A cluster-based trust-aware routing protocol for mobile ad hoc networks

Routing protocols are the binding force in mobile ad hoc network (MANETs) since they facilitate communication beyond the wireless transmission range of the nodes. However, the infrastructure-less, pervasive, and distributed nature of MANETs renders them vulnerable to security threats. In this paper, we propose a novel cluster-based trust-aware routing protocol (CBTRP) for MANETs to protect forwarded packets from intermediary malicious nodes. The proposed protocol organizes the network into one-hop disjoint clusters then elects the most qualified and trustworthy nodes to play the role of cluster-heads that are responsible for handling all the routing activities. The proposed CBTRP continuously ensures the trustworthiness of cluster-heads by replacing them as soon as they become malicious and can dynamically update the packet path to avoid malicious routes. We have implemented and simulated the proposed protocol then evaluated its performance compared to the clustered based routing protocol (CBRP) as well as the 2ACK approach. Comparisons and analysis have shown the effectiveness of our proposed scheme.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

Applying trust enhancements to reactive routing protocols in mobile ad hoc networks

Due to the characteristics of mobile ad hoc networks, such networks are more susceptible to the destruction of malicious attacks or denial of cooperation. It would be easy for an adversary or a malicious node to launch attacks on routing function, especially attacks on packet routing. In order to mitigate these hazards, we incorporate the concept of ‘trust’ into MANETs, and abstract a decentralized trust inference model. The core of this model is trust computation, which is divided into two parts: historical trust assessment and trust prediction. We can quantify a node’s historical trust based on its historical behaviors via introducing multiple trust attributes. The fuzzy AHP method based on entropy weights is used to calculate the weight of trust attributes. By making use of the obtained historical trust data sequence, we propose an improved dynamic grey-Markov chain prediction measure to effectively estimate node’s trust prediction. In order to verify the validity of our trust model, we propose a trust-enhanced unicast routing protocol and a trust-enhanced multicast routing protocol, respectively. Both of the two new protocols can provide a feasible approach to kick out the untrustworthy nodes and choose the optimal trusted routing path. Moreover, the new proposed data-driven route maintenance mechanisms can reduce the routing overhead. The persuasive experiments have been conducted to evaluate the effectiveness of the new proposed trust-enhanced routing protocols in the aspects of packets delivery ratio, end-to-end latency, malicious node detection and attack resistance.     

MANET 中基于信任的安全位置辅助路由模型

In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks, the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed Distance Based LAR. The improved Secure Trust based Location Aided Routing algorithm utilizes direct trust and recommendation trust to prevent malicious nodes with low trust values from joining the forwarding. Simulation results reveal that ST LAR can resist attacks by malicious nodes effectively; furthermore, it also achieves better performance than DBLAR in terms of average end to end delay, packet delivery success ratio and throughput.     

Agent-based trusted on-demand routing protocol for mobile ad-hoc networks

The routing performance in mobile ad hoc networks (MANETs) relies on the co-operation of the individual nodes that constitute the network. The existence of misbehaving nodes may paralyze the routing operation in MANETs. To overcome this behavior, the trustworthiness of the network nodes should be considered in the route selection process combined with the hop count. The trustworthiness is achieved by measuring the trust value for each node in the network. In this paper, a new protocol based on self monitoring (agent-based) and following the dynamic source routing (DSR) algorithm is presented. This protocol is called agent-based trusted dynamic source routing protocol for MANETs. The objective of this protocol is to manage trust information locally with minimal overhead in terms of extra messages and time delay. This objective is achieved through installing in each participated node in the network a multi-agent system (MAS). MAS consists of two types of agents: monitoring agent and routing agent. A new mathematical and more realistic objective model for measuring the trust value is introduced. This model is weighted by both number and size of routed packets to reflect the “selective forwarding” behavior of a node. The performance evaluation via simulation shows that our protocol is better than standard and trusted DSR. The simulation is done over a variety of environmental conditions such as number of malicious nodes, host density and movement rates.     

