ARTICLE IN PRESS · 2018-01-16 · 2 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx...
Transcript of ARTICLE IN PRESS · 2018-01-16 · 2 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx...
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
Ad Hoc Networks xxx (2016) xxx–xxx
Contents lists available at ScienceDirect
Ad Hoc Networks
journal homepage: www.elsevier.com/locate/adhoc
Trust threshold based public key management in mobile ad
hoc networks
Jin-Hee Cho
a , ∗, Ing-Ray Chen
b , Kevin S. Chan
a Q1
a U.S. Army Research Laboratory, Adelphi, MD 20783, USA b Department of Computer Science, Virginia Tech, Falls Church, VA 22043, USA
a r t i c l e i n f o
Article history:
Received 5 October 2015
Revised 14 January 2016
Accepted 21 February 2016
Available online xxx
Keywords:
Public key management
Mobile ad hoc networks
Trust
Risk
Private key
Public key
Certificate authority
a b s t r a c t
Public key management in mobile ad hoc networks (MANETs) has been studied for sev-
eral decades. However, the unique characteristics of MANETs have imposed great chal-
lenges in designing a fully distributed public key management protocol under resource-
constrained MANET environments. These challenges include no centralized trusted enti-
ties, resource constraints, and high security vulnerabilities. This work proposes a fully dis-
tributed trust-based public key management approach for MANETs using a soft security
mechanism based on the concept of trust. Instead of using hard security approaches, as
in traditional security techniques, to eliminate security vulnerabilities, our work aims to
maximize performance by relaxing security requirements based on the perceived trust. We
propose a composite trust-based public key management (CTPKM) with the goal of max-
imizing performance while mitigating security vulnerability. Each node employs a trust
threshold to determine whether or not to trust another node. Our simulation results show
that an optimal trust threshold exists to best balance and meet the conflicting goals be-
tween performance and security, by exploiting the inherent tradeoff between trust and
risk. The results also show that CTPKM minimizes risk (i.e., information leakout) using an
optimal trust threshold while maximizing service availability with acceptable communi-
cation overhead incurred by trust and key management operations. We demonstrate that
CTPKM outperforms both existing non-trust-based and trust-based counterparts.
Published by Elsevier B.V.
1. Introduction 1
In resource-constrained mobile ad-hoc networks
Q2
2
(MANETs), it is inefficient to employ cryptographic tech- 3
niques for key management due to high computation and 4
communication overhead as well as network dynamics 5
that could require frequent key reassignments. In addi- 6
tion, the unique nature of MANETs does not allow any 7
centralized trusted certificate authority (CA) to deal with 8
all key management operations, including key generation, 9
∗ Corresponding author. Tel.: +1 571 232 3817.
E-mail addresses: [email protected] , [email protected] ,
[email protected] (J.-H. Cho), [email protected] (I.-R. Chen),
[email protected] (K.S. Chan).
distribution, update, and revocation. Essentially, it is in- 10
feasible to build a system using hard security approaches 11
(e.g., encryption or authentication techniques) to meet the 12
dual goals of performance (i.e., efficiency) and security 13
due to the inherent tradeoff. In this work, we take a soft 14
security approach by applying the concept of trust to meet 15
both performance and security requirements. 16
The concept of “trust ” originally is derived from so- 17
cial science and defined as the degree of a subjective be- 18
lief about the behaviors of a particular entity [1] . Blaze 19
et al. [2] first introduced the term “trust management ” 20
and identified it as a separate component of security ser- 21
vices in networks. They explained that “Trust management 22
provides a unified approach for specifying and interpret- 23
ing security policies, credentials, and relationships. ” Trust 24
http://dx.doi.org/10.1016/j.adhoc.2016.02.014
1570-8705/Published by Elsevier B.V.
Please cite this article as: J.-H. Cho et al., Trust threshold based public key management in mobile ad hoc networks, Ad
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
2 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
management in MANETs is needed when participating 25
nodes, without any previous interactions, desire to estab- 26
lish a network with an acceptable level of trust relation- 27
ships among themselves. 28
Trust management, including trust establishment, trust 29
update, and trust revocation, in MANETs is more challeng- 30
ing than in traditional centralized environments [3] . First 31
of all, collecting trust evidence to evaluate trustworthiness 32
is difficult due to topology changes caused by node mobil- 33
ity/failure. Further, resource constraints often confine trust 34
assessment process only to local information. The dynamic 35
nature and characteristics of MANETs result in uncertain, 36
incomplete trust evidence, which is continuously changing 37
over time [3,4] . Cho et al. [5] comprehensively surveyed 38
trust management in MANETs recognizing that trust orig- 39
inates from various domains including psychology, sociol- 40
ogy, economics, philosophy, organizational theory, and so 41
on. Cho et al. [5] suggested that the following properties be 42
considered when designing trust-based MANET protocols: 43
(1) potential risk; (2) context-dependency; (3) each party’s 44
own interest (e.g., utility/payoff based on rational selfish- 45
ness); (4) learning based on cognition/experience; and (5) 46
system reliability. 47
Trust management has diverse applicability in many 48
decision making situations including intrusion detection 49
[6,7] , authentication, access control, key management, iso- 50
lating misbehaving nodes for effective routing [6,8,9] , and 51
many other purposes [9] . In addition, the concept of mul- 52
tidimensional trust recently has been explored in network- 53
ing and computing research areas and applied in various 54
security services [6,7,10–13] . Bao et al. [6,7] proposed trust- 55
based secure routing and intrusion detection mechanisms 56
for wireless sensor networks by considering multiple di- 57
mensions of trust. Cho et al. [10,11] and Chen et al. [12] 58
proposed trust management protocols for MANETs or de- 59
lay tolerant networks considering multiple trust compo- 60
nents. However, the above works [6,7,10–12] did not con- 61
sider trust-based public key management while assuming 62
a pre-loaded private/public key pair in each node. Very re- 63
cently Mahmoud et al. [13] proposed trust-based secure 64
and reliable routing for heterogeneous multihop wireless 65
networks where competence and reliability of a node are 66
estimated and used to derive the node trust level that can 67
l. 68
d 69
- 70
y 71
d 72
t 73
s 74
75
- 76
77
78
79
80
81
82
83
84
85
aims to achieve: (a) resiliency against misbehaving nodes 86
in the network to maintain minimum security vulnerabil- 87
ity; (b) availability in service provision in the presence of 88
compromised nodes; and (c) efficiency in minimizing com- 89
munication overhead incurred by trust and key manage- 90
ment operations. CTPKM satisfies the requirements of self- 91
organized and distributed key management for MANETs 92
as discussed in [14] : (a) no single point of failure, i.e., 93
no trusted third party is required; (b) resilience with low 94
security vulnerability in the presence of hostile entities, 95
i.e., little exposure of a compromised key; (c) high ser- 96
vice availability, i.e., a sufficient number of valid, correct 97
public keys are kept in each node; and (d) scalability, i.e., 98
low communication overhead for obtaining a valid/correct 99
public key whose corresponding private key is not compro- 100
mised. 101
The contributions of our work are as follows: 102
1. Relative to existing non-trust-based distributed key 103
management algorithms for MANETs without using 104
a centralized trusted [15–19] , our contribution is to 105
develop a CTPKM that allows each node to make lo- 106
cal peer-to-peer trust assessment for distributed de- 107
cision making based on a composite trust metric. 108
We consider multiple dimensions of trust (i.e., com- 109
petence, integrity, and social contact) that are esti- 110
mated based on evidence derived from the charac- 111
teristics of communication, information, and social 112
networking in a MANET. This allows fast and safe 113
propagation of the keys to trustworthy nodes for 114
preserving quality-of-service (QoS). 115
2. Relative to existing trust-based distributed key man- 116
agement algorithms for MANETs without using a 117
centralized trusted CA [20–24] , our contribution is to 118
develop a threshold-based filtering mechanism that 119
can effectively exploit the inherent tradeoff between 120
trust and risk. The end result is that CTPKM is able 121
to identify the optimal trust threshold to be ap- 122
plied at runtime for differentiating trustworthy vs. 123
untrustworthy nodes to maximize key management 124
service availability. 125
3. We conduct a comprehensive performance analy- 126
sis comparing CTPKM with both non-trust-based 127
t 128
e 129
- 130
l 131
f 132
133
2 134
135
l 136
be used in routing decisions. However, Mahmoud et a
[13] assume the existence of a centralized offline truste
party to deal with public key management including is
suance, distribution, and update of a public/private ke
pair to nodes in the network. Our work uses distribute
peer-to-peer trust evaluation for public key managemen
using three trust dimensions capturing the unique aspect
of trust in a MANET.
In this paper, we propose a composite trust-based dis
tributed key management algorithm (CTPKM) for MANETs
without using a centralized trusted CA. Our approach falls
under the category of certificate-based public key man-
agement. The proposed protocol is designed to meet a re-
quired level of security (e.g., the fraction of valid, correct
and uncompromised public keys, and information risk) as
well as to meet performance requirements (e.g., service
availability and communication overhead), without relying
on trusted third parties such as CAs. The proposed protocol
s 137
l 138
e 139
140
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
and trust-based counterparts. We demonstrate tha
CTPKM outperforms a non-trust-based baselin
model and two existing trust-based key manage
ment schemes [20,21] , and can identify an optima
operational setting meeting dual conflicting goals o
performance and security.
The rest of the paper is organized as follows. Section
discusses related work. Section 3 describes the system
model including the attack model, trust model, protoco
description, and performance metrics. Section 4 conduct
a comparative performance analysis and reports numerica
results. Section 5 concludes our paper and suggests futur
work.
2. Related work 141
In this section, we discuss existing work in certificate- 142
based public key management for MANETs, and compare 143
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 3
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
a144
F145
( S146
cr147
p148
o149
p150
2151
152
q153
p154
b155
C156
in157
d158
159
p160
e161
li162
a163
th164
is165
tr166
ch167
is168
v169
e170
e171
o172
h173
p174
ca175
u176
o177
th178
C179
a180
w181
e182
is183
a184
p185
fo186
to187
H188
h189
a190
191
e192
st193
w194
ti195
p196
fe197
o198
ce199
e200
a201
w202
th 203
d 204
W 205
M 206
in 207
g 208
th 209
n 210
p 211
w 212
th 213
214
m 215
in 216
a 217
ti 218
o 219
n 220
w 221
tr 222
tr 223
o 224
to 225
lo 226
227
sc 228
n 229
o 230
to 231
C 232
to 233
a 234
235
C 236
p 237
m 238
fo 239
n 240
e 241
is 242
th 243
g 244
b 245
in 246
a 247
e 248
d 249
a 250
2 251
252
sh 253
cr 254
se 255
p 256
th 257
c 258
se 259
in 260
w 261
P
H
nd contrast them with our proposed CTPKM ( Section 2.1 ).
or completeness, we also survey identity-based
ection 2.3 ), threshold-based ( Section 2.2 ), certificate-less
yptography ( Section 2.4 ), and combined ( Section 2.5 )
ublic key management, and provide reasons why these
ther approaches ( Sections 2.2 –2.5 ) are not suitable for
ublic key management for MANETs.
