Trust Model Based Self-Organized Routing Protocol For Secure Ad Hoc Networks Li Xiaoqi CSE Department, CUHK 29/04/2003

Outline Introduction to Ad Hoc Networks Motivation and Design Goals Trust Model for Ad Hoc Networks Trusted Self-Organized Routing Protocol Conclusion Research Plan and Future Work

Now Come to: Introduction to Ad Hoc Networks Motivation and Design Goals Trust Model for Ad Hoc Networks Trusted Self-Organized Routing Protocol Research Plan and Future Work Conclusion

What is Ad Hoc Network A kind of network without fixed infrastructure such as base stations or access points, which performs communications through wireless media Wireless applications in: Military Operations Disaster Relief Meeting Room Setup for Conference Personal Area Networking

Characteristics of Ad Hoc Networks No fixed infrastructure Each node is a router Multi-hop routing by nodes cooperation Self-organization nature High mobility Prone to be attacked

Routing Protocols for Ad Hoc Networks AODV: -Ad Hoc On-Demand Distance Vector Protocol DSR: -The Dynamic Source Routing Protocol DSDV: -Destination-Sequenced Distance Vector Protocol

Overview of AODV Discover routes when needed Mainly two types of routing messages: RREQ: Route Request RREP: Route Reply Fixed-length messages Only one mutable field: Hop Count

Route Discovery in AODV RREQ RREP Broadcast S D

Now Come To: Introduction to Ad Hoc Networks Motivation and Design Goals Trust Model for Ad Hoc Networks Trusted Self-Organized Routing Protocol Conclusion Research Plan and Future Work

Security Requirements in Ad Hoc Networks Confidentiality Authenticity Integrity Availability Non-repudiation Access Control

Attacks to Ad Hoc Networks Attack MethodMotivation/ResultInfluence to Security Services EavesdroppingObtain contents of messagesLoss of Confidentiality MasqueradingImpersonate good nodes Routing Redirection Routing table poisoning Routing Loop, etc. Loss of Authenticity ModificationMake a node denial of service Obtain keys, etc. Loss of Integrity TunnelingAttract traffic Routing Redirection Loss of Confidentiality and Availability FloodingDenial of ServiceLoss of Availability DroppingDestroy normal routing progressLoss of Non-reputation and Availability Replaying/DelayingDestroy normal routing progress Destroy normal data transmission Loss of Access Control and Integrity

Common Solutions for Security Often assume A trusted authority to issue certificates. A centralized server to monitor the networks. A secret association between certain nodes. Disadvantages Destroy the self-organization nature of ad hoc networks. Limit the mobility of nodes. Single point of failure Less of efficiency and availability

Self-Organized Solutions for Security Properties Authenticate each other in a self-organized way Often issue certificate of a public key by nodes cooperation Often need node monitoring mechanism Disadvantages Need at least k neighbors to cooperate Monitoring mechanism is difficult to implement and is performance-consuming

Current Issues in Ad Hoc Networks Lack of security consideration Centralized server or trusted third parties destroy the self-organization nature Pure cryptographic solutions bring high overhead Current self-organized solutions lose flexibility

Our Solutions and Design Goals Design a suitable decentralized trust model that can be used for the security solutions of ad hoc networks. Apply this trust model to design a flexible self- organized key management scheme. Apply this trust model to design a secure and flexible self-organized routing protocol with lower overhead. Demonstrate the principle of the trust model and the security advantages of the resulting ad hoc networks.

Now Come To: Introduction to Ad Hoc Networks Motivation and Design Goals Trust Model for Ad Hoc Networks Trusted Self-Organized Routing Protocol Research Plan and Future Work Conclusion

Trust Model for Ad Hoc Networks Overview of trust theory Trust is a basic aspect of human life. Trust is regarded as a measurable variable. Trust theory has been applied into the fields of E-Commerce Organization of nodes in ad hoc networks is similar as human society Apply trust theory to secure ad hoc networks

Previous Trust Models Direct and recommendation trust model Continuous value to represent trust Basis of many other trust models Recommendation protocol model Focus on the exchange of trust information Dempster-Shafer Theory based model Upper and lower bound pair to represent trust Trust matrix to represent trust relationship Combine two matrices using Dempster-Shafer theory

Previous Trust Models (Con’d) Model using Fuzzy Logic Trust matrix to represent trust relationship Fuzzy logic to verify transactions Fuzzy logic to combine trust matrices Model using Subjective Logic Use Opinion to represent trust Opinion includes belief, disbelief, uncertainty Combine trust using subjective logic

