Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002
CSE Department of CUHK Outline Introduction Motivation Design Goal Trust Model Self-organized Routing Protocol Conclusion Outline
CSE Department of CUHK Introduction Ad Hoc networks has the following characteristics: –No fixed infrastructure –Routing by the cooperation of every node –Self-organization is the nature of ad hoc networks –Prone to be attacked Current routing protocols for ad hoc networks have no security consideration. –Such as AODV, DSR and DSDV Introduction
CSE Department of CUHK Attacks to Ad Hoc Networks Attack MethodMotivation/ResultInfluence to Security Services EavesdroppingObtain contents of messagesLoss of Confidentiality MasqueradingImpersonate good nodes /Routing Redirection /Routing table poisoning /Routing Loop, etc. Loss of Authenticity ModificationMake a node denial of service /Obtain keys, etc. Loss of Integrity TunnelingAttract traffic /Routing Redirection Loss of Confidentiality and Availability FloodingDenial of ServiceLoss of Availability DroppingDestroy normal routing progressLoss of Non-reputation and Availability Replaying/DelayingDestroy normal routing progress /Destroy normal data transmission Loss of Access Control and Integrity Introduction Table 1 Attacks to ad hoc networks
CSE Department of CUHK Most Secure Solutions Often assume –A trusted authority to issue certificates. –A centralized server to monitor the networks. –A secret association between certain nodes. Disadvantages –Destroy the self-organization nature of ad hoc networks. –Limit the mobility of nodes. –Single point of failure –Less of efficiency and availability Motivation
CSE Department of CUHK Current Self-organized Solutions Properties –Authenticate each other by self-organization –Often issue certificate of a public key by node cooperation –Can be used in key management –Often need node monitoring mechanism Disadvantages –Need at least k neighbors to cooperate –Monitoring mechanism is difficult to implement and is performance-consuming Motivation
CSE Department of CUHK Authentication Technologies Including digital signature, MAC (Message Authentication Code) and so on –Can effectively protect the authenticity and integrity Disadvantages –Not enough if only using digital signature. Good nodes may become malicious –Huge performance wasting Motivation
CSE Department of CUHK Our Design Goal Self-organized secure routing protocol Design a trust model –Define the criterion of how to trust a node –A flexible trust level combination algorithm Supplement for authentication technologies Design Goal
CSE Department of CUHK Trust Model Main Ideas –Introduce “trust level” to each node –Every node has an evaluation of some other nodes’ trust levels –To get a node’s latest trust level, one node must combine other nodes’ evaluations to that node –Trust level changes continuously Trust Model
CSE Department of CUHK Trust Level Trust level can be any value in the interval [0,1]. It is a continuous value. Logically, trust level is divided into 5 or 10 degrees. –10 degrees for upgrade –5 degrees for degrade –Trust level can be upgraded or degraded in terms of node’s behaviors Trust Model
CSE Department of CUHK Node Model Each node maintain a trust table. For example, trust table in node A: The initial level of a node will be 0.5, when it first joins the network If a node’s trust level decreases to 0, it will be denied from the network. Trust Model NodeTrust LevelSuccessFail B C D E0.5000
CSE Department of CUHK Trust Level Combination Algorithm Trust level value collection –Need at least k neighbors by default –Less than k neighbors is also allowed Only care the suggestions of nodes who have larger weights Trust level combination –Using Dempster-Shafer Theory of Evidence Trust Model
CSE Department of CUHK Dempster-Shafer Theory Aims to model and quantity uncertainty by degrees of belief Dempster-Shafer’s combination rule: –Let m be a mass function on the frame Θ. m: 2 Θ --> [0,1] – – then orthogonal sums: Trust Model
CSE Department of CUHK Trust Upgrade/Degrade Algorithm Upgrade is slower than degrade –For upgrade, we have 10 degrees –For degrade, we have 5 degrees Criteria for upgrade & degrade are different –For upgrade, a node need tens of successful communication behaviors –For degrade, a node only need several times of failure behaviors A node will be upgraded or degraded by 1 degree in term of success or fail times Trust Model
CSE Department of CUHK Self-Organized Routing Protocol Assumption –Have monitoring mechanism in each node, such as watchdog –We have obtained the secure keys and the trustable certificates by key management We establish our protocol based on AODV (Ad hoc On-demand Distance Vector) routing protocol. Routing Protocol
CSE Department of CUHK Routing Discovery Before forwarding RREQ/RREP messages, a node will first calculate the new trust level of the other end of the messages. –Trust level = 0, then deny its access and broadcast to its neighbors –0 < Trust level < 0.5, then request the other end to prove itself using digital signature. And do second time verification. –Trust level > 0.5, go on communicating with that end Routing Protocol
CSE Department of CUHK Routing Maintenance Because of mobility, some nodes may be out of range. Trust level for these nodes will change to 0, if the lower layer has detected a lost connection and reported a routing error message. We treat normal failure as same as the malicious failure Routing Protocol
CSE Department of CUHK Conclusion A new self-organized secure routing protocol –Accord with the nature of ad hoc networks –No single point failure –More flexible and robust Introduce the concept of trust level –A good supplement to existing authentication technologies –No at least k-neighbor limitation Conclusion
CSE Department of CUHK Q & A Thank you! Q & A