1 hierarchical trust management for wireless sensor networks and its applications to trust-based...

41
1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen, Moonjeong Chang Presented by: Changlai Du Feb 27, 2014

Upload: lily-stewart

Post on 02-Jan-2016

215 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

1

Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection

Fenye Bao, Ing-Ray Chen, Moonjeong Chang

Presented by: Changlai DuFeb 27, 2014

Page 2: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

2

Contents

Introduction System Model Hierarchical Trust Management Protocol Performance Model Trust Evaluation Results Trust-based Geographic Routing Trust-based Intrusion Detection Conclusion

Page 3: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

3

Introduction

Propose a cluster-based hierarchical trust management protocol for WSNs.

Utilize both Quality of Service (QoS) and Social Networking attributes to model the behaviors of nodes to determine their reliability.

Highly scalable due to being a cluster-based model. Apply the protocol to trust-based geographic routing

and trust-based intrusion detection.

Page 4: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

4

Wireless Sensor Network

A Wireless Sensor Network (WSN) refers to a distributed network of autonomous sensors, each operating independently for the greater good of the network.

A WSN is inherently unstable due to the independence of the Sensor Nodes (SN) and their different operating characteristics, including malicious and selfish activity.

The WSN must take input from its SNs, evaluate their input, and determine the overall picture for what is happening across its network.

Page 5: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

5

Sensor Node

A SN monitors physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, or pollutants.

A SN is can transmit, or forward information through multi-hop routing.

SNs have very limited resources: Energy Memory Computational Power

May be compromised and perform to malicious attacks.

Page 6: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

6

Cluster Head

A Cluster Head (CH) is a node that has been elected to take charge of a group of SNs.

A CH receives direct input from each of its SNs. A CH forwards the data to base station or destination

node through other CHs. CHs use more energy than SNs.

Page 7: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

7

Abnormal Node Behavior

Malicious Node A node may be captured by the enemy at any point and start passing erroneous information

or drop packets. A node is more likely to become malicious if it has low energy or if it is surrounded by

malicious nodes.

Selfish Node A node may become selfish if its energy becomes low relative to its neighbors’. “Selfish” can be thought of as “efficient”. If a node recognizes that its battery level is low and

its neighbors have sufficient energy, it may start dropping packets so its neighbors pick up more of the burden.

The challenge becomes: How do we create a model such that malicious and selfish nodes can be identified and the WSN can adjust to these conditions to achieve a near-optimal performance?

Page 8: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

8

System Model

Leveraging a two-level hierarchy in the WSN, the protocol is conducted using periodic peer-to-peer trust evaluation between two SNs and two CHs.

Each SN reports it p2p evaluation result to other SNs in the cluster and its CH.

The CHs perform CH-to-SN trust evaluation towards SNs in its cluster.

Each CH reports it p2p evaluation result to other CHs in the system to other CHs and the base station.

Page 9: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

9

How Does Trust Factor In?

Once the hierarchy is established, the evaluations completed by each node follow a trust scheme that allows for direct and indirect trust-based reporting.

Trust Composition includes both social trust and QoS trust. Social trust: intimacy, honesty, privacy, centrality and

connectivity. QoS trust: competence, cooperativeness, reliability, task

completion capability.

In this work we consider intimacy, honesty, energy, unselfishness

Page 10: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

10

Trust metrics

Intimacy Reflects the relative degree of interaction experiences

between two nodes The more positive experiences SN A had with SN B, the

more trust and confidence SN A will have toward SN B

Honesty Implies whether a node is malicious or not

Energy Measures if a SN is competent in performing its intended

function

Unselfishness Reflects if a SN can cooperatively execute the intended

protocol.

Page 11: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

11

Hierarchical Trust Management Protocol

Peer-to-peer trust evaluation SN-levels CH-levels

CH-to-SN Trust Evaluation Station-to-CH Trust Evaluation

Page 12: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

12

Evaluation Process

A weighted evaluation is performed and all four metrics are factored into one, overall trust score:

Tij(t) denotes the trust that node i has toward node j at time t.

