Trust Management in Mobile Ad Hoc Networks Using a Scalable Maturity-Based Model Authors: Pedro B. Velloso, Rafael P. Laufer, Daniel de O. Cunha, Otto Carlos M. B. Duarte, and Guy Pujolle Paper Presentation By : Gaurav Dixit

Outline Introduction Trust Model Implementation Results

MANets - same node can work as router server client Assumption of good behavior – Not true! Trust needs to be measured - This paper provides one such method. Applying human trust dynamics to trust calculation of nodes Builds on recommendations Introduction

Trust level of a node depends on:= (previous individual experiences) + (recommendation from neighbors) Benefits of trust calculation: avoid sending packets to malicious nodes. increased co-operation among good nodes.

Recommendations collected only from neighbors. Advantages for nodes: Less storage Less power requirement Less processing Better for changing topologies – information for entire network not required

Since, recommendations not forwarded, it is good for networks: Less recommendation messages travelling in network - low traffic Low energy consumption for entire network

Relationship Maturity Similar to human trust behavior, more weightage is given to the recommendations from older neighbors.

Trust Model Trust level assigned to each neighbor. Trust value reflects behavior history, and thus expected future behavior. Node forms opinion based on experiences. Transmission of these opinions about node i are called recommendations.

Trust Model … Recommendations compensate for lack of monitoring capabilities. Paper defines Recommendation Exchange Protocol (REP)

Trust Model… Trust level varies from 0 to 1. Recommendation from C more important than that from B, because of relationship maturity.

Trust Model: Architecture Two parts: I)Learning Plan: gathers and converts information into knowledge. II)Trust plan: assess trust level of each neighbor using stored knowledge and recommendations.

Trust Model: Components

Behavior monitor observes network, indicates new neighbors to Rec Manager, and send behavior report to Classifier. Classifier sends behavior classification to Experience Calculator. Trust Calculator calculates trust with inputs from experiences and recommendations. Auxiliary Trust Table entries correspond to relationship maturity. Trust table entries have timeout.

Trust Model: Components Three operation modes: I)Simple: Just trust table, REP optional II)Intermediate: Simple mode plus storage of recommendations III)Advanced: Complete system implementation. Recommendation Manager implements REP. All nodes are in advanced mode in this paper.

Trust level evaluation () = (1 − )() + () () = () + (1 − )() T a (b) ->Trust calculation from node a for node b Q a (b) -> Personal Experience R a (b) -> Recommendations All variables(except a & b) range from 0 to 1.

Recommendation Computation  subset of neighbors ()  relationship Maturity ()  random variable with normal distribution representing recommendation uncertainty. () = ((), ())

First Trust Values Initial trust values can be: I)Prudent : Strangers have low trust value II)Optimist: High trust in new neighbors. III)Moderate: Trust value between Prudent and optimist. F a  First trust value () = (1 − ) + ()

Recommendation Exchange Protocol Only one hop neighbors considered. ( IP TTL=1) Consists of: I)TREQ: Trust Request II)TREP: Trust Reply III)TA: Trust Advertisement

REP TREQ sent when nodes first meet, with IP of new neighbor as target node. Wait time t REQ before sending TREQ TREP sent by neighbors who have target node as their neighbor, after waiting for random time period t REP TA sent if trust level changes by threshold

Authentication A pair of public-private key for each node is sufficient for the system to work. Sybil attack would not be a problem since the malicious identities are quickly found and ignored.

Trust Model Implementation Learning Plan

Nature of nodes vary from 0 (untrustworthy) to 1 (trustworthy) A node with nature of 0.8 would do 8 good actions out of 10. Behavior Monitor is emulated by concept of perception, which indicates probability of noticing a certain action. Classifier (perfectly) classifies actions.

Node will decide for itself whether or not it will use behavior monitor in promiscuous mode. Required perception value and personal constraints would help in this decision. Experience Calculator observes i min actions before calculating trust. Higher perception would result in more accurate trust level. But higher i min means higher convergence time. Paper assumes i min =10

Results: Small networks All nodes are at one hop distance. Time in seconds. Convergence at t=350 for = = = 0.5

Results: Small networks Optimistic first trust strategy. Time in minutes. Nature set to 0.2. Number of neighbors varied.

Results: Small networks Neighbors =15 Varying alpha

Results: Small networks Perception is the fraction of actions a node can notice from its neighbors Varying

Results: Multihop MANets Analyzing movement in more complex networks. 21 nodes with 250m transmission range, placed in 1000 m × 400 m. = = = 0.5 First trust optimist (0.9) Nature of nodes = 0.2

Results: Multihop … m1 keeps 3 old neighbors m2 has no old neighbors

Results: Multihop … m1 keeps 3 old neighbors m2 has no old neighbors

Results: Multihop … Node speeds three times faster.

Results: Multihop … Varying perception – lower perception takes longer time to converge.

Results: Relationship maturity Node 1,8,15 go to zone F2. Evaluating trust level of node 8 about node 20

Results: Relationship maturity Using lower perception value(0.2) Note that recommendati ons are important in low perception cases

Results: Lying Attacks 20 nodes -250m transmission range, placed in a 150 m × 150m Node 1 changes nature from 0.9 to 0.2

Results: Lying Attacks Malicious nodes fixed at 40%

Results: Lying Attacks Slander Attack Node2 evaluating node1 which has nature 0.9 Pessimistic strategy (F a =0.1)

Results: Lying Attacks Slander Attack Varying alpha

Results: Lying Attacks Slander Attack Varying perception parameter.

Results: Lying Attacks Slander Attack Malicious nodes lie after t=200

Results: Lying Attacks Slander Attack Malicious nodes identification time varying

Results: Lying Attacks Slander Attack Malicious nodes identification time varying

REP To reduce number of messages sent across network: TREQ is sent once containing multiple target nodes, using timer based approach. TREP instead of sending once per request, implemented as broadcast – this saves 85% TREP implemented, additionally, with timer, saves 99% messages. TA implemented with a threshold to reduce its occurrence.

REP

Changing the value of Trust threshold()

REP Changing the value of Trust threshold() and its impact on trust levels.

Discussion Using smart timers in suppressing redundant messages scales well in large networks, reducing overhead for trust management by 85 to 99%. Increasing value of α improves the trust model efficiency, since we can use already derived results (by neighbors) in the form of recommendations.

Conclusion Flexible trust evaluation model proposed based on concept of human trust, which uses recommendations and relationship maturity. Recommendation Exchange Protocol (REP) proposed. Model highly scalable – since only neighbors consulted. Model tolerates 35 % liars Trust level error reduced by 50% by using relationship maturity parameter.

Thank You!