Document

advertisement
A Probabilistic Misbehavior Detection Scheme
towards Efficient Trust Establishment in
Delay-tolerant Networks
Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong Dong, Zhenfu Cao
Presented by Youyou Cao
Outline
 Introduction
 System model
 Basic iTrust misbehavior detection scheme
 Advanced iTrust probabilistic misbehavior detection scheme
 Experiment Results
 Future work
 Conclusion
Introduction
Delay tolerant network(DTN)




lack of contemporaneous end-to-end path
High variation in network conditions
Difficulty to predict mobility patterns
Long feedback delay
Store-carry-and-forward strategy
 In-transit messages can be sent over an existing link and buffered at the next hop until the
next link in path appears
DTN Routing Misbehavior
 Dropping packets intentionally
 Selfish/Malicious
 Significantly reduce the packet delivery rate, serious threat against network performance
of DTN
Related work
Misbehavior detection scheme for MANET:
 Neighborhood monitoring
----
won’t work for DTN!
black hole attack cannot
be detected due to lack of witness
 Destination acknowledge
----
C
D
A
B
won’t work for DTN!
Lack of contemporaneous path
E
Current misbehavior detection schemes for DTNs:
 Based on forwarding history verification
Problem: Transmission overhead and verification cost is high
F
Negative ACK
System Model
A normal DTN consisted of mobile devices owned by
individual users.
 Each node i has a unique ID 𝑁𝑖 and a corresponding public/private
key pair.
 Each node must pay a deposit C before it joins the network, and the
deposit will be paid back after the node leaves, if there is no
misbehavior activity of the node.
A periodically available Trust Authority (TA) exists to take the
responsibility of misbehavior detection in DTN.
 For a specific detection target 𝑁𝑖 , TA will request 𝑁𝑖 ’s forwarding
history in the global network.
Routing Model
Use single-copy routing mechanism(First Contact routing
protocol)
 Note: the proposed misbehaving detection scheme can also be
applied to delegation based routing protocols or multi-copy based
routing protocols
Assume the communication range of a mobile node is finite.
 A data sender out of destination node’s communication range can
only transmit data via a sequence of intermediate nodes in a multihop manner.
Threat model
Assume each node in the networks is rational and a rational node’s
goal is to maximize its own profit.
Mainly consider two kinds of misbehavior node:
 Selfish
Due to the selfish nature and energy consuming, selfish nodes are not
willing to forward bundles for others without sufficient reward.
 Malicious
As an adversary, the malicious nodes arbitrarily drop others’ bundles
(blackhole or greyhole attack), which often take place beyond others’
observation in a sparse DTN, leading to serious performance degradation.
Design Requirements
Distributed:
 Require that a network authority responsible for the administration
of the network is only required to be periodically available and
consequently incapable of monitoring the operational minutiae of
the network.
Robust:
 Require a misbehavior detection scheme that could tolerate various
forwarding failures caused by various network environments.
Scalability:
 Require a scheme that works independent of the size and density of
the network.
Basic iTrust scheme for
misbehavior detection in DTNs
Routing Evidence Generation Phase
Three kinds of data forwarding evidences to judge if a node is
a malicious one or not
Auditing Phase
Three misbehavior detection cases
•
An honest data forwarding with sufficient contacts
•
An honest data forwarding with insufficient contacts
•
A misbehaving data forwarding with/without sufficient contacts
Routing Evidence Generation Phase
message
Signature generated by node 𝑁𝑖 to indicate that the
forwarding task has been delegated to node 𝑁𝑗
Time stamp
Packet expiration time
Signature generated by the source nodes
on message M
Signature generated by node 𝑁𝑗 to indicate that 𝑁𝑗
has accepted this task
Note: In the audit phase, for the investigation target node 𝑁𝑗 , 𝑁𝑖 will submit the
delegation task evidences to TA for verification
Routing Evidence Generation
Phase
Signature generated by node 𝑁𝑘 to demonstrate the authenticity of
forwarding history evidence
Note: In the audit phase, the investigation target node 𝑁𝑗 will submit
the forwarding history evidence to TA to demonstrate that he has
tried his best to fulfill the routing task defined by the delegation task
evidence.
11
Routing Evidence Generation
Phase
Note: Contact history evidence will be stored at both nodes. In the audit phase,
for the investigation target node 𝑁𝑗 , both 𝑁𝑗 and 𝑁𝑘 will submit their contact
history evidence to TA for verification.
