Evaluating Trust in Mobile Ad Hoc Networks

Download PDF
6 downloads 406527 Views 69KB Size Report
Comment
ones that intend to quantify the trust issues for computer networks. ... ology, psychology, management, political science, philosophy, law and economics. In ... Trust quantification reflects various degrees of trust or distrust that a trustor node may.
Evaluating Trust in Mobile Ad Hoc Networks Xia Li1, Jill Slay 1, Shaokai Yu 2 1

University of South Australia, Mawson Lakes, SA 5095, Australia {Xia.Li, Jill.Slay}@unisa.edu.au 2 Ajou University, Suwon, 443-749, South Korea [email protected]

Abstract. Mobile ad hoc networks (MANETs) are decentralised and selforganised communication systems. MANETs are able to be established and operated without any support of pre-defined infrastructure or central authority. The operation of these systems depends on the nature of cooperation and trust among the distributed nodes, which renders MANETs more vulnerable than conventional infrastructure-based networks. To enhance the security in MANETs, it is essential to have means of evaluating the trustworthiness of the nodes in the network. In this paper, we propose a new trust evaluation model to quantify the trust level of the nodes in MANETs. Our trust evaluation model introduces a new evaluation function for calculating a direct trust value and a new relationship function to combine the direct trust and other’s recommendation. Our scheme deals with the fundamental trust establishment problem and can serve as the building block for higher level security solutions.

1 Introduction A mobile ad hoc network (MANET) is a collection of mobile nodes that can be formed on fly without the aid of any pre-existing infrastructure and centralized administration. With the proliferation of wireless technology, MANETs are becoming an attractive solution to the services that need flexible establishment, dynamic and low cost wireless connectivity, such as military exercises, rescue operations, mobile conferences, and home networking. In a MANET, each node equipped with a wireless transceiver may send/receive data as an end-host and forward packets for other nodes as a router. Since the nodes in a MANET are mobile, the node mobility may cause network topology to change dynamically and unpredictably. MANETs are decentralised and self-organised. The operation of the system depends on the distributed cooperation among all nodes in the network, which is based on the trust that these nodes would act as expected. However, such idealised assumption may not be always true, as some nodes may be compromised and behave selfishly or even maliciously to disrupt the network operation. Employing cryptographic mechanisms can protect the correctness and integrity of the information being transmitted in the system, but these mechanisms can not answer the

question about the trustworthiness of each party and predict their behaviours. By evaluating the trustworthiness of related parties, it is easier to take proper security measures and make proper decision on any security issues. Evaluating trust within a MANET is a challenging task. MANETs have different network properties compared with conventional infrastructure-based networks. In conventional infrastructure-based networks, two parties may establish trust relationship through a trusted third party. This third party acts as a central authority to provide the security services of authentication and verification for any requesting parties. However, in decentralised MANETs such trusted third parties can not be expected. Each node must evaluate its trust on other nodes individually. The dynamic nature of MANETs also implies that the trust models designed for static networks are not suitable to be directly applied in MANETs. Currently how to define a proper trust evaluation model to suit the salient features of MANET is still an open research question and needs further discussion. In this paper, we present a novel trust model to quantify the trust worthiness of every possible node in MANETs. Our approach is new and different from the existing ones that intend to quantify the trust issues for computer networks. The work aims at providing a general trust evaluation model to suit real application scenarios. The main contributions of this paper are: 1) A general trust model is defined. Our trust model is suitable for node authentication in MANETs. 2) We define a new evaluation function to compute the trust value based on direct experience. 3) A new trust relationship function is defined to combine direct trust value and recommendation trust value. The remainder of this paper is organised as follows. In section 2, we discuss some considerations on designing trust evaluation model for MANETs. Some related work is reviewed in section 3. In section 4 we present our trust evaluation model for MANETs. In section 5, several operation issues about our model are discussed. Finally we conclude the paper in section 6.

2 Considerations on Designing Trust Model for MANETs Trust is an important factor to the design and deployment of security systems. In MANET trust evaluation can be applied for node authentication, access control and trust routing. By evaluating the trustworthiness of the related nodes, it does not only enhance the system security, but also may improve the routing performance in MANETs [1]. To define a suitable trust evaluation model for MANETs, there are several issues that need to be taken into consideration. Firstly, MANETs are decentralised systems. Without relying on central authority, each node in the network has to evaluate the trustworthiness of other nodes by its own observation or experience on the target nodes. To quantify the trust belief with direct experience, it would be helpful if the deployed function can calculate trust value to a certain range, because within a certain range a threshold trusts value for ongoing task can be reasonably defined. Secondly, MANETs are dynamic due to node mobility. The dynamic nature of MANETs implies that nodes within the network may change frequently and commu-

