1 Trust Mechanisms in Ad Hoc Networks Azar Rahimi Dehaghani Lei Hu Trust and Security Case Study 2.
-
Upload
gervase-garrison -
Category
Documents
-
view
213 -
download
0
Transcript of 1 Trust Mechanisms in Ad Hoc Networks Azar Rahimi Dehaghani Lei Hu Trust and Security Case Study 2.
11
Trust Mechanisms inTrust Mechanisms inAd Hoc NetworksAd Hoc Networks
Azar Rahimi DehaghaniAzar Rahimi DehaghaniLei HuLei Hu
Trust and Security Trust and Security Case Study 2Case Study 2
22
OutlineOutline
Introduction to ad hoc networksIntroduction to ad hoc networks Security issues in ad hoc Security issues in ad hoc
networksnetworks Existing Security SolutionsExisting Security Solutions Trust modelsTrust models SummarySummary
33
Ad Hoc NetworksAd Hoc Networks
Characteristics:Characteristics:– Temporarily formedTemporarily formed– Nodes act as routersNodes act as routers– Infrastructure-lessInfrastructure-less– Limited resources Limited resources – Shared wireless Shared wireless
mediummedium
Applications:Applications:– Military battlefield Military battlefield
networksnetworks– Personal Area Personal Area
Networks Networks – Disaster and rescue Disaster and rescue
operation operation – Peer to peer networksPeer to peer networks
44
Ad Hoc NetworksAd Hoc Networks
Routing protocols types: Routing protocols types: – Reactive routing protocolsReactive routing protocols– Proactive routing protocolsProactive routing protocols
Leading protocols:Leading protocols:– DSR: Dynamic Source RoutingDSR: Dynamic Source Routing– AODV: Ad hoc On-demand Distance AODV: Ad hoc On-demand Distance
Vector RoutingVector Routing
55
Challenges in Ad Hoc Challenges in Ad Hoc NetworkNetwork The nodes are constantly mobileThe nodes are constantly mobile The protocols implemented are The protocols implemented are
co-operative in natureco-operative in nature There is a lack of a fixed There is a lack of a fixed
infrastructure to collect audit datainfrastructure to collect audit data No clear distinction between No clear distinction between
normalcy and anomaly in ad hoc normalcy and anomaly in ad hoc networksnetworks
66
Attacks on Ad Hoc Attacks on Ad Hoc NetworksNetworks Passive attacksPassive attacks
– Do not change the routing informationDo not change the routing information– Listen to get valuable informationListen to get valuable information
Active attacksActive attacks– Use its energy to manipulate the routing Use its energy to manipulate the routing
informationinformation
77
Active AttacksActive Attacks
Modification:Modification: – Malicious node can modify routing Malicious node can modify routing
informationinformation Fabrication: Fabrication:
– Generating false routing messageGenerating false routing message Impersonation: Impersonation:
– Initiate attack by masquerading as Initiate attack by masquerading as another node another node
88
Existing Security Existing Security SolutionsSolutions Intrusion preventionIntrusion prevention
– Encryption, authenticationEncryption, authentication Nodes are required to have pre-Nodes are required to have pre-
shared keys or digital certificatesshared keys or digital certificates Central trust authority or pre Central trust authority or pre
configuration is not practical for configuration is not practical for ad-hoc networks ad-hoc networks
99
Trust Model 1Trust Model 1
Computes situational trust in agents Computes situational trust in agents based upon the general trust in the based upon the general trust in the trustor and the importance of the trustor and the importance of the situation situation
1.1. Trust derivation: the information that one Trust derivation: the information that one node can gather about the other nodes in node can gather about the other nodes in passive mode passive mode
2.2. Quantification: model represents trust in a Quantification: model represents trust in a continual range -1 to 1 signifying a continual range -1 to 1 signifying a continuous range from complete distrust to continuous range from complete distrust to complete trust complete trust
3.3. Computation: involves an assignment of Computation: involves an assignment of weights to the events that were monitored weights to the events that were monitored and quantified and quantified
1010
DSR ProtocolDSR Protocol
On demand protocol: route information On demand protocol: route information discovered only as neededdiscovered only as needed
Source routing: entire path to Source routing: entire path to destination supplied by source in destination supplied by source in packet headerpacket header
Procedure: Procedure: – Route discoveryRoute discovery– Route maintenanceRoute maintenance– RoutingRouting
1111
Route DiscoveryRoute Discovery
Route Request:Route Request:– Source broadcasts Route Request message Source broadcasts Route Request message
for specified destinationfor specified destination– Intermediate node adds itself to path in Intermediate node adds itself to path in
message and forwards message toward message and forwards message toward destinationdestination
1212
Route DiscoveryRoute Discovery
Route Reply:Route Reply:– Destination unicasts Route Reply Destination unicasts Route Reply
message to sourcemessage to source
A ERoute Reply
messageA-B-C-D
MatchNew entry
A ERoute Reply
messageA-B-C-D
MatchNew entry
1313
Route MaintenanceRoute Maintenance
Used when link breakage occursUsed when link breakage occurs– Link breakage may be detected using link-layer ACKs, Link breakage may be detected using link-layer ACKs,