.1. Certificate-based public key management
Certificate-based public key management approaches re-
uire public keys to be distributed where the receiving
arty should be able to authenticate the received key
ased on the certificate of the public keys. Thus, a trusted
A is required to deal with key management operations
cluding key generation, distribution, revocation, and up-
ate [25] .
For MANETs without trusted CAs, certificate-based ap-
roaches should operate in a self-organized way. Capkun
t al. [15] proposed a certificate-based self-organized pub-
c key management for MANETs by removing the need of
centralized trusted entity for key management. However,
e assumption of being able to create certificate graphs
unrealistic as MANETs suffer from unreliable wireless
ansmission, high security vulnerability, and dynamically
anging topologies. The criteria being used by a user to
sue a public-key certificate of another user are not pro-
ided, even though the existence of a public key is used as
vidence to trust another node. Further, the claimed ben-
fit of low communication cost in the presence continu-
us updates of certificate repositories of users in dynamic,
ostile MANETs is questionable. The authors [20,24] pro-
osed a two-step secure authentication protocol for multi-
st MANETs. In order to deal with key management, they
sed the highest trustworthy node as a CA and the sec-
nd highest trustworthy node as a backup CA. However,
e measurement of trust values is not clearly described.
hauhan and Tapaswe [16] proposed a key management
pproach for MANETs with no trusted third entity. This
ork employs a group leader as a CA to manage key gen-
ration and distribution. However, group leader selection
done randomly, without considering its trustworthiness
nd specific attack behaviors. Dahshan and Irvin [21] pro-
osed a certificate-based public key management scheme
r MANETs where trust is used as authentication metric
represent the assurance of obtaining a valid public key.
owever, this scheme generates high communication over-
ead and delay for a source to obtain a valid public key of
destination.
Huang and Wu [17] proposed a certificate path discov-
ry algorithm for MANETs based on the hierarchical PKI
ructure using multiple CAs with no specific trust frame-
ork. Huang and Nicol [18] proved that the shortest cer-
ficate chain does not guarantee the most trustworthy
ath to obtain the public key of a target node due to dif-
rent trustworthiness observed in each intermediate node
n the certificate chain. In order for public keys and their
rtificates to be managed by trustworthy CAs in the hi-
rarchical public key management structure, Xu et al. [24]
nd PushpaLakshimi et al. [22] used cluster heads as trust-
orthy CAs based on their trust in the system. However,
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
ese works [22,24] still reveal a single point of failure and
id not show specific trust models and attacks considered.
u et al. [19] proposed a key management protocol for
AENTs for efficiency in updating certificates and security
key revocation. They used a special group named “server
roup ” consisting of servers of multicast groups. However,
e selection algorithm of the servers in the server group is
ot discussed. Vinh et al. [23] employed a group head for
ublic key management in a group communication system
here the group head is selected based on trust. However,
is work does not detail the used trust mechanism.
Many studies used certificate-based public key manage-
ent. However, they have brought out practical limitations
cluding high communication overhead or delay [15,21] ,
nd using static trust [20,22–24] to select CAs. In addi-
on, hierarchy-based selection of CAs (e.g., group leaders
r cluster heads) [16–19] also reveals high security vul-
erabilities when the selected CAs are compromised. Our
ork differs from the above works in that we devise a
ust metric considering multiple dimensions of a node’s
ust and leverage it for decision making in the process
f key management and group communication in order
achieve system goals including high service availability,
w communication cost, and low risk.
Existing certificate-based public key management
hemes cited above expose practical limitations, including
eeding a centralized trusted CA [25] , high communication
verhead or delay [15,21] , and using static trust [20,22–24]
select CAs. In addition, hierarchy-based selection of
As (e.g., group leaders or cluster heads) [16–19] can lead
high security vulnerability when the selected CAs are
ttacked and compromised.
Unlike [25] our work does not use a centralized trusted
A. Unlike [16–19] cited above, our work uses a com-
osite trust specifically designed for public key manage-
ent. Peer-to-peer trust evaluation is dynamically per-
rmed over time upon interactions between entities. This
ovel design feature contributes to (1) detecting malicious
ntities that have been compromised over time; and (2)
suing/distributing a public/private key pair to only nodes
at maintain a certain level of trust. This feature also miti-
ates the security vulnerability issue suffered by hierarchy-
ased CA selection schemes [16–19] . Unlike [15,21] which
cur high communication overhead or delay, we develop
threshold-based filtering mechanism that can effectively
xploit the inherent tradeoff between trust and risk in or-
er to achieve system goals including high service avail-
bility, low communication cost, and low risk.
.2. Threshold public key cryptography
Shamir [26] proposed threshold cryptography based on
aring of secrets to generate a private key. In threshold
yptography , the private CA key is distributed over a set of
rver nodes through a ( k , n ) secret sharing scheme. The
rivate CA key is shared between n nodes in such a way
at at least k nodes must cooperate in order to sign the
ertificates. However, a central trusted CA exists to select
rvers as the coordinators for key management, result-
g in a single point of failure. In addition, the inherent
eakness of the secret sharing scheme is the substantial
public key management in mobile ad hoc networks, Ad
4 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
e 262
n 263
d 264
265
266
- 267
y 268
) 269
d 270
271
- 272
e 273
- 274
, 275
- 276
s 277
- 278
- 279
a 280
e 281
- 282
- 283
284
- 285
- 286
287
288
289
- 290
291
292
) 293
d 294
- 295
e 296
s 297
. 298
, 299
e 300
- 301
302
s 303
- 304
e 305
306
307
- 308
f 309
l. 310
d 311
o 312
- 313
e 314
315
l. 316
t 317
- 318
319
a 320
y 321
322
d 323
d 324
325
- 326
- 327
d 328
- 329
n 330
- 331
e 332
333
334
335
s 336
e 337
338
- 339
o 340
d 341
, 342
s 343
T 344
345
- 346
- 347
; 348
- 349
s 350
y 351
352
353
- 354
- 355
a 356
- 357
g 358
359
d 360
) 361
). 362
t 363
g 364
g 365
t 366
d 367
d 368
o 369
r 370
e 371
- 372
r 373
delay when the set of trustworthy server nodes cannot b
found to generate the private CA key [27,28] . Besides, whe
the CA is compromised, the whole system is compromise
[29] .
2.3. ID-based public key cryptography
Shamir [30] also proposed the concept of ID-based pub
lic key cryptography (ID-PKC) which generates a public ke
based on the ID of the node (e.g., IP or email address
and its corresponding private key generated by a truste
CA. The weakness of the ID-based scheme is well-known
as a key escrow problem which exposes high security vul
nerability when the trusted CA is compromised. To remov
the key escrow problem, several solutions have been pro
posed including ID-based authentication schemes [31,32]
secure private key generation using simple blinding tech
nique in pairing-based cryptography [33] . This approach i
popularly applied in resource-restricted network environ
ments [34] due to low communication overhead by reduc
ing the size of secret information (i.e., ID) to generate
public key. However, these works assumed the existenc
of a trusted entity (or entities) to issue or coordinate pub
lic/private key pairs. This reveals high security vulnerabil
ities when the trusted coordinators are compromised. In
particular, no trust evaluation is considered to reflect dy
namic status of trust in entities where a node can be com
promised over time.
2.4. Certificateless public key cryptography
To cope with the communication overhead incurred in
exchanging certificates, the concept of certificateless pub
lic key cryptography (CL-PKC) is introduced [35] . CL-PKC
is a variant of ID-PKC devised to prevent the key escrow
problem in ID-PKC. CL-PKC uses a trusted third party (TTP
which generates a partial private key to an entity base
on a master key and the entity’s ID. The entity then gen
erates its actual private key based on the partial privat
key provided by the TTP and its secret information. By thi
way the TTP cannot access the private key of an entity
Compared to traditional public key cryptographic systems
CL-PKC does not require the use of certificates to ensur
the authenticity of public keys, leading to less communica
tion cost generated. Due to this lightweight feature, CL-PKC
has been used for securing MANETs [36–38] . However, thi
cryptography reveals security vulnerability in that an at
tacker can fake a user’s public key because the part of th
user’s public key is from the user’s random secret value.
2.5. Hybrid public key management
Some researchers proposed hybrid public key man
agement mechanisms that combine the features o
multiple schemes to meet the requirements. Sun et a
[39] combined ID-based key management with threshol
cryptography without using a centralized third party t
deal with key management. Xu et al. [24] combined cer
tificateless public key cryptography which eliminates th
key escrow problem with threshold cryptography which
does not require a centralized third party. Zhang et a
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
[36] proposed an ID-based key management scheme tha
combines ID-based cryptography with threshold cryp
tography to enhance security and reduce communication
cost for key management. Li and Liu [40] also proposed
hybrid key management scheme combining ID-based ke
management and threshold cryptography.
All the hybrid schemes cited above [24,36,39,40] coul
not completely remove the need of a centralized truste
authority because ID-PKC has an inherent escrow problem
and the threshold cryptography requires a trusted third au
thority to select trustworthy multiple key servers that gen
erate the secret shares of a private CA key. If the truste
entity is compromised, the entire system will be vulner
able. In addition, the use of threshold cryptography ca
cause a high delay when generating a key because a suf
ficient number of multiple trustworthy servers may not b
available in dynamic MANETs.
3. System model
We consider a MANET with no centralized trusted CA
that deals with public key management. Nodes are device
carried by a human entity (e.g., a soldier carrying mobil
devices), modeled with heterogeneous characteristics with
different monitoring capability, which affects detection er
rors, group join/leave rates, and different trust levels. T
reflect real human mobility patterns in a MANET, we use
CRAWDAD human mobility trace data collected by KAIST
Daegeon, Korea [41] . In the mobility data set, the location
of 92 human nodes over the university campus of KAIS
were traced by GPS readings per 30 s for a day.
In this work, a public key may have the following sta
tus:: (1) valid/invalid : a key that is expired or not yet ex
pired; (2) correct/incorrect : a key that is genuine or fake
and/or (3) uncompromised/compromised : a key whose cor
responding private key is compromised or not. The statu
of the public key can belong to more than one categor
among three while each category gives a binary status.
3.1. Attack model
We assume if a node is compromised, the node can per
form random attacks [6] with an attack intensity probabil
ity ( P a ) to evade detection. Attack intensity is modeled by
probability parameter, P a , specifying the frequency of trig
gering attacks by an attacker. We consider the followin
attacks in MANETs:
• Packet dropping : A node may drop a packet receive
due to the nature of selfishness (e.g., to save energy
or maliciousness (e.g., to interrupt service availability
This is detected by overhearing to see if a packe
sent to a neighbor for forwarding is actually bein
forwarded. It is not possible to tell if packet droppin
is a problem of competence or integrity. Given tha
there are many attack behaviors that can be detecte
by our protocol design to attribute to integrity, to avoi
double-count we simply attribute packet dropping t
competence. If a node drops packets and the behavio
is observed by a neighbor, this neighbor will decreas
the misbehaving node’s direct competence trust. Fur
thermore, this neighbor when acting as a recommende
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 5
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
4 4 4
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
te 473
T 474
a 475
3 476
3 477
478
u 479
in 480
481
482
483
484
485
486
487
488
489
490
491
P
H
will propagate a negative recommendation to other
nodes as indirect evidence against the misbehaving
node. See Section 3.2.3 for the detail of peer-to-peer
trust estimation based on the aggregation of both
direct and indirect evidence.
