1 robust trust establishment for manets by charikleia zouridaki ece dept., george mason university...
TRANSCRIPT
![Page 1: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/1.jpg)
1
Robust Trust Establishment for MANETs
by Charikleia Zouridaki
ECE Dept., George Mason University
Fairfax, VA 22030
Joint work with: Brian L. Mark, Marek Hejmo (GMU)
Roshan K. Thomas (SPARTA, Inc.)
Network/Computer Security Workshop 2006Lehigh University, Bethlehem, PA
May 15-16, 2006
![Page 2: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/2.jpg)
2
Agenda
1. Introduction – Problem Statement
2. Preliminaries: Overview of Hermes*
3. Trust Evaluation using Acknowledgements
4. Formulation of Opinions
5. Security Analysis
6. Simulation Results
7. Conclusions
* C. Zouridaki, B. L. Mark, M. Hejmo, R. K. Thomas, A Quantitative Trust Establishment Framework for Reliable Data Packet Delivery in MANETs. In Proc. 3rd ACM SASN’05, pp. 1-10, November 2005
![Page 3: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/3.jpg)
3
Mobile Ad hoc NETworks (MANETs)vs. infrastructured wireless networks
•Each computer can communicate with every wireless enabled computer•One of the computers is the “bridge” to the wired LAN
•Each mobile node gets connected to an access point•The access point “bridges” the wireless LAN to a wired LAN
MANET IETF definition: a MANET is an autonomous system of mobile routers (and associated hosts) connected by wireless links; the union of which forms an arbitrary graph
![Page 4: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/4.jpg)
4
Key Issues and Our Scope• Source node S must rely on other nodes to forward its packets
on multi-hop routes to destination node D
• Secure and reliable handling of packets by intermediate nodes is difficult to ensure • A malicious node within a route may drop packets
• Hermes • improves the reliability of packet forwarding over multi-hop routes in
the presence of malicious nodes both with respect to packet forwarding and trust propagation
• Hermes accurately computes Ti,j
• Under the assumption that the behavior of a given node with respect to propagating trust is no worse than its behavior in forwarding packets
• We extend Hermes to relax this assumption 3 types of misbehavior are considered
![Page 5: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/5.jpg)
5
Hermes Overview
Collect ObservationData
Utilize Information(collected in Phase 1)
To form opinion P
for each node
Use opinions P (derived in Phase 2)
To find the most“trusted” Route to D
Phase 1 Phase 2 Phase 3
Hermes does not differentiate malicious packet forwarding behavior from packet loss due to congestion or link breakage.
![Page 6: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/6.jpg)
6
Hermes Overview - detailed
observation data trust tconfidence c
Trustworthiness T
Opinion PAveraged opinionRouting opinion
VR P
Between neighbor nodes i, j
Between any pair of nodes i, mApplication of opinion metric to routing
Neighbors: nodes in transmission/reception range
t є [0, 1] degree to whicha neighbor can be trustedc є [0, 1] measure of statistical dispersion of t
T є [0, 1] = f (t, c)
P є [0, 1] = f (T) є [0, 1] = f (P) over observation windowsPVR є [0, 1] = f ( )P
![Page 7: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/7.jpg)
7
First-Hand Trust EvaluationBayesian Framework:•Random variable Rk є [0, 1], represents a notion of trust over an observation window W : mk= # of forwarded packets, nk= total # of packets
• Suppose a prior pdf for Rk-1:
•Then:
•so:
•At t = 0:
),(~)( 11 kkkkkk mnbmabetarf
),(~)( 111 kkk babetarf
kkkkkkk mnbbmaa 11 ,
)1,1()(0 betarf
),( kkkk bat
),(121 kkk bac
1,0 ct
0
5.00
0
c
t
• Trust & confidence, , are computed as:
•At t = 0:
beta(20, 20)
beta(180, 20)
![Page 8: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/8.jpg)
8
Trustworthiness T / Accumulation of Evidence
),(),0,5.0(
11
)1()1(
1
22
2
2
2
2
tTTTT
yx
yc
xt
T
acceptdef
• (x,y)-ellipses in the unit square determine the set of (t,c) pairs that are mapped to T as:
• θ: [-π/2, 0] and (x,y) determine the mapping from (t, c) to T
• Accumulation of Evidence• nodes snoop all received frames at the MAC layer & record packet delivery statistics of neighbor nodes •Windowing mechanisms, systematically expire old observation data to:
• improve the accuracy of the opinion metric• maintain the responsiveness of the system
![Page 9: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/9.jpg)
9
Extension: Trust Evaluation using Acknowledgements
• Motivation: obtain first-hand information for non-neighbor nodes
• ACK scheme: uses ACKs, timeouts, NACKs
• Nodes collect information about downstream nodes
s i1 i3 din
ACKi2
s i1 i3 dini2
NACK
s i1 i3 dini2
NACK
FIN
![Page 10: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/10.jpg)
10
s i1 i3 din
ACKi2
s i1 i3 dini2
NACK
Data MACs,d MACs,n MACs,2 MACs,1
packet
ACK r1d(k|0) r1
n(k|0) r12(k|0) r1
1(k|0)ACK packet
ACK r12(k|1) r1
1(k|1)NACK packet
Authentication of data and ACK/NACK packets
![Page 11: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/11.jpg)
11
Authentication of ACK/NACK packets• Let's consider
• a path R = {s, i1, i2,…, in-1, in = d}, where n>1, • a packet p of sequence number k, • the shared key Kj,s • an one-way hash function h(.)
