1 Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Fenye Bao, Ing-Ray Chen, Moonjeong Chang Presented by: Changlai Du Feb 27, 2014

2 Contents Introduction System Model Hierarchical Trust Management Protocol Performance Model Trust Evaluation Results Trust-based Geographic Routing Trust-based Intrusion Detection Conclusion

3 Introduction Propose a cluster-based hierarchical trust management protocol for WSNs. Utilize both Quality of Service (QoS) and Social Networking attributes to model the behaviors of nodes to determine their reliability. Highly scalable due to being a cluster-based model. Apply the protocol to trust-based geographic routing and trust-based intrusion detection.

4 Wireless Sensor Network A Wireless Sensor Network (WSN) refers to a distributed network of autonomous sensors, each operating independently for the greater good of the network. A WSN is inherently unstable due to the independence of the Sensor Nodes (SN) and their different operating characteristics, including malicious and selfish activity. The WSN must take input from its SNs, evaluate their input, and determine the overall picture for what is happening across its network.

5 Sensor Node A SN monitors physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, or pollutants. A SN is can transmit, or forward information through multi-hop routing. SNs have very limited resources:  Energy  Memory  Computational Power May be compromised and perform to malicious attacks.

6 Cluster Head A Cluster Head (CH) is a node that has been elected to take charge of a group of SNs. A CH receives direct input from each of its SNs. A CH forwards the data to base station or destination node through other CHs. CHs use more energy than SNs.

7 Abnormal Node Behavior Malicious Node  A node may be captured by the enemy at any point and start passing erroneous information or drop packets.  A node is more likely to become malicious if it has low energy or if it is surrounded by malicious nodes. Selfish Node  A node may become selfish if its energy becomes low relative to its neighbors’.  “Selfish” can be thought of as “efficient”. If a node recognizes that its battery level is low and its neighbors have sufficient energy, it may start dropping packets so its neighbors pick up more of the burden. The challenge becomes: How do we create a model such that malicious and selfish nodes can be identified and the WSN can adjust to these conditions to achieve a near-optimal performance?

8 System Model Leveraging a two-level hierarchy in the WSN, the protocol is conducted using periodic peer-to-peer trust evaluation between two SNs and two CHs. Each SN reports it p2p evaluation result to other SNs in the cluster and its CH. The CHs perform CH-to-SN trust evaluation towards SNs in its cluster. Each CH reports it p2p evaluation result to other CHs in the system to other CHs and the base station.

9 How Does Trust Factor In? Once the hierarchy is established, the evaluations completed by each node follow a trust scheme that allows for direct and indirect trust-based reporting. Trust Composition includes both social trust and QoS trust.  Social trust: intimacy, honesty, privacy, centrality and connectivity.  QoS trust: competence, cooperativeness, reliability, task completion capability. In this work we consider intimacy, honesty, energy, unselfishness

10 Trust metrics Intimacy  Reflects the relative degree of interaction experiences between two nodes  The more positive experiences SN A had with SN B, the more trust and confidence SN A will have toward SN B Honesty  Implies whether a node is malicious or not Energy  Measures if a SN is competent in performing its intended function Unselfishness  Reflects if a SN can cooperatively execute the intended protocol.

11 Hierarchical Trust Management Protocol Peer-to-peer trust evaluation  SN-levels  CH-levels CH-to-SN Trust Evaluation Station-to-CH Trust Evaluation

12 Evaluation Process A weighted evaluation is performed and all four metrics are factored into one, overall trust score:  T ij (t) denotes the trust that node i has toward node j at time t. Deciding the best values of w 1, w 2, w 3, and w 4 to maximize application performance is a trust formation issue which is explored in this paper.

13 Peer-to-Peer Trust Evaluation P2P Trust Evaluation is performed between SNs and between CHs. When node i evaluates its trust toward a neighbor node j  It snoops, or overhears enough data to provide direct observation.  i should also refer to past experiences. When i evaluates a node that is beyond its communication range  it will use its past experiences.  It must also use recommendations from its 1-hop neighbors.

14 Peer-to-Peer Trust Evaluation This relationship is represented as follows: γ and α represent weights associated with trust decay. X represents one of the four trust components.

15 Peer-to-Peer Trust Factors  This measures the level of interaction experiences. It is computed by the number of interactions between node i and j over the maximum number of interactions between node i and any neighbor node over the time period [0, t].  This refers to the belief of node i that node j is honest based on node i’s direct observations toward node j.  It’s estimated by keeping a count of suspicious dishonest experiences of node j which node I has observed during [0, t] using a set of anomaly detection rules.  If the count exceeds a system-defined threshold, the value is 0.  Otherwise, the value is 1 minus the ratio of the count to the threshold.

16 Peer-to-Peer Trust Factors  This refers to the belief of node i that node j still has adequate energy (representing competence) to perform its intended function.  It is measured by the percentage of node j’s remaining energy  It is estimated utilizing some energy consumption model  This provides the degree of unselfishness of node j as evaluated by node i based on direct observation over [0, t].  Node i may apply overhearing and snooping techniques to detect selfish behaviors of node j.

