一种分布式网络环境下基于挑战-响应模型的可信评估方法

运用信任模型进行可信评估是解决分布式网络安全问题的重要手段。然而,目前大部分研究工作把研究重点放在如何收集更完整的信任证据,以及如何利用一些新手段如机器学习、区块链等评估节点信任值,很少对如何获取节点可靠的初始信任值进行研究。实际上,针对分布式网络提出的很多信任模型都依赖于历史信任证据,而初次对网络进行可信评估时并不具备相关历史信息。基于此,该文面向分布式网络环境的安全问题,提出了基于挑战-响应模型的可信评估方法。首先利用挑战-响应模型获取节点可靠的初始信任值,并利用此初始信任值对网络中的节点进行分簇,在簇内进行信任值计算和信任值更新,完成分布式网络环境下完整的可信评估流程。仿真结果表明,相较于统一设置初始信任值的方式,该文所提方法能对恶意节点、自私节点的信任值有较准确的预测,同时对恶意节点的检测率也更高。     

A fuzzy‐based trust model for flying ad hoc networks (FANETs)

The use of unmanned aerial vehicles has significantly increased for forming an ad hoc network owing to their ability to perform in exciting environment such as armed attacks, border surveillance, disaster management, rescue operation, and transportation. Such types of ad hoc networks are popularly known as flying ad hoc networks (FANETs). The FANET nodes have 2 prominent characteristics—collaboration and cooperation. Trust plays an important role in predicting the behavior of such nodes. Researchers have proposed various methods (direct and indirect) for calculation of the trust value of a given node in ad hoc networks, especially in mobile ad hoc networks and vehicular ad hoc networks. The major characteristic that differentiates a FANET from other ad hoc networks is the velocity of the node; as a result, there are frequent losses in connection and topology change. Therefore, the existing methods of trust calculation are not efficient and effective. In this paper, a fuzzy‐based novel trust model has been proposed to handle the behavioral uncertainty of FANET nodes. Nodes are classified using a multicriteria fuzzy classification method based on node's behavior and performance in the fuzzy and complex environment. Quality of service and social parameter (recommendation) are considered for evaluating the trust value of each node to segregate the selfish and malicious nodes. With the node classification, FANET nodes are rewarded or punished to transform node behavior into a trust value. Compared with the existing trust techniques, the simulation results show that the proposed model has better adaptability, accuracy, and performance in FANETs.     

MANET 中基于信任的安全位置辅助路由模型

In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks, the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed Distance Based LAR. The improved Secure Trust based Location Aided Routing algorithm utilizes direct trust and recommendation trust to prevent malicious nodes with low trust values from joining the forwarding. Simulation results reveal that ST LAR can resist attacks by malicious nodes effectively; furthermore, it also achieves better performance than DBLAR in terms of average end to end delay, packet delivery success ratio and throughput.     

Trust prediction and trust-based source routing in mobile ad hoc networks

Mobile ad hoc networks (MANETs) are spontaneously deployed over a geographically limited area without well-established infrastructure. The networks work well only if the mobile nodes are trusty and behave cooperatively. Due to the openness in network topology and absence of a centralized administration in management, MANETs are very vulnerable to various attacks from malicious nodes. In order to reduce the hazards from such nodes and enhance the security of network, this paper presents a dynamic trust prediction model to evaluate the trustworthiness of nodes, which is based on the nodes’ historical behaviors, as well as the future behaviors via extended fuzzy logic rules prediction. We have also integrated the proposed trust predication model into the Source Routing Mechanism. Our novel on-demand trust-based unicast routing protocol for MANETs, termed as Trust-based Source Routing protocol (TSR), provides a flexible and feasible approach to choose the shortest route that meets the security requirement of data packets transmission. Extensive experiments have been conducted to evaluate the efficiency and effectiveness of the proposed mechanism in malicious node identification and attack resistance. The results show that TSR improves packet delivery ratio and reduces average end-to-end latency.     

