Dynamic Trust Management for the Internet of Things Applications
Self-IoT 2012
1Sept. 17, 2012, San Jose, CA, USA
Fenye Bao and Ing-Ray Chen
Department of Computer Science, Virginia Tech
Contents
2
� Introduction
� System Model
� Dynamic Trust Management Protocol
� Protocol Description
� Convergence, Accuracy, and Resiliency
� Simulation Validation
� Trust Evaluation
� Trust-Based Service Composition
� Conclusion
Introduction
3
Goals
1. Provide an accurate and resilient trust assessment on trust level of IoT entities.
2. Apply the proposed trust management to IoTapplications in order to maximize the application
performance.
Background
4
� The Internet of Things (IoT) integrates a large amount of
everyday life devices from heterogeneous network
environments, bringing a great challenge into security and
reliability management.
� Smarts objects with heterogeneous characteristics need to
cooperatively work together.
� Most smart objects are human-carried or human-related
devices.
� Devices in IoT very often expose to public areas and
communicate through wireless, hence vulnerable to
malicious attacks.
Introduction
5
� The challenge
� Traditional approaches to protocol and network security, data and privacy management, identity management, trust and governance, and fault tolerance will not accommodate the requirements of IoT due to the scalability and the high variety of identity and relationship types.
� Little work on the trust management for IoT
� Chen, et al. [2011] proposed a trust management model based on fuzzy reputation for IoT.
� Considering a specific IoT with wireless sensors only
� Using QoS trust metrics only like packet forwarding/delivery ratio and energy consumption
Introduction
6
Our Solution
Propose dynamic trust management for a community-based social IoT environment by considering multiple social relationships among
device owners.
Introduction
7
� Contributions
� We define a community-based social IoT environment.
� We propose and analyze a trust management protocol (1)
considering social trust, and (2) using both direct observations
and indirect recommendations to update trust.
� We provide a formal treatment of the convergence, accuracy, and
resiliency properties.
� We validate these desirable properties through simulations and
demonstrate the effectiveness in trust-based service
composition.
System Model
8
� We consider a Social IoT [Atzori
et al. 2011] environment with no
centralized trusted authority.
� Social relationships: ownership,
friendship, community
� Malicious nodes aim to break the basic functionality of the IoT and perform trust related attacks: self-promoting, bad-mouthing, and good-mouthing.
� Uncooperative nodes act for their own interests.
Fig 1. Social Structures of the IoT.
System Model
9
� Social relationships
Communities
Owners Devices
friendship
ownership
community
m … m
1 … m
m
.
.
.
m
Trust Management Protocol
10
� Our trust management protocol for IoT is distributed.
� For scalability, a node may just keep its trust evaluation
towards a limited set of nodes of its interest.
� The trust management protocol is encounter-based as
well as activity-based.
� Two nodes encountering each other or involved in an
interaction activity can directly observe each other and
exchange trust evaluation toward others.
Trust Management Protocol
11
� The trust value ���� � is a real number in the range [0, 1].
� When node i encounters or directly interacts with another node k at time t, node i will update its trust assessment ���
� � as follows:
���� � =
1 − � ���� � − ∆� + ����
�,������� ,
��� == �;
(1 − )���� � − ∆� + ��
�,����� ,
���! = �;
X = honesty, cooperativeness, or community-interest
∆� is the elapsed time since the
last trust update (not fixed).
Trust Management Protocol
12
� Node i updates trust toward node j.
Trust Management Protocol
13
� Direct trust observations
� ���������,�����
� : This refers to the belief of node i that node j is honest based on node i’s direct observations toward node j.� Using a set of imperfect anomaly detection rules: false positives/negatives
� ������ �����������,�����
� : This provides the degree of cooperativeness of node j as evaluated by node i based on direct observations over 0, � .
� Using social friendship to characterize: �������(�)∩�������(�)
�������(�)∪�������(�)
� ��������������������,�����
� : This provides the degree of the common interest or similar capability of node j as evaluated by node i based on direct observations over 0, � .
� Considering community/group relationship: ����� �(�)∩����� �(�)
����� �(�)∪����� �(�)
friendship centrality
community centrality
Trust Management Protocol
14
� Indirect recommendations
� =����
� �
1 + ����
� �
� The contribution of recommended trust increases proportionally as either ���
� � or �increases.
� ���� � is the trust value of node i toward the recommender node k.
� Design parameters
� � ∈ [0, 1], ↑� higher weight of new direct info. vs. past info.
� � ∈ [0,+∞], ↑� higher weight of new recommendation vs. past info.
1. Assign weight 1 to current trust;
2. Assign weight ����� � to the new
recommendation;
3. Normalization.
Trust Management Protocol
15
� Trust convergence
� Lemma 1: The trust evaluation in our dynamic trust management
protocol converges as long as 0 < � ≤ 1 or � > 0.
� As long as we consider direction observations (� > 0) or
recommendations (� > 0 ⇒ � > 0) in each iteration, the effect
of initial trust value will eventually be eliminated.
���� � =
1 − � ���� � − ∆� + ����
�,������� ,
��� == �;
(1 − )���� � − ∆� + ��
�,����� ,
���! = �;
Trust Management Protocol
16
� Trust convergence speed
� Lemma 2: The trust convergence speed of our dynamic trust
management protocol increases as � or � increases (0 < � ≤ 1,
� > 0).
� The higher � or � is, the faster effect of initial trust value
approaches 0.
