Jin-Hee Cho & Ananthram Swami , Army Research Laboratory

Ing-Ray Chen, Virginia Tech

A Survey of Trust Management for Mobile Ad

Hoc Networks

Outline

• Background

• Motivation

• Multidisciplinary Trust Concept

• Trust, Trustworthiness, and Risk Assessment

• Trust Properties in MANETs

• Survey on Trust Management in MANETs

• Future Research Directions

Background

• Design Challenges in Mobile Ad Hoc Networks:– Resource constraints

energy, bandwidth, memory, computational power– High security vulnerability

open medium derived from inherent nature of wireless networks rapidly changing network topology due to node mobility or

failure, RF channel conditions decentralized decision making and cooperation (no centralized

authority) no clear line of defense

• Trust: the degree of subjective belief about the behavior of a particular entity.

Motivation

• Trust management is needed in MANETs with the goal of establishing a network with an acceptable level of trust relationships among participating nodes:– During network bootstrapping– To support coalition operation without predefined trust– For authentication for certificates generated by other parties when

links are down– To ensuring safety when entering a new zone

• Diverse applicability as a decision making mechanism for:– Intrusion detection– Key management– Access control– Authentication– Secure routing– Many others

Trust in Communications & Networking

• Trust in Communications & Networking– A set of relations among entities

participating in a protocol based on evidence generated by the previous interactions of entities within a protocol

– If the interactions have been faithful to the protocol, then trust will accumulate between these entities

– Context-aware trust: trust is the quantified belief of a trustor node regarding competence, honesty, security, and dependability of a trustee node in a specific context

Multidisciplinary

Concept of Trust

Sociology

Risking betrayal

Subjectivity

Economics

Incentive-based selfishness

Autonomic computing

automation reliability

Organizational management

risk assessment

Psychology

Cognitive process

Philosophy

Context-dependent moral

relationship

Communications & Networking

more...

security

reconfigurability

scalability

reliability

dependability

Trust, Trustworthiness, and Risk Assessment

• Definition (Trustworthiness): Trustworthiness is objective probability by which the trustee performs a given action on which the welfare of the trustor depends

• Definition (Trust): Trust is the subjective probability by which the trustor expects that the trustee performs a given action on which the welfare of the trustor depends

• Definition (Risk): risk is defined by the probability and the consequence of an incident. The risk value is given by the function r : P x C -> RV, where P is a set of trust values in [0,1], C is the set of consequence values and RV is the set of risk values.

1

1

Trustworthiness

Trust

b. misplaced trust

a. misplaced distrust

Trust =Trustworthiness

0.5

0.5

Trust Level [Solhaug et al., 2007]

Trust vs. Risk

• Trust-based decision making: a trust threshold is used to say yes/no

yes when t > trust threshold (t2 inthe graph)

• Risk-based decision making: a risk threshold is used to say yes/no

yes when r < high risk threshold (high risk zone in the graph)

In general when trust is high, risk is low but it really depends on the stake (consequence of failure). It is not enough to consider trust only and then say that trust is risk acceptance, trust is inverse to risk, or the like.

1

1

Stake

Trust 0.5

S2

S1

t1 t2

High risk

Medium risk

Low risk

Trust vs. Risk

[Solhaug et al. 2006,

Josang & LoPresti, 2004]

Trust Properties in MANETs

• Dynamic, not static– Trust in MANETs should be established

based on local, short-lived, fast changing over time, online only and incomplete information available due to node mobility or failure, RF channel conditions

– Expressed as a continuous value ranging from positive and negative degree

• Subjective– Different experiences derived from

dynamically changing network topology• Not necessarily transitive• Asymmetric, not necessarily

reciprocal– Heterogeneous entities

• Context-dependent– Sensing/Reporting vs. forwarding

Trust

Subjectivity

Dynamicity

AsymmetryContext-dependency

incomplete transitivity

Trust properties in MANETs.

Dynamicity

Weighted transitivity

Asymmetry

Subjectivity

Context-dependency

Discrete (or binary) trust value

Complete transitivity

Symmetry

0 2 4 6 8 10 12 14 16 18 20

20

19

2

5

5

2

3

1

Trust properties in existing trust management in MANETs.