• Private key compromise : A node’s private key compro-
mise can occur in the two ways: (1) when the node
itself is compromised and passes its private key to
other compromised nodes or outside attackers to leak
confidential information out; and (2) when a public
key certifier (called a neighborhood trustworthy cer-
tifier, denoted as NTC, to be defined in Section 3.3.1 )
is compromised and leak out a private/public key pair
of the victim node to outside attackers. The outside
attackers can impersonate the victim and obtain access
to confidential information that should be shared
only by group members. This attack can be detected
based on majority voting in our protocol design (see
Section 3.3.3 ). When a private key compromise attack
is detected, the public/private key pairs of the victim
or compromised node will be denounced. If an at-
tacker continues to use the denounced public/private
key pairs, it will be detected and the detection will
attribute to lowering the attacker’s trust in integrity.
Using the trust threshold, a node will decide whether
to believe the received public key is valid, correct,
and/or compromised based on the perceived trust of
the source sending the compromised public key.
• Message modification/forgery : A node may modify/forge
a message received, hindering effective communication,
and/or accurate trust assessment. This attack occurs
when the attacker possesses the private key of the re-
ceiver due to private key compromise. However, when
the corresponding private key compromise attack is de-
tected (explained above), the public/private key pairs
of the sender will be denounced. If an attacker con-
tinues to use the private key to do message modifica-
tion/forgery attack, it will be detected and the detection
will attribute to lowering trust in integrity.
• Fake identity/impersonation : A node may use a fake
identity or multiple identities (i.e., Sybil attack) to
break information confidentiality in communications
between two entities. In particular, a node can imper-
sonate as a victim node whose private key is compro-
mised by distributing the public key and the certificate
of the victim node to its neighbors in order to attract
the victim node’s packets to it. However, when the cor-
responding private key compromise attack is detected
(explained above), the public/private key pairs of the
victim node will be denounced. If an attacker contin-
ues to use the private/public key pairs to do fake iden-
tity attack, it will be detected and the detection will at-
tribute to lowering trust in integrity.
• Fake recommendation dissemination : A node may give a
bad recommendation for a good node while giving a
good recommendation for a bad node in order to de-
ter accurate trust evaluation/decision making. In our
trust metric, recommendations are used as indirect ev-
idence which may be delivered through multiple hops
in MANETs. The correctness of the recommendations is
ensured by unanimous agreement of the intermediate
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
nodes based on their opinions towards the previous for-
warding node (i.e., whether the node is lying or not) in
the route in which the opinions are tagged in the main
message delivered. The receiver can detect fake infor-
mation dissemination attack by checking if there is a
negative opinion for an intermediate node on the path.
If yes, this detection will attribute to low trust in in-
tegrity (see Section 3.2.3 for more details).
• Denial-of- service (DoS) : A malicious node can generate
unnecessary traffic to interrupt service provision in the
system. We considered the DoS attack within the key
management framework. Specifically, a malicious node
can keep requesting public keys of other nodes even if
it already has their valid public keys. Since only trust-
worthy nodes based on the trust threshold criterion are
able to issue, distribute, and obtain key pairs, this DoS
attack can consume network resources to increase de-
lay of system operations, and reduce service availability.
This attack is countermeasured by using a trust thresh-
old for intermediate nodes to ignore public key requests
generated from a node whose trust level is below the
threshold, thus effectively throttling DoS attacks.
• Whitewashing : A malicious node may leave a network
and come back later with a new reputation. In our trust
management protocol, all new nodes joining a network
will start with a trust value of ignorance (i.e., 0.5),
when other nodes assess their trust upon join. For a
new node joining the network, it is allowed to interact
with other nodes to accrue reputation from other nodes
with a given warming-up period. If after this period,
the new node does not reach the trust threshold, it will
be isolated from group activities and cannot obtain a
valid key pair. Once a new node accrues its reputation
over time through interactions with other nodes or ob-
servations by direct neighbors, the increased trust en-
ables the new node to participate in key management
operations.
We summarize how each attack is detected and coun-
rmeasured by the design features of CTPKM in Table 1 .
able 2 summarizes the attack behaviors during the oper-
tion of our key management protocol.
.2. Trust model
.2.1. Dimensions of trust
We consider three trust components to capture the
nique aspects of trust in a MANET with communication,
formation and social networking:
• Competence (C) refers to an entity’s capability to serve
requests in terms of a node’s cooperativeness and avail-
ability. Availability may be affected by network condi-
tions such as link failure, energy depletion, and volun-
tary or involuntary disconnection (i.e., leaving the net-
work). This is measured by the ratio of the number of
positive experiences to the total experiences in packet
forwarding.
• Integrity (I) is the honesty of an entity in terms of at-
tack behaviors discussed in Section 3.1 except packet
dropping behavior. This is measured by the number of
public key management in mobile ad hoc networks, Ad
6 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
echanis
nodes
based o
nodes
based o
the own
te/publi
vered th
of positi
the pat
e same
trust is
wing a
trust (0
e node’
492
493
- 494
e 495
d 496
- 497
f 498
s 499
e 500
s 501
502
- 503
a 504
d 505
k 506
e 507
h 508
c 509
g 510
t 511
c 512
513
- 514
- 515
f 516
n 517
518
519
- 520
d 521
e 522
523
- 524
- 525
s 526
e 527
- 528
529
e 530
t 531
- 532
- 533
. 534
535
)
536 )
e 537
- 538
y 539
y 540
541
)
Table 1
Attack behavior, detection, and countermeasures.
Attack behavior Detection
Packet dropping Overhearing by a monitoring m
pre-installed in each node
Private key compromise Majority voting by neighboring
the private key compromise
attacker’s integrity
Message modification/forgery Majority voting by neighboring
the private key compromise
attacker’s integrity
Fake identity/Impersonation Checking the integrity of both
issuer (i.e., NTC) of the priva
on trust threshold, T th Fake recommendation
dissemination
A recommendation packet deli
have unanimous agreement
by all intermediate nodes on
Denial-of- service Receiving a large amount of th
from a node whose integrity
Whitewashing After a warming-up period allo
node started with ignorance
interact with other nodes, th
not reach T th
Table 2
Attack behavior for operations.
Operation Attack behavior
Trust assessment Fake information dissemination,
message modification, packet
dropping
Key issuance by a
malicious key
generator
Private key compromise
Public key distribution Compromised public key distribution,
fake identity
Public key request
delegation
Packet dropping, message modification,
identity impersonation
Forwarding a requested
public key
Message modification/forgery by
forwarding a fake public key
Network join Whitewashing
positive experiences over the total experiences related
to protocol compliance.
• Social contact (SC) is defined based on a node’s inher
ent sociability derived from the trust profile availabl
a priori as well as dynamic social behavior measure
by the number of nodes that a node encounters dur
ing a trust update interval T u over the total number o
nodes in the network. If an entity has high SC, it i
more likely to disseminate information quickly to th
network, compared to the ones with low SC. An entity’
mobility pattern will affect this trust component.
In this work, trust is used for making decisions, includ
ing obtaining a certificate of a public key, distributing
public key, requesting a public key of a target node, an
providing a public key requested. The reasons we pic
the above three trust components are (1) with competenc
trust , we assure fast propagation of public keys; (2) wit
integrity trust , we increase the probability that publi
keys propagated are valid/correct with the correspondin
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
Countermeasure
m Lowering direct trust in competence by
neighboring nodes (direct evidence); propagation
of low competence to other nodes via
recommendations (indirect evidence)
who detect
n the
Lowering the attacker’s integrity by neighboring
nodes
who detect
n the
Lowering the attacker’s integrity; propagation of
the low integrity via recommendations
er and
c keys based
Lowering the culprit’s integrity; propagation of the
low integrity via recommendations
at does not
ve opinions
h
The recommendation is discarded; lowering the
attacker’s integrity; propagation of the low
integrity via recommendations
requests
below T th
Lowering the attacker’s integrity by neighboring
nodes; propagation of the low integrity via
recommendations
new joining
.5) to
s trust does
The new joining attacker with trust less than T th cannot have a valid pair of its own private/public
key
private key uncompromised; and (3) with social contac
trust , we increase the probability of finding a valid publi
key from nodes having good social networking.
Henceforth, we denote the trust values of node i to
wards node j in trust component X ’s ( = competence, in
tegrity, and social contact) at time t by the notations o
T C i, j
(t) , T I i, j
(t) , and T SC i, j
(t) . We follow the trust computatio
model in our prior work [10] to assess T X i j
(t) at time t .