���� � =
1 − � ���� � − ∆� + ����
�,������� ,
��� == �;
(1 − )���� � − ∆� + ��
�,����� ,
���! = �;
Trust Management Protocol
17
� Trust fluctuation
� Lemma 3: The variance of the trust value after convergence in
our dynamic trust management protocol increases as � or �
increases (0 < � ≤ 1, � > 0).
� However, when � or � is higher, the protocol only takes into
account few recent observations / recommendations. It has the
similar effect with reducing the sample size, thus the variance
and trust fluctuation will be high.
� Lemmas 2 & 3 indicate that there is trade-off between
trust convergence speed and trust fluctuation.
Trust Management Protocol
18
� Trust accuracy and resiliency
� Lemma 4:The mean absolute error (MAE) of the trust evaluation
in our dynamic trust management protocol is less than �
���
���
�����
after trust convergence. The MAE decreases as � increases or �decreases. ( – percentage of malicious nodes, �� /��� – false
negative/positive probability for malicious detection)
� Higher � value means using more self-information.
� Lower � value means using less recommendations.
� Boundary conditions for �
���
���
�����.
The chance of being
attacked by false
recommendation is
lower.
Simulation Results
19
� IoT environment setting
� 50 smart objects, 20 owners, 10 communities
� 5 service providers needed in a request
� The average encountering frequency is about 0.25 per pair per hour.
� Anomaly detection with 5% false positives/negatives
Param Value Param Value Param Value
NT 50 NH 20 NG 10
NM 5 α [0, 1] β [0, 8]
PM [0, 90%] Pfp,Pfn 5% 1/λ 100 hrs
Simulation Results
20
� Effect of � on trust evaluation (static)
0 10 20 30 40 50 60 70 80 90 1000.5
0.6
0.7
0.8
0.9
1
Time (hours)
Trust value
Ground truth α=0.1 α=0.3 α=0.9
fast convergence
high fluctuation
Lemma 1: Trust converges.
Lemma 2: Trust converges faster when � is higher.
Lemma 3: Trust fluctuation is higher when � is higher.
Simulation Results
21
� Effect of � on trust evaluation (dynamic)
0 10 20 30 40 50 60 70 80 90 1000
0.2
0.4
0.6
0.8
1
Time (hours)
Trust value
Ground truth α=0.1 α=0.3 α=0.9
Simulation Results
22
� Effect of on trust evaluation (static)
0 10 20 30 40 50 60 70 80 90 1000.5
0.6
0.7
0.8
0.9
1
Time (hours)
Trust value
Ground truth β=0 β=0.1 β=1
fast convergencehigh fluctuation
Lemma 1: Trust converges.
Lemma 2: Trust converges faster when � is higher.
Lemma 3: Trust fluctuation is higher when � is higher.
Simulation Results
23
� Effect of on trust evaluation (dynamic)
0 10 20 30 40 50 60 70 80 90 1000
0.2
0.4
0.6
0.8
1
Time (hours)
Trust value
Ground truth β=0 β=0.1 β=1
Simulation Results
24
� Resiliency to trust attacks
Ground truth λ=10% λ=30% λ=50% λ=70% λ=90%
0 20 40 60 80 1000
0.5
Time (hours)
Honesty
1. MAE <10% when the percentage of malicious nodes (�) is < 50%.
2. MAE ~= 12% when � = 70% and MAE ~= 40% when � = 90%.
3. Theses validate Lemma 4.
Simulation Results
25
� Service composition
� A node requests services (or information) from NM= 5 service
providers.
� The objective is to select the most trustworthy service
providers such that the utility score representing the goodness
of the service composition is maximized.
� The returning utility score of the service provider is:
� 0, if the selected service provider is malicious;
� min (cooperativeness trust, community-interest trust), otherwise.
Simulation Results
26
� Performance comparison
� Trust-based service composition
� Selecting service providers based on the service requester’s trust
evaluation
� Ideal service composition (upper bound)
� Assuming the service requester knowing the ground truth
� Random service composition (lower bound)
Simulation Results
27
� Performance comparison
Trust−Based Service Composition (α=0.5, β=0.2)
Trust−Based Service Composition (α=0.5, β=0.0)Ideal Service CompositionRandom Service Composition
0 10 20 30 40 50 60 70 80 90 1000
0.2
0.4
0.6
Time (hours)
Utility score
crossover point:t = 12 hours
0 10 20 30 40 50 60 70 80 90 1000
0.2
0.4
0.6
Time (hours)
Utility score
crossover point:t = 26 hours
(a) � =10% (b) � = 50%
1. Trust-based service composition approaches the ideal performance.
2. When the percentage of malicious nodes is higher, the maximum
achievable utility score is lower.
3. Crossover point: faster trust convergence vs. lower accuracy.
4. Crossover point shifts: dynamic trust management by selecting best
parameters in response to IoT environment changing.
Conclusion
28
� We designed and analyzed a scalable and distributed trust
management protocol for IoT.
� The proposed protocol takes social relationships into account
and advocates the use of three trust properties, honesty,
cooperativeness, and community-interest to evaluate trust.
� We provided a formal treatment of the convergence, accuracy,
and resiliency properties.
� We analyzed the effect of trust parameters (� and �) on trust
evaluation and validated the protocol through simulations.
� We demonstrated the effectiveness of our trust management
protocol by a service composition application in IoT
environments.
Thank You!
Q & A
29
Dynamic Trust Managment
30