Introduction Out Outline e Imagine an Ad-hoc network - - PowerPoint PPT Presentation

Wireless Ad Hoc and Sensor Networks

• Trust and Soft Security

WS 2010/2011 WS 2010/2011

• Prof. Dr. Dieter Hogrefe
• Dr. Omar Alfandi

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

2

Introduction Imagine an Ad-hoc network

How can nodes in a cooperative communications R l h h ?

• Rely on each other?
• Decide whether and with

whom to interact in this whom to interact in this uncertain conditions? These risks can be mitigated through soft security mechanisms

3

soft security mechanisms Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

4

Security Techniques

A: Hard security:

• traditional way of protecting data by putting hard fences

traditional way of protecting data by putting hard fences to maintain the CIA (Confidentiality, Integrity an availability) properties with: y) p p

– Authentication – Access Control – etc.

• Leaves the security to some

t l l b l th it external or global authority

• Reveals everything if they are bypassed
• Example: Password

5

Security Techniques

B: Soft security:

• protect something from harm in quite and unremarkable ways.
• It is invisibly and after the fact
• used for social control mechanism

– It is the participants themselves who are responsible for the security – is collaborative and based on whole community – doesn’t deny the existence

• f the malicious participants
• f the malicious participants

– but avoid to interact with the malicious one

6

• Example: Trust and Reputation Systems

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

7

Notion of Trust

Trust is a directional relationship consists of:

• Trustor
• Trustee
• Scope

A B Trustor Trustee

• A can trust on B if B acts as the same way that A

y expects! And It shows to what extend does A have the feeling of security on B

8

Trust Network: Web of Trust

• Trust Network (Web of Trust):

The network of relationship between nodes that shows the level of trust

• vertex ~ mobile node

nodes that shows the level of trust between them.

• direct edge ~ level of trust

Alice Bob

0 9 1

• Properties of Trust:

– weighted, [0 = distrust, 1= trust] bj ti / l

0.9

Carol

0 6

Dave

– subjective/personal – asymmetric

0.2

– dynamic t i

0.6

– non-monotonic – transitive

9

Transitivity of Trust

1

Alice Bob

0.9 0 2 0.3

Carol

0.6

Dave

0.2

?

10

Trust Metrics

Alice Bob

1

• Is a measure of how a member of a

group is trusted by the other member.

0.9 0.2 0.3

• Using existing edges for predicting

values of trust for non existing edges i t t t iti

Carol

0.6

Dave

using trust transition. (if you trust someone then, you have some degree of trust in any one that

?

g y person trusts) G l d t i t b

Trust (Alice, Dave) = ?

• Goal: reduce uncertainty, by

predicting how much each unknown people could be trusted.

11

Trust Management

Trust management is the activity of gathering, encoding analyzing and presenting evidence encoding, analyzing and presenting evidence relating to honesty and security with the purpose

• f making decisions regarding trust relationships
• f making decisions regarding trust relationships.
• Policy base trust management
• Policy-base trust management
• Reputation-based trust management

12

Policy-Based Trust

• Using policies to establish trust
• Managing and exchanging credentials
• Enforcing access policies
• Using trusted third party for issuing and verifying

credentials

• Example:

– PGP (Pretty Good Privacy)

13

Reputation-Based Trust

• Reputation:

– The overall quality or character as seen or j d d b l i l judged by people in general

• I trust you because of your good reputation
• I trust you despite your bad reputation

y p y p

• Reputation-based trust

p

– Using reputation to establish trust – Using the history of an entity’s b h i / ti behaviors/actions – Combining first-hand knowledge and recommendation made by others and recommendation made by others

14

Reputation Network Architecture: Centralized

• Central authority

(reputation center) – Collects all rating about each participants who is each participants who is rated by other members after a direct experience. D i t ti – Derives a reputation score for each participants. – Makes all scores publicly p y available.

e.g. eBay

15

Reputation Network Architecture: Distributed

• No reputation center

Di t ib t d t – Distributed stores

• Where rating can be

submitted – Each participants

• Records the opinion

b t th about others

• Provide this information
• n request from relying

q y g party.

e.g. Peer-to-Peer, Ad-hoc Networks

16

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

17

Generic Trust and Reputation Model Scheme

Gathering information 1

18

Gathering Information

• Gather its own opinion if

there exist any direct i t ti

A B

1

interactions:

– First-hand information

Gather the idea of other

0.9 0.2 0.3

• Gather the idea of other

nodes that A has contact with them:

C

0.6

D

with them:

– Second-hand information or recommendation

?

Trust (A,D) = ?

Trust (C,D) = 0.6 Trust (B,D) = 0

19

Generic Trust and Reputation Model Scheme

Gathering information 1 2 Scoring & Ranking Ranking

20

Scoring and Ranking

A B

1

• A considers the

recommendations according to hi i i b t th

0.9

D

0.2 0.3

his opinion about the recommenders:

C

0.6

D

?