17 Peer-to-Peer Trust Evaluation This relationship is represented as follows: When i evaluates a node that is not 1-hop neighbor  use its past experience  use recommendations from its 1-hop neighbors

18 Parameters Defined α - Weight that represents a more instantaneous evaluation, since the higher α, the more weight is given to time t. γ – weight between recommendations vs. past experiences β – Represents the impact of “indirect recommendations”.  indirect recommendations is normalized to βT ik (t) relative to 1 assigned to past experiences

19 CH-to-SN Trust Evaluation Once all calculations are complete for a given time period t, the CH applies statistical analysis principles to all T ij (t) values received to perform CH-to-SN trust evaluation toward node j. CH can also detect any outliers in the cluster to see if any good-mouthing or bad-mouthing is occurring. The CH can exclude a sensor from reading and routing duties.

20 Station-to-CH Trust Evaluation CH-to-CH trust evaluation is peer-to-peer. Station-to-CH trust evaluation performs in a similar way as CH-to-SN evaluation.

21 Performance Model A Stochastic Petri Net model is used to provide a basis for obtaining ground truth status of nodes in the system. It derives objective trust against which subjective trust obtained as a result of executing our hierarchical trust management protocol can be checked and validated.

22 Petri Net Model - Energy Place Energy indicates the remaining energy level of the node A token will be released from place Energy when transition T_ENERGY is triggered. The rate of transition T_ENERGY indicates the energy consumption rate. Energy consumption rates:  Normal nodes  Selfish nodes

23 Petri Net Model - Selfishness A node may become selfish to save energy.  An unselfish node may turn selfish in every trust evaluation interval Δt according to its remaining energy and the number of unselfish neighbors around.  A selfish node may redeem itself as unselfish to achieve a service availability goal. Putting a token into place SN when transition T_SELFISH is triggered and removing the token from place SN when transition T_REDEMP is triggered

24 Petri Net Model - Compromise A node becomes compromised when T_COMPRO fires and places a token in CN. Model the IDS behavior through transition T_IDS  Rate is for compromised nodes  for good nodes (typo error)

25 Subjective Trust Evaluation If j is a selfish node (a/c), compromised node (b/c) or normal node (c/c)  a, b and c: The average numbers of interactions of node i with a selfish node, a compromised node and a normal node

26 Objective Trust Evaluation Compute objective trust based on actual status as provided by the SPN model output using exactly the same status value assignment as shown in Table I to yield ground truth status of node j at time t. T j,obj (t), is also a weighted linear combination of four trust component values

27 Trust Evaluation Results

28 Trust Evaluation Results The trust evaluation consists of two parts  trust composition and trust aggregation  trust formation Assertion  each trust property X has its own best α and β values  subjective assessment would be the most accurate against actual status of node j in trust property X  because different trust properties have their own intrinsic trust nature and react differently to trust decay over time

29 Trust Evaluation Results Larger α indicates that subjective trust evaluation relies more on direct observations compared with past experiences Larger β indicates that subjective trust evaluation relies more on indirect recommendations provided by recommenders compared with past experiences

30 Trust Evaluation Results The best α and β values intrinsically depend on the nature of each trust property as well as a given set of parameter values Subjective trust obtained as a result of executing our proposed hierarchical trust management protocol approaches true objective trust

31 Trust-based Geographic Routing Geographic routing  a node disseminates a message to a maximum of L neighbors closest to the destination node Trust-based geographic routing  node i forwards a message to a maximum of L neighbors not only closest to the destination node but also with the highest trust values T ij (t) Baseline routing protocols  flooding-based a node floods a message to all its neighbors  traditional geographic routing

32 Best Trust Formation to Maximize Application Performance Identify weights to assign to individual trust properties  w 1 =w 2 =0.5 × w social  w 3 =w 4 =0.5 × w QoS  w social + w QoS = 1 Considering both social and QoS trust properties helps generate a higher message delivery ratio

33 Dynamic Trust Management Dynamically adjust wsocial (the X coordinate) to optimize application performance in message delivery ratio

34 Performance Comparison Outperforms traditional geographic routing Approaches flooding-based routing

35 Performance Comparison Traditional geographic routing performs better than trust-based geographic routing in message delay  This is expected

36 Performance Comparison Incurs more message overhead than traditional geographic routing  the path selected by trust-based geographic routing is often the most trustworthy path, not necessarily the shortest path

37 Trust-based Intrusion Detection Describe the algorithm that can be used by a high- level node such as a CH (or a base station) to perform trust-based intrusion detection of the SNs Develop a statistical method to assess trust-based IDS false positive and false negative probabilities

38 Algorithm for Trust-Based Intrusion Detection Selecting a system minimum trust threshold, T th, below which a node is considered compromised  A compromised node will exhibit several social and QoS trust behaviors

39 Best Trust Formation to Maximize Application Performance As the minimum trust threshold T th increases, the false negative probability P fn decreases while the false positive probability P fp increases. There exists an optimal trust threshold T th,opt at which both false negative and false positive probabilities are minimized.

40 Performance Comparison Presented are the best results of all three IDS schemes

41 Conclusion Proposed a hierarchical dynamic trust management protocol for cluster-based wireless sensor networks, considering two aspects of trustworthiness, namely, social trust and QoS trust. Developed a probability model utilizing stochastic Petri nets techniques to analyze the protocol performance, and validated subjective trust against objective trust obtained based on ground truth node status Demonstrated the feasibility of dynamic hierarchical trust management and application-level trust optimization design concepts with trust-based geographic routing and trust-based IDS applications