19-02-2013, 04:54 PM
Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection
[attachment=51382]
Abstract
We propose a highly scalable cluster-based hierarchical
trust management protocol for wireless sensor networks
(WSNs) to effectively deal with selfish or malicious nodes. Unlike
prior work, we consider multidimensional trust attributes derived
from communication and social networks to evaluate the overall
trust of a sensor node. By means of a novel probability model,
we describe a heterogeneous WSN comprising a large number
of sensor nodes with vastly different social and quality of service
(QoS) behaviors with the objective to yield “ground truth” node
status. This serves as a basis for validating our protocol design
by comparing subjective trust generated as a result of protocol
execution at runtime against objective trust obtained from actual
node status. To demonstrate the utility of our hierarchical trust
management protocol, we apply it to trust-based geographic
routing and trust-based intrusion detection.
INTRODUCTION
AWIRELESS sensor network (WSN) is usually composed
of a large number of spatially distributed autonomous
sensor nodes (SNs) to cooperatively monitor physical or environmental
conditions, such as temperature, sound, vibration,
pressure, motion or pollutants. A SN deployed in the WSN
has the capability to read the sensed information and transmit
or forward information to base stations or a sink node through
multi-hop routing. While SNs have popularly used for various
monitoring purposes such as wild animals, weather, or environments
for battlefield surveillance.
RELATED WORK
In the literature, trust has been used in WSNs for assessing
the availability, reliability, or security property of a node
(e.g., whether a node is malicious or not) based on past
interaction experiences [6]–[11]. Ganeriwal et al. [7] proposed
a reputation-based framework for data integrity in WSNs. The
proposed reputation system takes information collected by
each node using a Watchdog mechanism (for direct monitoring
and observations) to detect invalid data and uncooperative
nodes. Yao et al. [11] proposed a parameterized and localized
trust management scheme for WSN security, particularly
for secure routing, where each node only maintains highly
abstracted parameters to evaluate its neighbors. Aivaloglou
and Gritzalis [6] proposed a hybrid trust and reputation management
protocol for WSNs by combining certificate-based
and behavior-based trust evaluations. However, [6], [7], [11]
cited above only considered a node’s QoS property in trust
evaluation. Also the analysis was conducted based on a flat
WSN architecture which is not scalable. Liu et al. [8] and
Moraru et al. [9] proposed trust management protocols and
applied them to geographic routing in WSNs. However, no
hierarchical trust management was considered for managing
clustered WSNs. Their work again evaluated trust based on
QoS aspects only such as packet dropping and the degree
of cooperativeness, while our work considers both QoS and
social trust for trust evaluation of a SN.
SYSTEM MODEL
We consider a cluster-based WSN consisting of multiple
clusters, each with a cluster head (CH) and a number of
SNs in the corresponding geographical area. CH nodes have
more power and resources than SN nodes. The CH in each
cluster may be selected based on an election protocol such
as HEED [27] at runtime to balance energy consumption vs.
CH functionality. A SN forwards its sensor reading to its CH
through SNs in the same cluster and the CH then forwards the
data to the base station or the destination node (or sink node)
through other CHs.
Leveraging this two-level of hierarchy in the WSN, our trust
management protocol is conducted using periodic peer-to-peer
trust evaluation between two SNs and between two CHs. The
trust update interval is Δt which is a system design parameter.
At the SN level, each SN is responsible to report its peer-topeer
trust evaluation results towards other SNs in the same
cluster to its CH which performs CH-to-SN trust evaluation
towards all SNs in its cluster. Similarly a CH is responsible
to report its peer-to-peer trust evaluation results towards other
CHs in the system to the base station which performs stationto-
CH trust evaluation towards all CHs in the system. In
Section IV, we will describe the protocols for performing peerto-
peer, CH-to-SN and station-to-CH trust evaluations.
HIERARCHICAL TRUST MANAGEMENT PROTOCOL
We first describe our hierarchical trust management addressing
the problem of trust formation, trust aggregation and trust
composition. Later we apply it to the clustered WSN described
in the system model to demonstrate its effectiveness.
