A Survey of Trust
Management for Mobile
Ad Hoc Networks
Jin-Hee Cho & Ananthram Swami , Army Research Laboratory
Ing-Ray Chen, Virginia Tech
Outline
• Background
• Motivation
• Multidisciplinary Trust Concept
• Trust, Trustworthiness, and Risk Assessment
• Trust Properties in MANETs
• Survey on Trust Management in MANETs
• Future Research Directions
Background
• Design Challenges in Mobile Ad Hoc Networks:
– Resource constraints
 energy, bandwidth, memory, computational power
– High security vulnerability
 open medium derived from inherent nature of wireless networks
 rapidly changing network topology due to node mobility or
failure, RF channel conditions
 decentralized decision making and cooperation (no centralized
authority)
 no clear line of defense
• Trust: the degree of subjective belief about the behavior of a
particular entity.
Motivation
• Trust management is needed in MANETs with the goal of
establishing a network with an acceptable level of trust
relationships among participating nodes:
– During network bootstrapping
– To support coalition operation without predefined trust
– For authentication for certificates generated by other parties when
links are down
– To ensuring safety when entering a new zone
• Diverse applicability as a decision making mechanism for:
–
–
–
–
–
–
Intrusion detection
Key management
Access control
Authentication
Secure routing
Many others
Trust in Communications &
Networking
Sociology
Risking betrayal
Subjectivity
Philosophy
Economics
Context-dependent
moral relationship
Incentive-based
selfishness
Multidisciplinary
Concept of Trust
Autonomic
computing
Psychology
Cognitive process
automation
reliability
Organizational
management
risk assessment
reconfigurability
scalability
security
Communications
& Networking
reliability
more...
dependability
• Trust in Communications &
Networking
– A set of relations among entities
participating in a protocol based on
evidence generated by the previous
interactions of entities within a
protocol
– If the interactions have been faithful
to the protocol, then trust will
accumulate between these entities
– Context-aware trust: trust is the
quantified belief of a trustor node
regarding competence, honesty,
security, and dependability of a
trustee node in a specific context
Trust, Trustworthiness, and Risk
Assessment
Trustworthiness
Trust =Trustworthiness
1
•
Trustworthiness is objective
probability by which the trustee
performs a given action on which the
welfare of the trustor depends
a. misplaced distrust
•
b. misplaced trust
•
Trust
1
Trust Level [Solhaug et al., 2007]
Definition (Trust): Trust is the
subjective probability by which the
trustor expects that the trustee
performs a given action on which the
welfare of the trustor depends
0.5
0.5
Definition (Trustworthiness):
Definition (Risk): risk is defined by
the probability and the consequence of
an incident. The risk value is given by
the function r : P x C -> RV, where P is
a set of trust values in [0,1], C is the
set of consequence values and RV is
the set of risk values.
Trust vs. Risk
•
1
Stake
High risk
•
S2
Medium risk
Trust-based decision making: a trust
threshold is used to say yes/no
yes when t > trust threshold (t2 in
the graph)
Risk-based decision making: a risk
threshold is used to say yes/no
yes when r < high risk threshold
(high risk zone in the graph)
S1
Low risk
t1
0.5
t2
Trust vs. Risk
[Solhaug et al. 2006,
Josang & LoPresti, 2004]
1
Trust
In general when trust is high, risk is
low but it really depends on the
stake (consequence of failure). It is
not enough to consider trust only
and then say that trust is risk
acceptance, trust is inverse to risk,
or the like.
Trust Properties in MANETs
Subjectivity
•
incomplete
transitivity
Dynamic, not static
–
Dynamicity
Trust
Asymmetry
Contextdependency
–
Trust properties in MANETs.
Symmetry
•
1
Complete transitivity
Discrete (or binary) trust value
Subjective
–
3
2
Context-dependency
5
Subjectivity
5
Asymmetry
•
•
2
Weighted transitivity
19
Dynamicity
20
0
5
10
15
Trust properties in existing trust
management in MANETs.
