An Efficient Trust Establishment Framework forMANETs
Mohammad Karami, Mohammad Fathian
Department of Industrial EngineeringIran University of Science and TechnologyTehran, Iran
Abstract
— In this paper, we present a general trust establishmentframework comprising three components. The first part is thetrust computation model that evaluates the trust level of eachparticipating node through monitoring and quantification of some relevant behavioral indicative metrics. The second part isthe trust evidence distribution scheme that distributes the trustevidences obtained by the first component. And finally the thirdpart is the reputation computation model that combines thecollected trust evidences from other nodes to form an overallreputation score and a judgment basis regarding thetrustworthiness level of each node.The trust computation model is based on first-hand evidencesobtained via direct observations at the MAC layer. The proposedtrust evidence distribution scheme is an efficient, scalable andcompletely distributed scheme based on ant colony optimizationalgorithm. For combination of collected evidences in thereputation computation model, Dempster’s rule for combinationis applied. Dempster’s rule for combination gives a numericalprocedure for fusing together multiple pieces of evidence fromunreliable observers.The paper, illustrates the applicability of the proposedframework on data packet delivery functionality with DynamicSource Routing (DSR) as the underlying routing protocol. Wepresent simulation results which demonstrate the effectivenessand efficiency of the proposed framework.
Keywords- Trust establishment framework; mobile ad hoc network (MANAT); evidence distribution; ant colony optimization; Dempster-Shafer theory
I.
I
NTRODUCTION
Mobile ad hoc networks (MANETs) are multihop wirelessnetworks spontaneously constructed by mobile nodes withoutrelying on any pre-established infrastructure [1]. In MANETs,nodes can directly communicate with other nodes within theirwireless transmission range that are often referred to asneighbors. However, to communicate with non-neighbor nodes,they have to follow a multi-hop scenario where the sourcenodes rely on their neighbors and several other intermediatenodes to relay their messages and deliver them to thedestination. Therefore, the cooperation of participating nodesplays a vital role for successful communications. Early routingand communication protocols for MANETs have beendeveloped optimistically, where the benign and cooperativebehavior of all the participating nodes is presumed. However, itmay not be always the case and in the absence of a fixed trustor security infrastructure; some nodes may decide to exhibit anon-cooperative or malicious behavior for a variety of incentives including better service, selfishness, monetarybenefits or malicious intents.Due to the unique characteristics of MANETs such asshared wireless medium, the lack of any fixed infrastructure,mobility and consequently dynamic topology changes, andresource-constrained nodes in terms of battery and computationcapability, these networks are seriously susceptible to a largenumber of security attacks [2]. The aforementionedcharacteristics also prevent traditional cryptographic-basedsecurity methods to be directly applicable to MANETs.As a result, in recent years researchers have taken atrust-based approach which promotes modeling and computingtrust by defining and monitoring some behavioral indicativemetrics and coming up with some sort of belief intrustworthiness level of other nodes. This computed degree of trustworthiness may then be used in situations where a nodehas to rely on previously unknown and therefore unreliablenodes for accomplishment of a cooperative service. In aMANET context, trust is defined as a belief level that one nodecan put on another node for a specific action according toprevious direct or indirect information from observation of behaviors. The belief level is the extent to which one nodebelieves that another node is willing and able to obey theprotocol and act normally [3].In this paper, we present a trust establishmentframework that is based on first-hand evidences obtained viadirect observations at the MAC layer as well as second-handevidences that are obtained via an ant-based trust evidencedistribution scheme from other nodes. A common difficulty intrust-based schemes that incorporate various trust evidenceexchange mechanisms to reinforce their accuracy pertains tothe combination of observational data from nodes that can varyin their reliability or trustworthiness. In this paper, we haveemployed the Dempster-Shafer evidence theory, which is wellsuited to an ad-hoc network where doubt and uncertainty isinherent.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 4, July 2010252http://sites.google.com/site/ijcsis/ISSN 1947-5500
The remainder of the paper is organized as follows. SectionII briefly reviews related work on trust establishment inMANETs. Section III is dedicated to the details of ourproposed trust establishment framework. Section IV presentsresults from simulation experiments that demonstrate theeffectiveness of the proposed scheme. The final section of thepaper discusses concluding remarks.II.