Our hierarchical trust management protocol maintains two
levels of trust: SN-level trust and CH-level trust. Each SN
evaluates other SNs in the same cluster while each CH
evaluates other CHs and SNs in its cluster. The peer-to-peer
trust evaluation is periodically updated based on either direct
observations or indirect observations.
PERFORMANCE MODEL
We develop a probability model based on stochastic Petri
nets (SPN) [3] techniques to describe the behavior of each
SN or CH in the WSN described in Section III. It provides a
basis for obtaining ground truth status of nodes in the system,
thereby allowing us to derive objective trust against which
subjective trust obtained as a result of executing our hierarchical
trust management protocol can be checked and validated.
We use SPN as our analytical tool due to its capability to
represent a large number of states for complex systems where
an underlying model is a semi-Markov or Markov model.
Further, we develop a novel iterative hierarchical modeling
technique to avoid state explosion problems and to yield
efficient solutions.
Fig. 1 shows the SPN model that describes the behavior of
a SN (or a CH). We consider a heterogeneousWSN consisting
of NSN SNs uniformly distributed in anM×M square-shaped
operational area. Each SN is attached to a CH based on its
location and so the system will have NCH clusters each with
a CH. CHs and SNs have radio range of R and r, respectively.
The trust update interval is Δt. Nodes are stationary after the
initial deployment.
TRUST-BASED GEOGRAPHIC ROUTING
In this section, we apply the proposed hierarchical trust
management protocol to trust-based geographic routing as an
application. In geographic routing, a node disseminates a message
to a maximum of L neighbors closest to the destination
node (or the sink node). In trust-based geographic routing,
node i forwards a message to a maximum of L neighbors
not only closest to the destination node but also with the
highest trust values Tij(t). We conduct a performance analysis
to compare our trust-based geographic routing protocol with
baseline routing protocols, namely, flooding-based [33] and
traditional geographic routing. In flooding-based routing, a
node floods a message to all its neighbors until a copy of
the packet reaches the destination node. It yields the highest
message delivery ratio and the lowest message delay at the
expense of the highest message overhead.
TRUST-BASED INTRUSION DETECTION
In this section we apply hierarchical trust management
to trust-based intrusion detection as another application. We
first describe the algorithm that can be used by a high-level
node such as a CH (or a base station) to perform trust-based
intrusion detection of the SNs (or CHs respectively) under its
control. Then we develop a statistical method to assess trustbased
IDS false positive and false negative probabilities.
Performance Comparison
We perform a comparative performance analysis of our
trust-based intrusion detection algorithm with two anomaly
detection schemes, namely, weighted summation [18] and
data clustering [19]. We use the ROC (Receiver Operating
Characteristic) curve [19] as the performance metric since both
false negative probability (Pfn) and false positive probability
(Pfp) are critical measures and ROC objectively reflects the
sensitivity of detection probability (i.e., 1 − Pfn) as the false
positive probability varies.
The first baseline anomaly detection scheme is weighted
summation-based IDS [18]. In this approach, each SN has a
weight associated with it and this weight changes dynamically,
reflecting the trustworthiness of the SN’s output relative to
the average output out of all SNs. We use the trust recommendation
value from each SN toward a particular SN, say,
SNi, as the SN’s output. The average trust recommendation
value is obtained by a summation of the trust recommendation
values weighted by the respective weights from all SNs except
SNi. If the trust recommendation value from a SN deviates
too much from the average value, the weight value associated
with that SN decreases by θ (weight penalty); otherwise the
weight value remains the same. The weight value is updated
dynamically until it falls below a weight threshold (wt), in
which case the corresponding SN is reported as malicious.
The weight penalty (θ) and weight threshold (wt) largely
determine the false positive probability. We vary θ and wt
over the range of [0, 1] to obtain the detection probability as
the false positive probability varies.
CONCLUSION
In this paper, we proposed a hierarchical dynamic trust management
protocol for cluster-based wireless sensor networks,
considering two aspects of trustworthiness, namely, social trust
and QoS trust. We developed a probability model utilizing
stochastic Petri nets techniques to analyze the protocol performance,
and validated subjective trust against objective trust
obtained based on ground truth node status.
