Trust in Ad hoc Networks A Novel Approach based on Clustering

Similar documents
Introduction and Statement of the Problem

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

An Authentication Service Based on Trust and Clustering in Mobile Ad Hoc Networks

SUMMERY, CONCLUSIONS AND FUTURE WORK

Security. Reliability

Trust Enhanced Cryptographic Role-based Access Control for Secure Cloud Data Storage

Part I. Wireless Communication

Considerations about the Architecture Solutions for PKI in Ad-hoc-Networks

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

Pseudonym Based Security Architecture for Wireless Mesh Network

CIS 5373 Systems Security

Introduction to Mobile Ad hoc Networks (MANETs)

A METHOD TO DETECT PACKET DROP ATTACK IN MANET

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

Subject: Adhoc Networks

Campus Network Design

UNIT 1 Questions & Solutions

Dynamic Design of Cellular Wireless Networks via Self Organizing Mechanism

NETWORKING. 8. ITDNW08 Congestion Control for Web Real-Time Communication

Packet Estimation with CBDS Approach to secure MANET

Cryptography and Network Security

A Security Management Scheme Using a Novel Computational Reputation Model for Wireless and Mobile Ad hoc Networks

A CONFIDENCE MODEL BASED ROUTING PRACTICE FOR SECURE ADHOC NETWORKS

Key establishment in sensor networks

Modelling Cyber Security Risk Across the Organization Hierarchy

Network Security and Cryptography. December Sample Exam Marking Scheme

A Secure Network Access Protocol (SNAP)

Detection of Malicious Node in Wireless Sensor Network under Byzantine Attack

RID IETF Draft Update

Security issues and vulnerabilities in Mobile Ad hoc Networks (MANET)-A Survey

Featuring Trust and Reputation Management Systems for Constrained Hardware Devices*

Caveat. Much of security-related stuff is mostly beyond my expertise. So coverage of this topic is very limited

Security+ SY0-501 Study Guide Table of Contents

Security improvement in IOT based on Software

BUSNet: Model and Usage of Regular Traffic Patterns in Mobile Ad Hoc Networks for Inter-Vehicular Communications

An Operational Perspective on BGP Security. Geoff Huston February 2005

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Overview. SSL Cryptography Overview CHAPTER 1

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CompTIA CAS-003. CompTIA Advanced Security Practitioner (CASP)

A local area network that employs either a full mesh topology or partial mesh topology

Some Lessons Learned from Designing the Resource PKI

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Top-Down Network Design

A Review on Black Hole Attack in MANET

Countering Hidden-Action Attacks on Networked Systems

IJRIM Volume 1, Issue 4 (August, 2011) (ISSN ) A SURVEY ON BEHAVIOUR OF BLACKHOLE IN MANETS ABSTRACT

SHARP : Secured Hierarchical Anonymous Routing Protocol for MANETs

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

IEEE networking projects

Eradication of Vulnerable host from N2N communication Networks using probabilistic models on historical data

CS551 Ad-hoc Routing

Security Enhancements for Mobile Ad Hoc Networks with Trust Management Using Uncertain Reasoning

Practical Anonymity for the Masses with MorphMix

Energy Efficient EE-DSR Protocol for MANET

Wireless Network Security : Spring Arjun Athreya March 3, 2011 Survey: Trust Evaluation

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

What is an Ad Hoc Network?

Wireless LAN Security (RM12/2002)

Cryptography and Network Security Chapter 1

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Securing Network Communications

Security of Mobile Ad Hoc and Wireless Sensor Networks

PRIVACY AND TRUST-AWARE FRAMEWORK FOR SECURE ROUTING IN WIRELESS MESH NETWORKS

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

MANET TECHNOLOGY. Keywords: MANET, Wireless Nodes, Ad-Hoc Network, Mobile Nodes, Routes Protocols.

Overview of Challenges in VANET

ComparisonofPacketDeliveryforblackholeattackinadhocnetwork. Comparison of Packet Delivery for Black Hole Attack in ad hoc Network

Scalability Comparison of AODV & DSDV Routing Protocols in MANET s

EXPERIMENTAL EVALUATION TO MITIGATE BYZANTINE ATTACK IN WIRELESS MESH NETWORKS

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

SECURED KEY MANAGEMENT ALGORITHM FOR DATA TRANSMISSION IN MOBILE ADHOC NETWORKS

Mobile ad hoc networks Various problems and some solutions

Optimized Paging Cache Mappings for efficient location management Hyun Jun Lee, Myoung Chul Jung, and Jai Yong Lee

