TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004

CSE Dept. of CUHKPage 2 Outline Introduction Background: AODV and Subjective logic Framework of TAODV Trust model for TAODV Routing operations in TAODV Analysis Conclusion and future work

March 2004CSE Dept. of CUHKPage 3 Introduction to MANETs Mobile Ad Hoc Networks (MANETs) –No fixed infrastructure –Self-organized routing –Prone to be unstable and insecure Previous Secure Solutions for MANETs –Require each node to testify itself by showing its digital signature at all times –Need a super-trusted third-party to provide authentication

March 2004CSE Dept. of CUHKPage 4 Introduction to TAODV Make use of trust relationships among nodes Need not request and verify signature at each time of communication, just like human society TAODV: a secure routing protocol based on trust model for MANET

March 2004CSE Dept. of CUHKPage 5 Background: Subjective Logic Subjective logic –Represent trust relationship formally –Define how to combine different trust information together –Map all kinds of evidences to trust representation space We derive our trust model for TAODV from subjective logic

March 2004CSE Dept. of CUHKPage 6 Background: AODV AODV –Ad Hoc On-Demand Distance Vector Routing Protocol for MANETs –Two main routing messages: RREQ: Routing REQuest RREP: Routing REPly We extend AODV by adding trust information into its routing messages

March 2004CSE Dept. of CUHKPage 7 Framework of TAODV

March 2004CSE Dept. of CUHKPage 8 Trust Model for TAODV: Representation of trust Use Opinion to represent trust: –A three-dimensional metric – -- Probability of node A believing in node B -- Probability of node A disbelieving in node B -- Probability of node A ’ s uncertainty about B –

March 2004CSE Dept. of CUHKPage 9 Discounting Combination: –Combine trusts along one path –Combine –Equation: Let Trust Model for TAODV: Combination of trust

March 2004CSE Dept. of CUHKPage 10 Trust Model for TAODV: Combination of trust Consensus Combination: –Combine trusts from several paths –Combine – Equation: Let

March 2004CSE Dept. of CUHKPage 11 Mapping from evidence space to opinion space: –p : positive evidences –n : negative evidences Trust Model for TAODV: Mapping from evidences to opinion space

March 2004CSE Dept. of CUHKPage 12 Routing Operations in TAODV Trust Recommendation Trust Judgement Routing Table Extension Trust Update Routing Messages Extensions Trusted Routing Discovery

March 2004CSE Dept. of CUHKPage 13 Trust Recommendation Exchange trust information Three types of message: –TREQ: Trust REQuest –TREP: Trust REPly –TWARN: Trust WARNing Broadcast TWARN when a node ’ s disbelief value is zero Message structure:

March 2004CSE Dept. of CUHKPage 14 Trust Judgement Predefined trust judging rules bduActions >0.5Request and verify digital signature >0.5Distrust a node for an expire time >0.5Trust a node and continue routing ≤0.5 Request and verify digital signature b – belief d – disbelief u – uncertainty 0.5 – threshold

March 2004CSE Dept. of CUHKPage 15 Routing Table Extension Add three fields into original routing table –Positive events –Negative events –Opinion New routing table format DestIPDestSeq...HopCount...LifetimePositive Events Negative Events Opinion

March 2004CSE Dept. of CUHKPage 16 Trust Update Update of Evidences –Successful Communication  Positive events: p++ –Failed Communication  Negative events: n++ Update of opinion - two ways: –Mapping from evidence space –Combination from different recommendations

March 2004CSE Dept. of CUHKPage 17 Trusted Routing Discovery: Scenario I-Beginning of TAODV Initial opinions are all (0,0,1) Node A originates a RREQ to discover a route to C Node B will authenticate A and C because of high uncertainty (u=1) of them from its point of view Finally, if succeeds, the opinions are all changed to (0.33,0,0.67)

March 2004CSE Dept. of CUHKPage 18 Trusted Routing Discovery: Scenario II-A Stable TAODV MANET Trust relationships have been established among almost all the nodes The values of uncertainty are getting smaller and smaller The general procedures are as follows. (e.g. N2)

March 2004CSE Dept. of CUHKPage 19 Trusted Routing Discovery: Scenario II-A Stable TAODV MANET

March 2004CSE Dept. of CUHKPage 20 Analysis Performance –No need to perform cryptographic computations in every packet  reducing computation overhead –Trust recommendation messages and routing table extension are simple  no introducing much routing overhead

March 2004CSE Dept. of CUHKPage 21 Analysis Security –A malicious node will be finally denied from the network and it ’ s opinion from other nodes will be (0,1,0). –When a bad node turns to be a good one, it ’ s opinion in others will be changed from (0,1,0) to (0,0,1) after expiry.

March 2004CSE Dept. of CUHKPage 22 Analysis Flexibility –Each node is given more flexibility to define its own opinion threshold. –The default threshold is 0.5. –For high level security requirement, the threshold can be increased. –For some non-critical applications, the threshold can be decreased.

March 2004CSE Dept. of CUHKPage 23 Conclusion First approach to apply the idea of trust model into the security solutions of MANETs. The trust among nodes can be quantified and combined. TAODV is a secure routing protocol with –Less computation overheads –Not introducing much routing overheads –Flexible security levels

March 2004CSE Dept. of CUHKPage 24 Future Work Optimize trusted routing discovery algorithm Establish fast response mechanism when being attacked Perform detailed simulation evaluation