3.2.2. Objective trust
We assume that a node’s trust profile is available, de
scribing its inherent behavior patterns that can be scale
in [0, 1]. In this work, we generate a node’s initial averag
trust value, called its trust seed, from U ( GB , 1), where U
is a random real number generator function based on uni
form distribution with the lower and upper bounds as in
put and GB is the lower bound for good behavior. There i
a separate trust seed for each trust component X , wher
X = C, I or SC for competence, integrity, or social con
tact respectively. Let S X i
denote the trust seed drawn from
U ( GB , 1) for trust component X of node i . Let P X i (t) be th
actual trust seed drawn from U(S X i
− P d , S X i
+ P d ) at time
with S X i
being the mean and P d being the standard devi
ation of a node’s average behavior from its actual behav
ior to account for behavior variation as a function of time
Then,
P X i (t) = min [ U(S X i − P d , S X i + P d ) , 1] (1
S X i = U(GB, 1) for X = C, I or SC (2
Let T I i (t) denote the “ground truth ” objective trust of nod
i at time t . For X = C (for competence), we have to ac
count for node availability. Hence, T C i (t) is calculated b
the product of P C i (t) with P r , where P r is the link reliabilit
considered for competence trust at time t , as follows:
T C (t) = P C (t) P r (3
i id public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 7
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
For X = I (for integrity), T I i (t) = P I
i (t) if node i is not com- 542
promised at time t . If node i is compromised at time t , 543
T I i (t) depends on how often node i preforms attacks. We 544
assume that a compromised node will perform random at- 545
tacks (on-off attacks) with probability P a (attack intensity) 546
to evade detection. If the compromised node does not per- 547
form attack at time t , its integrity trust T I i (t) is equal to 548
P I i (t) because it is not detectable. If the compromised node 549
performs attack at time t , its integrity trust T I i (t) is decre- 550
mented by P a from the past trust value T I i (t − �t) with a 551
lower bound of zero. Note that in CTPKM, we notate �t 552
with a trust update interval, T u . Summarizing above, for a 553
compromised node, T I i (t) is given by: 554
T I i (t) =
{P I
i (t) if node i / ∈ C
max [ T I i (t − �t) − P a , 0] if node i ∈ C
(4)
Here C is the set of malicious nodes performing attack at 555
time t and �t is the periodic trust update interval T u . In 556
our experiment, we set the percentage of nodes to be com- 557
promised at t = 0 based on P c to test the resiliency of our 558
protocol against increasing malicious node population. 559
Lastly when X = SC (for social contact), we have to ac- 560
count for node dynamic social behavior, so T SC i
(t) is given 561
by the product of P SC i
(t) with ρN
e i (t) , where N
e i (t) is the 562
number of encounters to node i as 1-hop neighbors during 563
the previous T u , and ρ is , as follows: 564
T SC i (t) = ρP SC
i (t ) N
e i (t ) . (5)
3.2.3. Subjective trust 565
Node j ’s trust values for component X ’s evaluated by 566
node i is computed based on the aggregation of both direct 567
and indirect evidences. Trust of node j (trustee: trusted 568
party) evaluated by node i (trustor: trusting party) in trust 569
component X is: 570
if ( ∣∣R j
∣∣ > 0) ∧ (HD (i, k ) ≥ T C) (6)
571 T X i, j (t) = αT D −X
i, j (t) + (1 − α) T ID −X
i, j (t) ;
572 else T X i, j (t) = γ T X i, j (t − �t) ;T
i573
T i
574
1575
co576
a577
ce578
p579
io580
b581
tr582
o583
584
tr585
w586
ti587
im588
lo589
o590
w591
already examined in [10] . The correctness of the recom- 592
mendations is ensured by referring to direct opinions of re- 593
ferral recommenders (forwarding the original recommen- 594
dation) attached to the original message with any detec- 595
tion error of the intermediate nodes forwarding the rec- 596
ommendation [10] . 597
In (6) , α and 1 − α are the weights for direct and indi- 598
rect evidence respectively where α is set between 0 and 599
1. We observe that when the weight ( α) for direct evi- 600
dence is low, high trust accuracy is observed, or vice-versa. 601
This is because only correct recommendations based on 602
unanimous agreement by all intermediate nodes passing 603
the recommendation are used as indirect evidence while 604
new direct evidence cannot be collected easily due to node 605
mobility. When no correct recommendations are received 606
from recommenders k ’s located within TC hops from node 607
i and this is detected by node i based on the direct opin- 608
ions of intermediate nodes attached to the recommenda- 609
tion, trust decays with a decay factor γ over �t , the peri- 610
odic trust update interval T u . However, due to the collusion 611
of compromised nodes, detection errors can be introduced 612
and false recommendations may be considered. In the trust 613
metric used in this work, the false detection can be mini- 614
mized by requiring the unanimous agreement of all inter- 615
m 616
ti 617
618
j 619
T i
620
T i
W 621
H 622
c 623
e 624
m 625
e 626
o 627
n 628
P i
w 629
n 630
P i
P 631
ρ 632
1 633
n 634
635
c 636
T i
P
H
D −X , j
(t) is direct trust based on direct observations and
ID −X , j
(t) is indirect trust based on recommendations from
-hop neighbors of node j . R j is a set of recommendations
rrectly received from node j ’s 1-hop neighbors. The avail-
bility of recommendations (| R j | > 0) is affected by the re-
ipt of the correct recommendations that are affected by
acket dropping behaviors and integrity (i.e., attack behav-
rs) of a node. HD ( i , k ) is the number of hop distances
etween nodes i and k where node i is a requestor (the
ustor) and node k is a 1-hop neighbor and recommender
f node j (the trustee).
In order for the new indirect evidence to be used for
ust update, recommender node k for node j should exist
ithin TC hops from node i and the correct recommenda-
on should arrive safely at node i where TC is the max-
um number of hop distances, called a trust chain, al-
wed to collect recommendations from 1-hop neighbors
f node j . We will use the optimal TC identified in this
ork, but do not investigate this in detail because this is
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
ediate nodes about the correctness of the recommenda-
on delivered.
The direct trust (based on direct observations) of node
evaluated by node i on trust component X at time t , D −X , j
(t) , is computed as:
D −X , j
(t) =
{P D −X
i, j (t) if HD (i, j) == 1
γ T X i, j
(t − �t) otherwise (7)
hen nodes i and j encounter as 1-hop neighbors (i.e.,
D (i, j) == 1 ) during the time period (t − �t) , node i can
ollect direct evidence based on its own observations or
xperiences P D −X i, j
(t) . When nodes i and j are distant with
ore than 1 hop distances, node i relies on its past experi-
nce to assess the direct trust of node j . P D −X i, j
(t) for X = C
r I is computed based on the positive experience over the
egative experience associated with X as:
D −X , j
(t) =
{r
r+ s if r + s > 0
0 otherwise (8)
here r is the number of positive experiences and s is the
umber of negative experiences.
D −SC , j
(t) =
{ρP SC
j (t) N
e j
0 otherwise (9)
SC j
(t) is given from the available trust profile and N
e j
and
are explained in (5) ; N
e j
can be directly observed by
-hop neighbors of node j . Note that 1-hop neighbors of
ode j are to forward recommendations to node i .
The indirect trust of node j evaluated by node i on trust
omponent X at time t , T ID −X i, j
(t) , is obtained by:
ID −X , j
(t) =
⎧ ⎨
⎩
∑
k ∈ R j T X
k, j (t)
| R j | if | R j | > 0
γ T X i, j
(t − �t) otherwise
(10)
public key management in mobile ad hoc networks, Ad
8 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
j | 637
o 638
t, 639
- 640
- 641
642
o 643
a 644
s 645
- 646
- 647
648
649
f 650
o 651
y 652
, 653
- 654
n 655
656
657
e 658
- 659
- 660
e 661
d 662
p 663
) 664
e 665
s 666
667
- 668
669
e 670
- 671
s 672
673
e 674
675
676
t 677
y 678
t 679
e 680
681
e 682
y 683
684
n 685
y 686
t 687
a 688
r 689
ll 690
s 691
s 692
d 693
694
n 695
a 696
o 697
a 698
o 699
- 700
o 701
e 702
e 703
e 704
l 705
- 706
. 707
r 708
. 709
- 710
d 711
e 712
- 713
- 714
ll 715
716
717
e 718
o 719
o 720
e 721
722
723
)
f 724
r 725
y 726
s 727
728
y 729
f 730
t 731
- 732
- 733
a 734
- 735
n 736
737
- 738
d 739
- 740
741
)
e 742
e 743
r 744
n 745
- 746
e 747
will check the trustworthiness of the NTC in integrity trust 748
When node i receives correct recommendations with | R
> 0, node i uses the average of the recommendations t
derive the overall indirect trust. If R i is an empty se
node i will use its past experience T X i, j
(t − �t) , with de
cay weighted by γ , due to no correct recommendations re
ceived.
In this work, we use a trust threshold, T th , for a node t
make a routing decision with the goal of safe delivery of
message without being modified by untrustworthy node
on a path the message travels [8] . This mechanism is ap
plied when a recommendation is delivered from recom
menders for a trustee to a trustor.
3.3. Composite trust-based public key management
In this section, we discuss the core operations o
CTPKM as illustrated by Fig. 1 . Each mobile entity is able t
communicate with other entities using public/private ke
pairs obtained through CTPKM. Given a trust threshold T tha node will assume a certain amount of risk to communi
cate with another node whose trust level is no less tha
T th .
3.3.1. Key generation
In CTPKM, each node generates its own public/privat
key pairs periodically but the key pair should be certi
fied by a trusted third party which generates the certifi
cate of the public key. Since CTPKM does not assume th
existence of a trusted third party, each node needs to fin
the most trustworthy third party node among its 1-ho
neighbors, called neighborhood trustworthy certifier (NTC
which can certify the self-issued private/public keys. Th
reason a node chooses NTC among its 1-hop neighbor
is due to resource constraint and security vulnerability in
MANETs which do not allow trusted third parties. This cer
tification process mitigates a compromised node to obtain
its public/private key because NTC issues the certificat
only when the requesting node is evaluated as trustwor
thy based on whether NTC’s trust in the requesting node i
no less than a given trust threshold. Now we discuss how
NTC issues a certificate to a node requesting the certificat
of its public/private key pair.
3.3.2. Public key certificate issuance
Each node i asks NTC m , a node having the highest trus
value among i ’s 1-hop neighbors, to certify the public ke
it generates. The minimum condition to be an NTC is tha
the NTC must have at least a trust value no less than th
given trust threshold ( T th ) for integrity trust (i.e., T I i,m
(t) ≥T th ). Thus, if i cannot find any 1-hop neighbors who hav
a trust value no less than T th , it cannot obtain a valid ke
pair.
After an NTC, m , receives i ’s request for the certificatio
of i ’s key pair, it decides whether to issue the public ke
certificate based on i ’s trustworthiness, in integrity trus
using T th (i.e., T I m,i
(t) ≥ T th ). That is, there should be
mutual trust relationship between a certificate requesto
and an issuer in integrity trust. The requesting node i wi
not be able to obtain the certificate of its public key if it
integrity trust level is below T th . Recall that trust value
are dynamically changing over time. The trust threshol
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
T th affects the protocol performance as follows. If a low
T th is used, even a relatively untrustworthy node ca
issue and certify the public key to others. As a result,
malicious NTC can disseminate many fake public keys s
as to generate unnecessary communication, resulting in
waste of network resources. Besides, a malicious NTC wh
generates the private key can perform private key com
promise attacks and intercept information which is sent t
the originally intended recipient. If either the NTC or th
victim node of the public key is compromised, then th
compromised NTC or the victim node can leak the privat
key to other attackers as well. Hence, using an optima
trust threshold for all decisions associated with key man
agement is critical to mitigating the security vulnerability
NTC also issues an expiration time of the new key pai
where the expiration time-stamp is part of the certificate
A node updates its public/private key pair when the expi
ration time is reached or when its private key is detecte
as compromised. Intuitively, the longer the expiration tim
the lower the security, revealing high security vulnerabil
ity. However, the longer expiration time allows lower com
munication cost. We assume a fixed expiration time for a
nodes’ certified key pairs in this work.
3.3.3. Public key distribution
After a node obtains its public key certificate, the nod
disseminates the public key along with the certificate t
a subset of its 1-hop neighbors whose trust values are n
less than T th for all three trust components. That is, nod
i will disseminate its public key packet to a neighbor m
which should meet the following conditions:
T X i,m
(t) ≥ T th (11
where T X i,m
(t) , with X = C, I or SC , is a measured trust o
node m evaluated by node i for competence, integrity, o
social contact trust, respectively. Node i also periodicall
disseminates its public key to its current 1-hop neighbor
who satisfy the above conditions.
Since nodes are mobile, if a node has a high mobilit
rate, it may have more chances to obtain public keys o
other nodes (being affected by the degree of social contac
trust), and vice-versa. Selecting the right set of neighbor
ing nodes is critical to revealing less security vulnerabil
ity while obtaining uncompromised public keys. When
public key is distributed to a compromised node, the com
promised node may perform a data forgery or modificatio
attack by forwarding a fake pubic key.