Classification of Trust Management

Risk Management

Risk Assessment Risk Mitigation

Trust Management

Trust Update

Trust Revocation

Trust Establishment

Risk Control

trust evidence collection, trust generation, trust

distribution, trust discovery, and trust

evaluation

[Solhaug et al., 2006]

Attacks in MANETs

• By the nature of attack and the types of attackers [Liu et al., 2004]– Passive Attacks: when an unauthorized

party gains access to an asset but does not modify its content, (e.g., eavesdropping or traffic analysis)

– Active Attacks : masquerading (impersonation attack), replay (retransmitting messages), message modification, DoS (e.g., excessive energy consumption)

• By the legitimacy of attackers [Liu et al., 2004]– Insider attacks: authorized member– Outsider attacks: illegal user

Attacks considered in existing trust management in MANETs.

Collusion attack

Routing loop

Blackhole

Grayhole

DoS

False information

Packet related

New comer

Identity related

Blackmailing

Replay

Selective misbehaving

General misbehaving

General selfish

0 1 2 3 4 5 6 7 8 9 1011121314151617

Number of works

Type

s of

att

acks

Metrics for Measuring Network Trust in MANETs

• Network trust has been evaluated by general performance metrics, e.g., detection accuracy, goodput (useful information bits/sec), throughput (data bits/sec), overhead, delay, network utility, route usage (for secure routing), packet dropping rate, etc.

• Recently, trust level as a metric has been used, e.g., trust level of a network path or session

Throughput

Overhead

Detection accuracy

Goodput

Packet dropping rate

Utility

Delay

Route usage

Trust level

Others

0 1 2 3 4 5 6 7 8 9 10 11 12

Number of works

Met

rics

Metrics used for evaluating network trust

Composite Trust Metrics

Quality-of-Service (QoS) Trust

• Competence, dependability, reliability, successful

experience, and reputation or recommendation

representing capability to complete an assigned “task”

• Examples are the node’s energy lifetime,

computational power level, and capability to complete

packet delivery

Social Trust

• Use of the concept of social networks

• Friendship, similarity, common interest, social

connectivity, honesty, and social reputation or

recommendation derived from direct or indirect

interactions

Trust Management in MANETs based on Design Purpose

2000

2001

2002

2003

2004

2005

2006

2007

2008

0 1 2 3 4 5 6 7 8 9 10

Secure routing

Authentication

Intrusion detection

Access control

Key Management

Trust evaluation

Trust evidence distribution

Trust computation

General trust level identificationNumber of works

Year

Summary of existing trust management schemes in MANETs based on specific design purposes

Trust-based Applications in MANETs

Secure Routing• Detect and isolate

misbehaving nodes (selfish or malicious)

• Reputation management • Extension of the existing

routing protocols (e.g., DSR, AODV) using trust concept

• Incentive mechanism to induce cooperation

• Revocation + redemption possible

Authentication• Use trust to authenticate nodes or routing paths• Use direct evidence (certificates or observations

of packet forwarding behavior) plus second hand information (e.g., recommendation)

• Extension of the existing routing protocols (e.g., DSR, Zone Routing Protocol)

Key Management• Establish keys between nodes based on their trust relationships

• Trust-based PKI

• Distributed - each node maintains its public/private keys

• Hierarchical – a CA is elected based on trust

Trust-based Applications in MANETs (Cont.)

Intrusion Detection• Trust as a basis for developing

an intrusion detection system (IDS)

• Trust-based IDS provides audit and monitoring capabilities to enhance security

• Evaluating trust and identifying intrusions can be integrated together to build a trustworthy environment

Access Control• Use trust for decision making of

access control to MANET resources

• Trust-based admission control (role-based)

• A node can use resources if it is trusted by k trusted nodes

• Can integrate with policy-based access control (with a proof of identity or certificate)

Issues for Future Trust Management in MANETs

• How should we select a trust metric that can reflect the unique properties of trust in MANETs?

• What constitutes trust? Is it multi-dimensional with multiple trust components? Should we have a different set of trust components reflecting the application characteristics and node behavior (including selfish/malicious behavior)?

• How can trust contribute to scalability, reconfigurability, security, and reliability of the network?

• How should a trust protocol be designed to achieve adaptability to rapidly changing MANET environments?

• How do we design a trust system to reflect adequate tradeoffs, e.g., altruism vs. selfishness, and effectiveness vs. efficiency?

• Can we identify optimal trust protocol settings under various network and environmental conditions?

Questions?

Contact us at:

Jin-Hee Cho (jinhee.cho@arl.army.mil), Army Research Laboratory

Ananthram Swami (aswami@arl.army.mil) , Army Research Laboratory

Ing-Ray Chen (irchen@vt.edu), Virginia Tech