R
ELATED
W
ORK
In recent years, security establishment in MANETs by themeans of trust modeling and management has been aconsiderable topic of interest. The proposed trust managementframeworks in literature fall into two major categories,reputation-based [4,5] and trust establishment [6-9]. In theformer category, trust in other nodes is evaluated by directobservation and second-hand information distributed among anetwork. In this category most of the proposed methods use aBayesian approach based on Beta distribution [3, 5, 10, 11]. Inthis approach, a random variable that follows the betadistribution is associated with the trust value of a node. Also,the posterior distribution that represents a notion of trust isderived from a prior distribution. In the later category [6-9],trust in neighbors is evaluated by direct observation, and trustrelations between two nodes without previous direct interactionare established through a combination of opinions fromintermediate nodes.L. Eschenauer et al. [12] present a high-level framework for generation, revocation and distribution of trust evidence anddemonstrate the significance of estimation metrics in trustestablishment. A.A. Pirzada et al. [13] present a trust modelthat allows the evaluation of the reliability of the routes, usingonly first-hand information. The notion of confidence as itrelates to trust management was explored by G.Theodorakopoulos et al. [14]. L. Buttyan et al. [15] propose aframework for stimulating cooperation in MANETs. Theapproach is based on a credit system for packet forwardingwhile trusted hardware is assumed.The majority of research works presented in theliterature have mainly concentrated on trust modeling andquantification, while little attention has been paid to efficientdistribution of trust information. In most of the proposed trustestablishment schemes participating nodes are required toperiodically disseminate their trust information acquiredthrough direct observations.These trust information are received by other nodes andcombined to form an overall reputation score for each node.This proactive approach suffers scalability, efficiency androbustness problems in resource-constrained environments[16]. Tiang and Baras [17] propose an efficient ant-basedapproach for the distribution of trust certificates in MANETs.However, their proposed scheme does not involve any trust orreputation computation model. In this paper we use an efficienton-demand trust evidence discovery protocol based on antcolony optimization algorithm for the distribution of trustevidences.Yet another challenge in reputation-based schemes isrelated to employing an accurate, robust and straightforwardmethod for combining observational data from nodes that canvary in their reliability or trustworthiness. Previous approacheshave used simplistic combination techniques such as averagingor majority voting [18,19]. Here we apply Dempster-Shafermathematical theory of evidence to combine independentpieces of evidence collected from other nodes in order to forman overall reputation score regarding the trustworthiness degreeof a given node.III.
T
HE
P
ROPOSED
F
RAMEWORK
As in real life, in MANETs context, trust levels aredetermined for particular actions. Obviously, trust computationfor any action of interest requires clear definition, monitoringand quantification of some relevant behavioral indicativemetrics. We believe that our proposed framework is a generalframework and once corresponding metrics for a given actionof interest are properly defined, monitored and quantified, itmay be adapted for various scenarios. However, to give apractical illustration, for the rest of the paper, we will beparticularly considering the incorporation of the proposedframework into data packet delivery functionality withDynamic Source Routing (DSR) as the underlying routingprotocol [20]. In the resulted trust-aware DSR protocol, thetrustworthiness degree of intermediate nodes is taken intoaccount, so that, non-cooperative nodes could be avoided inroute selection decisions. The details of the proposed trustestablishment framework are discussed in subsequentsubsections.
A.
Trust Computation Model
The trust computation model is executed by each individualnode. Each node operates independently and maintains itsindividual perspective of the trust hierarchy. Each node uses adirect observation mechanism for monitoring data packetforwarding behavior of its neighbor nodes and accordinglyquantifies trust level of each neighbor node.In the proposed scheme, each node buffers all thepackets it has sent, puts itself in promiscuous mode, initiates atimer and then overhears its neighbor’s forwarding behavior. If a packet is properly forwarded within the expected timeout,then a successful forwarding event is recorded, otherwise anunsuccessful forwarding event is recorded. The trust level issimply computed by dividing the number of successfulforwarding observations for a particular node by the totalnumber of packets sent to that node to be forwarded. Inparticular, the trust value,
t
, assigned to node
j
by node
i
isdefined as follows:
sijsu
N t NN
=+
(1)Where and
N
s
and
N
u
respectively representthe cumulative number of successful and unsuccessfulforwarding events of node j recorded by node i. A trust value of 0 for a given node represents complete distrust and a value of 1
01
t
≤ ≤
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 4, July 2010253http://sites.google.com/site/ijcsis/ISSN 1947-5500
implies absolute trust in packet forwarding functionality of thatnode.The trust value computed for each neighbor node is signedby observer’s private key and therefore can’t be modified byintermediate nodes. We assume that the public key of thesigner is well known and authenticated, and the correspondingprivate key cannot be compromised. Trust evidence is afoursome tuple denoted as
TE=<provider, target, TV, time>
.
