Design, analysis, and deployment of omnipresent Formal Trust Model (FTM) with trust bootstrapping for pervasive environments

The rapid decrease in the size of mobile devices, coupled with an increase in capability, has enabled a swift proliferation of small and very capable devices into our daily lives. With such a prevalence of pervasive computing, the interaction among portable devices needs to be continuous and invisible to device users. As these devices become better connected, collaboration among them will play a vital role in sharing resources in an ad-hoc manner. The sharing of resources works as a facilitator for pervasive devices. However, this ad hoc interaction among devices provides the potential for security breaches. Trust can fight against such security violations by restricting malicious nodes from participating in interactions. Therefore, we need a unified trust relationship model between entities, which captures both the needs of the traditional computing world and the world of pervasive computing where the continuum of trust is based on identity, physical context or a combination of both. Here, we present a context specific and reputation-based trust model along with a brief survey of trust models suitable for peer-to-peer and ad-hoc environments. This paper presents a multi-hop recommendation protocol and a flexible behavioral model to handle interactions. One other contribution of this paper is the integration of an initial trust model; this model categorizes services or contexts in different security levels based on their security needs, and these security needs are considered in trust bootstrapping. The other major contribution of this paper is a simple method of handling malicious recommendations. This paper also illustrates the implementation and evaluation of our proposed formal trust model.     

An efficient resource allocation for maximizing benefit of users and resource providers in ad hoc grid environment

Ad hoc grids allow a group of individuals to accomplish a mission that involves computation and communication among the grid components, often without fixed structure. In an ad hoc grid, every node in the network can spontaneously arise as a resource consumer or a resource producer at any time when it needs a resource or it possesses an idle resource. At the same time, the node in ad hoc grid is often energy constrained. The paper proposes an efficient resource allocation scheme for grid computing marketplace where ad hoc grid users can buy usage of memory and CPU from grid resource providers. The ad hoc grid user agents purpose to obtain the optimized quality of service to accomplish their tasks on time with a given budget, and the goal of grid resource providers as profit-maximization. Combining perspectives of both ad hoc grid users and resource providers, the paper present ad hoc grid resource allocation algorithm to maximize the global utility of the ad hoc grid system which are beneficial for both grid users and grid resource providers. Simulations are conducted to compare the performance of the algorithms with related work.     

A light-weight trust-based QoS routing algorithm for ad hoc networks

In a mobile ad hoc network (MANET), the lack of a trusted infrastructure makes secure and reliable packet forwarding very challenging, especially for providing QoS guarantee for multimedia applications. In this paper, we firstly introduce the concept of trust and QoS metric estimation into establishing a trust-based QoS model. In this model, we estimate the trust degree between nodes from direct trust computation of direct observation and indirect trust computation by neighbors’ recommendations. On the other hand, due to the NP-completeness of the multi-QoS constraints problem, we only take into account link delay as the QoS constraint requirement. Then, we design a trust-based QoS routing algorithm (called TQR) from the trade-off between trust degree and link delay. At last, by using NS2 we implement this algorithm based on AODV (Ad hoc On-demand Distance Vector). We compare its performance with AODV, Watchdog-DSR and QAODV. The simulation results show that TQR scheme can prevent attacks from malicious nodes and improve the security performance of the whole network, especially in terms of packet delivery ratio, average end-to-end delay, routing packet overhead and detection ratio of malicious nodes.     

基于反馈机制的网格动态授权新模型

网格现有的授权系统存在静态性问题,表现为没有提供机制来反馈用户对授予的权限的使用情况.当一个本来可信的用户或服务变成不可信时,授权系统不能及时发现,对其权限进行调整可能导致恶意用户对网格系统的破坏.因此,在授权系统中建立反馈机制,根据用户的行为动态地调整用户角色,对于网格系统的安全具有重大意义.文中分析了网格中现有的授权系统及信任模型的特点,指出它们存在的不足.在此基础上提出一种基于反馈机制的动态授权新模型,很好地解决了现有授权系统的静态性的缺点.该模型是对CAS授权系统的改进,增加了反馈机制和信任度计算机制.其中,信任度计算机制中提出的基于行为的分层信任新模型较以往的信任模型相比,使用服务权值来区分重要服务和普通服务,从而保护了网格中的重要服务并且能有效地抑制恶意节点的行为;文中提出了一种新的更加精确地计算域间推荐信任度的方法,从而解决了不诚实反馈的问题.反馈机制则利用基于行为分层信任模型给出的用户信任度的变化,实现了根据用户的行为动态调整他的角色.文中还设计了三组模型实验,分别验证新模型的特点、对网格中恶意实体行为的抑制情况,从不同的角度对模型进行了实验,对基于行为的分层信任模型对行为的敏感性、收敛性、有效性及合理性加以了证明.     