Ad Hoc网络中一种基于救赎机制的信任模型

在Ad Hoc网络中,节点由于自私等恶意原因以及链路错误导致拒绝转发数据,需要采用适当的机制来提高网络的转发性能。提出一种Ad Hoc网络中的信任模型来激励节点间的协作,在此信任模型中,每个节点通过直接监控和其它节点的推荐监控信息共同完成对邻居节点的信任评价,并维护所有邻居节点的信任值,同时在信任值更新和重建中引入信任值衰退和信任救赎机制来体现模型的健壮性。实验表明该信任模型中的信任救赎机制能提高网络可用性,且该模型有效抑制了恶意节点的行为。     

Applying trust enhancements to reactive routing protocols in mobile ad hoc networks

Due to the characteristics of mobile ad hoc networks, such networks are more susceptible to the destruction of malicious attacks or denial of cooperation. It would be easy for an adversary or a malicious node to launch attacks on routing function, especially attacks on packet routing. In order to mitigate these hazards, we incorporate the concept of ‘trust’ into MANETs, and abstract a decentralized trust inference model. The core of this model is trust computation, which is divided into two parts: historical trust assessment and trust prediction. We can quantify a node’s historical trust based on its historical behaviors via introducing multiple trust attributes. The fuzzy AHP method based on entropy weights is used to calculate the weight of trust attributes. By making use of the obtained historical trust data sequence, we propose an improved dynamic grey-Markov chain prediction measure to effectively estimate node’s trust prediction. In order to verify the validity of our trust model, we propose a trust-enhanced unicast routing protocol and a trust-enhanced multicast routing protocol, respectively. Both of the two new protocols can provide a feasible approach to kick out the untrustworthy nodes and choose the optimal trusted routing path. Moreover, the new proposed data-driven route maintenance mechanisms can reduce the routing overhead. The persuasive experiments have been conducted to evaluate the effectiveness of the new proposed trust-enhanced routing protocols in the aspects of packets delivery ratio, end-to-end latency, malicious node detection and attack resistance.     

基于改进D-S证据理论的信任评估模型

针对已有的信任证据模型不能快速有效地处理分布式网络中存在的恶意攻击,且缺乏关于三元信任关系组的信任归一方法,提出了一种基于改进D-S证据理论的信任模型,在此基础上,提出了基于持续序列的基本可信度函数和基于评估函数的信任评估方法,使得模型能更快地抑制恶意节点,并且评估结果更贴近现实值。通过分析与仿真,验证了本模型具有抑制聚集信任攻击的有效性和健壮性,同时信任评估方法更具合理性和准确性。     

On trust models and trust evaluation metrics for ad hoc networks

Within the realm of network security, we interpret the concept of trust as a relation among entities that participate in various protocols. Trust relations are based on evidence created by the previous interactions of entities within a protocol. In this work, we are focusing on the evaluation of trust evidence in ad hoc networks. Because of the dynamic nature of ad hoc networks, trust evidence may be uncertain and incomplete. Also, no preestablished infrastructure can be assumed. The evaluation process is modeled as a path problem on a directed graph, where nodes represent entities, and edges represent trust relations. We give intuitive requirements and discuss design issues for any trust evaluation algorithm. Using the theory of semirings, we show how two nodes can establish an indirect trust relation without previous direct interaction. We show that our semiring framework is flexible enough to express other trust models, most notably PGP's Web of Trust. Our scheme is shown to be robust in the presence of attackers.     

Future trust management framework for mobile ad hoc networks [security in mobile ad hoc]

In mobile ad hoc networks nodes should collaborate with each other to support the functions of the network. The trust management framework, which evaluates the trust of participating nodes, is used to force nodes to cooperate in a normal way. We make an effort to design a robust and attack-resistant trust management framework for the future. In this article we describe the vulnerabilities of and possible attacks on existing frameworks. An objective trust management framework is proposed to overcome these vulnerabilities. We provide a theoretical basis and skeleton for this framework. The performance evaluation and security analysis are provided showing the effectiveness and robustness of the OTMF compared with existing frameworks.     

Novel approach of distributed & adaptive trust metrics for MANET

It is known to all that mobile ad hoc network (MANET) is more vulnerable to all sorts of malicious attacks which affects the reliability of data transmission because the network has the characteristics of wireless, multi-hop, etc. We put forward novel approach of distributed & adaptive trust metrics for MANET in this paper. Firstly, the method calculates the communication trust by using the number of data packets between nodes, and predicts the trust based on the trend of this value, and calculates the comprehensive trust by considering the history trust with the predict value; then calculates the energy trust based on the residual energy of nodes and the direct trust based on the communication trust and energy trust. Secondly, the method calculates the recommendation trust based on the recommendation reliability and the recommendation familiarity; adopts the adaptive weighting, and calculates the integrate direct trust by considering the direct trust with recommendation trust. Thirdly, according to the integrate direct trust, considering the factor of trust propagation distance, the indirect trust between nodes is calculated. The feature of the proposed method is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network. Simulation experiments and tests of the practical applications of MANET show that the proposed approach can effectively avoid the attacks of malicious nodes, besides, the calculated direct trust and indirect trust about normal nodes are more conformable to the actual situation.