“passive ACKs”, DSR ACK request“passive ACKs”, DSR ACK request– Route Error message sent to source of message being Route Error message sent to source of message being
forwarded when break detectedforwarded when break detected– Intermediate nodes “eavesdrop”, adjust cached routes Intermediate nodes “eavesdrop”, adjust cached routes – Source deletes route; tries another if one cached, or Source deletes route; tries another if one cached, or
issues new Route Requestissues new Route Request
A B C D E
Route error message: C-D is broken
1414
DSR Based on Model 1DSR Based on Model 1
Trust derivation: Trust derivation: – AcknowledgementsAcknowledgements– Packet precisionPacket precision– SalvagingSalvaging– Black listsBlack lists
Trust quantification: Trust quantification: – Quantizes the events and assigns weights to themQuantizes the events and assigns weights to them
Trust computation:Trust computation:– Determines aggregate trust level for a particular Determines aggregate trust level for a particular
node node
1515
Trust Model 2Trust Model 2
Build trust Build trust manager on each manager on each node in the node in the network network
Two components:Two components:– Monitoring Monitoring
modulemodule– Reputation Reputation
handling modulehandling module
1616
Monitoring ModuleMonitoring Module
Each node independently Each node independently monitors its neighboring nodes monitors its neighboring nodes packet forwarding activitiespacket forwarding activities
It is related to the proportion of It is related to the proportion of correctly forwarded packets to correctly forwarded packets to the total number of packets the total number of packets
1717
Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting
– SensingSensing– RecommendationsRecommendations
Reputation information templateReputation information template Reputation information Reputation information
maintenancemaintenance Reputation ratingReputation rating
1818
Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting Reputation information templateReputation information template
Reputation information Reputation information maintenancemaintenance
Reputation ratingReputation rating
1919
Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting Reputation information templateReputation information template Reputation information Reputation information
maintenancemaintenance
Reputation ratingReputation rating
2020
Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting Reputation information templateReputation information template Reputation information maintenanceReputation information maintenance Reputation ratingReputation rating
– Proportion of correctly forwarded packets with respect to the total number of packets to be forwarded during a fixed time window
2121
Trust Model 3Trust Model 3
Trust is defined based on the Trust is defined based on the following factors:following factors:– Experience statisticsExperience statistics– Data valueData value– Intrusion black list Intrusion black list – ReferenceReference– Personal preferencePersonal preference
2323
SummarySummary
Trust in ad hoc networks can not be Trust in ad hoc networks can not be treated as a property of trusted systems treated as a property of trusted systems but rather it is an assessment based on but rather it is an assessment based on experience that is shared through experience that is shared through networks of peoplenetworks of people
Hard-security cryptographic or certification Hard-security cryptographic or certification mechanisms are not feasiblemechanisms are not feasible
Confidence measures should be built Confidence measures should be built dynamically based on effort/return dynamically based on effort/return mechanismmechanism
2424
ReferencesReferences
1.1. Asad Amir Pirzada, Chris McDonald: Establishing Trust In Asad Amir Pirzada, Chris McDonald: Establishing Trust In Pure Ad-hoc Networks. ACSC 2004, pp. 47-54, 2004. Pure Ad-hoc Networks. ACSC 2004, pp. 47-54, 2004.
2.2. Patrick Albers, Olivier Camp, Jean-Marc Percher, Bernard Patrick Albers, Olivier Camp, Jean-Marc Percher, Bernard Jouga, Ludovic Mé, Ricardo Staciarini Puttini: Security in Jouga, Ludovic Mé, Ricardo Staciarini Puttini: Security in Ad Hoc Networks: a General Intrusion Detection Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches. Wireless Architecture Enhancing Trust Based Approaches. Wireless Information Systems , pp. 1-12, 2002. Information Systems , pp. 1-12, 2002.
3.3. Yacine Rebahi, Vicente E. Mujica V, Dorgham Sisalem: A Yacine Rebahi, Vicente E. Mujica V, Dorgham Sisalem: A Reputation-Based Trust Mechanism for Ad Hoc Reputation-Based Trust Mechanism for Ad Hoc Networks. ISCC 2005, pp. 37-42, 2005. Networks. ISCC 2005, pp. 37-42, 2005.
4.4. Yan Sun, Wei Yu, Zhu Han, K. J. Ray Liu: Trust Modeling Yan Sun, Wei Yu, Zhu Han, K. J. Ray Liu: Trust Modeling and Evaluation in Ad Hoc Networks. Global and Evaluation in Ad Hoc Networks. Global Telecommunication Conference 2005.Telecommunication Conference 2005.
5.5. Zheng Yan , Peng Zhang , Teemupekka Virtanen: Trust Zheng Yan , Peng Zhang , Teemupekka Virtanen: Trust Evaluation Based Security Solution in Ad Hoc Networks. Evaluation Based Security Solution in Ad Hoc Networks. Proceedings of the Seventh Nordic Workshop on Secure IT Proceedings of the Seventh Nordic Workshop on Secure IT Systems, 2003. Systems, 2003.