Presentation on theme: "Jin-Hee Cho & Ananthram Swami, Army Research Laboratory Ing-Ray Chen, Virginia Tech A Survey of Trust Management for Mobile Ad Hoc Networks."— Presentation transcript:
Jin-Hee Cho & Ananthram Swami, Army Research Laboratory Ing-Ray Chen, Virginia Tech A Survey of Trust Management for Mobile Ad Hoc Networks
Outline Background Motivation Multidisciplinary Trust Concept Trust, Trustworthiness, and Risk Assessment Trust Properties in MANETs Survey on Trust Management in MANETs Future Research Directions
Background Design Challenges in Mobile Ad Hoc Networks: –Resource constraints energy, bandwidth, memory, computational power –High security vulnerability open medium derived from inherent nature of wireless networks rapidly changing network topology due to node mobility or failure, RF channel conditions decentralized decision making and cooperation (no centralized authority) no clear line of defense Trust: the degree of subjective belief about the behavior of a particular entity.
Motivation Trust management is needed in MANETs with the goal of establishing a network with an acceptable level of trust relationships among participating nodes: –During network bootstrapping –To support coalition operation without predefined trust –For authentication for certificates generated by other parties when links are down –To ensuring safety when entering a new zone Diverse applicability as a decision making mechanism for: –Intrusion detection –Key management –Access control –Authentication –Secure routing –Many others
Trust in Communications & Networking –A set of relations among entities participating in a protocol based on evidence generated by the previous interactions of entities within a protocol –If the interactions have been faithful to the protocol, then trust will accumulate between these entities –Context-aware trust: trust is the quantified belief of a trustor node regarding competence, honesty, security, and dependability of a trustee node in a specific context Multidisciplinary Concept of Trust Sociology Risking betrayal Subjectivity Economics Incentive-based selfishness Autonomic computing automation reliability Organizational management risk assessmen t Psychology Cognitive process Philosophy Context-dependent moral relationship Communications & Networking more... securityreconfigurabilityscalabilityreliabilitydependability
Trust, Trustworthiness, and Risk Assessment Definition (Trustworthiness): Trustworthiness is objective probability by which the trustee performs a given action on which the welfare of the trustor depends Definition (Trust): Trust is the subjective probability by which the trustor expects that the trustee performs a given action on which the welfare of the trustor depends Definition (Risk): risk is defined by the probability and the consequence of an incident. The risk value is given by the function r : P x C -> RV, where P is a set of trust values in [0,1], C is the set of consequence values and RV is the set of risk values. 1 1 Trustworthiness Trust b. misplaced trust a. misplaced distrust Trust =Trustworthiness 0.5 Trust Level [Solhaug et al., 2007]
Trust vs. Risk Trust-based decision making: a trust threshold is used to say yes/no yes when t > trust threshold (t2 in the graph) Risk-based decision making: a risk threshold is used to say yes/no yes when r < high risk threshold (high risk zone in the graph) In general when trust is high, risk is low but it really depends on the stake (consequence of failure). It is not enough to consider trust only and then say that trust is risk acceptance, trust is inverse to risk, or the like. 1 1 Stake Trust 0.5 S2 S1 t1 t2 High risk Medium risk Low risk Trust vs. Risk [Solhaug et al. 2006, Josang & LoPresti, 2004]
Trust Properties in MANETs Dynamic, not static –Trust in MANETs should be established based on local, short-lived, fast changing over time, online only and incomplete information available due to node mobility or failure, RF channel conditions –Expressed as a continuous value ranging from positive and negative degree Subjective –Different experiences derived from dynamically changing network topology Not necessarily transitive Asymmetric, not necessarily reciprocal –Heterogeneous entities Context-dependent –Sensing/Reporting vs. forwarding Trust Subjectivity Dynamicity Asymmetry Context- dependency incomplete transitivity Trust properties in MANETs. Trust properties in existing trust management in MANETs.
Classification of Trust Management Risk Management Risk Assessment Risk Mitigation Trust Management Trust Update Trust Revocation Trust Establishment Risk Control trust evidence collection, trust generation, trust distribution, trust discovery, and trust evaluation [Solhaug et al., 2006]
Attacks in MANETs By the nature of attack and the types of attackers [Liu et al., 2004] –Passive Attacks: when an unauthorized party gains access to an asset but does not modify its content, (e.g., eavesdropping or traffic analysis) –Active Attacks : masquerading (impersonation attack), replay (retransmitting messages), message modification, DoS (e.g., excessive energy consumption) By the legitimacy of attackers [Liu et al., 2004] –Insider attacks: authorized member –Outsider attacks: illegal user Attacks considered in existing trust management in MANETs.
Metrics for Measuring Network Trust in MANETs Network trust has been evaluated by general performance metrics, e.g., detection accuracy, goodput (useful information bits/sec), throughput (data bits/sec), overhead, delay, network utility, route usage (for secure routing), packet dropping rate, etc. Recently, trust level as a metric has been used, e.g., trust level of a network path or session Metrics used for evaluating network trust
Composite Trust Metrics Quality-of-Service (QoS) Trust Competence, dependability, reliability, successful experience, and reputation or recommendation representing capability to complete an assigned “task” Examples are the node’s energy lifetime, computational power level, and capability to complete packet delivery Social Trust Use of the concept of social networks Friendship, similarity, common interest, social connectivity, honesty, and social reputation or recommendation derived from direct or indirect interactions
Trust Management in MANETs based on Design Purpose Summary of existing trust management schemes in MANETs based on specific design purposes
Trust-based Applications in MANETs Secure Routing Detect and isolate misbehaving nodes (selfish or malicious) Reputation management Extension of the existing routing protocols (e.g., DSR, AODV) using trust concept Incentive mechanism to induce cooperation Revocation + redemption possible Authentication Use trust to authenticate nodes or routing paths Use direct evidence (certificates or observations of packet forwarding behavior) plus second hand information (e.g., recommendation) Extension of the existing routing protocols (e.g., DSR, Zone Routing Protocol) Key Management Establish keys between nodes based on their trust relationships Trust-based PKI Distributed - each node maintains its public/private keys Hierarchical – a CA is elected based on trust
Trust-based Applications in MANETs (Cont.) Intrusion Detection Trust as a basis for developing an intrusion detection system (IDS) Trust-based IDS provides audit and monitoring capabilities to enhance security Evaluating trust and identifying intrusions can be integrated together to build a trustworthy environm ent Access Control Use trust for decision making of access control to MANET resources Trust-based admission control (role-based) A node can use resources if it is trusted by k trusted nodes Can integrate with policy-based access control (with a proof of identity or certificate)
Issues for Future Trust Management in MANETs How should we select a trust metric that can reflect the unique properties of trust in MANETs? What constitutes trust? Is it multi-dimensional with multiple trust components? Should we have a different set of trust components reflecting the application characteristics and node behavior (including selfish/malicious behavior)? How can trust contribute to scalability, reconfigurability, security, and reliability of the network? How should a trust protocol be designed to achieve adaptability to rapidly changing MANET environments? How do we design a trust system to reflect adequate tradeoffs, e.g., altruism vs. selfishness, and effectiveness vs. efficiency? Can we identify optimal trust protocol settings under various network and environmental conditions?
Questions? Contact us at: Jin-Hee Cho Army Research Ananthram Swami Army Research Ing-Ray Chen Virginia