• source constructs (n-1)+(n-2) hash chains, each of length three• (n-1) for ACK authentication • (n-2) for NACK authentication
• to ensure that malicious intermediate nodes cannot discard the MAC field of another node without being detected
• r0j (k|0) = (Kj,s|| k|| 0): first element for node ai for ACK auth.
• r0j (k|1) = (Kj,s|| k|| 1): first element for node ai for NACK auth.
• r1j (k|0), r1
j (k|1) & r2j (k|0), r2
j (k|1) are constructed by applying h(.)
For S: Data = data||k||r21(k|0)|| r2
2(k|0)|| r23(k|0)||…||r2
n(k|0)|| r2d(k|0)||r2
1(k|1)|| r2
2(k|1)|| r23(k|1)||…||r2
n(k|1)
![Page 12: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/12.jpg)
12
Trust Evaluation for Forwarding
• node X keeps packet delivery statistics for all nodes y
• compute first-hand tX,y and cX,y according to the Bayesian framework
• mapped to TX,y: allows for fine-grained node comparison
• Good nodes = T > Tdef, bad nodes = T ≤ Tdef
• Goal of the scheme: to identify bad nodes• even if it means a good node might temporarily appear as faulty by
sending valid NACKs
• We assume that if node X forwards packet p, it will also forward the corresponding ACK or NACK of p
![Page 13: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/13.jpg)
13
Extended Hermes: without Recommendations
Collect Data•MAC layer snooping for neighbors
•ACK scheme for non-neighbors
Update Record•Packet delivery statistics
Update Trustworthiness Tx
Opinion Formulation
Calculate Routing Opinion
Route Selection
Route Selection
Px=Tx
![Page 14: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/14.jpg)
14
Recommendations
Recommendations accelerate the convergence of the trust establishment procedures
• Node i asks for recommendations to: • establish trust opinion for node m, when Ti,m < Taccept,
• evaluate node j as a recommender
• Good recommender: TR > Tdef, bad recommender: TR
≤ Tdef
• Node i asks for d recommendations:• Good recommenders, nodes for which TR
< TRaccept,
• Bad recommenders if necessary
![Page 15: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/15.jpg)
15
Algorithm of Recommendations for node i
while recommendations for node m are sought do
choose recommender set D;
obtain f ≤ d recommendations;
if Ti,m<Taccept then
temporarily place Ttmpi,m = max{Tj,m:j in D};
end if
run RC-test for recommendation Tj,m, for every j in D;
update recommender trustworthiness TRi,j , for every j in D;
form opinion Pi,m;
end while
![Page 16: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/16.jpg)
16
Trustworthiness of Recommendations
• node i has Ti,m and received Tj,m from node j• The trustworthiness of the recommendation is evaluated as:
RC-test: |Ti,m-Tj,m| ≤ thr thr = threshold
• The RC-test outcome determines how the trustworthiness of the recommender is updated
• Exception: j is the upstream neighbor of m, m has initiated more than thr*100% NACKs
i j i3 dinm
NACK
![Page 17: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/17.jpg)
17
Trustworthiness of Recommenders
• Recommender Trustworthiness TRi,j is the trustworthiness that
i places to j in respect to reliable propagation of trustworthiness values T
• TR is updated according to the Bayesian framework as ~ beta(γ, δ)
• γk = γk-1 + η & δk = δk-1 + η
• η = 1, when RC-test succeeds
0, when RC-test succeeds
• tRk, cR
k, TRk are computed as functions of γk and δk
![Page 18: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/18.jpg)
18
Definition of Opinion
• Generalize the notion of trustworthiness opinion• First-hand & second-hand information
• max: because trustworthiness T • increases with the number of network observations
• is of bigger value when it has not been propagated many times in the network as recommendation
ji
jiT
TPPP
Rji
ji
defmjmjjij
mi
,1
,
for },{max
,,
,,,,
![Page 19: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/19.jpg)
19
Extended Hermes: with Recommendations
Calculate Opinion•Combine first-hand trustworthiness
& second-hand opinion
Run RC-test
Update Recommender Trustworthiness
Choose Recommender Set
Collect Data•MAC layer snooping for neighbors
•ACK scheme for non-neighbors
Update Record•Packet delivery statistics
Update Trustworthiness Tx
Trustworthiness Formulation
Calculate Routing Opinion
Route Selection
Route Selection
Opinion Formulation
![Page 20: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/20.jpg)
20
Security Properties of Extended Hermes
• Ability to model independence in malicious behaviors• Robustness against multiple false recommendations• Convergence in the identification of bad nodes• Resilience against multiple, concurrent and colluding
attacks• Independence from attack probability and placement• Resilience against duplication and replay
![Page 21: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/21.jpg)
21
Simulation Results
• 10 nodes • randomly placed in a 500 x 500 m area• wireless radio transmission range = 250 m• traffic flows are generated randomly, as a function of
• number of network nodes • min and max allowed number of nodes on a route
one or more attackers may participate per flow attackers may be neighbors or non-neighbors
• Nodes (randomly chosen) exhibit four types of behavior:• Type I: Good nodes and good recommenders;• Type II: Bad nodes and good recommenders;• Type III: Good nodes and bad recommenders;• Type IV: Bad nodes and bad recommenders.