[attachment=51382]
Abstract
We propose a highly scalable cluster-based hierarchical
trust management protocol for wireless sensor networks
(WSNs) to effectively deal with selfish or malicious nodes. Unlike
prior work, we consider multidimensional trust attributes derived
from communication and social networks to evaluate the overall
trust of a sensor node. By means of a novel probability model,
we describe a heterogeneous WSN comprising a large number
of sensor nodes with vastly different social and quality of service
(QoS) behaviors with the objective to yield “ground truth” node
status. This serves as a basis for validating our protocol design
by comparing subjective trust generated as a result of protocol
execution at runtime against objective trust obtained from actual
node status. To demonstrate the utility of our hierarchical trust
management protocol, we apply it to trust-based geographic
routing and trust-based intrusion detection.
INTRODUCTION
AWIRELESS sensor network (WSN) is usually composed
of a large number of spatially distributed autonomous
sensor nodes (SNs) to cooperatively monitor physical or environmental
conditions, such as temperature, sound, vibration,
pressure, motion or pollutants. A SN deployed in the WSN
has the capability to read the sensed information and transmit
or forward information to base stations or a sink node through
multi-hop routing. While SNs have popularly used for various
monitoring purposes such as wild animals, weather, or environments
for battlefield surveillance.
RELATED WORK
In the literature, trust has been used in WSNs for assessing
the availability, reliability, or security property of a node
(e.g., whether a node is malicious or not) based on past
interaction experiences [6]–[11]. Ganeriwal et al. [7] proposed
a reputation-based framework for data integrity in WSNs. The
proposed reputation system takes information collected by
each node using a Watchdog mechanism (for direct monitoring
and observations) to detect invalid data and uncooperative
nodes. Yao et al. [11] proposed a parameterized and localized
trust management scheme for WSN security, particularly
for secure routing, where each node only maintains highly
abstracted parameters to evaluate its neighbors. Aivaloglou
and Gritzalis [6] proposed a hybrid trust and reputation management
protocol for WSNs by combining certificate-based
and behavior-based trust evaluations. However, [6], [7], [11]
cited above only considered a node’s QoS property in trust
evaluation. Also the analysis was conducted based on a flat
WSN architecture which is not scalable. Liu et al. [8] and
Moraru et al. [9] proposed trust management protocols and
applied them to geographic routing in WSNs. However, no
hierarchical trust management was considered for managing
clustered WSNs. Their work again evaluated trust based on
QoS aspects only such as packet dropping and the degree
of cooperativeness, while our work considers both QoS and
social trust for trust evaluation of a SN.
SYSTEM MODEL
We consider a cluster-based WSN consisting of multiple
clusters, each with a cluster head (CH) and a number of
SNs in the corresponding geographical area. CH nodes have
more power and resources than SN nodes. The CH in each
cluster may be selected based on an election protocol such
as HEED [27] at runtime to balance energy consumption vs.
CH functionality. A SN forwards its sensor reading to its CH
through SNs in the same cluster and the CH then forwards the
data to the base station or the destination node (or sink node)
through other CHs.
Leveraging this two-level of hierarchy in the WSN, our trust
management protocol is conducted using periodic peer-to-peer
trust evaluation between two SNs and between two CHs. The
trust update interval is Δt which is a system design parameter.
At the SN level, each SN is responsible to report its peer-topeer
trust evaluation results towards other SNs in the same
cluster to its CH which performs CH-to-SN trust evaluation
towards all SNs in its cluster. Similarly a CH is responsible
to report its peer-to-peer trust evaluation results towards other
CHs in the system to the base station which performs stationto-
CH trust evaluation towards all CHs in the system. In
Section IV, we will describe the protocols for performing peerto-
peer, CH-to-SN and station-to-CH trust evaluations.
HIERARCHICAL TRUST MANAGEMENT PROTOCOL
We first describe our hierarchical trust management addressing
the problem of trust formation, trust aggregation and trust
composition. Later we apply it to the clustered WSN described
in the system model to demonstrate its effectiveness.