20
Different experiences derived from
dynamically changing network topology
Not necessarily transitive
Asymmetric, not necessarily
reciprocal
–
•
Trust in MANETs should be established
based on local, short-lived, fast
changing over time, online only and
incomplete information available due to
node mobility or failure, RF channel
conditions
Expressed as a continuous value
ranging from positive and negative
degree
Heterogeneous entities
Context-dependent
–
Sensing/Reporting vs. forwarding
Classification of Trust
Management
Risk Management
Risk Assessment
Risk Mitigation
Trust Management
Risk Control
trust evidence collection,
trust generation, trust
distribution, trust discovery,
and trust evaluation
Trust Establishment
Trust Update
[Solhaug et al., 2006]
Trust Revocation
Attacks in MANETs
•
General selfish
General misbehaving
By the nature of attack and the
types of attackers [Liu et al., 2004]
–
Selective misbehaving
Replay
Types of attacks
Blackmailing
Identity related
–
New comer
Packet related
False information
DoS
•
Grayhole
Passive Attacks: when an unauthorized
party gains access to an asset but does
not modify its content, (e.g.,
eavesdropping or traffic analysis)
Active Attacks : masquerading
(impersonation attack), replay
(retransmitting messages), message
modification, DoS (e.g., excessive energy
consumption)
By the legitimacy of attackers [Liu
et al., 2004]
Blackhole
–
–
Routing loop
Collusion attack
0 1 2 3 4 5 6 7 8 9 1011121314151617
Number of works
Attacks considered in existing trust management
in MANETs.
Insider attacks: authorized member
Outsider attacks: illegal user
Metrics for Measuring
Network Trust in MANETs
•
Others
Trust level
Route usage
Delay
Metrics
Utility
Packet dropping rate
Goodput
•
Detection accuracy
Overhead
Throughput
0
1
2
3
4
5
6
7
8
9 10 11 12
Number of works
Metrics used for evaluating network trust
Network trust has been
evaluated by general performance
metrics, e.g., detection accuracy,
goodput (useful information
bits/sec), throughput (data
bits/sec), overhead, delay,
network utility, route usage (for
secure routing), packet dropping
rate, etc.
Recently, trust level as a metric
has been used, e.g., trust level of
a network path or session
Composite Trust Metrics
Quality-of-Service (QoS) Trust
• Competence, dependability,
reliability, successful
experience, and reputation or
recommendation representing
capability to complete an
assigned “task”
• Examples are the node’s
energy lifetime, computational
power level, and capability to
complete packet delivery
Social Trust
• Use of the concept of social
networks
• Friendship, similarity, common
interest, social connectivity,
honesty, and social reputation
or recommendation derived
from direct or indirect
interactions
Trust Management in MANETs
based on Design Purpose
2008
Secure routing
2007
Authentication
2006
Intrusion detection
Year
2005
Access control
2004
Key Management
2003
2002
Trust evaluation
2001
Trust evidence distribution
2000
Trust computation
0
1
2
3
4
5
6
Number of works
7
8
9
10
General trust level identification
Summary of existing trust management schemes in MANETs based on specific design purposes
Trust-based Applications in
MANETs
Secure Routing
•
•
•
•
•
Detect and isolate
misbehaving nodes
(selfish or malicious)
Reputation management
Extension of the existing
routing protocols (e.g.,
DSR, AODV) using trust
concept
Incentive mechanism to
induce cooperation
Revocation + redemption
possible
Authentication
•
•
•
Use trust to authenticate nodes or routing paths
Use direct evidence (certificates or observations
of packet forwarding behavior) plus second hand
information (e.g., recommendation)
Extension of the existing routing protocols (e.g.,
DSR, Zone Routing Protocol)
Key Management
•
•
Establish keys between nodes based on their
trust relationships
Trust-based PKI
• Distributed - each node maintains its
public/private keys
• Hierarchical – a CA is elected based on
trust
Trust-based Applications in
MANETs (Cont.)
Intrusion Detection
•
•
•
Trust as a basis for developing
an intrusion detection system
(IDS)
Trust-based IDS provides audit
and monitoring capabilities to
enhance security
Evaluating trust and identifying
intrusions can be integrated
together to build a trustworthy
environment
•
•
•
•
Access Control
Use trust for decision making of
access control to MANET
resources
Trust-based admission control
(role-based)
A node can use resources if it is
trusted by k trusted nodes
Can integrate with policy-based
access control (with a proof of
identity or certificate)
Issues for Future Trust Management
in MANETs
• How should we select a trust metric that can reflect the unique
properties of trust in MANETs?
• What constitutes trust? Is it multi-dimensional with multiple trust
components? Should we have a different set of trust components
reflecting the application characteristics and node behavior (including
selfish/malicious behavior)?
• How can trust contribute to scalability, reconfigurability, security, and
reliability of the network?
• How should a trust protocol be designed to achieve adaptability to
rapidly changing MANET environments?
• How do we design a trust system to reflect adequate tradeoffs, e.g.,
altruism vs. selfishness, and effectiveness vs. efficiency?
• Can we identify optimal trust protocol settings under various network
and environmental conditions?
Questions?
Contact us at:
Jin-Hee Cho (jinhee.cho@arl.army.mil), Army Research Laboratory
Ananthram Swami (aswami@arl.army.mil) , Army Research Laboratory
Ing-Ray Chen (irchen@vt.edu), Virginia Tech