Contact history evidence can prevent blackhole or greyhole attack since
nodes with sufficient contact with others fail to forward data will be regarded
as misbehavior nodes
Basic iTrust scheme illustration
In the Routing Evidence Generation Phase:
 A forwards packets to B ,then gets the delegation history back. B
holds the packet and then encounters C. C gets the contact history
about B.
In the Auditing Phase:
 When TA decides to check B, TA will broadcast a message to ask
other nodes to submit all the evidence about B, then A submits the
delegation history from B, B submits the forwarding history ,C
submits the contact history about B.
Auditing phase
TA will launch an investigation request towards node 𝑁𝑗
in the global network during a certain period [𝑡1 , 𝑡2 ]
Each node in the network submit its collected evidences regarding 𝑁𝑗
TA collect all the information regarding 𝑁𝑗 and get the sets
TA check if message forwarding requests have been honestly fulfilled by 𝑁𝑗
Auditing phase
m:
T𝑡𝑠 (m):
𝑁k (m):
R:
D:
message sent to 𝑁𝑗 for future forwarding
message expiration time
set of next-hop nodes chosen for message forwarding
set of contacted nodes satisfying the DTN routing protocol requirements during [T𝑡𝑠 (m), 𝑡2 ]
number of copies required by DTN routing
Class I (An Honest Data Forwarding with Sufficient Contacts)
Class II (An Honest Data Forwarding with Insufficient Contacts)
Auditing phase
m:
T𝑡𝑠 (m):
𝑁k (m):
R:
D:
message sent to 𝑁𝑗 for future forwarding
message expiration time
set of next-hop nodes chosen for message forwarding
set of contacted nodes satisfying the DTN routing protocol requirements during [T𝑡𝑠 (m), 𝑡2 ]
number of copies required by DTN routing
Class III (A Misbehaving Data Forwarding with/without Sufficient Contacts)
The basic misbehavior detection
algorithm
TA judges if node 𝑁𝑗 is a misbehavior or not by triggering the Algorithm 1.
From basic to probabilistic
The proposed algorithm itself incurs a low checking overhead.
However, to prevent malicious users from providing fake
delegation/forwarding/contact evidences, TA should check the
authenticity of each evidence by verifying the corresponding
signatures, which introduce a high transmission and signature
verification overhead.
So a probabilistic misbehavior detection scheme, where the TA
launches the misbehavior detection at a certain probability, is
proposed to reduce the detection overhead without
compromising the detection performance.
The probabilistic scheme of iTrust is inspired by the Inspection
game theory.
Game theory analysis
Assumptions:
g: the forwarding transmission cost for each node to make a packet forwarding
W: compensation received from TA if the node successfully pass the investigation
C: punishment paid if the node failed the investigation
V: credit received by TA for each successful data forwarding
H: investigation cost for TA
TA’s strategies:
Node’s strategies:
Inspecting (I)
Forwarding (F)
or
or
Not inspecting (N)
Offending (O)
Game theory analysis
Note: should be 𝑝𝑓
Game theory analysis
If the node chooses offending strategy, its payoff is
If the node chooses forwarding strategy, its payoff is
Note: should be (1 −
𝑔+𝜀
𝜔+𝐶
)
Reduction of misbehavior
detection cost
Game theory analysis
Note: should be
Evaluation of the scalability of
iTrust
Impact of Percentage of Malicious
Nodes
Malicious nodes detection rate >60% for all
three case
Misidentified rate drops when MNR
increases
Cost is linear to inspection probability
Impact of Various Packet Loss
Rate
iTrust is effective for both black hole and
grey hole attack
Misidentification rate is under 8% if the
detection probability is under 10%
Cost is linear to inspection probability
Impact of choosing different
detection probability
• iTrust can significantly reduce the misbehavior detection cost
• Suggest a lower detection probability such as 10% or 20%
• Correction:
Note: should change to Fig. 4(c) and 5(c)
Impact of nodes’ mobility
Impact of message generation
interval
Future Work
Exploiting reputation system to further improve the performance of iTrust
Currently, iTrust assumes the same detection probability for each node.
Intuitively, should use a lower inspection probability on honest nodes and a
higher inspection probability on a misbehaving node
Solution:
Combine reputation system with iTrust
Define the inspection probability p to be the inverse function of
reputation r, we also need that 1 > p >
Conclusion
iTrust: a Probabilistic Misbehavior Detection Scheme
 Model iTrust as an Inspection Game and show that an appropriate
probability setting could assure the security of the DTNs at a reduced
detection overhead.
 Simulation results confirm that iTrust will reduce transmission
overhead incurred by misbehavior detection while detecting the
malicious nodes effectively.
Download