A TRUST BASED APPROACH FOR DETECTION AND ISOLATION OF MALICIOUS NODES IN MANET

Mobile IoT: The Ideal Fit for Smart Cities

(2½ hours) Total Marks: 75

Security of Wireless Networks in Intelligent Vehicle Systems

Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee*

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

MANET : Services, Parameters, Applications, Attacks & Challenges

OPTIMIZING MOBILITY MANAGEMENT IN FUTURE IPv6 MOBILE NETWORKS

Design and Implementation of a Simulator for Ad Hoc Network Routing Protocols

Service Mesh and Microservices Networking

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Prevention of Black Hole Attack in AODV Routing Algorithm of MANET Using Trust Based Computing

Full file at

DDoS PREVENTION TECHNIQUE

Distributed Systems. Lecture 14: Security. 5 March,

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

Detection and Localization of Multiple Spoofing Attackers in Wireless Networks Using Data Mining Techniques

Covert Identity Information in Direct Anonymous Attestation (DAA)

Chapter 2 Communication for Control in Heterogeneous Power Supply

IMPACT ANALYSIS OF BLACK HOLE ATTACKS ON MOBILE AD HOC NETWORKS PERFORMANCE

Cross Layer Detection of Wormhole In MANET Using FIS

Anonymous Connections and Onion Routing

Transcription:

Trust in Ad hoc Networks A Novel Approach based on Clustering J. Boodnah and E.M. Scharf Department of Electronic Engineering, Queen Mary, University of London Abstract Ad hoc Networks by virtue of their nature pose a real challenge towards establishing trust among nodes within the network. This paper introduces and describes a novel approach, based on clustering, for establishing such trust. Studies on traffic generation in both the proposed method and a fully distributed approach show that the proposed method provides leaner trust establishment than the traditional peer-to-peer approach whilst not appreciably adding any further constraints to the network. 1. Introduction: Mobile Ad hoc Networks Uses and Characteristics Mobile ad hoc networks (MANETs) are designed for situations where no fixed or cellular infrastructure is available and where, indeed, decentralised network configurations are both advantageous and necessary. MANETs have therefore been considered for crucial military and civil applications such as battlefield scenarios and rescue operations in remote areas. Industrial and commercial applications include quick deployment of local coverage at construction sites and a means of providing wireless-based extended coverage for public access in urban areas. At the local level, ad hoc networks that link notebooks or palmtop computers could be used to share information at a conference or private meeting. On a more futuristic note, they might also be available for home networks where devices can communicate to exchange audio and video information, alarms and configuration updates. Because there is no fixed infrastructure in an ad hoc network, the hosts themselves have to form it and it can therefore change at any time. All hosts capable of forming ad hoc networks are equipped with wireless transmitters and receivers. Traditionally, because of the nature of ad hoc networks, research has mainly focused on routing issues. However, inherent with all the advantages an ad hoc network may offer is a vulnerability to security attacks that needs to be addressed. 2. Security and Trust A Challenge for MANETs Threats to ad hoc networks can be broadly categorised into: threats to the basic communication and routing mechanism, and threats to the security mechanisms such as key management mechanisms. There are various reasons why wireless ad hoc networks can be susceptible to security attacks, the principal ones being: Open Links. The wireless links between nodes are open and are hence very vulnerable to link attacks, which may include passive eavesdropping, active interfering, leakage of secret information, data tampering, impersonation, message replay, message distortion and denial of service. No Centralised Monitoring. MANETs do not have centralised monitoring and/or management points. Because of the lack of infrastructure, the usual practice of establishing a line of defence, distinguishing nodes as trusted and non-trusted is impeded. There are no grounds for an a priori classification. This makes it harder to monitor and manage the network. Dynamic Nature. The dynamic nature of the networks means that the network size can vary considerably and this means that the security architecture needs to be scalable to accommodate this possibility. Compromised Nodes and Routing. Mobile nodes can be physically captured and therefore compromised. Not being fixed devices, there is no scope for confining them up to secure rooms. Attacks on communication and routing mechanisms need to be protected by the use of appropriate cryptographic techniques. For these techniques to work properly, the key management infrastructure must work first. This is simply because if a key management infrastructure is compromised, then a host cannot trust the key it obtains for cryptographic purposes, and if the key cannot be trusted, then encryption is worthless. Hence trust is a crucial and inherent pre-requisite for the security of ad hoc networks. 3. Trust as a tool for Security Several approaches for building trust have been reported in recent work; these provide extensive definitions of trust as a concept. The novel Cluster Head (CH) approach, which is presented in this paper, draws on this work.

