• An entry in RT has:– unique ID – recent subjective reputation

i di i– recent indirect reputation– composite reputation for a predefined function

• RTs updated in two situations: – during the request phase – during the reply phase

• Each node is also equipped with a watchdog mechanism forEach node is also equipped with a watchdog mechanism for promiscuous observation

37

OutlineOut e



RFSN– RFSN


38

RFSN• Sensor network already follow a community model

– Individual nodes do not have any utility– Collaborative information gathering, data processing andCollaborative information gathering, data processing and

relaying• RFSN incorporates intelligence into nodes

Exposes trust as an explicit metric!– Exposes trust as an explicit metric!– Cooperate with ONLY those nodes that are trustworthy

• RFSN uses two different metrics – Distinguishes between trust and reputation

39

RFSN

I detected I detected a car at ( )

It was a false alarm. No

h !

I detected a car at (x,y)

a car at (x,y)a car at (x,y) such car! ( y)


Misbehavior while routing information


gMisbehavior even while generating information

40

Architecture of RFSNWatchdog mechanism Reputation Trust Behavior

Second hand

Watchdog mechanism: Gather first hand information

Second hand information

• Watchdog mechanism: Gather first hand information • Second hand information: Share experiences to facilitate

community growth y g• Reputation: Develop a perception of other nodes over time • Trust: Predict their future behavior

B h i C /N i h d i i• Behavior: Cooperate/Non-cooperate with node in question

41

Reputation Representation

)(

• Probabilistic formulation– Use beta distribution to represent reputation of a node.

0,0,10)1()()()(),( 11

xxxBetaRij

R t ti f d j f th ti f d iReputation of node j from the perspective of node i

• Why beta distribution?Simple to store: Just characterized by 2 parameters– Simple to store: Just characterized by 2 parameters.

– Intuitive: α and β represents magnitude of cooperation and non-cooperation.– Efficient: Easy reputation updates, integration, trust formulation.

• Maintain reputation for just neighboring nodes– Use locality – Provides scalability

42

Design of Beta Reputation System

Propagated data:• Information about good nodes – Saves from bad mouthing attacks• Independent information (direct experience) – Critical to derivation inIndependent information (direct experience) Critical to derivation in

earlier slide

TrustTrustTrustTrustTrustTrustTrust

Reputation table based on only direct

information of

Reputa

RT iNCW

atch

RTD iNC

Reputa

RT iNCW

atch

Reputa

RT iNCW

atch

RTD iNC

Reputa

RT iNCW

atch

Reputa

RT iNCW

atch

RTD iNC

Reputa

RT iNCW

atch

Reputa

RT iNCW

atch

RTD iNC

information of cooperative and non-

cooperative nodes

tion RT iC

Behavior

RTD iC

hdog

tion RT iC

Behavior

RTD iC

hdog

tion RT iC

Behavior

RTD iC

hdog

tion RT iC

Behavior

RTD iC

hdog

tion RT iC

Behavior

RTD iC

hdog

tion RT iC

Behavior

RTD iC

hdog

tion RT iC

Behavior

RTD iC

hdogReputation table of cooperative and non-

cooperative nodes

Second Hand InfoSecond Hand InfoSecond Hand InfoSecond Hand InfoSecond Hand InfoSecond Hand InfoSecond Hand Info

Propagating data

43

Comparison

Metric Confidant Core RFSN

Architecture Distributed Distributed Distributed

Context Ad-hoc Networks Ad-hoc Networks Sensor Networks

Scope Routing Routing Compromised /Scope Routing misbehavior

Routing Misbehavior

Compromised / Faulty nodes

Formulation Heuristics/ Bayesian

Heuristics based on game theory

Bayesian formulationBayesian

formulation based on game theory

on game theory formulation based on decision theory

Reputation propagation

Only bad Only good Only good

Maintenance Local Local Local

44

OutlineOut e



RFSN– RFSN


45

Problems of Reputation Systems• Reputation systems help peers to recognize the trustworthy

peers and avoid the malicious onesH th t ti t i ht b• However, the reputation systems might be themselves target of attacks like:

Unfair Ratings (Liars)– Unfair Ratings (Liars) Comparing the opinion of the recommenders

– Bias Toward Positive Rating Providing anonymous reputation management

– Quality Variations Over Time Discounting of the past behavior Discounting of the past behavior

– Ballot Box Stuffing Rating on the cost of transaction

– Change of Identities46

OutlineOut e



RFSN– RFSN


47

Summary • Basic Criteria for judging the reliability of an entity:

– Hard security mechanisms– Soft security mechanismsSoft security mechanisms

• Using soft security mechanisms are unavoidable for cooperative environments like mobile ad-hoc and sensor network:

– Reflects recent trends in entity performance

• Robustness against attacks is required: – Resist to manipulate reputation scores

Adding any single rating should not influence the score significantly– Adding any single rating should not influence the score significantly

48

Documents

Introduction OutOut eline Imagine an Ad-hoc network · based on a collaborative monitoring technique • Used for solving the selfish behavior • Nodes modeled as a members of a