When node i disseminates its public key and the certifi
cate to a subset of 1-hop neighbors based on (11) (calle
“trustworthy 1-hop neighbors ” hereafter), the packet con
sists of the following items:
[ C NT C i K i,pub
, K i,pub ] (12
C NT C i K i,pub
is the certificate of node i ’s public key signed by th
NTC’s digital signature including the information on th
node ID (node i ), the NTC’s ID, and expiration time fo
the valid period of the public key. Note that the notatio
NTC i is the NTC who issues the certificate of node i ’s pub
lic key and K i , pub is node i ’s public key. The receiving nod
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 9
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
anagem
w749
co750
ta751
ci752
ch 753
it 754
(1 755
n 756
P
H
Fig. 1. Distributed key m
ith T th to ensure the authenticity of K i , pub . If the NTC is
mpromised, it can perform a private key compromise at-
ck by leaking the private key generated to other mali-
ous nodes. Integrity trust check of the NTC minimizes the
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
ent process in CTPKM.
ance of this attack. Node i distributes this information to
s selected 1-hop neighbors in the clear, in as specified in
2) , because node i may not know the public keys of its
eighbors upon entry. This may reveal the vulnerability to
public key management in mobile ad hoc networks, Ad
10 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
message forgery attacks by which a malicious node may 757
intercept the information and send a fake key and certifi- 758
cate to the intended receivers. To minimize this vulnera- 759
bility, our protocol design ensures the authenticity of the 760
disseminated public key and certificate via the agreement 761
of the receivers towards the opinions of the authenticity of 762
the key pair based on a majority voting mechanism (i.e., if 763
the majority of voters agree, then the public key and cer- 764
tificate are considered authentic). Unless more than a ma- 765
jority of the receivers are compromised, this ensures the 766
authenticity of the received key and certificate. We con- 767
sider the extra communication overhead caused by this au- 768
thenticity check in our performance metric. 769
Some nodes may not have the public key of a particu- 770
lar node it wants to communicate with because it has not 771
encountered the node as a 1-hop neighbor. In this case, 772
a node can request the target node’s public key from its 773
trustworthy 1-hop neighbors based on (11) . If any of the 774
trustworthy 1-hop neighbors ( m ) has the public key of the 775
target node (TN), then it will provide the public key to 776
node i . Whether or not to provide the public key of the TN 777
depends on m ’s assessment toward node i (requestor) in 778
integrity trust (i.e., T I m,i
(t) ≥ T th ). If node m decides to pro- 779
vide the public key of TN, the returning message includes 780
the following items: 781
[ C NT C TN
K TN,pub , K T N,pub , ID m
] K i,pub (13)
Node m returns the public key of the TN, K TN , pub , the 782
TN’s public key certificate C NT C TN K TN,pub
, and its ID ( ID m
). The 783
message is encrypted by K i , pub , the public key of node i . 784
When the requestor receives this message, it will save the 785
public key of TN if m satisfies (11) . 786
If m does not have the public key of the TN, it will for- 787
ward the request message to its trustworthy 1-hop neigh- 788
bors ( m
′ ’s) that meet (11) . The delegated request message 789
has the following format: 790
[ C NT C i K i,pub
, K i,pub , ID T N ] K m ′ ,pub (14)
C NT C i K i,pub
is the public key certificate of node i , certified 791
by the NTC of node i , NTC i . ID TN is the ID of the TN, and 792
K m
′ ,pub is the public key of node m
′ who is a trustworthy 793
1-hop neighbor of m . Node m
′ receiving the delegated re- 794
quest message from m decrypts the message with its pri- 795
vate key, checks if it has the public key of the TN, and 796
checks if the requestor, node i , passes the integrity test 797
(i.e., T I m
′ ,i (t) ≥ T th ). If yes, then it sends the public key of 798
TN to the original requestor (node i ) by a returning mes- 799
sage following the format specified in (13) . 800
If an intermediate node forwarding the request message 801
is uncooperative, the request message can be dropped; 802
therefore, many nodes may not have valid public keys. A 803
malicious 1-hop neighbor may even provide incorrect pub- 804
lic keys. Therefore, the trust threshold ( T th ) affects how 805
many valid, correct and uncompromised public keys a 806
- 807
f 808
- 809
- 810
811
and mitigating security vulnerability (reducing the use of 812
a compromised public key). In CTPKM, when a trustwor- 813
thy intermediate node that meets (11) has a valid public 814
key of the TN, it can provide the public key of the TN to 815
the requestor. This reduces communication overhead sig- 816
nificantly in key distribution. 817
Key revocation and update : The private/public keys of 818
a node will be revoked after the valid period expires. Since 819
the certificate includes the information on expiration time, 820
key revocation due to time expiration will be implicitly 821
known to other nodes in the network. Before the valid pe- 822
riod is past, a node’s 1-hop neighbors can serve as veri- 823
fiers and apply majority voting to detect if the node’s pri- 824
vate key is compromised. If a verifier had once interacted 825
with another node claiming it to be the target node, then 826
the verifier suspects the target node’s private key has been 827
compromised, and will vote against it. If the private key 828
is deemed compromised (when the majority of the neigh- 829
bors vote against it), the node, being as the owner of the 830
private key, must notify the key compromise event to all 831
nodes in the network. We consider the extra communica- 832
tion overhead caused by this key revocation procedure in 833
our performance metric. If the owner of the key itself is 834
compromised and does not disseminate the key compro- 835
mise message, its neighbors will decrease the trust value 836
of the node to hinder the node from reissuing a new pub- 837
lic/private key pair. In CTPKM, if a node does not main- 838
tain a certain level of trust, it cannot obtain the certificate 839
of its public key. Therefore, there is a very low chance for 840
an untrustworthy node to issue its public key with a valid 841
certificate. 842
3.4. Metrics 843
To examine the impact of attack intensity and ratio of 844
attackers on trust accuracy, we define the following metric: 845
• Trust bias ( B
X ) refers to the difference (absolute value) 846
between ground truth trust values and estimated trust 847
values in trust property X . In this paper, we apply the 848
optimal trust chain length ( TC ) protocol design [10] ex- 849
plained in Section 3.2 to minimize the trust bias. Given 850
the optimal TC , the trust bias of node j evaluated by 851
node i is measured by: 852
B
X = | T X i (t) − T X i, j (t) | (15)
T X i
(t) indicates the ground truth trust value of node i 853
in trust component X , as explained in Section 3.2.2 . The 854
measured trust of node i evaluated by node j , T X i, j
(t) , is 855
computed in Equations (6) –( 10 ). 856
CTPKM is built on top of the optimal TC protocol design 857
and is measured by the following performance metrics: 858
• Fraction of correct public keys ( F) refers to the aver- 859
age number of valid, correct and uncompromised public 860
keys kept in each node over the total number of mem- 861
ber nodes in the network, computed by: 862
)
- 863
node can use. In our proposed CTPKM, we show there ex
ists an optimal T th under which a sufficient number o
valid, correct and uncompromised public keys are gen
erated while reducing communication overhead (not for
warding the public key requests to untrustworthy nodes)
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
F =
∑ LT t=0
∑
i ∈ M
∑
j ∈ M, j � = i K i, j (t)
| M|| M − 1 | LT (16
where K i, j (t) = 1 if node i has the valid, correct and un
compromised public key of node j ; 0 otherwise. M is a 864
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 11
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
4907
908
si909
sc910
T911
a912
4 913
914
u 915
th 916
m 917
a 918
id 919
d 920
in 921
ta 922
a 923
a 924
d 925
926
w 927
K 928
9 929
d 930
A 931
1 932
w 933
o 934
b 935
936
a 937
o 938
tr 939
li 940
c 941
ti 942
in 943
p 944
in 945
a 946
p 947
o 948
h 949
e 950
(i 951
a 952
P 953
e 954
955
p 956
W 957
g 958
c 959
o 960
to 961
o 962
o 963
d 964
4 965
966
e 967
b 968
p 969
o 970
P
H
set of legitimate members in the network. The entire
mission time is denoted as LT (lifetime).
• Service availability ( A ) refers to the ratio of the aver-
age time period that a node’s valid, correct and uncom-
promised public key is kept by other nodes over the en-
tire session time, calculated by:
A =
∑
i ∈ M
∑
j ∈ M, j � = i A i, j
| M|| M − 1 | LT (17)
where A i , j is the time duration node i has the valid,
correct and uncompromised public key of node j . This
metric implies how much time each node keeps an-
other node’s valid, correct and uncompromised public
key during the entire session time.
• Information risk ( R ) indicates the average number of
packet transmissions using a compromised public key
during the entire session, LT . Consider that each node
sends a message to another node for which it keeps the
public key in every group communication interval ( T g ).
The information risk exposed by sending messages us-
ing a compromised public key is computed by:
R =
T g
LT
LT ∑
t=0
∑
i ∈ M
∑
j ∈ C, j � = i R i, j (t) (18)
where R i, j (t) = 1 if node i keeps a compromised pub-
lic key of node j ; 0 otherwise. C is the set of legiti-
mate members whose private keys are compromised. If
a node’s private key is detected as compromised, the
node is prohibited from group communication until its
key is re-issued.
• Communication cost ( C) counts the number of hop
messages per time unit (i.e., second ) caused by CTPKM,
computed by:
C =
∑ LT t=0 C total (t)
LT (19)
with
C total (t) = C te (t) + C km
(t) + C gc (t)
C km
(t) = C ki (t) + C kd (t) + C kr (t)
C te ( t ) is the number of hop messages caused by trust
evaluation accounting for the cost for each node to pe-
riodically (in every T u ) disseminate the trust values of
its 1-hop neighbors to nodes located within the trust
chain length ( TC ) [10] . C km
( t ) is the number of hop mes-
sages caused by key management. C gc ( t ) is the cost for
group communication by all member nodes. C km
( t ) con-
sists of three cost components: key issuance ( C ki ( t )), key
distribution ( C kd ( t )), and key revocation ( C kr ( t )). C kd ( t )
includes the cost for a public key to be distributed
to trustworthy 1-hop neighbors and requesting nodes,
and the cost for authenticating the public key by 1-hop
neighbors.
. Simulation results
This section shows numerical results obtained from
mulation. We first explain the experimental setup and
hemes to be compared against the proposed CTPKM.
hen we conduct a comparative performance experiments
nd demonstrate numerical results with analysis.
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
.1. Experimental setup
Our simulation is conducted using an event driven sim-
lator SMPL [42] . Table 3 gives the set of parameters and
eir default values for defining the simulation environ-
ent. We use the optimal trust chain length (i.e., T C = 4 )
nd (α, γ ) = (0 . 1 , 0 . 95) where α is a weight for direct ev-
ence, 1 − α is a weight for indirect evidence, and γ is a
ecay factor. This setup environment is used for maximiz-
g trust accuracy (or minimizing trust bias) while main-
ining acceptable communication overhead due to trust
ssessment. The optimal TC and ( α, γ ) parameter settings
re determined following our prior work [10,43] and the
etail is not repeated here.
To model the mobility patterns of nodes in a MANET,
e use CRAWDAD human mobility traces collected by
AIST [41] with N = 92 nodes. To ensure the availability of
2 nodes’ mobility data, we take the initial 4 h of mobility
ata in order to trace available locations of all 92 nodes.
node may leave or join the network with the interval of
/μ = 4 h and 1 /λ = 1 h, respectively. Due to sparse net-
ork connectivity, we scale down the operational area in
rder for nodes to have a sufficient level of interactions
ased on the radio range given ( R = 250 m ).