E‐TDGO: An encrypted trust‐based dolphin glowworm optimization for secure routing in mobile ad hoc network

Mobile ad hoc networks (MANETs) are independent networks, where mobile nodes communicate with other nodes through wireless links by multihop transmission. Security is still an issue to be fixed in MANETs. Hence, a routing protocol named encrypted trust‐based dolphin glowworm optimization (DGO) (E‐TDGO) is designed using Advanced Encryption Standard‐128 (AES‐128) and trust‐based optimization model for secure routing in MANET. The proposed E‐TDGO protocol includes three phases, namely, k‐path discovery, optimal path selection, and communication. At first, k paths are discovered based on the distance and the trust level of the nodes. From the k paths discovered, the optimal path is selected using a novel algorithm, DGO, which is developed by combining glowworm swarm optimization (GSO) algorithm and dolphin echolocation algorithm (DEA). Once the optimal path is selected, communication begins in the network such that E‐TDGO protocol ensures security. The routing messages are encrypted using AES‐128 with shared code and key to offer security. The experimental results show that the proposed E‐TDGO could attain throughput of 0.11, delay of 0.01 second, packet drop of 0.44, and detection rate of 0.99, at the maximum number of rounds considered in the network of 75 nodes with attack consideration.     

一种分布式网络环境下基于挑战-响应模型的可信评估方法

运用信任模型进行可信评估是解决分布式网络安全问题的重要手段。然而,目前大部分研究工作把研究重点放在如何收集更完整的信任证据,以及如何利用一些新手段如机器学习、区块链等评估节点信任值,很少对如何获取节点可靠的初始信任值进行研究。实际上,针对分布式网络提出的很多信任模型都依赖于历史信任证据,而初次对网络进行可信评估时并不具备相关历史信息。基于此,该文面向分布式网络环境的安全问题,提出了基于挑战-响应模型的可信评估方法。首先利用挑战-响应模型获取节点可靠的初始信任值,并利用此初始信任值对网络中的节点进行分簇,在簇内进行信任值计算和信任值更新,完成分布式网络环境下完整的可信评估流程。仿真结果表明,相较于统一设置初始信任值的方式,该文所提方法能对恶意节点、自私节点的信任值有较准确的预测,同时对恶意节点的检测率也更高。     

基于频率域多目标MANETs可信路由决策研究

移动Ad-hoc网络(MANETs)具有开放的媒质,动态的拓扑结构,分布式的合作和受限的网络能力等基本特点。网络中移动节点具有匿名性和高度自治的特点,网络通讯依靠在通信路径上的中间节点转发数据包,实现无线传输范围外节点间的正常通信。该文提出了一种独特的MANETs中基于频率下多目标可信路由决策算法,它和现在大多数路由算法都是在时间域下使用单一约束参数选择路由的方式截然不同。利用概率理论分析安全和可信路由,基于概率密度函数的时频相互转化,减小计算复杂度,解决MEANTs中节点间缺乏物理安全以及在低信任水平和节点相互勾结扰乱网络操作情况下,发现可信安全路由难的问题。实例分析证明了此算法的可行性。     

基于信任关系的IP网络容错容侵机制

目前IP网络受自身故障和网络攻击等异常行为影响较过去更深广。因此如何增强IP网络的容错和容侵能力显得尤为重要。但是目前很多的研究仅关注其中一个方面,而很少两者兼有,从而不能很好地兼顾安全性和可生存性。该文提出了一种有效的基于信任关系的容错容侵机制。该机制借用了社会网络中的信任关系思想,定量地描述了信任关系值与网络行为的对应关系某节点的恶意行为会使得自己在其他节点处的信任值下降。然后,分析了该机制如何对3种网络异常,即自身故障、诋毁攻击和矛盾行为攻击的容忍能力。最后,仿真结果和分析表明该机制可以迅速而精确地检测到异常节点,并能有效地阻止这些异常对网络的攻击和破坏。     

