A Novel Trust-Aware Geographical Routing Scheme for Wireless Sensor Networks

Wireless sensor networks are vulnerable to a wide set of security attacks, including those targeting the routing protocol functionality. The applicability of legacy security solutions is disputable (if not infeasible), due to severe restrictions in node and network resources. Although confidentiality, integrity and authentication measures assist in preventing specific types of attacks, they come at high cost and, in most cases, cannot shield against routing attacks. To face this problem, we propose a secure routing protocol which adopts the geographical routing principle to cope with the network dimensions, and relies on a distributed trust model for the detection and avoidance of malicious neighbours. A novel function which adaptively weights location, trust and energy information drives the routing decisions, allowing for shifting emphasis from security to path optimality. The proposed trust model relies on both direct and indirect observations to derive the trustworthiness of each neighboring node, while it is capable of defending against an increased set of routing attacks including attacks targeting the indirect trust management scheme. Extensive simulation results reveal the advantages of the proposed model.     

SecMR – a secure multipath routing protocol for ad hoc networks

Multipath routing in ad hoc networks increases the resiliency against security attacks of collaborating malicious nodes, by maximizing the number of nodes that an adversary must compromise in order to take control of the communication. In this paper, we identify several attacks that render multipath routing protocols vulnerable to collaborating malicious nodes. We propose an on-demand multipath routing protocol, the secure multipath routing protocol (SecMR), and we analyze its security properties. Finally, through simulations, we evaluate the performance of the SecMR protocol in comparison with existing secure multipath routing protocols.     

Trust prediction and trust-based source routing in mobile ad hoc networks

Mobile ad hoc networks (MANETs) are spontaneously deployed over a geographically limited area without well-established infrastructure. The networks work well only if the mobile nodes are trusty and behave cooperatively. Due to the openness in network topology and absence of a centralized administration in management, MANETs are very vulnerable to various attacks from malicious nodes. In order to reduce the hazards from such nodes and enhance the security of network, this paper presents a dynamic trust prediction model to evaluate the trustworthiness of nodes, which is based on the nodes’ historical behaviors, as well as the future behaviors via extended fuzzy logic rules prediction. We have also integrated the proposed trust predication model into the Source Routing Mechanism. Our novel on-demand trust-based unicast routing protocol for MANETs, termed as Trust-based Source Routing protocol (TSR), provides a flexible and feasible approach to choose the shortest route that meets the security requirement of data packets transmission. Extensive experiments have been conducted to evaluate the efficiency and effectiveness of the proposed mechanism in malicious node identification and attack resistance. The results show that TSR improves packet delivery ratio and reduces average end-to-end latency.     

Integrated Social and QoS Trust-Based Routing in Delay Tolerant Networks

We propose and analyze a class of integrated social and quality of service (QoS) trust-based routing protocols in mobile ad-hoc delay tolerant networks. The underlying idea is to incorporate trust evaluation in the routing protocol, considering not only QoS trust properties but also social trust properties to evaluate other nodes encountered. We prove that our protocol is resilient against bad-mouthing, good-mouthing and whitewashing attacks performed by malicious nodes. By utilizing a stochastic Petri net model describing a delay tolerant network consisting of heterogeneous mobile nodes with vastly different social and networking behaviors, we analyze the performance characteristics of trust-based routing protocols in terms of message delivery ratio, message delay, and message overhead against connectivity-based, epidemic and PROPHET routing protocols. The results indicate that our trust-based routing protocols outperform PROPHET and can approach the ideal performance obtainable by epidemic routing in delivery ratio and message delay, without incurring high message overhead. Further, integrated social and QoS trust-based protocols can effectively trade off message delay for a significant gain in message delivery ratio and message overhead over traditional connectivity-based routing protocols.     

Access control in wireless sensor networks

Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious “new” nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.     

Combining trust with location information for routing in wireless sensor networks

As the applications of wireless sensor networks proliferate, the efficiency in supporting large sensor networks and offering security guarantees becomes an important requirement in the design of the relevant networking protocols. Geographical routing has been proven to efficiently cope with large network dimensions while trust management schemes have been shown to assist in defending against routing attacks. Once trust information is available for all network nodes, the routing decisions can take it into account, i.e. routing can be based on both location and trust attributes. In this paper, we investigate different ways to incorporate trust in location‐based routing schemes and we propose a novel way of balancing trust and location information. Computer simulations show that the proposed routing rule exhibits excellent performance in terms of delivery ratio, latency time and path optimality. Copyright © 2010 John Wiley & Sons, Ltd.     