移动自组织网络中内部丢包的检测模型

无线移动自组织网络中数据的传输是基于中间节点的合作转发的,但由于内部自私节点为了节省带宽和电量或者网络受到恶意节点的攻击,导致丢包行为发生,网络性能严重降低。基于无线自组织网络常用的路由协议AODV,提出了一种新的针对内部丢包攻击的检测模型。该检测模型引入旁信道概念,旁信道节点和看门狗共同检测并记录节点转发报文行为,采用邻居信息表存放检测结果,当相应节点的记录值达到一定下限时就被隔离出网络。由于旁信道可以发送警报报文,该模型能够同时检测到自私节点或合作攻击节点引起的内部丢包攻击。     

移动自组网的安全路由协议

移动自组网（MANET）是自治的无基础设施的网络,它通过IP路由支持多跳无线通信,它被用于没有基础设施存在的动态变化的场景。多数自组网路由协议利用节点之间固有特性即相邻节点的信赖关系进行协作转发数据包。这种信赖模型使得恶意节点利用插入错误的路由更新、重放过时的路由信息、改变路由更新、或广播不正确的路由信息来瘫痪自组网。针对自组网的缺陷提出了一种认证路由策略来解决这些问题,同时也列举了仿真实验结果。     

A swarm-based efficient distributed intrusion detection system for mobile ad hoc networks (MANET)

In mobile ad hoc network (MANET), the issues such as limited bandwidth availability, dynamic connectivity and so on cause the process of intrusion detection to be more complex. The nodes that monitor the malicious nodes should have necessary residual bandwidth and energy and should be trustable. In order to overcome these drawbacks, in this paper, we propose a swarm-based efficient distributed intrusion detection system for MANET. In this technique, swarm agents are utilised to select the nodes with highest trust value, residual bandwidth and residual energy as active nodes. Each active node monitors its neighbour nodes within its transmission range and collects the trust value from all monitored nodes. The active nodes adaptively change as per the trust thresholds. Upon collaborative exchange of the trust values of the monitored nodes among the active nodes, if the active node finds any node below a minimum trust threshold, then the node is marked as malicious. When the source receives alert message about the malicious node, a defence technique is deployed to filter the corresponding malicious node from the network. By simulation results, we show that the proposed approach is efficient intrusion detection mechanism for MANET.     

基于信誉和风险评估的动态信任模型研究

网格环境中的信任问题是网格计算发展过程中必须解决的一个重要问题。网格节点间的行为信任具有动态性和不确定性。文章综合考虑了信任度评估的动态性和风险性,提出一种新的基于信誉和风险评估的动态信任模型。该模型引入惩罚机制、风险机制和推荐节点信任度更新机制,以评估信任关系的复杂性。仿真结果表明,该模型在有效抑制恶意节点上较已有模型有一定的改进。     

Trust-based security for the OLSR routing protocol

The trust is always present implicitly in the protocols based on cooperation, in particular, between the entities involved in routing operations in Ad hoc networks. Indeed, as the wireless range of such nodes is limited, the nodes mutually cooperate with their neighbors in order to extend the remote nodes and the entire network. In our work, we are interested by trust as security solution for OLSR protocol. This approach fits particularly with characteristics of ad hoc networks. Moreover, the explicit trust management allows entities to reason with and about trust, and to take decisions regarding other entities.In this paper, we detail the techniques and the contributions in trust-based security in OLSR. We present trust-based analysis of the OLSR protocol using trust specification language, and we show how trust-based reasoning can allow each node to evaluate the behavior of the other nodes. After the detection of misbehaving nodes, we propose solutions of prevention and countermeasures to resolve the situations of inconsistency, and counter the malicious nodes. We demonstrate the effectiveness of our solution taking different simulated attacks scenarios. Our approach brings few modifications and is still compatible with the bare OLSR.     

基于贝叶斯决策的自组网推荐信任度修正模型

在分析了信任评估过程中攻击手段及其相互间关系的基础上,提出了基于贝叶斯决策理论的根据推荐偏差度修正对推荐的信任度方法.使用贝塔分布描述推荐偏差度,依据最小损失原则修正对推荐的信任度,并将具备推荐信任修正机制的信任模型运用在自组网的路由协议中,以便优化路由选择.MATLAB下的仿真结果表明,该方法能够有效抵御一些针对信任管理的威胁并提升信任管理的正确率,进而提高自组网环境下检测恶意节点的效率.     

