11

Trust Mechanisms inTrust Mechanisms inAd Hoc NetworksAd Hoc Networks

Azar Rahimi DehaghaniAzar Rahimi DehaghaniLei HuLei Hu

Trust and Security Trust and Security Case Study 2Case Study 2

22

OutlineOutline

Introduction to ad hoc networksIntroduction to ad hoc networks Security issues in ad hoc Security issues in ad hoc

networksnetworks Existing Security SolutionsExisting Security Solutions Trust modelsTrust models SummarySummary

33

Ad Hoc NetworksAd Hoc Networks

Characteristics:Characteristics:– Temporarily formedTemporarily formed– Nodes act as routersNodes act as routers– Infrastructure-lessInfrastructure-less– Limited resources Limited resources – Shared wireless Shared wireless

mediummedium

Applications:Applications:– Military battlefield Military battlefield

networksnetworks– Personal Area Personal Area

Networks Networks – Disaster and rescue Disaster and rescue

operation operation – Peer to peer networksPeer to peer networks

44

Ad Hoc NetworksAd Hoc Networks

Routing protocols types: Routing protocols types: – Reactive routing protocolsReactive routing protocols– Proactive routing protocolsProactive routing protocols

Leading protocols:Leading protocols:– DSR: Dynamic Source RoutingDSR: Dynamic Source Routing– AODV: Ad hoc On-demand Distance AODV: Ad hoc On-demand Distance

Vector RoutingVector Routing

55

Challenges in Ad Hoc Challenges in Ad Hoc NetworkNetwork The nodes are constantly mobileThe nodes are constantly mobile The protocols implemented are The protocols implemented are

co-operative in natureco-operative in nature There is a lack of a fixed There is a lack of a fixed

infrastructure to collect audit datainfrastructure to collect audit data No clear distinction between No clear distinction between

normalcy and anomaly in ad hoc normalcy and anomaly in ad hoc networksnetworks

66

Attacks on Ad Hoc Attacks on Ad Hoc NetworksNetworks Passive attacksPassive attacks

– Do not change the routing informationDo not change the routing information– Listen to get valuable informationListen to get valuable information

Active attacksActive attacks– Use its energy to manipulate the routing Use its energy to manipulate the routing

informationinformation

77

Active AttacksActive Attacks

Modification:Modification: – Malicious node can modify routing Malicious node can modify routing

informationinformation Fabrication: Fabrication:

– Generating false routing messageGenerating false routing message Impersonation: Impersonation:

– Initiate attack by masquerading as Initiate attack by masquerading as another node another node

88

Existing Security Existing Security SolutionsSolutions Intrusion preventionIntrusion prevention

– Encryption, authenticationEncryption, authentication Nodes are required to have pre-Nodes are required to have pre-

shared keys or digital certificatesshared keys or digital certificates Central trust authority or pre Central trust authority or pre

configuration is not practical for configuration is not practical for ad-hoc networks ad-hoc networks

99

Trust Model 1Trust Model 1

Computes situational trust in agents Computes situational trust in agents based upon the general trust in the based upon the general trust in the trustor and the importance of the trustor and the importance of the situation situation

1.1. Trust derivation: the information that one Trust derivation: the information that one node can gather about the other nodes in node can gather about the other nodes in passive mode passive mode

2.2. Quantification: model represents trust in a Quantification: model represents trust in a continual range -1 to 1 signifying a continual range -1 to 1 signifying a continuous range from complete distrust to continuous range from complete distrust to complete trust complete trust

3.3. Computation: involves an assignment of Computation: involves an assignment of weights to the events that were monitored weights to the events that were monitored and quantified and quantified

1010

DSR ProtocolDSR Protocol

On demand protocol: route information On demand protocol: route information discovered only as neededdiscovered only as needed

Source routing: entire path to Source routing: entire path to destination supplied by source in destination supplied by source in packet headerpacket header

Procedure: Procedure: – Route discoveryRoute discovery– Route maintenanceRoute maintenance– RoutingRouting

1111

Route DiscoveryRoute Discovery

Route Request:Route Request:– Source broadcasts Route Request message Source broadcasts Route Request message

for specified destinationfor specified destination– Intermediate node adds itself to path in Intermediate node adds itself to path in

message and forwards message toward message and forwards message toward destinationdestination

1212

Route DiscoveryRoute Discovery

Route Reply:Route Reply:– Destination unicasts Route Reply Destination unicasts Route Reply

message to sourcemessage to source

A ERoute Reply

messageA-B-C-D

MatchNew entry

A ERoute Reply

messageA-B-C-D

MatchNew entry

1313

Route MaintenanceRoute Maintenance

Used when link breakage occursUsed when link breakage occurs– Link breakage may be detected using link-layer ACKs, Link breakage may be detected using link-layer ACKs,