Initial values for each trust component are seeded with
random variable selected from the range in [ GB , 1] based
n uniform distribution where GB is the lower bound. The
ust values are also affected by network conditions and
nk reliability ( P r ) in competence and the number of en-
ountered entities by node j (N
e j ) in social contact. The ini-
al estimated trust value at time t = 0 is set to 0.5, imply-
g ignorance (complete uncertainty). We report the im-
act of key design parameters on the four metrics defined
Section 3.4 . We vary three key design parameters to ex-
mine their effects: (1) the trust threshold ( T th ); (2) the
ercentage of compromised nodes ( P c ); and (3) the degree
f the attack intensity ( P a ). In order to model attackers’ be-
aviors in Section 3.1 , P c and P a are the key design param-
ters. If a node is selected as compromised based on P c .e., P c fraction of nodes is compromised), it will perform
ny attacks described in Section 3.1 with the probability
a . The scenarios that a malicious node performs attack are
xplained in detail in Section 3.1 .
We allow a 30 min warm-up period ( T w
) for peer-to-
eer trust evaluation to reach a sufficiently accurate level.
e use a 5 min trust update interval ( T u ) and a 2 min
roup communication interval ( T g ). For group communi-
ations among legitimate member nodes, each node sends
ut a packet to all nodes whose public keys are available
it. Each data point shown is based on the average of 50
bservations of performance data collected during the 4 h
f simulation time. All results are shown with 95 % confi-
ence interval (CI) for each data point.
.2. Schemes for performance comparison
We compare CTPKM with a baseline scheme and two
xisting schemes. The baseline scheme is a non-trust-
ased key management which follows all key management
rocedures in CTPKM except for trust management. The
ther two existing schemes are selected from the class of
public key management in mobile ad hoc networks, Ad
12 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
s well, u
is a we
gement
vior, cal
yment t
m its ac
d 971
s 972
973
974
975
s 976
977
e 978
- 979
- 980
f 981
982
d 983
d 984
. 985
f 986
g 987
988
989
- 990
991
t 992
e 993
994
t 995
, 996
ll 997
e 998
- 999
10 0 0
d 1001
e 1002
t 1003
e 1004
d 1005
g 1006
1007
s 1008
d 1009
1010
n 1011
n 1012
- 1013
f 1014
s 1015
t 1016
1017
n 1018
c 1019
e 1020
s 1021
- 1022
- 1023
- 1024
e 1025
t 1026
- 1027
t 1028
o 1029
d 1030
e 1031
- 1032
s 1033
c 1034
- 1035
o 1036
1037
1038
1039
- 1040
- 1041
- 1042
1043
1044
n 1045
n 1046
Table 3
System parameters and default values.
Parameters Meaning
GB Lower bound of the probability that a node behave
α A weight to consider direct evidence while (1 − α)
γ A trust decay factor
T th Trust threshold used in the operations of key mana
TC Length of a trust chain
P a Probability that an attacker exhibits malicious beha
T w Warm up period in the beginning of network deplo
T u Trust update interval
ρ A constant to normalize the social contact trust
LT The total simulation time
T g Group communication time interval
P r Probability that a link is reliable for transmission
P c Percentage of compromised nodes in a network
R Wireless radio range
N Total number of nodes in a network
1/ λ Average time interval a node joins a network
1/ μ Average time interval a node leaves a network
P d Standard deviation of a node’s average behavior fro
certificate-based public key management [20,21] , discusse
in Section 2.1 . The two existing key management protocol
are selected for performance comparison against CTPKM
for the following reasons:
• The two existing key management schemes fall within
the class of certificate-based public key management a
CTPKM for fair performance comparison.
• As CTPKM, both schemes use the concept of trust as th
basis of decision making such as selecting a trustwor
thy CA [20] and authenticating the certificate of a pub
lic key of a target node based on the web of trust o
intermediate nodes in the certificate path [21] .
• Chang and Kuo’s work [20] represents a centralize
public key management with the existence of a truste
party as is often assumed in many existing works
Dahshan and Irvin’s work [21] follows the concept o
the web of trust as is often used in many existin
works to ensure accurate trust assessment of entities in
traditional security services such as PGP.
We explain how they are implemented in detail as fol
lows:
• Trust-based back-up CA/CA key managemen
(TBA/CA) [20] : This work uses trust to select th
CA and back-up CA (BCA) for key management in
MANETs. We tailor it to fit the network environmen
targeted in this work for fair comparison. In TBA/CA
the most trustworthy node with the highest overa
trust value (assuming an equal weight for the thre
trust components) becomes the CA and the next high
est trustworthy node becomes the BCA. When the CA
is leaving, the BCA takes the role of the new CA an
accordingly a new BCA is selected. Like CTPKM, th
trust metric is based on the combination of direc
and indirect evidence. However, the indirect evidenc
used in this scheme is based on the derived measure
trust with all nodes (except the target node) servin
as the recommenders. This is in contrast to CTPKM
which uses only 1-hop neighbors of the target node a
the recommenders where indirect evidence is derive
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
Value
sed in deriving ground truth trust, P X i
0.8
ight to consider indirect evidence 0.1
0.95
and group communication 0.3
4
led attack intensity 0.5
o establish initial trust 30 min
5 min
5
4 h
2 min
0.99
20%
250 m
92
1 h
4 h
tual behavior accounting for behavior variation over time 0.05
based on the recommender’s direct experience in
order to avoid any impact of compromised nodes o
the source of indirect recommendation [10] . Also i
TBA/CA, the CA maintains all key pairs and dissemi
nates a key pair to the intended owner regardless o
the status of the owner node (whether the node i
compromised or not). We apply equal weight to direc
and indirect evidence.
• Key management in web of trust (KMiWoT) [21] : I
this scheme, each node issues a pair of private/publi
keys and gets a certificate issued by a neighbor nod
who believes there is a binding between this node’
ID and its public key. To compute the trust of a tar
get node, a node first finds a certificate chain of pub
lic keys, the last of which is the public key of the tar
get node under trust evaluation. Then the trust valu
of the target node is computed by the product of trus
values of the intermediate nodes on the path of the cer
tificate chain. Essentially trust in KMiWoT means trus
in the certificate authenticating a public key belongs t
a particular node. A node can obtain the authenticate
public key of a target node via two ways: (1) the nod
itself issues a certificate to the target node who had re
quested its public key to be certified; (2) the node find
a certificate chain leading to the target node’s publi
key. Trust estimation relies on the existence of a cer
tificate chain to obtain authenticated public keys. If n
certificate chain is found, trust will not be updated.
4.3. Comparative performance analysis
In this section, we compare the performance of CTPKM
with non-trust-based and trust-based counterparts includ
ing NTB, TBA/CA [20] , and KMiWoT [21] under varying pa
rameter values including trust threshold ( T th ), the percent
age of compromised nodes, and attack intensity ( P a ).
4.3.1. Effect of trust threshold
First we examine the impact of a trust threshold T th o
the trust bias and four performance metrics as discussed i
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 13
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
( T th ) on
S1047
tr1048
a1049
fe1050
1051
tr1052
tu1053
≈1054
ti1055
is 1056
p 1057
c 1058
is 1059
p 1060
d 1061
th 1062
is 1063
fr 1064
P
H
Fig. 2. Effect of trust threshold
ection 3.4 . In Fig. 2 , we compare the performance of three
ust-based approaches, CTPKM, KMiWoT, and TBA/CA as
ll trust-based schemes use a trust threshold as a design
ature.
Fig. 2 (a) shows trust bias in competence ( B C ) of three
ust-based schemes. When T th < 0.4, B C is somewhat fluc-
ating but the overall performance is ordered as CTPKM
TBA/CA > KMiWoT. The high inaccuracy of trust estima-
on in KMiWoT is because peer-to-peer trust estimation
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
trust bias and performance.
only possible when each node has the certificate of a
eer’s public key. In KMiWoT, a node can issue a certifi-
ate of a peer’s public key only when the peer’s trust value
higher than a given trust threshold. Thus, if a node’s
ublic key certificate is not available, trust cannot be up-
ated. In addition, when two nodes are apart with more
an 1-hop distance, the trust of a trustor toward a trustee
calculated based on the sum of trust values obtained
om multiple paths (if available) where each trust value is
public key management in mobile ad hoc networks, Ad
14 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
computed based on the product of trust values of all in- 1065
termediate nodes on the path [21] . Under a highly dy- 1066
namic environment such as MANETs, a path between two 1067
nodes may not exist. In addition, even if there exists any 1068
path between two distant nodes, the product of trust val- 1069
ues of all intermediate nodes can decay trust values too 1070
quickly, which leads to high inaccuracy of trust estimation 1071
(i.e., high trust bias) in KMiWoT as shown in Fig. 2 (a). The 1072
trends of the trust biases in the other two dimensions are 1073
similar, thus we do not show them due to space constraint. 1074
In Fig. 2 (b), we compare the fraction of correct pub- 1075
lic keys ( F) of the three trust-based key management 1076
schemes under varying T th . KMiWoT performs comparably 1077
or better than CTPKM and TBA/CA under T th ≤ 0.2. When 1078
T th > 0.2, the performance order is as CTPKM > TBA/CA > 1079
KMiWoT. In particular, it is noticeable that KMiWoT crashes 1080
when T th > 0.3 because of high trust bias. The low perfor- 1081
mance of TBA/CA compared to CTPKM is because TBA/CA 1082
does not filter recommendations (i.e., indirect trust evi- 1083
dence) while CTPKM only uses recommendations filtered 1084
from trustworthy sources based on T th . In Fig. 2 (c), we 1085
compare service availability ( A ) performances of the three 1086
schemes. Similar to the trends observed in Fig. 2 (b), when 1087
T th > 0.3, the performance order is observed as CTPKM > 1088
TBA/CA > KMiWoT due to high trust bias in KMiWoT and 1089
unfiltered recommendations used in TBA/CA. 1090
In Fig. 2 (d), we compare the performance of the three 1091
schemes in information risk ( R ). In all cases, lower infor- 1092
mation risk is observed as T th increases because a high 1093
trust threshold only allows public key generation and dis- 1094
