TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu,...

transcript

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks

Xiaoqi Li, Michael R. Lyu, and Jiangchuan LiuIEEE Aerospace ConferenceMarch 2004

March 2004 CSE Dept. of CUHKPage 2

Outline

• Introduction• Background: AODV and Subjective

logic• Framework of TAODV• Trust model for TAODV• Routing operations in TAODV• Analysis• Conclusion and future work

Introduction to MANETs

• Mobile Ad Hoc Networks (MANETs)– No fixed infrastructure– Self-organized routing– Prone to be unstable and insecure

• Previous Secure Solutions for MANETs– Require each node to testify itself by

showing its digital signature at all times– Need a super-trusted third-party to provide

authentication

Introduction to TAODV

• Make use of trust relationships among nodes

• Need not request and verify signature at each time of communication, just like human society

• TAODV: a secure routing protocol based on trust model for MANET

Background: Subjective Logic

• Subjective logic– Represent trust relationship formally– Define how to combine different trust

information together– Map all kinds of evidences to trust

representation space

• We derive our trust model for TAODV from subjective logic

Background: AODV

• AODV– Ad Hoc On-Demand Distance Vector Rout

ing Protocol for MANETs– Two main routing messages:

• RREQ: Routing REQuest• RREP: Routing REPly

• We extend AODV by adding trust information into its routing messages

Framework of TAODV

Trust Model for TAODV: Representation of trust

• Use Opinion to represent trust:– A three-dimensional metric–

• -- Probability of node A believing in node B

• -- Probability of node A disbelieving in node B

• -- Probability of node A’s uncertainty about B

),,( AB

AB udb

ABdABu

AB udb

• Discounting Combination: – Combine trusts along one path– Combine

– Equation: Let

Trust Model for TAODV: Combination of trust

),,( ABC

ABC udb

Trust Model for TAODV: Combination of trust

• Consensus Combination: – Combine trusts from several paths– Combine

– Equation: Let

Cuuuukwhere

),,( ,,,, BAC

BAC udb

• Mapping from evidence space to opinion space:

– p : positive evidences– n : negative evidences

Trust Model for TAODV: Mapping from evidences to opinion space

uwhere

Routing Operations in TAODV

• Trust Recommendation• Trust Judgement• Routing Table Extension• Trust Update• Routing Messages Extensions• Trusted Routing Discovery

Trust Recommendation• Exchange trust information• Three types of message:

– TREQ: Trust REQuest– TREP: Trust REPly– TWARN: Trust WARNing

• Broadcast TWARN when a node’s disbelief value is zero

• Message structure:

Trust Judgement

• Predefined trust judging rules

b d u Actions>0.5 Request and verify digital

signature

>0.5 Distrust a node for an expire time

>0.5 Trust a node and continue routing

≤0.5 ≤0.5 ≤0.5 Request and verify digital signature

b – belief d – disbelief u – uncertainty 0.5 – threshold

Routing Table Extension

• Add three fields into original routing table– Positive events– Negative events– Opinion

• New routing table formatDestIP DestSe

HopCount

.Lifetime Positiv

eEvents

NegativeEvents

Opinion

Trust Update

• Update of Evidences– Successful Communication Positive

events: p++– Failed Communication Negative events: n++

• Update of opinion - two ways: – Mapping from evidence space– Combination from different

recommendations

Trusted Routing Discovery: Scenario I-Beginning of TAODV

• Initial opinions are all (0,0,1)• Node A originates a RREQ to discover a route to C• Node B will authenticate A and C because of high

uncertainty (u=1) of them from its point of view• Finally, if succeeds, the opinions are all changed

to (0.33,0,0.67)

Trusted Routing Discovery: Scenario II-A Stable TAODV MANET

• Trust relationships have been established among almost all the nodes

• The values of uncertainty are getting smaller and smaller

• The general procedures are as follows. (e.g. N2)

Trusted Routing Discovery: Scenario II-A Stable TAODV MANET

Analysis

• Performance– No need to perform cryptographic

computations in every packet reducing computation overhead

– Trust recommendation messages and routing table extension are simple no introducing much routing overhead

Analysis

• Security – A malicious node will be finally denied

from the network and it’s opinion from other nodes will be (0,1,0).

– When a bad node turns to be a good one, it’s opinion in others will be changed from (0,1,0) to (0,0,1) after expiry.

Analysis

• Flexibility– Each node is given more flexibility to

define its own opinion threshold.– The default threshold is 0.5.– For high level security requirement,

the threshold can be increased.– For some non-critical applications, the

threshold can be decreased.

Conclusion

• First approach to apply the idea of trust model into the security solutions of MANETs.

• The trust among nodes can be quantified and combined.

• TAODV is a secure routing protocol with– Less computation overheads – Not introducing much routing overheads– Flexible security levels

Future Work

• Optimize trusted routing discovery algorithm

• Establish fast response mechanism when being attacked

• Perform detailed simulation evaluation

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu,...

Documents