1 / 36

Dr. Kemal Akkaya E-mail: kemal@cs.siu

Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 12: Distributed Trust. Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu. Trust Management in MANETs/WSNs.

chidi
Télécharger la présentation

Dr. Kemal Akkaya E-mail: kemal@cs.siu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Department of Computer ScienceSouthern Illinois University CarbondaleCS 591 – Wireless & Network SecurityLecture 12: Distributed Trust Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Wireless & Network Security 1

  2. Trust Management in MANETs/WSNs All participants actively contribute to network activities such as routing and packet forwarding Special characteristics: limited memory perishable battery power lower bandwidth Two approaches: Monitoring-based CONFIDANT Watchdog Reputation-based CORE RFSN Wireless & Network Security 2

  3. Limitations of network security • Distributed collaborative data processing • Network security -> Make sure that only authenticated nodes participate. • Network security cannot -> Verify if nodes function properly • Distributed data gathering • Network security can -> message integrity, confidentiality, secure relaying. • Network security cannot -> data authentication. How do nodes trust each other? How do nodes trust the information provided by other nodes? Wireless & Network Security 3

  4. CONFIDANT • Buchegger, S. and Le Boudec, J. 2002. Performance analysis of the CONFIDANT protocol. In Proceedings of the 3rd ACM international Symposium on Mobile Ad Hoc Networking &Amp; Computing (Lausanne, Switzerland, June 09 - 11, 2002). MobiHoc '02. ACM, New York, NY, 226-236. • Detect, prevent, and/or discourage: • No forwarding (of control messages or data)‏ • Traffic deviation • Advertise many routes • Advertise routes too often • Advertise no routes • Route salvaging, rerouting to avoid a broken although no error has been observed • Lock of error messages, although an error has been observed (and vice versa)‏ • Silent route change (tampering with message headers of either control or data packets)‏ Wireless & Network Security 4

  5. Reputation Systems response to Attacks • A different method to handling attacks is to prevent them: • Only allow good nodes onto the network • Secure key to access network • Reputation systems detect misbehavior and then try to thwart attacks. • A good idea even if other methods have been used to prevent attacks and secure access • Inspiration of CONFIDANT: Richard Dawkin's The Selfish Gene • Suckers • Cheats • Grudgers Wireless & Network Security 5

  6. CONFIDANT built on top of DSR • Dynamic Source Routing (DSR)‏ • Reactive/On-Demand routing • Nodes send a ROUTE REQUEST message • Neighbors add themselves to the source route and forward it on • If the receiving node is the destination or has a route to the destination it sends a REPLY message with the full route • First received ROUTE REPLY wins • Failed links can be salvaged by partial alternate route • Routes are cached for some period of time • Observed Behavior • 'Neighborhood Watch' behavior that is directly observed, overheard, by the node. • Reported Behavior • Share experienced misbehavior and learn from friends. Wireless & Network Security 6

  7. CONFIDANT Components • The Monitor • Directly observes behavior • The Trust Manager • Sends and receives ALARMs • The Reputation System • Node Rating • The Path Manager • Route management based on Reputation • (Every nodes implements all of these components)‏ Wireless & Network Security 7

  8. The Monitor • Directly observes behavior • no forward (only observation implemented in this simulation)‏ • Packet alteration • Data packets • Routing packets • Consistent claim of neighboring nodes • Any other observable metric Wireless & Network Security 8

  9. Generate an alarm on experienced or observed misbehavior. Forward alarm on received report of misbehavior. Maintain trust table to determine trustworthiness of alarm Determining trust level algorithm is an open question in paper Table of nodes and their rating. Weighted between past rating and newly observed behavior and reported reputation. Only negative experience is counted Positive change and timeout are not addressed yet. Assume negative behavior is rare, and probably means node can never be trusted. The Trust Manager The Reputation System Wireless & Network Security 9

  10. The Path Manager • Path re-ranking according to security metric (re-rank route based on reputation). • Deletion of paths containing malicious nodes. • Action on receiving a request for a route from a malicious node (ignore request). • Action on receiving request for a route containing a malicious node in the source route (ignore, alert source). Wireless & Network Security 10

  11. CONFIDANT Results Wireless & Network Security 11

  12. CONFIDANT Results Wireless & Network Security 12

  13. Watchdog and Pathrater • S. Marti, T.J. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” Proc. MobiCom '00. • Extra facilities added to the network to detect and mitigate routing behavior. • Two extensions to DSR: • Watchdog identifies misbehaving nodes by overhearing transmissions • Pathrater avoids routing packets through these nodes Wireless & Network Security 13

  14. Watchdog • The watchdog is implemented by • maintaining a buffer of recently sent packets • compare each overheard packet to buffered packets to see if there is a match. If so, the packet in the buffer in removed and forgotten. • A certain timeout indicates a failure tally – count it and see if it exceeds a bandwidth threshold. If so, send a message back to the source. • Advantages • It can detect misbehavior at the forwarding level • Disadvantages • It might not detect a misbehaving node, due to • Ambiguous collisions • Receiver collisions • Limited transmission power • False misbehavior • Collusion • Partial dropping Wireless & Network Security 14

  15. Disadvantages • Honest Nodes • Ambiguous collisions • Receiver collisions • Dishonest Nodes • Transmission power intentionally limited by a dishonest node • False misbehavior report by malicious node • Multiple dishonest nodes in collusion (groups of nodes) • Partial dropping by a dishonest node Wireless & Network Security 15

  16. PathRater • The pathrater, run by each node, combines knowledge of misbehaving nodes with link reliability data to pick the route. • Each node maintains a rating for every other node it knows about in the network • It calculates a path metric by averaging the node rating in the path. If there are multiple paths to the same destination, the path with the highest metric is chosen. Wireless & Network Security 16