tribution of highly trustworthy nodes. When T th > 0.1, we 1095
observe significantly high performance of CTPKM in infor- 1096
mation security, compared to the other two schemes, with 1097
the performance order of CTPKM ≥ KMiWoT > TBA/CA. 1098
TBA/CA shows the highest information risk because it can- 1099
not deal with the case that a CA or back-up CA is com- 1100
promised. KMiWoT also shows a higher information risk 1101
than CTPKM because of high trust bias. In Fig. 2 (e), we 1102
compare the communication overhead ( C) of the three 1103
schemes and observed the performance order of KMi- 1104
WoT > CTPKM > TBA/CA. Although KMiWoT performs the 1105
best among three in C, its performances in F and A are 1106
very low, which offsets the merit of KMiWoT compared to 1107
CTPKM. 1108
For the next two sections, we vary the percentage 1109
of compromised nodes, P c , and the degree of attack in- 1110
tensity, P a , and investigate their impact on the perfor- 1111
mance metrics. In order to use the same trust thresh- 1112
old in all schemes for fair comparison, we chose 0.3 as 1113
the trust threshold even though an optimal trust thresh- 1114
old can be differently selected in each scheme. We set 1115
P a = 0 . 5 and P c = 0 . 2 unless they are varied for sensitivity 1116
1117
1118
e 1119
, 1120 ) 1121
- 1122
1123
- 1124
ble to TBA/CA because more compromised nodes will deter 1125
each node from obtaining accurate trust evidence. We ob- 1126
serve that KMiWoT performs the worst among three due 1127
to the way of trust estimation using excessive trust decay 1128
over space and a lack of paths existing between nodes that 1129
have each other’s public key certificates. In Fig. 3 (b), we 1130
compare the fraction of correct public keys ( F) of the three 1131
trust-based schemes and one non-trust based scheme. The 1132
performance order is NTB > CTPKM > TBA/CA ≈ KMiWoT. 1133
Although NTB performs the best among three in this met- 1134
ric, it loses its advantage because it incurs high informa- 1135
tion risk (see Fig. 3 (d)). Compared to the performance of 1136
TBA/CA and KMiWoT, CTPKM performs significantly bet- 1137
ter with the minimum information risk exposed. Fig. 3 (c) 1138
shows the performance comparison of the four schemes 1139
in service availability ( A ) with the performance order of 1140
CTPKM ≥ NTB ≈ KMiWoT > TBA/CA overall. With the same 1141
reason discussed in Fig. 2 (d) and (e), the performance or- 1142
der in information risk ( R ) is as CTPKM > KMiWoT > 1143
TBA/CA > NTB in Fig. 3 (d) while the performance order 1144
in communication cost ( C) is KMiWoT > NTB > CTPKM > 1145
TBA/CA in Fig. 3 (e). KMiWoT incurs the least communica- 1146
tion overhead because it leverages the existence of public 1147
key certificates for trust estimation which does not intro- 1148
duce extra communication overhead. Also, it does not per- 1149
form trust assessment in the absence of the public key cer- 1150
tificates. 1151
4.3.3. Effect of attack intensity 1152
Lastly this section demonstrates the performance of the 1153
four schemes as the attack intensity, P a , varies. In Fig. 4 (a), 1154
we observe a similar trend of trust bias in competence 1155
of the three trust-based schemes like Fig. 3 (a), with the 1156
performance order of CTPKM ≥ TBA/CA > KMiWoT. In 1157
Fig. 4 (a), as the attack intensity ( P a ) increases, CTPKM sig- 1158
nificantly outperforms its trust-based counterparts partic- 1159
ularly when P a > 0.4. When P a ≤ 0.4, TBCA/BA performs 1160
better than CTPKM because TBCA/BA uses more trust ev- 1161
idence at the expense of a high communication overhead 1162
(since it uses recommendations from all nodes in the net- 1163
work) and can achieve a high accuracy of trust estimation 1164
when the attack intensity is low. On the other hand, when 1165
the attack intensity is high, P a > 0.4, it helps CTPKM accu- 1166
rately estimate trust because an attacker will consistently 1167
exhibit the same bad behavior. 1168
In Fig. 4 (b), the trends of performance comparison in 1169
F are similar to those in Fig. 3 (b). However, one noticeable 1170
difference is that NTB drops its performance with the high- 1171
est attack intensity, 1, because NTB has no defense feature 1172
against high attack intensity. This is also clearly supported 1173
by the highest information risk ( R ) in NTB with the high- 1174
est attack intensity, as observed in Fig. 4 (d). 1175
d 1176
- 1177
- 1178
r 1179
o 1180
1181
- 1182
, 1183
g 1184
analysis.
4.3.2. Effect of percentage of compromised nodes
This section shows the performance comparison of th
four schemes as the percentage of compromised nodes
P c , varies. Fig. 3 (a) shows trust bias in competence ( B C
for the three trust-based schemes. In Fig. 3 (a), as P c in
creases, more compromised nodes exist in the network. In
this case, CTPKM performs better than or at least compara
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
The performance trends in information risk ( R ) an
communication overhead ( C) in Fig. 4 (c) and (e) are sim
ilar to those in Fig. 3 (c) and (e). With DoS attacks, a com
promised node can keep requesting public keys of othe
nodes even if it already has their public keys in order t
increase traffic which can waste the network resource. A
trust-based key management scheme would make a de
cision for key management operations such as issuance
distribution, request, and update based on the requestin
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 15
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
ed nod
n1185
C1186
n1187
q1188
p1189
in1190
a1191
su1192
n1193
T1194
c 1195
ti 1196
1197
se 1198
si 1199
th 1200
te 1201
g 1202
p 1203
in 1204
P
H
Fig. 3. Effect of percentage of compromis
ode’s trust. Therefore, an accurate trust protocol such as
TPKM can ignore requests issued from “untrustworthy ”
odes, thereby effectively thwarting DOS attacks. Conse-
uently, CTPKM is relatively insensitive to the increased
ercentage of compromised nodes P c or increased attack
tensity P a in communication cost as shown in Figs. 3 (e)
nd 4 (e), respectively. However, a non-trust-based scheme
ch as NTB will serve all requests even from compromised
odes because it does not use trust for decision making.
his causes a significant traffic increase as P c or P a in-
lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
es ( P c ) on trust bias and performance.
reases, as demonstrated in Figs. 3 (e) and 4 (e), respec-
vely.
In TBA/CA and KMiWoT, we do not observe much
nsitivity of the performance over varying attack inten-
ty. Although KMiWoT has slightly better performance
an CTPKM in information risk when the attack in-
nsity is high, the information risk ( R ) of KMiWoT in
eneral is too high. A reason is that KMiWoT performs
oorly in the fraction of correct public keys ( F), as shown
Fig. 4 (b).
public key management in mobile ad hoc networks, Ad
16 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
Fig. 4. Effect of attack intensity ( P a ) on trust bias and performance.
5. Conclusions 1205
- 1206
- 1207
e 1208
1209
o 1210
y 1211
- 1212
- 1213
t 1214
1215
The design of the proposed trust metric and trust- 1216
based key management scheme properly reflects the de- 1217
- 1218
: 1219
d 1220
d 1221
y 1222
r 1223
- 1224
a 1225
- 1226
n 1227
In this paper, we proposed a CTPKM for MANETs. Con
sidering three different trust dimensions, namely, compe
tence, integrity, and social contact, CTPKM enables a nod
to make decisions while interacting with others based on
their trust levels. We devised four performance metrics t
analyze the impact of our trust threshold based public ke
management design on security vulnerability (i.e., informa
tion risk), availability (i.e., fraction of valid, correct and un
compromised public keys and service availability), and cos
(i.e., communication cost).
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
sirable properties of trustworthy systems for MANET envi
ronments [5] discussed in Section 2 in the following way
(1) the use of a trust threshold adjusts potential risk an
thus mitigates the impact of risk; (2) trust is measure
based on node behavioral evidence in the context of ke
management; (3) a node decides whether to trust othe
nodes in the process of key management operations in or
der to maximize the distribution of valid public keys; (4)
node learns other nodes’ trust over time based on past ex
perience in addition to new evidence; and (5) our desig
d public key management in mobile ad hoc networks, Ad
14
J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx 17
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
enhances both security and performance, leading to a high 1228
system reliability. 1229
We conducted a comparative performance analysis of 1230
our proposed CTPKM against a counterpart non-trust- 1231
based scheme and two existing trust-based key manage- 1232
ment schemes. We found that CTPKM with a trust thresh- 1233
old design to filter untrustworthy messages or operations 1234
can minimize security vulnerability while achieving high 1235
availability, without incurring high communication cost. In 1236
this work, we assumed a single threshold for node trust- 1237
worthiness classification. As a future work direction, we 1238
plan to investigate more sophisticated fuzzy failure crite- 1239
ria as in [44–46] to further enhance CTPKM performance. 1240
Acknowledgments 1241
This work is supported in part by the U.S. Army Re- 1242
search Laboratory and the U.S. Army Research Office un- 1243
der contract no. W911NF-12-1-0445. This research was also 1244
partially supported by the Department of Defense (DoD) 1245
through the office of the Assistant Secretary of Defense 1246
for Research and Engineering (ASD (R&E)). The views and 1247
opinions of the author(s) do not reflect those of the DoD 1248
or ASD (R&E). 1249
References 1250
[1] K.S. Cook, Trust in society, Russell Sage Foundation Series on Trust, 1251 vol. 2, New York, 2003. 1252
[2] M. Blaze, J. Feigenbaum, J. Lacy, Decentralized trust management, Q3 1253 in: Proceedings of IEEE Symposium on Security and Privacy, 1996, 1254 pp. 164–173. 1255
[3] L. Eschenauer, V.D. Gligor, J. Baras, On trust establishment in mobile 1256 ad hoc networks, in: Proceedings of 10th International Security Pro- 1257 tocols Workshop, Cambridge, UK, vol. 2845, 2002, pp. 47–66. 1258
[4] J.S. Baras, T. Jiang, Managing trust in self-organized mobile ad hoc Q4 1259 networks, in: Proceedings of 12th Annual Network and Distributed 1260 System Security Symposium Workshop, San Diego, CA, 2005. 1261
[5] J.-H. Cho, A. Swami, I.-R. Chen, A survey of trust management in mo- 1262 bile ad hoc networks, IEEE Commun. Surv. Tutor. 13 (4) (2011) 562–1263 583. 1264
[6] F. Bao, I.-R. Chen, M. Chang, J.-H. Cho, Trust-based intrusion detec- 1265 tion in wireless sensor networks, in: IEEE International Conference 1266 on Communication, Kyoto, Japan, 2011, pp. 1–6. 1267