Deciding the best values of w1, w2, w3, and w4 to maximize application performance is a trust formation issue which is explored in this paper.

Page 13: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

13

Peer-to-Peer Trust Evaluation

P2P Trust Evaluation is performed between SNs and between CHs.

When node i evaluates its trust toward a neighbor node j It snoops, or overhears enough data to provide direct

observation.

i should also refer to past experiences. When i evaluates a node that is beyond its

communication range it will use its past experiences.

It must also use recommendations from its 1-hop neighbors.

Page 14: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

14

Peer-to-Peer Trust Evaluation

This relationship is represented as follows:

γ and α represent weights associated with trust decay. X represents one of the four trust components.

Page 15: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

15

Peer-to-Peer Trust Factors

This measures the level of interaction experiences. It is

computed by the number of interactions between node i and j over the maximum number of interactions between node i and any neighbor node over the time period [0, t].

This refers to the belief of node i that node j is honest based on

node i’s direct observations toward node j. It’s estimated by keeping a count of suspicious dishonest

experiences of node j which node I has observed during [0, t] using a set of anomaly detection rules.

If the count exceeds a system-defined threshold, the value is 0. Otherwise, the value is 1 minus the ratio of the count to the

threshold.

Page 16: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

16

Peer-to-Peer Trust Factors

This refers to the belief of node i that node j still has adequate

energy (representing competence) to perform its intended function.

It is measured by the percentage of node j’s remaining energy It is estimated utilizing some energy consumption model

This provides the degree of unselfishness of node j as evaluated

by node i based on direct observation over [0, t]. Node i may apply overhearing and snooping techniques to

detect selfish behaviors of node j.

Page 17: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

17

Peer-to-Peer Trust Evaluation

This relationship is represented as follows:

When i evaluates a node that is not 1-hop neighbor use its past experience use recommendations from its 1-hop neighbors

Page 18: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

18

Parameters Defined

α - Weight that represents a more instantaneous evaluation, since the higher α, the more weight is given to time t.

γ – weight between recommendations vs. past experiences

β – Represents the impact of “indirect recommendations”. indirect recommendations is normalized to βTik(t) relative to 1

assigned to past experiences

Page 19: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

19

CH-to-SN Trust Evaluation

Once all calculations are complete for a given time period t, the CH applies statistical analysis principles to all Tij(t) values received to perform CH-to-SN trust evaluation toward node j.

CH can also detect any outliers in the cluster to see if any good-mouthing or bad-mouthing is occurring.

The CH can exclude a sensor from reading and routing duties.

Page 20: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

20

Station-to-CH Trust Evaluation

CH-to-CH trust evaluation is peer-to-peer. Station-to-CH trust evaluation performs in a similar way

as CH-to-SN evaluation.

Page 21: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

21

Performance Model

A Stochastic Petri Net model is used to provide a basis for obtaining ground truth status of nodes in the system.

It derives objective trust against which subjective trust obtained as a result of executing our hierarchical trust management protocol can be checked and validated.

Page 22: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

22

Petri Net Model - Energy

Place Energy indicates the remaining energy level of the node

A token will be released from place Energy when transition T_ENERGY is triggered.

The rate of transition T_ENERGY indicates the energy consumption rate.

Energy consumption rates: Normal nodes

Selfish nodes

Page 23: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

23

Petri Net Model - Selfishness

A node may become selfish to save energy. An unselfish node may turn selfish in every trust evaluation

interval Δt according to its remaining energy and the number of unselfish neighbors around.

A selfish node may redeem itself as unselfish to achieve a service availability goal.

Putting a token into place SN when transition T_SELFISH is triggered and removing the token from place SN when transition T_REDEMP is triggered

Page 24: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

24

Petri Net Model - Compromise

A node becomes compromised when T_COMPRO fires and places a token in CN.