A Novel Robust Routing Scheme Against Rushing Attacks in Wireless Ad Hoc Networks

Standard on-demand routing protocols in wireless ad hoc networks were not originally designed to deal with security threats. Because of that, malicious users have been finding ways to attack networks. Rushing attacks represent one of such possibilities. In these attacks, malicious nodes forward the Route Request (RREQ) packets, asking for a route, to the destination node quicker than the legitimate nodes do. This is possible because the legitimate nodes only forward the first received RREQ packet for a given route discovery. Besides, the attackers can tamper with either the Medium Access Control or routing protocols to get faster processing. As a result, the path through the malicious nodes is chosen, which renders throughput degradation. We propose here a novel, robust routing scheme to defend ad hoc networks against rushing attacks. Our scheme utilizes the “neighbor map mechanism” to establish robust paths as far as rushing attacks are concerned. The proposed scheme also improves path recovery delay by using, whenever it is possible, route maintenance rather than route discovery. Yet, it is energy efficient. The simulation results show that our proposal is indeed viable.     

A Mutual Evaluation Based Trust Management Method for Wireless Sensor Networks

We propose a lightweight trust system for the clustered wireless sensor networks based on the mutual evaluation between the cluster heads and sensor nodes. We evaluate the trust level of a cluster head in two aspects, namely, trust level as a service provider and a supervisor. We consider multidimensional trust attributes to compute the global trust value of a node. By means of the Petri net (PN), we illustrate the performance of an entity in our trust model. Theoretical analyses as well as simulations are done and the results showed that our model with linear computational complexity had less memory and communi-cation overhead when compared with the current state-of-art trust management scheme. In addition, our model can detect malicious and selfish entities (especially the mali-cious cluster head) and resist various attacks efficiently.     

Energy Efficiency Routing with Node Compromised Resistance in Wireless Sensor Networks

For the energy limited wireless sensor networks, the critical problem is how to achieve the energy efficiency. Many attackers can consume the limited network energy, by the method of capturing some legal nodes then control them to start DoS and flooding attack, which is difficult to be detected by only the classic cryptography based techniques with common routing protocols in wireless sensor networks (WSNs). We argue that under the condition of attacking, existing routing schemes are low energy-efficient and vulnerable to inside attack due to their deterministic nature. To avoid the energy consumption caused by the inside attack initiated by the malicious nodes, this paper proposes a novel energy efficiency routing with node compromised resistance (EENC) based on Ant Colony Optimization. Under our design, each node computes the trust value of its 1-hop neighbors based on their multiple behavior attributes evaluation and builds a trust management by the trust value. By this way, sensor nodes act as router to achieve dynamic and adaptive routing, where the node can select much energy efficiency and faithful forwarding node from its neighbors according to their remaining energy and trust values in the next process of data collection. Simulation results indicate that the established routing can bypass most compromised nodes in the transmission path and EENC has high performance in energy efficiency, which can prolong the network lifetime.     

Secure way routing protocol for mobile ad hoc network

Mobile adhoc network is dynamic in nature and it operates completely in an infrastructure-less environment. It discovers the way routes dynamically to reach the destination. Securing a dynamic way route, which is not known before establishing communication, is always a challenge in the mobile ad hoc network. Most of the existing secure routing protocols target to evade specific type of attacks or malicious behaviour of the nodes or networks. We propose a novel secure way routing protocol for securing the dynamic way routes in MANET. It provides a unique session key for each route to secure the data communication. Moreover, it authenticates the data packets using asymmetric cryptography and secures the routing field message using two-way asymmetric cryptography. The proposal is implemented and tested for assessing the protocol’s performance. We have also compared the protocol with the other secure routing protocols for evaluating its performance.     