Provider
is the observer node which has computed the trustvalue,
target
represents the node for which this trust evidenceis produced,
TV
is the trust value of target node computed bythe provider and finally
time
is the last update time of the trustevidence. Trust evidences are locally stored by observer nodes.In the proposed framework as it applies to the data packetdelivery functionality of DSR protocol, whenever a node needsto choose among available paths to communicate with a givendestination, it first evaluates the reliability of each availablepath and consequently chooses the most reliable one. Pathreliability is computed as the probability that a packet won’t bedropped by the nodes along the route and will be safelydelivered to its destination.To compute reputation scores, a node first employs thetrust evidence discovery protocol to collect relevant trustevidences and then applies the reputation computation model tocombine multiple pieces of independent trust evidencescollected from other nodes. The details of these two steps arediscussed in following subsections.
B.
Trust Evidence Discovery Protocol
Although there exist some literature on trust evidencediscovery in P2P networks [21,22], very little attention hasbeen paid to exclusive study of trust evidencediscovery/distribution problem in MANETs. Typicalapproaches for trust evidence discovery in P2P networks relyon either flooding or centralized storage. The floodingapproach imposes efficiency and scalability problems and thecentralized storage approach is against the decentralized andinfrastructure-less nature of MANETs and also imposesrobustness risks.Almost all of the trust establishment schemes that utilizetrust information sharing mechanisms take a proactiveapproach, where nodes periodically broadcast their first-handtrust information to their neighbors. This approach also suffersscalability, efficiency and uneven distribution of trustevidences across the network.Here we introduce an efficient on-demand ant-based trustevidence discovery protocol. Our ant-based scheme uses theswarm intelligence paradigm [23]. The swarm intelligenceparadigm is inspired from artificial ant colonies techniques tosolve combinatorial optimization problems [24]. The mainprinciple behind the interaction in a swarm is called stigmergy– indirect communication through the environment. Anexample of stigmergy is pheromone laying on the trailsfollowed by ants. Ants are attracted to pheromones and therebythey tend to follow the trails that have high pheromoneconcentrations.The idea of the proposed ant-based scheme is inspired bythe process used by real ant colony. The ant can seek pathbetween the nest (source node) and multiple food sources(nodes hosting relevant trust evidences). They accomplish themission with great efficiency. As the environment changes,ants can also quickly discover new routes. Since trust evidencediscovery is a process to find relevant evidences with the bestefficiency, utilizing the ant colony optimization proves to behelpful.To obtain desired trust evidences hosted by other nodes, anode generates several artificial ants. The probabilisticmovement of the ant allows it to explore new paths and find theproper trust evidence provider. During the trust evidencediscovery period, Forward ants (
Fa
) and backward ants (
Ba
)are used.
Fa
is generated by trust evidence requester to explorea path to a proper trust evidence provider.
Ba
which contains arelevant piece of trust evidence is generated from the trustevidence provider and routes back to the requester.The formats of
Fa
and
Ba
packets are shown in Fig. 1. The
Fa
packet contains
RID
– requester’s ID,
TID
– target’s ID (thenode for which we are interested to obtain trust evidences),
SeqN
– the unique sequence number,
TTL
– the maximumnumber of intermediate nodes allowed to forward the
Fa
packet and
pass list
– the dynamically increasing list whichconsists of the passed nodes’ IDs. In the
Ba
packet
PID
is theID of trust provider node which creates the backward ant and
TimeStamp
is the creation time of the
Ba
packet.
Figure 1. (a) FA packet (b) BA packet
Along the path of delivering requested trust evidences,backward ants modify the information stored in the trustevidence table (TET) of each node. The structure of trustevidence table (TET) is shown in Fig. 2.
N
1
N
2
… N
m
TE
1
P
11
P
12
… P
1m
TE
2
P
21
P
22
… P
2m
…
… … … …
TE
n
P
n1
P
n2
… p
nm
Figure 2. Trust Evidence Table (TET)
Each row in TET corresponds to trust evidence of a node.For each trust evidence
TE
n
and for each neighbor node
i
, theprobability value
ni
p
expresses the probability of choosingnode
i
as the next hop when searching for trust evidence
n
andis calculated by the formula (2):
Pass List …Pass List …
(a)(b)
TID SeqN TTLRID PID TimeStampRID
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 4, July 2010254http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
An Efficient Trust Establishment Framework for MANETs
In this paper, we present a general trust establishment framework comprising three components. The first part is the trust computation model that evaluates the trust level of each participating node through monitoring and quantification of some…
(More)
317
Reads
2
Readcasts
2
Embed Views
More From This User
Notes
Load more