nication among neighbours may be temporary or even instantaneous in some occasions. So if a node solely relies on such transitory direct experience to evaluate other nodes, sometimes it is unable to form a reasonable judgement. A natural choice is to ask for recommendation from other nodes and then combine the two types of trust values to make final decision. Thirdly, the relationship between the direct experience and recommendation needs to be clarified in a trust model. Trust evaluation is implemented according to normal human psychology and consequent behaviour. In real world environments, when making decision, people normally trust their own experience and then consider others’ opinion or recommendations. So how much recommendation a person takes from others depends on how much certainty he gets from his own observation. The more certainty he gets from his own, the less recommendation he takes from others. Finally, a trust model should be able to suit different situations of a system. In an open MANET, nodes may be free to join or leave the network anytime at will. Some nodes may or may not already know each other before they join the network. Besides the direct interaction experience in the network, the pre-shared knowledge, if any, is also quite important for a node to implement trust evaluation and should be taken as accountable experience in a trust model.

3 Related Work Trust has been extensively studied in various other research domains, such as sociology, psychology, management, political science, philosophy, law and economics. In information technology, trust metrics and trust evaluation are mainly defined for public key authentication [2-6], access control [7] and electronic commerce[8, 9]. However, all these schemes are proposed for static networks and thus cannot be applied directly in dynamic MANETs as discussed in Section 2. With more and more research interests in security of MANET in recent years, some trust models designed for MANET have began to appear in literature. Ngai, Lyu and Chin [10] proposed an authentication service against dishonest nodes in MANEMT, by applying Beth, Borcherding and Klein’s trust evaluation model designed in [11]. In Beth, Borcherding and Klein’s approach, two types of trust are measured: direct trust and recommendation trust. Each type of the trust can be expressed and computed into a certain real number between 0 and 1 However, their approach is designed for open static networks. Its trust evaluation between two end nodes is based on either their direct experience or recommendation through others, but not both at same time for the two end nodes. So no relationship is defined to balance the direct trust and recommendation trust in their approach. Pirzada and McDonald [12, 13] proposed a trust model to establish trust in pure MANETs. The trust computation is based on monitoring data delivery in the network. The trust value is represented with a continuous range from -1 to +1. Negative value for trust can occur as a result of more failures than success for various events such as data forwarded, data received, control packets forwarded and etc. However, this model is designed for routing in MANETs. Their trust evaluation is solely based upon

direct data communication of each node in MANETs. Neither recommendation from other nodes nor pre-existing knowledge among the node is considered. Yan, Zhang and Virtanen [14] proposed a trust model for secure routing evaluation in MANET. The authors defined a large trust evaluation matrix based on statistic data collected during the network communication. The statistic fields try to include different affective factors of the evaluation, such as pre-existing relationship among the nodes. A linear function is proposed to link these statistic fields together to compute the trust value about a certain node or nodes. However, no boundary evaluation value is defined in their approach. So it is difficult to define a threshold trust value for ongoing tasks. Virendra, et al. [15] proposed a pair-wise trust evaluation scheme in MANETs. To evaluate the trustworthiness of a target node, a node implements some self evaluation on the target node while also considering other nodes’ trust on the same target node. All trusts are evaluated via node monitoring on data delivery in the network. For computing self evaluation a traffic statistic function is mentioned, but not explicitly presented. To combine the self evaluation and others’ trust, a relationship equation is defined. In the equation, self evaluation and others trust are weighted with factor a1 and a2 respectively (a1+a2=1). The limitation of such relationship equation is that all different direct experiences are adjusted with one weight factor of same value. Meanwhile, it is not clear how to determine the value of a1 and a2. From the above review, we can see that each of the mentioned schemes has some limitations. Most of them implement trust evaluation by monitoring data delivery of the target nodes. Such approaches are suitable to routing trust evaluation, but not sufficient for node authentication in MANETs.

4 Our Trust Evaluation Model In this section we present the details of our trust evaluation model that can be used for node authentication in MANETs. Our trust model could overcome the limitations of current approach addressed in Section 3 and may satisfy all the considerations addressed in Section 2 4.1 Trust Trust is a notation of human behaviour. The definition of trust is diverse with respect to different context. In this paper, we take the definition made by T. Grandison in [16]: “Trust is the quantified belief by a trustor with respect to the competence, honesty, security and dependability of a trustee within a specified context”. Trustor (or “trustor node”) in our model refers to the node that implements the trust evaluation. Trustee (or “trustee node”) refers to the node that is evaluated. Another term we will mention in the following text is “third node”. Such third node is the node that a trustor expects who can provide honest recommendation on a specific trustee.