Distributed detection of mobile malicious node attacks in wireless sensor networks

In wireless sensor networks, sensor nodes are usually fixed to their locations after deployment. However, an attacker who compromises a subset of the nodes does not need to abide by the same limitation. If the attacker moves his compromised nodes to multiple locations in the network, such as by employing simple robotic platforms or moving the nodes by hand, he can evade schemes that attempt to use location to find the source of attacks. In performing DDoS and false data injection attacks, he takes advantage of diversifying the attack paths with mobile malicious nodes to prevent network-level defenses. For attacks that disrupt or undermine network protocols like routing and clustering, moving the misbehaving nodes prevents them from being easily identified and blocked. Thus, mobile malicious node attacks are very dangerous and need to be detected as soon as possible to minimize the damage they can cause. In this paper, we are the first to identify the problem of mobile malicious node attacks, and we describe the limitations of various naive measures that might be used to stop them. To overcome these limitations, we propose a scheme for distributed detection of mobile malicious node attacks in static sensor networks. The key idea of this scheme is to apply sequential hypothesis testing to discover nodes that are silent for unusually many time periods—such nodes are likely to be moving—and block them from communicating. By performing all detection and blocking locally, we keep energy consumption overhead to a minimum and keep the cost of false positives low. Through analysis and simulation, we show that our proposed scheme achieves fast, effective, and robust mobile malicious node detection capability with reasonable overhead.     

Active detection in mitigating routing misbehavior for MANETs

Mobile ad hoc network (MANET) is vulnerable to security attacks because of the shared radio medium and lack of centralized coordination. Since most multi-hop routing protocols implicitly assume cooperative routing and are not originally designed for security attacks, MANET has been challenged by diverse denial-of-service attacks that often interfere with the protocol and interrupt on-going communication. In this paper, we propose an explore-based active detection scheme, called EBAD, to efficiently mitigate the routing misbehaviors in MANETs running with dynamic source routing. The basic idea is that a source node broadcasts a route request packet with a fictitious destination node to lure potential malicious nodes to reply a fake route reply packet. If the source node receives the fake route reply packet or an intermediate node cannot decrypt the received route reply packet, the routing misbehavior can be detected. We also propose a route expiry timer based approach to reduce the effect of route cache pollution because of the fake route reply. We present a simple analytical model of the EBAD and its numerical result in terms of detection rate. We also conduct extensive simulation experiments using the OMNeT++ for performance evaluation and comparison with the existing schemes, CBDS and 2ACK. The simulation results show that the proposed countermeasure can not only improve the detection rate and packet delivery ratio but also can reduce the energy consumption and detection latency.

     

A secure routing protocol with regional partitioned clustering and Beta trust management in smart home

With the emergence of the Internet of Things (IoT) in recent years, the security has been significantly called more and more people’s attention on wireless communication between the devices and the human-beings, as well as the devices to devices. Smart home (SH), as a small-scale example of the smart application-based field, has benefited from the concept of IoT since it uses an indoor data-centric sensor network. In SH, routing schemes are widely utilized for data aggregation purposes. However, there are three main issues, which can considerably affect the current execution of routing protocol in SH: (1) lack of technical methods for precisely regional division of the network, (2) the difficulty of differentiating data among various functional regions, and (3) the vulnerability of network with advanced internal routing attacks. To address the aforementioned issues, in this paper, a two-layer cluster-based network model for indoor structured SH and a novel Beta-based trust management (BTM) scheme are proposed to defend various types of internal attacks by integrating the variation of trust value, threshold, and evaluation. The proposed structure forms a secure hierarchical routing protocol called SH-PCNBTM to effectively support the data transmission service in SH networks. The performance of SH-PCNBTM is thoroughly evaluated by using a set of comprehensive simulations. We will show that the proposed routing protocol not only ensures the even distribution of cluster-heads in each sub-region, but it also identifies and isolates the malicious sensor nodes accurately and rapidly compared with other trust-based hierarchical routing protocols.

     

移动自组网的主观信任建模与仿真

不同于以往只考虑最短路径或只依靠转发行为评价信任或基于推荐机制的传统路由算法,提出了一种兼顾通信可靠性和路径长度的主观信任路由模型.通过引入属性相似度概念将邻居选择、信任评估、数据转发等路由环节紧密相连,进一步建立一种新的动态包转发规则,并给出了一种计算属性相似度的推荐方法.实验结果表明主观信任路由模型较传统的DSR(...     