[7] F. Bao, I.-R. Chen, M. Chang, J.-H. Cho, Hierarchical trust manage- 1268 ment for wireless sensor networks and its applications to trust- 1269 based routing and intrusion detection, IEEE Trans. Netw. Service 1270 Manag. 9 (2) (2012) 161–183. 1271
[8] I.-R. Chen, F. Bao, M. Chang, J.-H. Cho, Trust management for 1272 encounter-based routing in delay tolerant networks, in: IEEE Global 1273 Communications Conference, Miami, Florida, USA, 2010, pp. 1–6. 1274
[9] R.B. Bobba, L. Eschenauer, V. Gligor, W. Arbaugh, Bootstrapping 1275 security associations for routing in mobile ad hoc networks, in: 1276 IEEE Global Communications Conference, San Francisco, CA, 2003, 1277
1278 [11279
1280 1281
[11282 1283 1284
[11285 1286 1287
[11288 1289 1290
[11291 1292 1293
[15] S. Capkun, L. Buttya, J.-P. Hubaux, Self-organized public-key manage- 1294 ment for mobile ad hoc networks, IEEE Trans. Mobile Comput. 2 (1) 1295 (2003) 52–64. 1296
[16] K.K. Chauhan, S. Tapaswe, A secure key management system in 1297 group structured mobile ad hoc networks, in: 2010 IEEE Interna- 1298 tional Conference on Wireless Communications, Networking and In- 1299 formation Security, Beijing, China, 2010, pp. 307–311. 1300
[17] H. Huang, S.F. Wu , An approach to certificate path discovery in mo- Q5 1301 bile ad hoc networks, in: 1st ACM Workshop on Security of Ad Hoc 1302 and Sensor Networks, 2003. 1303
[18] J. Huang, D. Nicol, A calculus of trust and its application to PKI and 1304 identity management, in: ACM 8th Symposium on Identity and Trust 1305 on the Internet, Gaithersburg, MD, USA, 2009. 1306
[19] B. Wu, J. Wu, E. Fernandez, S. Magliveras, Secure and efficient key 1307 management in mobile ad hoc networks, in: Proceedings of 19th 1308 IEEE International Parallel and Distributed Processing Symposium, 1309 Denver, CO, 2005. 1310
[20] B.-J. Chang, S.-L. Kuo, Markov chain trust model for trust-value anal- 1311 ysis and key management in distributed multicast MANETs, IEEE 1312 Trans. Vehic. Technol. 58 (5) (2009) 1846–1863. 1313
[21] H. Dahshan, J. Irvin, A robust self-organized public key management 1314 for mobile ad hoc networks, Secur. Commun. Netw. 3 (1) (2010) 16– 1315 30. 1316
[22] R. PushpaLakshmi, A. Kumar, R. Rahul, Mobile agent based compos- 1317 ite key management scheme for MANET, in: 2011 International Con- 1318 ference on Emerging Trends in Electrical and Computer Technology, 1319 Tamil Nadu, India, 2011, pp. 964–969. 1320
[23] N.V. Vinh, M.-K. Kim, H. Jun, N.Q. Tung, Group-based public- 1321 key management for self-securing large mobile ad-hoc networks, 1322 in: International Forum on Strategic Technology, 2007, pp. 250– 1323 253. 1324
[24] L. Xu, X. Wang, J. Shen, Strategy and simulation of trust cluster 1325 based key management protocol for ad hoc networks, in: 4th Inter- 1326 national Conference on Computer Science and Education, Nanning, 1327 China, 2009, pp. 269–274. 1328
[25] S. Kent, Privacy Enhancement for Internet Electronic Mail: Part II: 1329 Certificate-Based Key Management, Technical Report, Network Work- 1330 ing Group, 1993. 1331
[26] A. Shamir, How to share a secret, Commun. ACM 22 (1979) 612–613. 1332 [27] Y.G. Desmedt, Threshold cryptography, Eur. Trans. Telecommun. 5 (4) 1333
(1994) 449–458. 1334 [28] L. Zhou, Z.J. Haas, Securing ad hoc networks, IEEE Netw. Mag. 13 (6) 1335
(1999) 24–30. 1336 [29] H. Dahshan, J. Irvine, A trust based threshold cryptography key man- 1337
agement for mobile ad hoc networks, in: IEEE 70th Vehicular Tech- 1338 nology Conference, Anchorage, AK, USA, 2009, pp. 1–5. 1339
[30] A. Shamir, Identity-based cryptosystems and signature schemes, in: 1340 CRYPTO’84, 1984, pp. 47–53. 1341
[31] A. Boudguiga, M. Laurent, Key-escrow resistant ID-based authentica- 1342 tion scheme for IEEE 802.11s mesh networks, in: IEEE Wireless Com- 1343 munications and Networking Conference (WCNC’11), 2011, pp. 784– 1344 789. 1345
[32] A. Boudguiga, M. Laurent, An EAP ID-based authentication method 1346 for wireless networks, in: International Conference for Internet 1347 Technology and Secured Transactions (ICITST’11), 2011, pp. 232– 1348 239. 1349
[33] Z. Zhao, Z. Zhao, X. Tang, Y. Liu, A new ID-based blind signature from 1350 bilinear pairings, in: IET International Conference on Wireless, Mo- 1351 bile and Multimedia Networks, 2006, pp. 1–4. 1352
[34] F.R. Yu, H. Tang, P.C. Mason, F. Wang, A hierarchical identity based 1353 key management scheme in tactical mobile ad hoc networks, IEEE 1354 Trans. Netw. Service Manag. 7 (4) (2010) 258–267. 1355
[35] S.S. Al-Riyami, K.G. Paterson, Certificateless public key cryptography, 1356 in: 9th International Conference on the Theory and Application of 1357
1358 [3 1359
1360 1361
[3 1362 1363 1364 1365
[3 1366 1367 1368 1369
[3 1370 1371 1372
P
H
pp. 1511–1515. 0] J.-H. Cho, A. Swami, I.-R. Chen, Modeling and analysis of trust man-
agement with trust chain optimization in mobile ad hoc networks, J.
Netw. Comput. Appl. 35 (3) (2010) 1001–1012. 1] J.-H. Cho, M. Chang, I.-R. Chen, A. Swami, Trust Management VI, IFIP
Advances in Information and Communication Technology, vol. 374, Springer, Berlin Heidelberg, pp. 52–67.
2] I.-R. Chen, F. Bao, M. Chang, J.-H. Cho, Dynamic trust management for delay tolerant networks and its application to secure routing,
IEEE Trans. Parallel Distrib. Syst. 25 (5) (2014) 120–1210.
3] M. Mahmoud, X. Lin, X. Shen, Secure and reliable routing protocols for heterogeneous multihop wireless networks, IEEE Trans. Parallel
Distrib. Syst. 26 (4) (2015) 1140–1153. 4] E.D. Silva, A.D. Santos, L. Albini, M. Lima, Identity-based key manage-
ment in mobile ad hoc networks: Techniques and applications, IEEE
Wireless Commun. 15 (5) (2008) 46–52.lease cite this article as: J.-H. Cho et al., Trust threshold based
oc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.014
Cryptology and Information Security, vol. 2894, 2003, pp. 452–473. 6] Y. Zhang, W. Liu, W. Lou, Y. Fang, Securing mobile ad hoc networks
with certificateless public keys, IEEE Trans. Depend. Secure Comput.
3 (4) (2006) 386–399. 7] A .M. Arokiaraj, A . Shanmugam, ACS: An efficient address based cryp-
tography scheme for mobile ad hoc networks security, in: Inter- national Conference on Computer and Communication Engineering,
2008, pp. 52–56. 8] Y. Zhang, W. Liu, W. Lou, Y. Fang, Y. Kwon, AC-PKI: anonymous and
certificateless public-key infrastructure for mobile ad hoc networks,
in: IEEE International Conference on Communications (ICC’05), vol. 5, 2005, pp. 3515–3519.
9] H. Sun, X. Zheng, Z. Deng, An identity-based and threshold key man- agement scheme for ad hoc networks, in: International Conference
on Networks Security, Wireless Communications and Trusted Com-
puting, Wuhan, Hubei, China, 2009, pp. 520–523. 1373public key management in mobile ad hoc networks, Ad
18 J.-H. Cho et al. / Ad Hoc Networks xxx (2016) xxx–xxx
ARTICLE IN PRESS
JID: ADHOC [m3Gdc; March 5, 2016;13:51 ]
- 1374 ) 1375
1376 - 1377
Q6 1378
s 1379 1380
- 1381 c 1382
1383 - 1384 ) 1385
1386 - 1387 - 1388
1389 - 1390 ) 1391
1392
e 1393 e 1394 e 1395 s 1396 e 1397 . 1398 - 1399 r 1400 p 1401 n 1402 - 1403 - 1404 e 1405 e 1406 e 1407 e 1408 n 1409
1410
e 1411 d 1412 e 1413 - 1414 e 1415 e 1416 y, 1417 - 1418 y 1419 s 1420 - 1421 d 1422 a 1423 tt 1424 e 1425
1426
- 1427 1428
d 1429 r- 1430 e 1431 l 1432 . 1433 - 1434 h 1435 - 1436 - 1437 g 1438 - 1439
r- 1440 1441
[40] L.-C. Li, R.-S. Liu, Securing cluster-based ad hoc networks with distributed authorities, IEEE Trans. Wireless Commun. 9 (10) (2010
3072–3081. [41] Dartmouth University, Mobility traces data from crawdad (a commu
nity resource for archiving wireless data at Dartmouth). [42] M.H. MacDougall, Simulating Computer Systems, Computer System
Series, The MIT Press, 1987.
[43] J.-H. Cho, I.-R. Chen, P. Feng, Effect of intrusion detection on reliability of mission-oriented mobile group systems in mobile ad ho
networks, IEEE Trans. Reliab. 59 (1) (2010) 231–241. [44] I.-R. Chen, F. Bastani, Effect of artificial-intelligence planning
procedures on system reliability, IEEE Trans. Reliab. 40 (3) (1991364–369.
[45] F.B. Bastani, I.-R. Chen, T. Tsao, Reliability of systems with fuzzyfailure criterion, in: Annual Reliability and Maintainability Sympo
sium, Anaheim, CA, 1994, pp. 4 42–4 48.
[46] I.-R. Chen, F. Bastani, T. Tsao, On the reliability of AI planning software in real-time applications, IEEE Trans. Knowl. Data Eng. 7 (1
(1995) 4–13.
Jin-Hee Cho received the B.A. degree from th
Ewha Womans University, Seoul, Korea and thM.S. and Ph.D. degrees in computer scienc
from the Virginia Tech. Since 2009, she ha
been working as a computer scientist at thU.S. Army Research Laboratory, Adelphi, MD
Her research interests include wireless mobile networks, mobile ad hoc networks, senso
networks, secure group communications, groukey management, network security, intrusio
detection, performance analysis, trust manage
ment, cognitive networks, social networks, dynamic networks, and resource allocation. Sh
received the best paper awards in IEEE TrustCom09 and BRIMS13. Shreceived the 2015 IEEE Communications Society William R. Bennett Priz
in the Field of Communications Networking. She is selected to receive thPresidential Early Career Award for Scientists and Engineers (PECASE) i
2016. She is a senior member of the IEEE and a member of the ACM.
Please cite this article as: J.-H. Cho et al., Trust threshold base
Hoc Networks (2016), http://dx.doi.org/10.1016/j.adhoc.2016.02.0
Ing-Ray Chen received the B.S. degree from th
National Taiwan University, Taipei, Taiwan, anthe M.S. and Ph.D. degrees in computer scienc
from the University of Houston. He is a pro
fessor in the Department of Computer Sciencat Virginia Tech. His research interests includ
mobile computing, wireless systems, securittrust management, intrusion detection, and re
liability and performance analysis. He currentlserves as an editor for IEEE Communication
Letters, IEEE Transactions on Network and Ser
vice Management, The Computer Journal, anSecurity and Network Communications. He is
recipient of the 2015 IEEE Communications Society William R. BennePrize in the field of Communications Networking. He is a member of th
IEEE and ACM.
Kevin S. Chan received the B.S. degree in electrical and computer engineering (ECE)/EPP from
Carnegie Mellon University (Pittsburgh, PA) anthe Ph.D. degree in ECE and MSECE from Geo
gia Institute of Technology (Atlanta, GA). His a research scientist with the Computationa
and Information Sciences Directorate at the U.S
Army Research Laboratory (Adelphi, MD). Previously, he was an ORAU postdoctoral researc
fellow at ARL. His research interests are in network science, with past work in dynamic net
works, trust and distributed decision makinand quality of information through ARL’s Net
work Science Collaborative Technology Alliance and Network and Info
mation Sciences International Technology Alliance.
d public key management in mobile ad hoc networks, Ad
14