Hierarchical Trust Management for Wireless Sensor Networks and Its Applications to Trust-Based Routing and Intrusion Detection Wenhai Sun & Ruide Zhang Nov 16, 2015 NVC, Falls Church, Virginia
Outlines Introduction System Model Hierarchical Trust Management Protocol Performance Model Trust Evaluation Results Trust-Based Intrusion Detection Conclusion
Introduction Wireless sensor network A large number of spatially distributed autonomous senor nodes (SNs) Monitor physical or environment conditions, e.g., temperature, sound,, pollutants, etc.
Introduction Capability of SNs Read sensed info Transmit info to a base station/sink node via multi-hop routing Constraints of SNs Restricted resources, e. g., energy, memory and computation power, etc. Unreliable communication Can be compromised, active attack Need scalable algorithm for highly reconfigurable communication operations
Key Design Challenges Novel hierarchical trust management protocol Scalability and reconfigurability for heterogeneous Survivability and intrusion tolerance for selfish or malicious SNs Key challenges Trust composition What trust components (TC) considered Trust aggregation What info aggregated for each TC Trust formation How trust formed from each TC
Contributions Trust judgement by both QoS and social trusts Dynamic trust management Novel model-based analysis methodology for analyzing and validating protocol design Application-level trust optimization approach for trusted-based applications, such as geographic routing and intrusion detection
System Model Two-level hierarchy Upper level – cluster; cluster head (CH); more power and resources Lower level – SNs in each clusters Periodic trust evaluation peer to peer CH to SN Base station to CH Trust metric Social trust -- intimacy, honesty, privacy, centrality, connectivity QoS trust – energy, unselfishness, reliability, task completion capability, etc.
Hierarchical Trust Management Protocol Solutions to trust formation, aggregation and composition Two levels of trust – SN and CH Trust evaluation by direct or indirect observations Four trust components – intimacy, honesty, energy and unselfishness trust value that node i evaluates towards node j at time t w 1 +w 2 +w 3 +w 4 = 1
Hierarchical Trust Management Protocol Peer-to-peer Trust Evaluation For 1-hop neighbors T ij X,direct new trust based on direct observation T ij X (t- Δt) old trust based on past experiences 0 ≤ α ≤ 1
Hierarchical Trust Management Protocol Four trust component values: T ij intimacy, direct (t) Measure level of interaction experiences based on the maturity model # of interactions between i and j over the maximum # of interactions between i and any other neighbor node during [0, t] T ij honesty, direct (t) Measure belief of node i that node j is honest based i’s direct observations towards j a count of suspicious dishonest experiences of node j which node i has observed during [0, t] 0 if j dishonest; otherwise 1- ratio of count to a system- defined threshold
Hierarchical Trust Management Protocol T ij energy, direct (t) Measure belief of node i that node j has sufficient energy overhearing node j’s packet transmission activities over the time period [0, t] T ij unselfishness, direct (t) Measure the degree of unselfishness of node j as evaluated by node i based on direct observations over [0, t]. May be estimated by giving recent interaction experiences a higher priority over old experiences
Hierarchical Trust Management Protocol
CH-to-SN Trust Evaluation Compare node j’s trust T cj (t) with the system minimum trust threshold T th If T cj (t) is greater, j is deemed honest; otherwise take j as compromised node Station-to-CH Trust Evaluation CH-to-CH peer evaluation similar to SN-to-SN Similar procedures to the ch-to-sn trust evaluation
Performance Model Probability model based on SPN For every node will have a SPN.
SPN model for a SH or a CH
Indicates the remaining energy T_ENERGY is the energy consumption rate SPN model for a SH or a CH
Mark(SN) = 1 indicates it is working in Selfish mode now. T_SELFISH & T_REDEMP determined by the percentage of remaining energy and the percentage of neighbors working in selfish mode. SPN model for a SH or a CH
Mark(CN) = 1 indicates it is compromised. T_COMPRO is modeled by: \lambda c is initial node compromise rate. Latter is Ratio of compromised node in 1 hop. Indicates, more likely to be Compromised if neighbors are compromised. SPN model for a SH or a CH
Compromised node be caught by rate: T_IDS is the IDS(Intrusion detection system) detection interval. SPN model for a SH or a CH When detected, a token move to place DCN
Subjective trust evaluation
Remember alpha is for coordinating impact of current value or past value
Objective trust evaluation
Trust Evaluation Results
With these, we can assume Subjective trust is nearly equal To objective trust which is the Ground truth Trust Evaluation Results Remember alpha is for coordinating impact of current value or past value and beta for Indirect and direct neighbor
Trust Based Geographic Routing
Use best alpha and beta pair to ensure Subjective trust is similar to ground truth Weights of social and Qos change with The percentage of compromised nodes L= message copies sent to multi nodes Compared with traditional ways which Does not consider node may be Compromised. Trust Based Geographic Routing
Source and sink node 700m away To ensure sufficient intermediate nodes On the path Geographic Routing (L=1) fails to Deliver any message after 50% of Compromised nodes. TBGR will find trustworthy nodes Instead of residing on the most direct Path to the sink node Tradeoff of overhead. Can be more Like traditional GR or Flooding-based Routing.
Trust Based Intrusion Detection Based on the idea of min. trust threshold CH evaluates a SN with help of other SNs Mc is set of SNs in that Cluster.
Trust Based Intrusion Detection Prob that node j is diagnosed as compromised: FP and FN of IDS:
Trust Based Intrusion Detection
Conclusion This paper consider social trust and QoS trust to build a trust management protocol. They use SPN to analyze the protocol They show the benefit by two specific appications.