移动Ad hoc网络安全路由协议综述

Ad hoc网络的安全性问题越来越引起人们的关注,如何确保Ad hoc网络路由协议的安全成为Ad hoc研究的一项关键技术。本文介绍了安全协议的目标以及针对Ad hoc网络路由协议的恶意攻击,接着详细分析了目前比较典型的几种Ad hoc网络安全路由的研究现状,在对他们进行综合比较的基础上指出了存在的问题。     

一种传感器网络的分布式信任模型

传感器网络面临的攻击很多,尤其是内部节点进行的攻击带来的危险最大。同时,传感器网络特别是军用传感器网络不能采用建立信任中心的信任模型,导致其内部节点的恶意行为更难以控制。通过引入基于CPK认证的源地址认证模块,使用第三方推荐信任,并结合多种相关的网络行为属性,能够为用户提供更准确可信的信任度计算能力作为参考依据,使用户可以根据信任度对权限进行控制,以达到控制恶意行为的目的。     

Agent-based trusted on-demand routing protocol for mobile ad-hoc networks

The routing performance in mobile ad hoc networks (MANETs) relies on the co-operation of the individual nodes that constitute the network. The existence of misbehaving nodes may paralyze the routing operation in MANETs. To overcome this behavior, the trustworthiness of the network nodes should be considered in the route selection process combined with the hop count. The trustworthiness is achieved by measuring the trust value for each node in the network. In this paper, a new protocol based on self monitoring (agent-based) and following the dynamic source routing (DSR) algorithm is presented. This protocol is called agent-based trusted dynamic source routing protocol for MANETs. The objective of this protocol is to manage trust information locally with minimal overhead in terms of extra messages and time delay. This objective is achieved through installing in each participated node in the network a multi-agent system (MAS). MAS consists of two types of agents: monitoring agent and routing agent. A new mathematical and more realistic objective model for measuring the trust value is introduced. This model is weighted by both number and size of routed packets to reflect the “selective forwarding” behavior of a node. The performance evaluation via simulation shows that our protocol is better than standard and trusted DSR. The simulation is done over a variety of environmental conditions such as number of malicious nodes, host density and movement rates.     

Routing protocols for vehicular Ad Hoc networks in rural areas

Research on vehicular ad hoc networks has focused mainly on efficient routing protocol design under conditions where there are relatively large numbers of closely spaced vehicles. These routing protocols are designed principally for urban areas with high node density and fully connected networks and are not suitable for packet delivery in a sparse, partially connected VANET. In this article, we examine the challenges of VANETs in sparse network conditions, review alternatives including epidemic routing, and propose a border node-based routing protocol for partially connected VANETs. The BBR protocol can tolerate network partition due to low node density and high node mobility. The performance of epidemic routing and BBR are evaluated with a geographic and traffic information- based mobility model that captures typical highway conditions. The simulation results show that under rural network conditions, a limited flooding protocol such as BBR performs well and offers the advantage of not relying on a location service required by other protocols proposed for VANETs.     

Performance comparison of trust-based reactive routing protocols

Ad hoc networks, due to their improvised nature, are frequently established in insecure environments and hence become susceptible to attacks. These attacks are launched by participating malicious nodes against different network services. Routing protocols, which act as the binding force in these networks, are a common target of these nodes. A number of secure routing protocols have recently been proposed, which make use of cryptographic algorithms to secure the routes. However, in doing so, these protocols entail a number of prerequisites during both the network establishment and operation phases. In contrast, trust-based routing protocols locate trusted rather than secure routes in the network by observing the sincerity in participation by other nodes. These protocols thus permit rapid deployment along with a dynamically adaptive operation, which conforms with the current network situation. In this paper, we evaluate the performance of three trust-based reactive routing protocols in a network with varying number of malicious nodes. With the help of exhaustive simulations, we demonstrate that the performance of the three protocols varies significantly even under similar attack, traffic, and mobility conditions. However, each trust-based routing protocol has its own peculiar advantage making it suitable for application in a particular extemporized environment.     

Defending against wormhole attacks in mobile ad hoc networks

In ad hoc networks, malicious nodes can deploy wormhole attacks to fabricate a false scenario on the proximity relationship among mobile nodes. A classification of the attacks according to the format of the wormholes is proposed. This forms a basis to identify the detection capability of various approaches. An analysis shows that earlier approaches focus on the prevention of wormholes among neighbors that trust each other. As a more generic approach, we present an end‐to‐end scheme that can detect wormholes on a multi‐hop route. Only the trust between the source and the destination is assumed. The mechanism uses geographic information to detect anomalies in neighbor relations and node movements. To reduce the computation and storage overhead, we present a scheme called cell‐based open tunnel avoidance (COTA) to manage the information. COTA requires a constant space for every node on the path and the computation overhead increases linearly to the number of detection packets. We prove that the savings do not deteriorate the detection capability. Various schemes to control communication overhead are studied. The simulation and experiments on real devices show that the proposed mechanism can be combined with existent routing protocols to defend against wormhole attacks. Copyright © 2006 John Wiley & Sons, Ltd.