The Poblano Model [1] presents trust relationships between peers and between peers and the data content, by using the risk factor and peer confidence (data relevance). It propagates trust via six degrees (Distrust to Complete Trust) and also has a recommendation system for security purposes. Bayesian Networks [2] have a theoretical foundation on Baye s rule. For instance, a root node T has two values (satisfying 1, and unsatisfying ) and P(T=1) represents overall trust in an entity. This is measured as the percentage of satisfying interactions over the total number of interactions. An obvious disadvantage is that the selection of trust is too rigorous ( and 1) while satisfying is a subjective and vague descriptor. Semantic Web. [3] This aim of this project is to build a Web-of-Trust that integrates trust and social networks and represents the concepts of direct and recommendation trust as a graph. It is implemented by extending of Friend-Of-A-Friend project and contains 9 levels of trust within a specific area (3 better than Poblano). Applications include Trustbot (IRC) and TrustMail (Mozilla). These methods generally work on a meshed network model and can be seen as fully distributed networks (i.e. no clustering). 4. The Cluster Head Approach The proposed approach uses a semi-meshed Public Key Infrastructure (PKI) model. Ad hoc networks, due to their randomness can be compared to meshed networks but it is important to note that security requirements can vary quite dramatically depending on the scenario in which they are applied. For instance, military scenarios will have more stringent requirements in trust establishment than say a LAN-based party game, or even participants at a conference. In our case, a conference scenario is adopted with the following assumptions: A Priori Trust Information. Some nodes in the network have some a priori information about one another and therefore have some form of trust relation albeit in varying degrees. This evidence may have been obtained off-line (as in visual identification), by an audio exchange, or even physical contact. Such an assumption is not unrealistic since most ad hoc network scenarios will generally have some nodes that can be paired with others in terms of trust relationships. Reachability. Each node is within range of any other in the whole network and all nodes are interconnected at the start of the simulation. Computational Resources. Each node has sufficient computational power to be able execute any required encryption algorithm and be able to generate or sign certificates. Each node has sufficient memory for public key storage. 4.1 PKI and Trust PKI makes use of a public key which is used to encrypt the message and a private key which is used to decrypt it. Trust issues arise when nodes have to authenticate one another in order to be able to send encrypted information over the air interface. In order to use a key, a node has to be absolutely certain that the public key effectively belongs to the recipient node. This is normally achieved via the use of certificates. In ad hoc networks, certificates are issued by the nodes themselves. This means that nodes have to be able to trust each other and hence generate those certificates. Trust values are an ideal way of achieving this. A trust value can be a denomination that has been achieved by a recommendation or via an existing trust relationship. Basically, trust value is very similar to reputation except that they are, in this approach, between two single nodes only (i.e. the cluster head and the member node). A reputation is mathematically the mean of all recommendations. It can also be defined as an import of the past behaviour of a node. 4.2 Network Topology and the Role of the Cluster Head The strategy used in the proposed model is to implement mini hierarchal structures in an otherwise meshed PKI model. The idea is to use a cluster-based network, for the purpose of establishing trust only noting that clustering was originally used to minimise the flooding of route discovery packets [4]. In our system, the entire network is divided into a number of clusters as shown in Figure 1. A cluster has a cluster head (CH) with the following attributes. A cluster head (CH) is elected for each cluster to maintain the cluster membership information. Each cluster is identified by its Cluster Head ID and each node in the network knows its cluster head and therefore knows which cluster it belongs to. A node belongs in a cluster when it has a duplex link to the head of that cluster. For discussion purposes we refer to it as a slave node.

CH1 CH2 CH3 Figure 1: The Cluster Head Approach to Trust Establishment For distributing trust within an ad hoc network, the following aspects are also introduced. The CH is elected on a democratic basis. This means that the node with the most trust relations with other nodes in its surroundings is assigned the role of CH. Should a CH leave a cluster, the next available node down the trust hierarchy is chosen. This means, that for simulation purposes, once a cluster is formed, all slave nodes trust the CH and therefore all nodes with the cluster trust one another other (via the CH which is responsible for propagating trust certificates). Within the cluster, the PKI follows a hierarchal model. This is because it is assumed that all nodes within a cluster will trust the CH who will then act as a mini Certificate Authority (CA) for that cluster. A meshed model is however in place for inter-cluster trust relationships.. Simulations Initial simulations are carried out in NS-2. The conference scenario is modelled as a collection of six clusters each with six individual nodes, excluding the cluster head, hence providing 42 nodes in total. The CH method is compared to how it would fare in a fully distributed network (with all network nodes being considered equal). Trust is propagated within the network via the use of trust certificates with a set size of 124 bytes. This conforms to realistic estimates of certificate sizes. Certificates include the node ID and associate that node ID with a public key. For simplicity the public key is limited to 6 characters. Number of nodes is 42, with a total simulation time varying from 3 to 9 seconds. Certificate requests are sent at the rate of 1 per node per link with zero delay and the whole scenario is implemented using UDP agents and constant size trust packets. The simulations were run in the following order: - Certificate exchange with cluster head inside cluster (increasing cluster size gradually). - Certificate exchange between clusters (increasing number of clusters). In this experiment, the main aim was solely to establish the total traffic, therefore an indication the total bandwidth consumed by the trust mechanism on its own. The system was not brought into any form of congestion to prevent dropped packets and the duplex links were set at an above-threshold bandwidth. Nevertheless, the system was brought to the worst case scenario in each incidence (to determine the maximum possible bandwidth consumption). These included: - Simultaneous sending of key certificates from individual nodes to their CHs. - All nodes request certificates from one another (in the fully distributed mode). This is extreme because it would be highly unlikely that this should happen in real life. However, it provides a useful upper bound for the bandwidth consumption. - The system is considered trustworthy, when all nodes within the cluster or network have access to the certificate of every other node within that cluster/network, whether via the CH or individually. The following outcomes were noted as are detailed in Figure 2 (a) (d): - In (a), it can be clearly inferred that the CH approach generates less overall traffic within the cluster. This advantage increases as the number of nodes increases. However, this can only go up to the congestion limit of the CH, that is the maximum number of certificate requests it can accommodate without starting to drop packets.