Performance of PKI-based security mechanisms in mobile ad hoc networks

Security for ad hoc network environments has received a lot of attention as of today. Previous work has mainly been focussing on secure routing, fairness issues, and malicious node detection. However, the issue of introducing and conserving trust relationships has received considerably less attention. In this article, we present a scalable method for the use of public key certificates and their revocation in mobile ad hoc networks (MANETs). With the LKN-ad hoc security framework (LKN-ASF) a certificate management protocol has been introduced, bringing PKI technology to MANETs. In addition a performance analysis of two different revocation approaches for MANETs will be presented.     

Autonomous Ant-based Public Key Authentication Mechanism for Mobile Ad-hoc Networks

In mobile ad-hoc networks (MANETs), where there is no centralized authority to provide authentication, trust and reputation mechanisms are applied to maintain security by identifying trustworthy and untrustworthy nodes. However, traditional authentication mechanisms are not viable for MANETs due to the lack of infrastructure and frequent topology changes. In this paper, we propose a self-organized and localized public key authentication mechanism based on ant colony systems. Every node generates its own public-private key pair, issues certificates to neighboring nodes and provides on-demand authentication services by means of gathering certificate chains towards a target node. Pheromone concentration left by ants along the path of the certificate chains represents the trust level of a node towards other nodes. This model is able to authenticate public keys by selecting the most trustworthy certificate chains gathered by ants and can identify and exclude certificate chains with malicious nodes.     

Improving assurance of a sustainable route-split MANET routing by adapting node battery exhaustion

Assurance networks are designed to realize trustable Internet-Of-Things including terminal devices/infrastructure service applications for new generation networks. To construct assurance networks, it is necessary to evaluate them quantitatively. In this paper, we provide one of case studies to evaluate them quantitatively. In mobile ad hoc networks (MANETs), the network environments change over time due to the movement of nodes, the battery level of nodes, and so on. Assurance networks must maintain high performance even when such diverse changes of the network environments occur in the widely applicable domain. And if their performance degrades, they must early recover from the changes. So far, we have proposed a routing method for MANETs, called Route-Split Routing (RSR). RSR can suppress escalation of control packets in large scale MANETs. However, with RSR, drawbacks occur when some nodes exhaust their batteries. In this paper, we propose a sustainable route-split routing scheme to improve assurance by adapting node faults due to battery exhaustion for MANETs. To evaluate the assurance of the proposed method, we have implemented it with a simulator and have conducted simulation experiments. The results indicate that the proposed method can maintain high throughput when some nodes experience various levels of battery power and power consumption and even when some nodes die simultaneously.     

无线Mesh网络可信路由协议THWMP研究

为了使节点在网络中存在恶意节点和自私节点时能够选择安全可靠的路由,降低恶意节点和自私节点对无线Mesh网络带来的影响,文中通过对无线Mesh网络混合路由协议HWMP(Hybrid Wireless Mesh Protocol)和信任模型的研究,提出了基于主观逻辑信任模型的无线Mesh网络可信路由协议THWMP(Trusted HWMP),大大降低了因为信任的传递带来的网络开销,同时保证了路由的可信度。与HWMP路由协议相比较,在网络中存在恶意节点时,THWMP路由协议能够在增加有限的额外开销的情况下保证全网有较高的数据传递成功率和吞吐量。     

Security Through Collaboration and Trust in MANETs

It is well understood that Mobile Ad Hoc Networks (MANETs) are extremely susceptible to a variety of attacks, and traditional security mechanisms do not work well. Many security schemes have been proposed that depend on cooperation amongst the nodes in a MANET for identifying nodes that are exhibiting malicious behaviors such as packet dropping, packet modification, and packet misrouting. We argue that in general, this problem can be viewed as an instance of detecting nodes whose behavior is an outlier when compared to others. In this paper, we propose a collaborative and trust-based outlier detection algorithm that factors in a node??s reputation for MANETs. The algorithm leads to a common outlier view amongst distributed nodes with a limited communication overhead. Simulation results demonstrate that the proposed algorithm is efficient and accurate.     