TRIP,a trust and reputation infrastructure-based proposal for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have drawn the attention of a number of researchers due to their several advantages and benefits. It is a very promising area of knowledge where investing new funds and effort is surely a wise move. Nevertheless, despite their multiple capabilities, new unresolved risks arise, and it is not always easy, or even feasible to cope with them. Recently, trust and reputation management has been proposed as a novel and accurate way to deal with some of these deficiencies. A considerable amount of works have been developed so far in this field concerning P2P networks, wireless sensor networks, ad hoc networks, etc. However, the application of behavioral-based trust and reputation management to VANETs is still at a preliminary stage. In this paper we survey the sate of the art, proving the current lack of proposals in this specific environment. We also suggest a set of design requirements for trust and reputation models specifically applicable to VANETs. Furthermore, we present our original proposal, TRIP, aimed to quickly and accurately distinguish malicious or selfish nodes spreading false or bogus messages throughout the network. We have also studied the level of fulfillment of each of the surveyed models with regard to each design requirement suggestion, comparing them with our approach. Finally, some preliminary experiments demonstrate the accurate performance of our trust and reputation mechanism under several different conditions.     

移动自组网中一种优化的局部声誉系统

移动自组网节点间的通信由多个节点相互协作来共同完成,节点合作与否是实现通信的关键。在缺少预先约定的信任关系时,合作性的安全机制是解决网络内部恶意节点和自私性节点不合作行为的有效方法。提出了一种优化的局部声誉值合作性方案,该方案只在k跳邻居内交换声誉值,系统开销小,并能充分学习邻居的经验。采用二进制指数后退算法对不合作节点进行处置,能有效激励节点的合作性,提高网络的性能。     

P2P电子商务信任模型研究

为解决P2P电子商务中恶意节点的欺诈问题,提出一种电子商务信任模型。模型采用带超级节点的混合P2P网络拓扑结构,将P2P网络划分为不同的域,对域内和域间节点分别进行信任度的计算。模型考虑到交易金额和时间等因素,提高了对信任度计算的准确性。实验结果表明,模型可有效减少恶意交易行为的发生。     

An Energy-Efficient Resource Allocation Scheme for Mobile Ad Hoc Computational Grids

Due to recent advancements in mobile computing and communication technologies, mobile ad hoc computational Grids are emerging as a new computing paradigm, enabling innovative applications through sharing of computing resources among mobile devices without any pre-existing network infrastructure. Energy-efficient resource allocation is one of the key issues in mobile ad hoc computational Grids due to limited battery life of mobile nodes. To reduce energy consumption, we propose a hybrid power-based resource allocation scheme for allocation of interdependent tasks to nodes within mobile ad hoc computational Grid. The basic idea is to exploit dependencies and task type, and allocate interdependent tasks to nodes accessible at minimum transmission power. We also propose a power-based algorithm to search a group of closest nodes to allocate a set of interdependent tasks. Compared to traditional algorithms, complexity of proposed algorithm depends on number of transmission power levels rather than number of nodes within a Grid. The scheme is validated in a simulation environment using various workloads and parameters.     

Network trust management in emergency situations

We study the unique trust management, and more precisely reputation management and revocation of malicious nodes in the context of ad hoc networks used for emergency communications.Unlike in centralized systems, reputation management and revocation in ad hoc networks is non-trivial. This difficulty is due to the fact that the nodes have to collaboratively calculate the reputation value of a particular node and then revoke the node if the reputation value goes below a threshold. A major challenge in this scheme is to prevent a malicious node from discrediting other genuine nodes. The decision to revoke a node has to be communicated to all the nodes of the network. In traditional ad hoc networks the overhead of broadcasting the message throughout the network may be very high. We solve the problem of reputation management and node revocation in ad hoc networks of cell phones by using a threshold cryptography based scheme. Each node of the network would have a set of anonymous referees, which would store the reputation information of the node and issue reputation certificates to the node with timestamps. The misbehavior of a particular cell phone is reported to its anonymous referees, who issue certificates which reflect the positive and negative recommendations.     

A resource selection scheme for QoS satisfaction and load balancing in ad hoc grid

Ad hoc grids are highly heterogeneous and dynamic, in which the availability of resources and tasks may change at any time. The paper proposes a utility based resource selection scheme for QoS satisfaction and load balancing in ad hoc grid environments. The proposed scheme intends to maximize the QoS satisfaction of ad hoc grid users and support load balancing of grid resources. For each candidate ad hoc grid resource, the scheme obtains values from the computations of utility function for QoS satisfaction and benefit maximization game for ad hoc grid resource preference. The utility function for QoS satisfaction computes the utility value based on the satisfaction of QoS requirements of the grid user request. The benefit maximization game for grid resource node preference computes the preference value from the resource point of view. Its main goal is to achieve load balancing and decrease the number of resource selection failure. The utility value and the preference value of each candidate ad hoc grid resource are combined to select the most suitable grid resource for ad hoc grid user request. In the simulation, the performance evaluation of proposed algorithm for ad hoc grid is conducted.     