     

Byzantine robust trust establishment for mobile ad hoc networks

In a mobile ad hoc network (MANET), the nodes act both as traffic sources and as relays that forward packets from other nodes along multi-hop routes to the destination. Such networks are suited to situations in which a wireless infrastructure is unavailable, infeasible, or prohibitively expensive. However, the lack of a secure, trusted infrastructure in such networks make secure and reliable packet delivery very challenging. A given node acting as a relay may exhibit Byzantine behavior with respect to packet forwarding, i.e., arbitrary, deviant behavior, which disrupts packet transmission in the network. For example, a Byzantine node may arbitrarily choose to drop or misroute a certain percentage of the packets that are passed to it for forwarding to the next hop. In earlier work, we proposed a trust establishment framework, called Hermes, which enables a given node to determine the “trustworthiness” of other nodes with respect to reliable packet delivery by combining first-hand trust information obtained independently of other nodes and second-hand trust information obtained via recommendations from other nodes. A deficiency of the Hermes scheme is that a node can fail to detect certain types of Byzantine behavior, such as packet misforwarding directed at a particular source node. In this paper, we propose new mechanisms to make Hermes robust to Byzantine behavior and introduce a punishment policy that discourages selfish node behavior. We present simulation results that demonstrate the effectiveness of the proposed scheme in a variety of scenarios involving Byzantine nodes that are malicious both with respect to packet forwarding and trust propagation.     

Trust model for certificate revocation in ad hoc networks

In this paper we propose a distributed trust model for certificate revocation in ad hoc networks. The proposed model allows trust to be built over time as the number of interactions between nodes increase. Furthermore, trust in a node is defined not only in terms of its potential for maliciousness, but also in terms of the quality of the service it provides. Trust in nodes where there is little or no history of interactions is determined by recommendations from other nodes. If the nodes in the network are selfish, trust is obtained by an exchange of portfolios. Bayesian networks form the underlying basis for this model.     

Game Theoretic Analysis of Cooperation Stimulation and Security in Autonomous Mobile Ad Hoc Networks

In autonomous mobile ad hoc networks, nodes belong to different authorities and pursue different goals; therefore, cooperation among them cannot be taken for granted. Meanwhile, some nodes may be malicious, whose objective is to damage the network. In this paper, we present a joint analysis of cooperation stimulation and security in autonomous mobile ad hoc networks under a game theoretic framework. We first investigate a simple yet illuminating two-player packet forwarding game and derive the optimal and cheat-proof packet forwarding strategies. We then investigate the secure routing and packet forwarding game for autonomous ad hoc networks in noisy and hostile environments and derive a set of reputation-based cheat-proof and attack-resistant cooperation stimulation strategies. When analyzing the cooperation strategies, besides Nash equilibrium, other optimality criteria, such as Pareto optimality, subgame perfection, fairness, and cheat-proofing, have also been considered. Both analysis and simulation studies have shown that the proposed strategies can effectively stimulate cooperation among selfish nodes in autonomous mobile ad hoc networks under noise and attacks, and the damage that can be caused by attackers is bounded and limited     

Attack-resistant cooperation stimulation in autonomous ad hoc networks

In autonomous ad hoc networks, nodes usually belong to different authorities and pursue different goals. In order to maximize their own performance, nodes in such networks tend to be selfish, and are not willing to forward packets for the benefits of other nodes. Meanwhile, some nodes might behave maliciously and try to disrupt the network and waste other nodes' resources. In this paper, we present an attack-resilient cooperation stimulation (ARCS) system for autonomous ad hoc networks to stimulate cooperation among selfish nodes and defend against malicious attacks. In the ARCS system, the damage that can be caused by malicious nodes can be bounded, the cooperation among selfish nodes can be enforced, and the fairness among nodes can also be achieved. Both theoretical analysis and simulation results have confirmed the effectiveness of the ARCS system. Another key property of the ARCS system lies in that it is completely self-organizing and fully distributed, and does not require any tamper-proof hardware or central management points.     