Trust (A,D) = ?

Trust (A,B) = 1 T t (A D) 1 0 0

Trust (A,D) = ?

( , ) Trust (B,D) = 0 T t (A C) 0 9 Trust (A,D) = 1x0=0

Trust (A,D) = (0 + 0.54)/2 = 0.27 Trust (A,D) = (0 + 0.54)/2 = 0.27

Trust (A,C) = 0.9 Trust (C,D) = 0.6 Trust (A,D) = 0.9x0.6=0.54

21

Generic Trust and Reputation Model Scheme

Gathering information 1 2 Scoring & Ranking Ranking

Perform Transaction

Evaluating received service 3

unsatisfied

Punish Reward

satisfied

4 Update First-hand

22

Punish Reward information

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

23

Some Proposed Models

• CONFIDANT

Sonja Buchegger, Jean-Yves Le Boudec "Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes - Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes Fairness In Dynamic Ad-hoc NeTworks)."Proceedings of MobiHoc 2002, Lausanne, June 2002.

• CORE
• CORE
• P. Michiardi and R. Molva. CORE: A COllaborative REputation mechanism to enforce

node cooperation in Mobile Ad Hoc Networks. Communication and Multimedia Security, September, 2002.

• RFSN
• S. Ganeriwal and M. Srivastava. Reputation-based framework for high integrity

sensor networks. In proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN ’04), October 2004

24

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

25

CONFIDANT

• Its Goal is to detect, prevent, and discourage:

– Selfishness (not forwarding of control messages or data) – Traffic deviation

• Advertise many routes
• Advertise routes too often

Advertise routes too often

• Advertise no routes

– Route salvaging, rerouting to avoid a broken although no error h b b d has been observed – Lock of error messages, although an error has been observed (and vice versa) ( ) – Silent route change (tampering with message headers of either control or data packets)

26

CONFIDANT Protocol

• Is built on DSR (Dynamic Source Routing)
• Observes Behaviour

– 'Neighbourhood Watch' behaviour that is directly observed, h d b th d

• verheard, by the node
• Reports Behaviour

Share experienced misbehaviour and learn from friends – Share experienced misbehaviour and learn from friends

• Make decision based on Behaviour

27

CONFIDANT Components

• Monitor

– Directly observes behaviour

• Trust Manager

– Sends and receives ALARMs

• Reputation System

– Node Rating

P th M

• Path Manager

– Route management based on Reputation

Each node has all of these components locally

28

CONFIDANT Components

29

Monitor

• Directly observes behaviour of 1-hop

neighbourhood

• By listening to the transmission of the next

node detects any packet alteration

D t k t – Data packets – Routing packets

• Registers deviation from normal behaviour
• Registers deviation from normal behaviour

and reports to the reputation system if bad behaviour occurs

• Forwards received ALARMS to the trust

manager for evaluation

30

Trust Manager

• Handles all incoming and outgoing ALARM messages

experienced or observed misbehaviour.

• Consists of three components:

– Alarm table: contains information about received ALARMs T t t bl t t l l f th d t d t i i th – Trust table: manages trust level of the node to determining the trustworthiness of the originator of ALARM – Friends list: contains all friends a node has

• Forward ALARM on received report of misbehaviour to

all friends

31

Reputation System

• Manage the table of nodes and their rating
• Only negative experience is counted
• Ratings are changed only if the malicious behaviour has
• ccurred at least a threshold number of time
• Ratings are updated according to the rate function
• Rate function assigns greatest weighted to personal

experience and newly observed behaviour

• If the rating of any node falls below a predetermined

th h ld P th M ill b ll d threshold, Path Manager will be called Assume negative behaviour is rare, and probably means d b t t d! node can never be trusted!

32

Path Manager

• Decision maker
• Path re-ranking according to

security metric (re-rank route based on reputation)

• Deletes path containing

malicious nodes T k ti

• Takes necessary action upon

receiving a request for route from a misbehaving node from a misbehaving node (ignore request)

33

Example: Reputation in MANETs

• Node A‘s view of the network
• A wants to send packets to D

via C 34

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

35

CORE

• Proposed to enforce node cooperation in MANETs

based on a collaborative monitoring technique

• Used for solving the selfish behavior
• Nodes modeled as a members of a community
• The reputation is formed and updated along the time

– assigns more weight to the past observations than the current

• bservations
• bservations
• Three types of reputation

– subjective reputation – subjective reputation – indirect reputation – functional reputation

• Different weights to different functions like packet forwarding, etc.