机会网络

大量具备短距离通信能力的智能设备的出现推动了无线自组网应用的迅速发展.但在许多实际应用环境中,节点移动、网络稀疏或信号衰减等各种原因通常导致形成的网络大部分时间不连通.传统的移动自组织网络传输模式要求通信源和目标节点之间存在至少一条完整的路径,因而无法在这类环境中运行.机会网络利用节点移动形成的通信机会逐跳传输消息,以"存储-携带-转发"的路由模式实现节点间通信,这种完全不同于传统网络通信模式的新兴组网方式引起了研究界极大的兴趣.首先介绍机会网络的概念和理论基础,并给出了当前机会网络的一些典型应用,然后详细阐述了机会网络研究的热点问题,包括机会转发机制、移动模型和基于机会通信的数据分发和检索等,并简要叙述了机会网络的通信中间件、协作和安全机制以及机会网络新的应用等其他研究问题,最后进行总结并展望了机会网络未来一段时间内的研究重点.     

Scalability of routing methods in ad hoc networks

In an ad hoc network each host (node) participates in routing packets. Ad hoc networks based on 802.11 WLAN technology have been the focus of several prior studies. These investigations were mainly based on simulations of scenarios involving up to 100 nodes (usually 50 nodes) and relaxed (too unrealistic) data traffic conditions. Many routing protocols in such setting offer the same performance, and many potential problems stay undetected. At the same time, an ad hoc network may not want (or be able) to limit the number of hosts involved in the network. As more nodes join an ad hoc network or the data traffic grows, the potential for collisions and contention increases, and protocols face the challenging task to route data packets without creating high administrative load. The investigation of protocol behavior in large scenarios exposes many hidden problems. The understanding of these problems helps not only in improving protocol scalability to large scenarios but also in increasing the throughput and other QoS metrics in small ones. This paper studies on the example of AODV and DSR protocols the influence of the network size (up to 550 nodes), nodes mobility, nodes density, suggested data traffic on protocols performance. In this paper we identify and analyze the reasons for poor absolute performance that both protocols demonstrate in the majority of studied scenarios. We also propose and evaluate restructured protocol stack that helps to improve the performance and scalability of any routing protocol in wireless ad hoc networks.     

An encounter-based multicast scheme for disruption tolerant networks

Some ad hoc network scenarios are characterized by frequent partitions and intermittent connectivity. Hence, existing ad hoc routing schemes that assume that an end-to-end path exists from a source to a destination do not work in such challenging environment. A store-and-forward network architecture known as the disruption tolerant network (DTN) has been designed for such challenging network environments. Several unicast and multicast routing schemes have been designed for DTNs. However, the existing multicast routing schemes assume a route discovery process that is similar to the existing ad hoc network routing approach. Thus, in this paper, we design an encounter-based multicast routing (EBMR) scheme for DTNs which uses fewer hops for message delivery. We first describe how the EBMR scheme works and then present an analytical framework to estimate the delivery performance of the EBMR scheme. Next, we present some comparisons of the analytical and simulation results to show that our analytical framework provides delivery performance estimates that match closely the observed simulation results. Last but not least, we present simulation results to study the delivery performance of EBMR in different scenarios, e.g. different mobility models, different multicast group size, different number of multicast groups and different node speed. We also compare the performance of the EBMR scheme with other DTN multicast strategies. Our simulation results indicate that the EBMR scheme can achieve higher delivery ratio while maintaining high data transmission efficiency compared to other multicast strategies.     

Energy efficient and robust allocation of interdependent tasks on mobile ad hoc computational grid

A mobile ad hoc computational grid is a distributed computing infrastructure that allows mobile nodes to share computing resources in a mobile ad hoc environment. Compared to traditional distributed systems such as grids and clouds, resource allocation in mobile ad hoc computational grids is not straightforward because of node mobility, limited battery power and an infrastructure‐less network environment. The existing schemes are either based on a decentralized architecture that results in poor allocation decisions or assume independent tasks. This paper presents a scheme that allocates interdependent tasks and aims to reduce task completion time and the amount of energy consumed in transmission of data. This scheme comprises two key algorithms: resource selection and resource allocation. The resource selection algorithm is designed to select nodes that remain connected for a longer period, whereas the resource assignment or allocation algorithm is developed to allocate interdependent tasks to the nodes that are accessible at the minimum transmission power. The scheme is based on a hybrid architecture that results in effective allocation decisions, reduces the communication cost associated with the exchange of control information, and distributes the processing burden among the nodes. The paper also investigates the relationship between the data transfer time and transmission energy consumption and presents a power‐based routing protocol to reduce data transfer costs and transmission energy consumption. Copyright © 2014 John Wiley & Sons, Ltd.