ReTrust: attack-resistant and lightweight trust management for medical sensor networks

Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday lives, at health sites, without restricting their freedom. Establishing trust among distributed network entities has been recognized as a powerful tool to improve the security and performance of distributed networks such as mobile ad hoc networks and sensor networks. However, most existing trust systems are not well suited for MSNs due to the unique operational and security requirements of MSNs. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfortunately, this issue is often ignored in existing trust systems. In this paper, we identify the security and performance challenges facing a sensor network for wireless medical monitoring and suggest it should follow a two-tier architecture. Based on such an architecture, we develop an attack-resistant and lightweight trust management scheme named ReTrust. This paper also reports the experimental results of the Collection Tree Protocol using our proposed system in a network of TelosB motes, which show that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice.     

基于自适应遗忘机制的半环信任模型

半环代数由于可以很好地描述可信度计算规则问题,因此可用来计算节点间的可信度,而目前存在的半环信任模型并未定义基于时间的动态变化问题。该文提出了一种基于自适应遗忘机制的半环信任模型,刻画信任的动态性,并改进已有的半环信任模型,弥补了其未定义动态变化问题的缺陷。仿真结果表明,这种基于自适应遗忘机制的半环信任模型有效分辨正常节点和异常节点,并抵御开关攻击,从而可有效提高网络的安全性。     

P2P网络中一种新的多层多维信誉模型

现有的信任模型大多通过单一信任值来判定节点的好坏,这种方法无法抵抗网络中的某些恶意行为,特别是对于P2P网络中独有的搭便车行为、＂公共物品的悲哀＂等问题,缺乏有效的抑制。针对这些问题,文中针对P2P网络提出了一种新的多层多维信誉模型,通过节点的信任值、贡献值、资源值等不同维度综合评价节点的信誉,并且按照信誉将节点划分为不同层次。分析可知该模型可以有效抵御多种恶意行为及多种自私行为,并能解决传统信任模型产生的一些性能问题。     

TrANTHOCNET:信任性蚁群自组织路由算法

 移动自组网依靠多点协作完成路由任务,可信的路由协议需要节点之间建立一定的信任关系,但大多数信任路由模型只追求路由的信任性而忽略了健壮性.本文基于ANTHOCNET算法,设计了兼顾信任性和健壮性的TrANTHOCNET算法.引入模糊Petri网的形式化推理算法处理节点之间的不确定关系,并利用位置信息对信息素实时更新以提高路由健壮性.实验结果表明TrANTHOCNET较ANTHOCNET、AODV和T-AODV均表现出较强的抵抗恶意节点攻击的能力,在路由性能方面也验证了本算法的有效性.     

An efficient weighted trust‐based malicious node detection scheme for wireless sensor networks

The aim of wireless sensor networks (WSNs) is to gather sensor data from a monitored environment. However, the collected or reported information might be falsified by faults or malicious nodes. Hence, identifying malicious nodes in an effective and timely manner is essential for the network to function properly and reliably. Maliciously behaving nodes are usually detected and isolated by reputation and trust‐based schemes before they can damage the network. In this paper, we propose an efficient weighted trust‐based malicious node detection (WT‐MND) scheme that can detect malicious nodes in a clustered WSN. The node behaviors are realistically treated by accounting for false‐positive and false‐negative instances. The simulation results confirm the timely identification and isolation of maliciously behaving nodes by the WT‐MND scheme. The effectiveness of the proposed scheme is afforded by the adaptive trust‐update process, which implicitly performs trust recovery of temporarily malfunctioning nodes and computes a different trust‐update factor for each node depending on its behavior. The proposed scheme is more effective and scalable than the related schemes in the literature, as evidenced by its higher detection ratio (DR) and lower misdetection ratio (MDR), which only slightly vary with the network's size. Moreover, the scheme sustains its efficient characteristics without significant power consumption overheads.     

Performance of PKI-based security mechanisms in mobile ad hoc networks

Security for ad hoc network environments has received a lot of attention as of today. Previous work has mainly been focussing on secure routing, fairness issues, and malicious node detection. However, the issue of introducing and conserving trust relationships has received considerably less attention. In this article, we present a scalable method for the use of public key certificates and their revocation in mobile ad hoc networks (MANETs). With the LKN-ad hoc security framework (LKN-ASF) a certificate management protocol has been introduced, bringing PKI technology to MANETs. In addition a performance analysis of two different revocation approaches for MANETs will be presented.