Our hierarchical trust management protocol maintains two
levels of trust: SN-level trust and CH-level trust. Each SN
evaluates other SNs in the same cluster while each CH
evaluates other CHs and SNs in its cluster. The peer-to-peer
trust evaluation is periodically updated based on either direct
observations or indirect observations.
PERFORMANCE MODEL
We develop a probability model based on stochastic Petri
nets (SPN) [3] techniques to describe the behavior of each
SN or CH in the WSN described in Section III. It provides a
basis for obtaining ground truth status of nodes in the system,
thereby allowing us to derive objective trust against which
subjective trust obtained as a result of executing our hierarchical
trust management protocol can be checked and validated.
We use SPN as our analytical tool due to its capability to
represent a large number of states for complex systems where
an underlying model is a semi-Markov or Markov model.
Further, we develop a novel iterative hierarchical modeling
technique to avoid state explosion problems and to yield
efficient solutions.
Fig. 1 shows the SPN model that describes the behavior of
a SN (or a CH). We consider a heterogeneousWSN consisting
of NSN SNs uniformly distributed in anM×M square-shaped
operational area. Each SN is attached to a CH based on its
location and so the system will have NCH clusters each with
a CH. CHs and SNs have radio range of R and r, respectively.
The trust update interval is Δt. Nodes are stationary after the
initial deployment.
TRUST-BASED GEOGRAPHIC ROUTING
In this section, we apply the proposed hierarchical trust
management protocol to trust-based geographic routing as an
application. In geographic routing, a node disseminates a message
to a maximum of L neighbors closest to the destination
node (or the sink node). In trust-based geographic routing,
node i forwards a message to a maximum of L neighbors
not only closest to the destination node but also with the
highest trust values Tij(t). We conduct a performance analysis
to compare our trust-based geographic routing protocol with
baseline routing protocols, namely, flooding-based [33] and
traditional geographic routing. In flooding-based routing, a
node floods a message to all its neighbors until a copy of
the packet reaches the destination node. It yields the highest
message delivery ratio and the lowest message delay at the
expense of the highest message overhead.
TRUST-BASED INTRUSION DETECTION
In this section we apply hierarchical trust management
to trust-based intrusion detection as another application. We
first describe the algorithm that can be used by a high-level
node such as a CH (or a base station) to perform trust-based
intrusion detection of the SNs (or CHs respectively) under its
control. Then we develop a statistical method to assess trustbased
IDS false positive and false negative probabilities.
Performance Comparison
We perform a comparative performance analysis of our
trust-based intrusion detection algorithm with two anomaly
detection schemes, namely, weighted summation [18] and
data clustering [19]. We use the ROC (Receiver Operating
Characteristic) curve [19] as the performance metric since both
false negative probability (Pfn) and false positive probability
(Pfp) are critical measures and ROC objectively reflects the
sensitivity of detection probability (i.e., 1 − Pfn) as the false
positive probability varies.
The first baseline anomaly detection scheme is weighted
summation-based IDS [18]. In this approach, each SN has a
weight associated with it and this weight changes dynamically,
reflecting the trustworthiness of the SN’s output relative to
the average output out of all SNs. We use the trust recommendation
value from each SN toward a particular SN, say,
SNi, as the SN’s output. The average trust recommendation
value is obtained by a summation of the trust recommendation
values weighted by the respective weights from all SNs except
SNi. If the trust recommendation value from a SN deviates
too much from the average value, the weight value associated
with that SN decreases by θ (weight penalty); otherwise the
weight value remains the same. The weight value is updated
dynamically until it falls below a weight threshold (wt), in
which case the corresponding SN is reported as malicious.
The weight penalty (θ) and weight threshold (wt) largely
determine the false positive probability. We vary θ and wt
over the range of [0, 1] to obtain the detection probability as
the false positive probability varies.
CONCLUSION
In this paper, we proposed a hierarchical dynamic trust management
protocol for cluster-based wireless sensor networks,
considering two aspects of trustworthiness, namely, social trust
and QoS trust. We developed a probability model utilizing
stochastic Petri nets techniques to analyze the protocol performance,
and validated subjective trust against objective trust
obtained based on ground truth node status.