36

CORE

• Has two protocol entities

– Requester: refers to a network entity asking for the execution of a function f – Provider: refers to any entity supposed to correctly execute the function f Provider: refers to any entity supposed to correctly execute the function f

• Each node maintains

– An RT (Reputation Table) for each function f

• An entry in RT has:
• An entry in RT has:

– unique ID – recent subjective reputation i di i – recent indirect reputation – composite reputation for a predefined function

• RTs updated in two situations:

– during the request phase – during the reply phase

• Each node is also equipped with a watchdog mechanism for

Each node is also equipped with a watchdog mechanism for promiscuous observation

37

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

38

RFSN

• Sensor network already follow a community model

– Individual nodes do not have any utility – Collaborative information gathering, data processing and Collaborative information gathering, data processing and relaying

• RFSN incorporates intelligence into nodes

Exposes trust as an explicit metric! – Exposes trust as an explicit metric! – Cooperate with ONLY those nodes that are trustworthy

• RFSN uses two different metrics

– Distinguishes between trust and reputation

39

RFSN

I detected I detected a car at ( ) It was a false alarm. No h ! I detected a car at (x,y) a car at (x,y) a car at (x,y) such car! ( y) I detected a car at (x,y)

Misbehavior while routing information

I detected a car at (x,y)

g Misbehavior even while generating information

40

Architecture of RFSN

Watchdog mechanism Reputation Trust Behavior Second hand

Watchdog mechanism: Gather first hand information

Second hand information

• Watchdog mechanism: Gather first hand information
• Second hand information: Share experiences to facilitate

community growth y g

• Reputation: Develop a perception of other nodes over time
• Trust: Predict their future behavior

B h i C /N i h d i i

• Behavior: Cooperate/Non-cooperate with node in question

41

Reputation Representation

) (    

• Probabilistic formulation

– Use beta distribution to represent reputation of a node.

, , 1 ) 1 ( ) ( ) ( ) ( ) , (

1 1

           

 

       

 

x x x Beta Rij

R t ti f d j f th ti f d i Reputation of node j from the perspective of node i

• Why beta distribution?

Simple to store: Just characterized by 2 parameters – Simple to store: Just characterized by 2 parameters. – Intuitive: α and β represents magnitude of cooperation and non-cooperation. – Efficient: Easy reputation updates, integration, trust formulation.

• Maintain reputation for just neighboring nodes

– Use locality – Provides scalability

42

Design of Beta Reputation System

Propagated data:

• Information about good nodes – Saves from bad mouthing attacks
• Independent information (direct experience) – Critical to derivation in

Independent information (direct experience) Critical to derivation in earlier slide

Trust Trust Trust Trust Trust Trust Trust

Reputation table based on only direct information of

Reputa RT iNC Watch RTD iNC Reputa RT iNC Watch Reputa RT iNC Watch RTD iNC Reputa RT iNC Watch Reputa RT iNC Watch RTD iNC Reputa RT iNC Watch Reputa RT iNC Watch RTD iNC

information of cooperative and non- cooperative nodes

tion RT iC Behavior RTD iC hdog tion RT iC Behavior RTD iC hdog tion RT iC Behavior RTD iC hdog tion RT iC Behavior RTD iC hdog tion RT iC Behavior RTD iC hdog tion RT iC Behavior RTD iC hdog tion RT iC Behavior RTD iC hdog

Reputation table of cooperative and non- cooperative nodes

Second Hand Info Second Hand Info

Second Hand Info

Second Hand Info Second Hand Info Second Hand Info

Second Hand Info

Propagating data

43

Comparison

Metric Confidant Core RFSN Architecture Distributed Distributed Distributed Context Ad-hoc Networks Ad-hoc Networks Sensor Networks Scope Routing Routing Compromised / Scope Routing misbehavior Routing Misbehavior Compromised / Faulty nodes Formulation Heuristics/ Bayesian Heuristics based

• n game theory

Bayesian formulation Bayesian formulation based on game theory

• n game theory

formulation based on decision theory Reputation propagation Only bad Only good Only good Maintenance Local Local Local

44

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

45

Problems of Reputation Systems

• Reputation systems help peers to recognize the trustworthy

peers and avoid the malicious ones H th t ti t i ht b

• However, the reputation systems might be

themselves target of attacks like:

Unfair Ratings (Liars) – Unfair Ratings (Liars)

• Comparing the opinion of the recommenders

– Bias Toward Positive Rating

• Providing anonymous reputation management

– Quality Variations Over Time

• Discounting of the past behavior
• Discounting of the past behavior

– Ballot Box Stuffing

• Rating on the cost of transaction

– Change of Identities

46

Outline Out e

• Introduction
• Security techniques
• Trust and reputation systems
• Generic Trust and Reputation Model Scheme
• Proposed models for ad hoc and sensor networks

– CONFIDANT – CORE RFSN – RFSN

• Problems exist in reputation systems
• Summary
• Summary

47

Summary

• Basic Criteria for judging the reliability of an entity:

– Hard security mechanisms – Soft security mechanisms Soft security mechanisms

• Using soft security mechanisms are unavoidable for cooperative

environments like mobile ad-hoc and sensor network:

– Reflects recent trends in entity performance

• Robustness against attacks is required:

– Resist to manipulate reputation scores Adding any single rating should not influence the score significantly – Adding any single rating should not influence the score significantly

48