一种加入入侵检测的可信AODV方案

可信的AODV路由协议（Trusted Ad hoc On Demand Distance Vector Routing Algorithm,TAODV）是一种在AODV中加入信任机制的协议,对路由传输中网络层数据的安全性传输起到一定的改进作用。单个入侵检测（Single Intrusion Detection,SID）即一个节点持续地监听邻居节点间的信息交互,计算出邻居节点的信任值,增加了网络对于恶意行为的敏感度,从而能以最快的速度找到最佳路由。在TAODV中加入SID单元可以大大提高网络的传输效率,降低丢包率,更快地找到安全可靠并且距离最短的路由。     

移动计算环境下信任管理模型研究

移动计算环境下的移动主机,易受攻击,且其交互是对等的,考虑到节点的自主行为及恶意节点,仅靠密码学的安全体系是不够的,文章借鉴P2P信任管理提出移动计算环境下基于信誉的信任管理模型,模型对移动节点是透明的,节能的,对简单恶意节点和合谋欺诈有很好的抵抗作用。     

异构无线网络可信接入设计及实现

异构无线网络互连后的安全问题是当前网络安全研究的一个热点问题,为了解决异构网络互连后产生的接入安全问题,提出了一种基于信任模型的可信接入框架,该框架建立了异构无线网络间的信任评价体系,对接入异构无线网络用户除了进行身份验证,还必须进行用户信任度的验证,既拒绝了恶意节点接入,又确保了合法节点的安全接入,从而保证异构无线网络互连接入的安全和可信。     

MQ-Routing: Mobility-, GPS- and energy-aware routing protocol in MANETs for disaster relief scenarios

Mobile-Ad-Hoc-Networks (MANETs) are self-configuring networks of mobile nodes, which communicate through wireless links. The main issues in MANETs include the mobility of the network nodes, the scarcity of computational, bandwidth and energy resources. Thus, MANET routing protocols should explicitly consider network changes and node changes into the algorithm design. MANETs are particularly suited to guarantee connectivity in disaster relief scenarios, which are often impaired by the absence of network infrastructures. Moreover, such scenarios entail strict requirements on the lifetime of the device batteries and on the reactivity to possibly frequent link failures. This work proposes a proactive routing protocol, named MQ-Routing, aimed at maximizing the minimum node lifetime and at rapidly adapting to network topology changes. The proposed protocol modifies the Q-Routing algorithm, developed via Reinforcement Learning (RL) techniques, by introducing: (i) new metrics, which account for the paths availability and the energy in the path nodes, and which are dynamically combined and adapted to the changing network topologies and resources; (ii) a fully proactive approach to assure the protocol usage and reactivity in mobile scenarios. Extensive simulations validate the effectiveness of the proposed protocol, through comparisons with both the standard Q-Routing and the Optimized Link State Routing (OLSR) protocols.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

Novel Trusted Hierarchy Construction for RFID Sensor–Based MANETs Using ECCs

In resource‐constrained, low‐cost, radio‐frequency identification (RFID) sensor–based mobile ad hoc networks (MANETs), ensuring security without performance degradation is a major challenge. This paper introduces a novel combination of steps in lightweight protocol integration to provide a secure network for RFID sensor–based MANETs using error‐correcting codes (ECCs). The proposed scheme chooses a quasi‐cyclic ECC. Key pairs are generated using the ECC for establishing a secure message communication. Probability analysis shows that code‐based identification; key generation; and authentication and trust management schemes protect the network from Sybil, eclipse, and de‐synchronization attacks. A lightweight model for the proposed sequence of steps is designed and analyzed using an Alloy analyzer. Results show that selection processes with ten nodes and five subgroup controllers identify attacks in only a few milliseconds. Margrave policy analysis shows that there is no conflict among the roles of network members.