  17. Simulation Results • Combined use of • WD – Watchdog • PR - PathRater • SRR – Extra Route Request • Two mobility scenarios • Performance Metrics • Throughput: The percentage of sent data packets actually received by the intended destinations • Overhead: The ratio of routing-related transmissions to data transmissions in a simulation • False positives: False positives occur when the Watchdog mechanism reports that a node is misbehaving when in fact it is not • Compromised nodes: from 0% to 40% Wireless & Network Security 17

  18. Throughput as % of misbehaving nodes Wireless & Network Security 18

  19. Throughput as % of misbehaving nodes Wireless & Network Security 19

  20. Overhead as % of misbehaving nodes Wireless & Network Security 20

  21. Overhead as % of misbehaving nodes Wireless & Network Security 21

  22. Throughput in presence of false detections Wireless & Network Security 22

  23. Reputation based Trust: CORE • CORE: A Collaborative Reputation Mechanism to enforce node cooperation in Mobile Ad hoc Networks”. • Proposed by Michiardi and Molva to enforce node cooperation in MANETs based on a collaborative monitoring technique • Nodes modeled as a members of a community • The reputation is formed and updated along the time. • assigns more weight to the past observations than the current observations • Three types of reputation • subjective reputation • indirect reputation • functional reputation Wireless & Network Security 23

  24. CORE Details • Has two protocol entities • Requester • refers to a network entity asking for the execution of a function f • Provider • refers to any entity supposed to correctly execute the function f • Each node maintains • An RT Table for each function f • An entry in RT has: • unique ID • recent subjective reputation • recent indirect reputation • composite reputation for a predefined function • RTs updated in two situations: • during the request phase • during the reply phase • Each node is also equipped with a watchdog mechanism for promiscuous observation. Wireless & Network Security 24

  25. Reputation based Trust in WSNs • S. Ganeriwal and M. Srivastava. Reputation-based framework for high integrity sensor networks. In proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN ’04), October 2004 pp. 66-77. • The first reputation and trustbased model designed and developed exclusively for sensor networks. • Distributed, symmetric reputation-based model that uses both first-hand and second-hand information for updating reputation values. • Nodes maintain the reputation and trust values for only nodes in their neighborhood. Wireless & Network Security 25

  26. Reputation based framework for sensor networks (RFSN) Embedded in every social network is a web of trust • How does human societies evolve? • Principle of reciprocal altruism • Be nice to others who are nice to you • When faced with uncertainties • Trust them who have the reputation of being trustworthy Proposed solution: Form a similar community of trustworthy nodes in the network over time Wireless & Network Security 26

  27. Why this approach? • Sensor network already follow a community model • Individual nodes do not have any utility • Collaborative information gathering, data processing and relaying. • Missing element is trust…. • Nodes are dumb and they collaborate with every node. • Internal adversaries exploit this very fact! • Faulty sensors results in equally detrimental effects. • RFSN incorporates intelligence into nodes • Exposes trust as an explicit metric! • Cooperate with ONLY those nodes that are trustworthy. Wireless & Network Security 27

  28. Architecture of RFSN Watchdog mechanism Reputation Trust Behavior Second hand information • Observe the action of other nodes – Watchdog mechanism • Develop a perception of other nodes over time – Reputation • Share experiences to facilitate community growth – Second hand information • Predict their future behavior – Trust • Cooperate/Non-cooperate with trustworthy nodes – Behavior Wireless & Network Security 28

  29. Integration of approaches Watchdog mechanism Reputation Trust Behavior Second hand information Protocol Development Monitoring Data Analysis Statistics…. Cryptography Decision theory Development of high integrity sensor networks will be a combination of techniques from different fields Wireless & Network Security 29

  30. Reputation representation • Probabilistic formulation • Use beta distribution to represent reputation of a node. Reputation of node j from the perspective of node i • Why beta distribution? • Simple to store: Just characterized by 2 parameters. • Intuitive:α and β represents magnitude of cooperation and non-cooperation. • Efficient: Easy reputation updates, integration, trust formulation. • Maintain reputation for just neighboring nodes • Use locality – Provides scalability. Wireless & Network Security 30

  31. Reputation propagation • What to propagate? • Constraints • Information about goodnodes – Saves from bad mouthing attacks • Independent information – Critical to derivation in earlier slide Wireless & Network Security 31

  32. Simulation study - NESLsim Consistent data module Routing module • Simulation set up • Comparison with DUMB-RFSN • Representative of heuristic based approaches. • Metric : Trust between node i and j. • Parameter choices : Threshold (0.9), Initialization (Beta(1,1)). j i Wireless & Network Security 32

  33. Bad Mouthing Attacks Attack:Propagate false badreputation information about good nodes Countermeasure:Good Reputation System Set up:Node j cooperates fully Scenario 1:1 malicious child RFSN: Completely resilient. DUMB-RFSN: Node i will conclude wrongly node j to be malicious. Wireless & Network Security 33

  34. Bad Mouthing Attacks (Contd..) Set up:Node j cooperates fully Scenario 2:4 malicious children, 1 good child RFSN: Neglects bad nodes. Selectively takes advantage of 1 good node. DUMB-RFSN: Performance is more worse. Wireless & Network Security 34

  35. Ballot Stuffing Attack:Malicious nodes propagate false good reputation information. Countermeasure:Weight the second hand information appropriately Set up:Node j is malicious and colludes with malicious children nodes. Scenario 1:1 malicious child DUMB-RFSN: Node i will conclude node j to be trustworthy. RFSN: Completely resilient. Wireless & Network Security 35

  36. Comparison Wireless & Network Security 36

More Related