4.2 Trust Quantification Trust quantification reflects various degrees of trust or distrust that a trustor node may have on a trustee node. In this paper, we express trust quantification with continuous real number between -1 and +1. The negative number represents the degree of distrust. -1 is the maximum value that indicates as complete distrust. The positive number represents the degree of trust. +1 is the maximum value that represents as absolute trust. The number 0 is a natural trust value for a new or unknown node. 4.3 Trust Computation In our trust model, we evaluate two types of trust between a trustor node and a trustee node: direct trust and recommendation trust. Direct trust is a kind of credential gained by a trustor node through its direct experience upon the trustee node. Recommendation trust is the credential gained by a trustor node from a third node or nodes’ recommendation on the trustee node.

A

B

Direct

B

A

A

B

C

C

Recommendation

Combination

Node A is a trustor node Node B is a trustee node Node C is a third node : direct experience path : recommendation path

Fig. 1. Trust Evaluation

Direct Trust. Direct trust value is evaluated basing on the direct experience that a trustor node may have on a trustee node. Such direct experience can be either positive or negative. Positive experience increases credential and negative experience decreases credential accordingly. The number of experiences may be unlimited. But the computation trust value is within the range between -1 and +1. To satisfy these properties, we take use of hyperbolic tangent function y=tanh(x) to calculate the trust value (y) based on a node’s direct experience (x). By considering that a trustor node may have various experiences upon a trustee node and each different experience may have different effect on trust evaluation, we define the function for calculating the direct trust value TD as follows:

n

TD = tanh(∑ μ i * Wi * Pi ) .

(1)

i =1

Pi represents the number of experience i upon the trustee node. n is the total number of various experience. Wi is the weight of this experience to represent to importance level of experience i. μ is +1 if experience i is positive and -1 if it is negative experience. This equation satisfies the following properties: − The number of experience can be unlimited, but the computation value is within the ranged between -1 to +1, − The number of positive/negative experience will increase/decrease the trust value, − Different experience may have different impact on the computed trust value. The impact can be adjusted on basis of each kind of experience, − An experience with bigger weight factor may have bigger impact on the trust value, even when the number of such experience is small. For example, showing a passport once can be equal to thousands of blind transaction for verifying an identity. Recommendation Trust. When a trustor node doesn’t have enough direct experience on a trustee node, the trustor node may enquire to a third node for recommendation. We suppose the third node has some trust value Vi on the trustee node basing on its own evaluation. The recommendation trust TR value for the trustor node is calculated as:

TR = TDI *Vi

(2)

TDI is direct trust value that the trustor node has on the third node. Multiplication of the values expresses that the recommendation value is effected by the value how much the trustor node trusts the third node. To ensure the recommendation is more reasonable, a trustor node may inquiry several third nodes for recommendation. In such cases, the recommendation trust value is calculated as:

TR =

1 n ∑ (TDI *Vi ) n i =1

(3)

Combination of Direct Trust and Recommendation Trust. When a trustor node gets both direct and recommendation trust value on a trustee node, a combination formula is required to balance relationship between direct trust and recommendation trust. As discussed in Section 2, we believe that how much recommendation value will be taken will depend on how much direct trust value the trustor node gets. The bigger value a trustor node gets from its own direct experience, the smaller value the trustor node will consider from the third node. If the trustor node has no direct experience about the target trustee node, the value of trust evaluation on the target trustee node will completely rely on the recommendation node. To satisfy these properties, we define an equation to express relationship between direct trust and recommendation trust. By applying this relationship equation the final trust value on a trustee node can be obtained.

V = TD + (1− | TD |) * TR

(−1 ≤ TD ≤ 1,

− 1 ≤ TR ≤ 1)

(4)

This relationship equation satisfies the following properties: − if a trustor get full certainty about its trust or distrust on a trustee, i.e. | TD | =1, the trustor will not necessarily consider the recommendation from a third party or parties. − if a trustor has not any certainty about its trust or distrust on a trustee, i.e. T =0, the trustor’s evaluation will solely rely on the recommendation from a third party or parties, − the more certainty a trust gets from its direct interaction with a trustee, the less the trustor will consider the recommendation from a third party or parties, and vice versa, − the amount of recommendation trust being taken depends on the amount of direct trust, but not vice versa. 4.4 Making Decision with Trust Value To make a security decision with the computed trust value, we need to estimate how much risk is affordable for each ongoing task. In other words, a threshold of trust value (TThreshold) needs to be defined for each task. Such threshold trust value may be varied depending on the security requirement of each ongoing task. By comparing the computed trust value and the threshold trust value, it is easy to see whether the trustee node satisfies the trust requirement or node. A simple equation for making decision is defined as follows:

D = V − Tthreshold

(5)

If D>=0, it means the computed trust value satisfies the trust requirement of the ongoing task. If D