“passive ACKs”, DSR ACK request“passive ACKs”, DSR ACK request– Route Error message sent to source of message being Route Error message sent to source of message being

forwarded when break detectedforwarded when break detected– Intermediate nodes “eavesdrop”, adjust cached routes Intermediate nodes “eavesdrop”, adjust cached routes – Source deletes route; tries another if one cached, or Source deletes route; tries another if one cached, or

issues new Route Requestissues new Route Request

A B C D E

Route error message: C-D is broken

1414

DSR Based on Model 1DSR Based on Model 1

Trust derivation: Trust derivation: – AcknowledgementsAcknowledgements– Packet precisionPacket precision– SalvagingSalvaging– Black listsBlack lists

Trust quantification: Trust quantification: – Quantizes the events and assigns weights to themQuantizes the events and assigns weights to them

Trust computation:Trust computation:– Determines aggregate trust level for a particular Determines aggregate trust level for a particular

node node

1515

Trust Model 2Trust Model 2

Build trust Build trust manager on each manager on each node in the node in the network network

Two components:Two components:– Monitoring Monitoring

modulemodule– Reputation Reputation

handling modulehandling module

1616

Monitoring ModuleMonitoring Module

Each node independently Each node independently monitors its neighboring nodes monitors its neighboring nodes packet forwarding activitiespacket forwarding activities

It is related to the proportion of It is related to the proportion of correctly forwarded packets to correctly forwarded packets to the total number of packets the total number of packets

1717

Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting

– SensingSensing– RecommendationsRecommendations

Reputation information templateReputation information template Reputation information Reputation information

maintenancemaintenance Reputation ratingReputation rating

1818

Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting Reputation information templateReputation information template

Reputation information Reputation information maintenancemaintenance

Reputation ratingReputation rating

1919

Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting Reputation information templateReputation information template Reputation information Reputation information

maintenancemaintenance

Reputation ratingReputation rating

2020

Reputation Handling Reputation Handling ModuleModule Reputation information collectingReputation information collecting Reputation information templateReputation information template Reputation information maintenanceReputation information maintenance Reputation ratingReputation rating

– Proportion of correctly forwarded packets with respect to the total number of packets to be forwarded during a fixed time window

2121

Trust Model 3Trust Model 3

Trust is defined based on the Trust is defined based on the following factors:following factors:– Experience statisticsExperience statistics– Data valueData value– Intrusion black list Intrusion black list – ReferenceReference– Personal preferencePersonal preference

2222

Secure Routing Based on Secure Routing Based on Model 3Model 3

2323

SummarySummary

Trust in ad hoc networks can not be Trust in ad hoc networks can not be treated as a property of trusted systems treated as a property of trusted systems but rather it is an assessment based on but rather it is an assessment based on experience that is shared through experience that is shared through networks of peoplenetworks of people

Hard-security cryptographic or certification Hard-security cryptographic or certification mechanisms are not feasiblemechanisms are not feasible

Confidence measures should be built Confidence measures should be built dynamically based on effort/return dynamically based on effort/return mechanismmechanism

2424

ReferencesReferences

1.1. Asad Amir Pirzada, Chris McDonald: Establishing Trust In Asad Amir Pirzada, Chris McDonald: Establishing Trust In Pure Ad-hoc Networks. ACSC 2004, pp. 47-54, 2004. Pure Ad-hoc Networks. ACSC 2004, pp. 47-54, 2004.

2.2. Patrick Albers, Olivier Camp, Jean-Marc Percher, Bernard Patrick Albers, Olivier Camp, Jean-Marc Percher, Bernard Jouga, Ludovic Mé, Ricardo Staciarini Puttini: Security in Jouga, Ludovic Mé, Ricardo Staciarini Puttini: Security in Ad Hoc Networks: a General Intrusion Detection Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches. Wireless Architecture Enhancing Trust Based Approaches. Wireless Information Systems , pp. 1-12, 2002. Information Systems , pp. 1-12, 2002.

3.3. Yacine Rebahi, Vicente E. Mujica V, Dorgham Sisalem: A Yacine Rebahi, Vicente E. Mujica V, Dorgham Sisalem: A Reputation-Based Trust Mechanism for Ad Hoc Reputation-Based Trust Mechanism for Ad Hoc Networks. ISCC 2005, pp. 37-42, 2005. Networks. ISCC 2005, pp. 37-42, 2005.

4.4. Yan Sun, Wei Yu, Zhu Han, K. J. Ray Liu: Trust Modeling Yan Sun, Wei Yu, Zhu Han, K. J. Ray Liu: Trust Modeling and Evaluation in Ad Hoc Networks. Global and Evaluation in Ad Hoc Networks. Global Telecommunication Conference 2005.Telecommunication Conference 2005.

5.5. Zheng Yan , Peng Zhang , Teemupekka Virtanen: Trust Zheng Yan , Peng Zhang , Teemupekka Virtanen: Trust Evaluation Based Security Solution in Ad Hoc Networks. Evaluation Based Security Solution in Ad Hoc Networks. Proceedings of the Seventh Nordic Workshop on Secure IT Proceedings of the Seventh Nordic Workshop on Secure IT Systems, 2003. Systems, 2003.

2525

Questions???Questions???