![Page 22: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/22.jpg)
22
Simulation 1: Network View
• 8 random traffic flows, along different paths
• number of nodes on a route: min=4, max = 7
• Nodes 1, 3, 4, 5, 8, 9, 10: Type I
• Node 7: Type II: forwards 20% of packets
• Node 6: Type III: propagates recommendations of P = 0.5
• Node 2: Type IV: forwards 20% of packets, propagates recommendations of P = 0.5
• Source nodes send 100 data packets/round
• trustworthiness parameters are set as x = sqrt(2) and y = sqrt(9)
• threshold thr=0.1
![Page 23: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/23.jpg)
23
Simulation 1: Opinion of good node/recommender for all other nodes after (a) 1, (b) 3, (c) 10, (d) 30 rounds
![Page 24: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/24.jpg)
24
Simulation 1: Network view Pi,j, TRi,j
(a) Opinion Pi,j (b) Trustworthiness TRi,j
![Page 25: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/25.jpg)
25
Simulation 1: Network View Pi,j (a) with (b) without Recommendations
(b)
![Page 26: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/26.jpg)
26
Simulation 1: Node Behavior Changes
• nodes 1, 4, 5, 8, 9, 10: Type I• nodes 2, 6: bad recommenders, propagating P = 0,5• node 3: Type II• node 2 is good: rounds 1-5, bad: 6-50 (Type III Type IV)• node 7 is bad: rounds 1-10, good 11-50 (Type II Type I) • node 6: Type III• Good nodes = forward 100% packets • Bad nodes = forward 20% packets • Threshold thr = 0,1
![Page 27: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/27.jpg)
27
Simulation 2: Convergence Comparison
• BN-recognition %: the % of all bad nodes that are recognized as bad by all the members of the network• nodes 1, 3, 4, 5, 8, 9, 10: Type I• node 7: Type II• node 6: Type III• node 2: Type IV• Good nodes: forward 100% of packets• Bad nodes 20% • Good recommenders propagate valid trust values• Bad recommenders send P = 0,5 • Initially: 1 flow, add: 1 flow/round• number of nodes on a route = 5• Threshold thr = 0.1 • Trustworthiness parameters: x = sqrt(2), y=sqrt(9)
![Page 28: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/28.jpg)
28
Simulation 3: Hermes 2 vs. Hermes
•10 nodes, 5 traffic flows•Node 9: Bad, forwards 20% of packets•Hermes: bad nodes = bad recommenders Tdef used for trustworthiness calculation of nodes downstream of bad node •We simulated that: node 9 = bad recommender that propagates P = Tdef •Other nodes forward 90% of packets
![Page 29: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/29.jpg)
29
Conclusion
Main contributions of extended Hermes:
• an acknowledgement scheme for first-hand trust information with respect to non-neighbor nodes
• a recommendation scheme that is robust against the propagation of false trust information
Summary of extensions to Hermes:
• allows nodes to form accurate opinions for any network node
• models the independence of malicious behavior with respect to packet forwarding and trust propagation
• identifies the effect of attacks by individual or colluding malicious nodes
![Page 30: 1 Robust Trust Establishment for MANETs by Charikleia Zouridaki ECE Dept., George Mason University Fairfax, VA 22030 Joint work with: Brian L. Mark, Marek](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649f305503460f94c4a653/html5/thumbnails/30.jpg)
30
Thank you!
Questions?