Comparison of Trust Models Single trust value vs. Opinion Opinion with belief, disbelief and uncertainty can express more information Fuzzy logic vs. Subjective logic Fuzzy logic operates on certain measures about fuzzy propositions Subjective logic operates on uncertain measures about crisp propositions

Comparison of Trust Models (Con’d) Shafer theory vs. Subjective logic Both introduce uncertainty No need to set upper or lower bounds of trust described in Shafer theory

Design Issues of Trust Model Definition of Trust Representation of Trust Combination of Trust Exchange of Trust Information

Our Trust Model Use ‘ Opinion ’ to define and represent trust Combine trust opinions using subjective logic Define a trust recommendation protocol to exchange trust information

Definition and Representation of Trust Opinion: a three-dimensional metric The opinion about the trustworthiness of x, denoted by ω x, is the triple defined by: b(x) represent belief: probability of believing x. d(x) represent disbelief: probability of disbelieving x u(x) represent uncertainty: probability of uncertainty about x’s trustworthiness

Definition and Representation of Trust (Con’d) Property of Opinion: b, d, u is in [0,1] b+d+u = 1 Opinion ω x (0.4,0.1,0.5) can be represented in the right figure.

Combination of Trust Discounting Combination Combine trusts along one path Combine Consensus Combination Combine trusts from several paths Combine

An Example of Combining Trust A want to know B ’ s trustworthiness

Trust Recommendation Protocol Exchange trust information Three types of message: TREQ: Trust Request TREP: Trust Reply TWARN: Trust Warning Message structure

Our Trust Model vs. Subjective Logic Trust Model Simplify the representation of trust, which is more suitable for ad hoc networks Propose a trust recommendation protocol to exchange trust information Handle the dynamic of trust which is not mentioned in subjective logic

Now Come To: Introduction to Ad Hoc Networks Motivation and Design Goals Trust Model for Ad Hoc Networks Trusted Self-Organized Routing Protocol Research Plan and Future Work Conclusion

Assumption of Our Trusted Routing Protocol Ability to recover node ’ s neighbors. Reliability of broadcasting one-hop messages Uniqueness of node ’ s ID Capability of monitoring behaviors of one-hop neighbors Key management has been done before

Node Model One node has an opinion about others Each node maintains a trust table. For Example, A ’ s trust table is: Initial opinion of a node in others ’ eyes is (0,0,1)

General Framework

Cryptographic Technologies Use cryptographic schemes to do routing in the beginning of this network Adopt ideas in SAODV [42] Digital signature: authenticate the non- mutable fields of the messages Hash chains: secure the only mutable field ‘ hop count ’

Overview of Trusted Self-Organized Routing Protocol Effective when trust relationships have been established among most nodes Based on AODV routing protocol Criteria to determine whether a node can be trusted or not is: belief≥0.5, disbelief<0.5, uncertainty<0.5 Nodes cooperate to decide a opinion

Trusted Routing Discovery

Trust Update Algorithm Each value in a opinion is logically divided into 5 levels. Every 0.25 is one level. Successful verification for ten times: belief+=0.25, disbelief-=0.125, uncertainty-=0.125 Failed verification for each time: belief-=0.125, disbelief+=0.25, uncertainty-=0.125 No verification during expiry time belief-=0.375, disbelief+=0.125, uncertainty+=0.25

Trust Update Algorithm (Con’d) If in opinion A to B, belief 1 Opinion(A  B) will be changed to (0,1,0) Node A broadcast this opinion using TWARN message Neighbors will re-calculate the opinion using trust combination algorithm B will be denied from A ’ s communication

Trusted Key Management Use trust model into key management Advantages: Self-organization Flexible: no limitation of at least k neighbors Lower overhead

Analysis Performance is increased No need to perform cryptographic calculations for every packet  lower overhead Security is enhanced Combination of trust model, cryptographic schemes and monitor mechanism More reasonable and flexible Good nodes who become bad will be denied from network eventually Bad nodes who turn to good will be allowed accessing network again soon

Now Come To: Introduction to Ad Hoc Networks Motivation and Design Goals Trust Model for Ad Hoc Networks Trusted Self-Organized Routing Protocol Conclusion Research Plan and Future Work

Conclusion A promising idea to apply trust model to secure ad hoc networks Node uses ‘ opinion ’ to judge if another node is trustable Nodes cooperate to obtain a more accurate opinion Trusted routing protocol is Self-organized Lower-overhead More reasonable More secure More flexible

Research Plan and Future Work A better trust combination algorithm A better way to apply trust model into key management Study monitor or intrusion detection issues Improve trusted routing protocol to make it prevent or stand more attacks A detailed simulation evaluation using NS-2 or Glomosim simulators

Q&A Thank you !