Model the IDS behavior through transition T_IDS Rate is for compromised nodes for good nodes (typo error)

Page 25: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

25

Subjective Trust Evaluation

If j is a selfish node (a/c), compromised node (b/c) or normal node (c/c) a, b and c: The average numbers of interactions of node i with a

selfish node, a compromised node and a normal node

Page 26: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

26

Objective Trust Evaluation

Compute objective trust based on actual status as provided by the SPN model output using exactly the same status value assignment as shown in Table I to yield ground truth status of node j at time t.

Tj,obj(t), is also a weighted linear combination of four trust component values

Page 27: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

27

Trust Evaluation Results

Page 28: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

28

Trust Evaluation Results

The trust evaluation consists of two parts trust composition and trust aggregation trust formation

Assertion each trust property X has its own best α and β values subjective assessment would be the most accurate against

actual status of node j in trust property X because different trust properties have their own intrinsic

trust nature and react differently to trust decay over time

Page 29: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

29

Trust Evaluation Results

Larger α indicates that subjective trust evaluation relies more on direct observations compared with past experiences

Larger β indicates that subjective trust evaluation relies more on indirect recommendations provided by recommenders compared with past experiences

Page 30: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

30

Trust Evaluation Results

The best α and β values intrinsically depend on the nature of each trust property as well as a given set of parameter values

Subjective trust obtained as a result of executing our proposed hierarchical trust management protocol approaches true objective trust

Page 31: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

31

Trust-based Geographic Routing

Geographic routing a node disseminates a message to a maximum of L

neighbors closest to the destination node

Trust-based geographic routing node i forwards a message to a maximum of L neighbors

not only closest to the destination node but also with the highest trust values Tij(t)

Baseline routing protocols flooding-based

• a node floods a message to all its neighbors traditional geographic routing

Page 32: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

32

Best Trust Formation to Maximize Application Performance Identify weights to assign

to individual trust properties w1=w2=0.5 × wsocial

w3=w4=0.5 × wQoS

wsocial + wQoS = 1

Considering both social and QoS trust properties helps generate a higher message delivery ratio

Page 33: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

33

Dynamic Trust Management

Dynamically adjust wsocial (the X coordinate) to optimize application performance in message delivery ratio

Page 34: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

34

Performance Comparison

Outperforms traditional geographic routing Approaches flooding-based routing

Page 35: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

35

Performance Comparison

Traditional geographic routing performs better than trust-based geographic routing in message delay This is expected

Page 36: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

36

Performance Comparison

Incurs more message overhead than traditional geographic routing the path selected by trust-based geographic routing is

often the most trustworthy path, not necessarily the shortest path

Page 37: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

37

Trust-based Intrusion Detection

Describe the algorithm that can be used by a high-level node such as a CH (or a base station) to perform trust-based intrusion detection of the SNs

Develop a statistical method to assess trust-based IDS false positive and false negative probabilities

Page 38: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

38

Algorithm for Trust-Based Intrusion Detection Selecting a system minimum trust threshold, Tth,

below which a node is considered compromised A compromised node will exhibit several social and QoS

trust behaviors

Page 39: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

39

Best Trust Formation to Maximize Application Performance As the minimum trust

threshold Tth increases, the false negative probability Pfn decreases while the false positive probability Pfp increases.

There exists an optimal trust threshold Tth,opt at which both false negative and false positive probabilities are minimized.

Page 40: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

40

Performance Comparison

Presented are the best results of all three IDS schemes

Page 41: 1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen,

41

Conclusion

Proposed a hierarchical dynamic trust management protocol for cluster-based wireless sensor networks, considering two aspects of trustworthiness, namely, social trust and QoS trust.

Developed a probability model utilizing stochastic Petri nets techniques to analyze the protocol performance, and validated subjective trust against objective trust obtained based on ground truth node status

Demonstrated the feasibility of dynamic hierarchical trust management and application-level trust optimization design concepts with trust-based geographic routing and trust-based IDS applications