- In (b), the same experiment is repeated as in (a) but this time increasing numbers of clusters with fixed sizes (6 slave nodes) are compared in both cases. Again, the CH approach generates less traffic and this time, the larger the network, the better the CH approach fares. - Figure 2(c) compares the amount of traffic within a cluster at the CH and the slave node (for the CH approach) and at each node (for the distributed traffic). This indicates that the while the CH has to accommodate more traffic than its slave counterpart, that traffic is no more than what any node would have to accommodate in a fully distributed scenario. Hence the CH method allows the slave nodes to have more resources for other purposes, unrelated to trust propagation. - Finally, as a statistical confirmation, the average traffic per node is calculated for each method, confirming the superiority of the CH approach. Maximum traffic generated (per cluster) Maximum total traffic generation 2 4 18 Traffic generated in KB 4 3 3 2 2 1 1 Traffic generated in KB 16 14 12 1 8 6 4 2 No of nodes in cluster (excl. CH) No of clusters each with 7 nodes CH approach Fully distributed CH approach Fully Distributed Traffic Comparison on a per-node basis Statistical Average per node 7 4 Traffic consumption in KB 6 4 3 2 1 Traffic consumption in KB 4 3 3 2 2 1 1 No of nodes inside cluster Traffic at CH Traffic at slave node in CH approach Traffic per node in distributed approach No of nodes inside cluster CH approach - statistical average Distributed approach - Statiscal Average Figure 2 Simulation results - clockwise from top left (a), (b), (d), (c) 6. Conclusions and Future Work The CH model presents several advantages over the fully distributed approach with regards to trust establishment. Because of the use of hierarchal PKI within the cluster, much less bandwidth is needed to establish trust between nodes within a cluster. However, such a method also has some drawbacks such as restricted a restricted cluster size. The initial trust establishment process is also assumed to be a priori and not generated. While these initial simulations are favourable with respect to the CH approach, other aspects of this particular method will be considered in future work. Some of those include the speed at which the network establishes trust, using mobile nodes with different routing protocols and varying the certificates (hence packets ) sizes, monitoring the trust mechanism close to congestion point and using varying trust values within and between the clusters. A trust maintenance model is also targeted whereby it will be possible to enable dynamic formation of trust clusters (that operate on top of the normal routing infrastructure) and implement trust distribution graphs. References [1] Rita Chen and William Yeager, Poblano, A Distributed Trust Model for Peer-to-Peer Networks, http://www.jxta.org, Sun Microsystems. [2] Yao Wang, Julita Vassileva: Bayesian Network-Based Trust Model. Web Intelligence 23, pp 372-378. [3] http://trust.mindswap.org [4] Mingliang Jiang, Jinyang Li, Y.C. Tay, "Cluster Based Routing Protocol" August 1999 IETF.

Table of Contents for Reviewers Abstract... 1 1. Introduction: Mobile Ad hoc Networks Uses and Characteristics... 1 2. Security and Trust A Challenge for MANETs... 1 3. Trust as a tool for Security... 1 4. The Cluster Head Approach... 2 4.1 PKI and Trust... 2 4.2 Network Topology and the Role of the Cluster Head... 2. Simulations... 3 6. Conclusions and Future Work... 4 References... 4 Table of Contents for Reviewers... Presentation Medium MS PowerPoint (Office version 2) Authors Details 1. Javesh BOODNAH Department of Electronic Engineering Queen Mary, University of London Mile End Road London E1 4NS Tel: 2 7882 748 Fax: 2 7882 7997 Email: javesh.boodnah@elec.qmul.ac.uk 2. Dr. Eric M. Scharf Department of Electronic Engineering Queen Mary, University of London Mile End Road London E1 4NS Tel: 2 7882 343 Fax: 2 7882 7997 Email: e.m.scharf@elec.qmul.ac.uk

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback