1 hierarchical trust management for wireless sensor networks and its applications to trust-based...
TRANSCRIPT
1
Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection
Fenye Bao, Ing-Ray Chen, Moonjeong Chang
Presented by: Changlai DuFeb 27, 2014
2
Contents
Introduction System Model Hierarchical Trust Management Protocol Performance Model Trust Evaluation Results Trust-based Geographic Routing Trust-based Intrusion Detection Conclusion
3
Introduction
Propose a cluster-based hierarchical trust management protocol for WSNs.
Utilize both Quality of Service (QoS) and Social Networking attributes to model the behaviors of nodes to determine their reliability.
Highly scalable due to being a cluster-based model. Apply the protocol to trust-based geographic routing
and trust-based intrusion detection.
4
Wireless Sensor Network
A Wireless Sensor Network (WSN) refers to a distributed network of autonomous sensors, each operating independently for the greater good of the network.
A WSN is inherently unstable due to the independence of the Sensor Nodes (SN) and their different operating characteristics, including malicious and selfish activity.
The WSN must take input from its SNs, evaluate their input, and determine the overall picture for what is happening across its network.
5
Sensor Node
A SN monitors physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, or pollutants.
A SN is can transmit, or forward information through multi-hop routing.
SNs have very limited resources: Energy Memory Computational Power
May be compromised and perform to malicious attacks.
6
Cluster Head
A Cluster Head (CH) is a node that has been elected to take charge of a group of SNs.
A CH receives direct input from each of its SNs. A CH forwards the data to base station or destination
node through other CHs. CHs use more energy than SNs.
7
Abnormal Node Behavior
Malicious Node A node may be captured by the enemy at any point and start passing erroneous information
or drop packets. A node is more likely to become malicious if it has low energy or if it is surrounded by
malicious nodes.
Selfish Node A node may become selfish if its energy becomes low relative to its neighbors’. “Selfish” can be thought of as “efficient”. If a node recognizes that its battery level is low and
its neighbors have sufficient energy, it may start dropping packets so its neighbors pick up more of the burden.
The challenge becomes: How do we create a model such that malicious and selfish nodes can be identified and the WSN can adjust to these conditions to achieve a near-optimal performance?
8
System Model
Leveraging a two-level hierarchy in the WSN, the protocol is conducted using periodic peer-to-peer trust evaluation between two SNs and two CHs.
Each SN reports it p2p evaluation result to other SNs in the cluster and its CH.
The CHs perform CH-to-SN trust evaluation towards SNs in its cluster.
Each CH reports it p2p evaluation result to other CHs in the system to other CHs and the base station.
9
How Does Trust Factor In?
Once the hierarchy is established, the evaluations completed by each node follow a trust scheme that allows for direct and indirect trust-based reporting.
Trust Composition includes both social trust and QoS trust. Social trust: intimacy, honesty, privacy, centrality and
connectivity. QoS trust: competence, cooperativeness, reliability, task
completion capability.
In this work we consider intimacy, honesty, energy, unselfishness
10
Trust metrics
Intimacy Reflects the relative degree of interaction experiences
between two nodes The more positive experiences SN A had with SN B, the
more trust and confidence SN A will have toward SN B
Honesty Implies whether a node is malicious or not
Energy Measures if a SN is competent in performing its intended
function
Unselfishness Reflects if a SN can cooperatively execute the intended
protocol.
11
Hierarchical Trust Management Protocol
Peer-to-peer trust evaluation SN-levels CH-levels
CH-to-SN Trust Evaluation Station-to-CH Trust Evaluation
12
Evaluation Process
A weighted evaluation is performed and all four metrics are factored into one, overall trust score:
Tij(t) denotes the trust that node i has toward node j at time t.
Deciding the best values of w1, w2, w3, and w4 to maximize application performance is a trust formation issue which is explored in this paper.
13
Peer-to-Peer Trust Evaluation
P2P Trust Evaluation is performed between SNs and between CHs.
When node i evaluates its trust toward a neighbor node j It snoops, or overhears enough data to provide direct
observation.
i should also refer to past experiences. When i evaluates a node that is beyond its
communication range it will use its past experiences.
It must also use recommendations from its 1-hop neighbors.
14
Peer-to-Peer Trust Evaluation
This relationship is represented as follows:
γ and α represent weights associated with trust decay. X represents one of the four trust components.
15
Peer-to-Peer Trust Factors
This measures the level of interaction experiences. It is
computed by the number of interactions between node i and j over the maximum number of interactions between node i and any neighbor node over the time period [0, t].
This refers to the belief of node i that node j is honest based on
node i’s direct observations toward node j. It’s estimated by keeping a count of suspicious dishonest
experiences of node j which node I has observed during [0, t] using a set of anomaly detection rules.
If the count exceeds a system-defined threshold, the value is 0. Otherwise, the value is 1 minus the ratio of the count to the
threshold.
16
Peer-to-Peer Trust Factors
This refers to the belief of node i that node j still has adequate
energy (representing competence) to perform its intended function.
It is measured by the percentage of node j’s remaining energy It is estimated utilizing some energy consumption model
This provides the degree of unselfishness of node j as evaluated
by node i based on direct observation over [0, t]. Node i may apply overhearing and snooping techniques to
detect selfish behaviors of node j.
17
Peer-to-Peer Trust Evaluation
This relationship is represented as follows:
When i evaluates a node that is not 1-hop neighbor use its past experience use recommendations from its 1-hop neighbors
18
Parameters Defined
α - Weight that represents a more instantaneous evaluation, since the higher α, the more weight is given to time t.
γ – weight between recommendations vs. past experiences
β – Represents the impact of “indirect recommendations”. indirect recommendations is normalized to βTik(t) relative to 1
assigned to past experiences
19
CH-to-SN Trust Evaluation
Once all calculations are complete for a given time period t, the CH applies statistical analysis principles to all Tij(t) values received to perform CH-to-SN trust evaluation toward node j.
CH can also detect any outliers in the cluster to see if any good-mouthing or bad-mouthing is occurring.
The CH can exclude a sensor from reading and routing duties.
20
Station-to-CH Trust Evaluation
CH-to-CH trust evaluation is peer-to-peer. Station-to-CH trust evaluation performs in a similar way
as CH-to-SN evaluation.
21
Performance Model
A Stochastic Petri Net model is used to provide a basis for obtaining ground truth status of nodes in the system.
It derives objective trust against which subjective trust obtained as a result of executing our hierarchical trust management protocol can be checked and validated.
22
Petri Net Model - Energy
Place Energy indicates the remaining energy level of the node
A token will be released from place Energy when transition T_ENERGY is triggered.
The rate of transition T_ENERGY indicates the energy consumption rate.
Energy consumption rates: Normal nodes
Selfish nodes
23
Petri Net Model - Selfishness
A node may become selfish to save energy. An unselfish node may turn selfish in every trust evaluation
interval Δt according to its remaining energy and the number of unselfish neighbors around.
A selfish node may redeem itself as unselfish to achieve a service availability goal.
Putting a token into place SN when transition T_SELFISH is triggered and removing the token from place SN when transition T_REDEMP is triggered
24
Petri Net Model - Compromise
A node becomes compromised when T_COMPRO fires and places a token in CN.
Model the IDS behavior through transition T_IDS Rate is for compromised nodes for good nodes (typo error)
25
Subjective Trust Evaluation
If j is a selfish node (a/c), compromised node (b/c) or normal node (c/c) a, b and c: The average numbers of interactions of node i with a
selfish node, a compromised node and a normal node
26
Objective Trust Evaluation
Compute objective trust based on actual status as provided by the SPN model output using exactly the same status value assignment as shown in Table I to yield ground truth status of node j at time t.
Tj,obj(t), is also a weighted linear combination of four trust component values
27
Trust Evaluation Results
28
Trust Evaluation Results
The trust evaluation consists of two parts trust composition and trust aggregation trust formation
Assertion each trust property X has its own best α and β values subjective assessment would be the most accurate against
actual status of node j in trust property X because different trust properties have their own intrinsic
trust nature and react differently to trust decay over time
29
Trust Evaluation Results
Larger α indicates that subjective trust evaluation relies more on direct observations compared with past experiences
Larger β indicates that subjective trust evaluation relies more on indirect recommendations provided by recommenders compared with past experiences
30
Trust Evaluation Results
The best α and β values intrinsically depend on the nature of each trust property as well as a given set of parameter values
Subjective trust obtained as a result of executing our proposed hierarchical trust management protocol approaches true objective trust
31
Trust-based Geographic Routing
Geographic routing a node disseminates a message to a maximum of L
neighbors closest to the destination node
Trust-based geographic routing node i forwards a message to a maximum of L neighbors
not only closest to the destination node but also with the highest trust values Tij(t)
Baseline routing protocols flooding-based
• a node floods a message to all its neighbors traditional geographic routing
32
Best Trust Formation to Maximize Application Performance Identify weights to assign
to individual trust properties w1=w2=0.5 × wsocial
w3=w4=0.5 × wQoS
wsocial + wQoS = 1
Considering both social and QoS trust properties helps generate a higher message delivery ratio
33
Dynamic Trust Management
Dynamically adjust wsocial (the X coordinate) to optimize application performance in message delivery ratio
34
Performance Comparison
Outperforms traditional geographic routing Approaches flooding-based routing
35
Performance Comparison
Traditional geographic routing performs better than trust-based geographic routing in message delay This is expected
36
Performance Comparison
Incurs more message overhead than traditional geographic routing the path selected by trust-based geographic routing is
often the most trustworthy path, not necessarily the shortest path
37
Trust-based Intrusion Detection
Describe the algorithm that can be used by a high-level node such as a CH (or a base station) to perform trust-based intrusion detection of the SNs
Develop a statistical method to assess trust-based IDS false positive and false negative probabilities
38
Algorithm for Trust-Based Intrusion Detection Selecting a system minimum trust threshold, Tth,
below which a node is considered compromised A compromised node will exhibit several social and QoS
trust behaviors
39
Best Trust Formation to Maximize Application Performance As the minimum trust
threshold Tth increases, the false negative probability Pfn decreases while the false positive probability Pfp increases.
There exists an optimal trust threshold Tth,opt at which both false negative and false positive probabilities are minimized.
40
Performance Comparison
Presented are the best results of all three IDS schemes
41
Conclusion
Proposed a hierarchical dynamic trust management protocol for cluster-based wireless sensor networks, considering two aspects of trustworthiness, namely, social trust and QoS trust.
Developed a probability model utilizing stochastic Petri nets techniques to analyze the protocol performance, and validated subjective trust against objective trust obtained based on ground truth node status
Demonstrated the feasibility of dynamic hierarchical trust management and application-level trust optimization design concepts with trust-based geographic routing and trust-based IDS applications