A survey on trust based detection and isolation of malicious nodes in ad-hoc and sensor networks

Mobile ad-hoc networks (MANETs) and wireless sensor networks (WSNs) have gained remarkable appreciation and technological development over the last few years. Despite ease of deployment, tremendous applications and significant advantages, security has always been a challenging issue due to the nature of environments in which nodes operate. Nodes’ physical capture, malicious or selfish behavior cannot be detected by traditional security schemes. Trust and reputation based approaches have gained global recognition in providing additional means of security for decision making in sensor and ad-hoc networks. This paper provides an extensive literature review of trust and reputation based models both in sensor and ad-hoc networks. Based on the mechanism of trust establishment, we categorize the stateof-the-art into two groups namely node-centric trust models and system-centric trust models. Based on trust evidence, initialization, computation, propagation and weight assignments, we evaluate the efficacy of the existing schemes. Finally, we conclude our discussion with identification of some unresolved issues in pursuit of trust and reputation management.     

一种能量有效的平面式无线传感器网络的信任管理模型

信任管理机制解决了来自无线传感器网络的内部攻击问题,但同时产生由信任评价带来的额外开销。现有的信任管理模型对节点信任度的评价缺乏公平性,导致节点使用率的降低。为了解决信任机制在无线传感器网络的耗能问题,提出了一种能量有效的平面式无线传感器网络信任模型。通过节点的自身性能与任务难度的关系定义节点的执行度,在确保信任管理有效性的同时,增强节点信任度评价的公平性,从而提高传感器节点的使用率,降低了能量消耗。最后通过模拟实验,证明该信任模型与传统信任模型相比,能够有效检测恶意节点,同时大大降低了节点的能量消耗,提高了网络生存周期。     

Group-Based Trust Management Scheme for Clustered Wireless Sensor Networks

Traditional trust management schemes developed for wired and wireless ad hoc networks are not well suited for sensor networks due to their higher consumption of resources such as memory and power. In this work, we propose a new lightweight group-based trust management scheme (GTMS) for wireless sensor networks, which employs clustering. Our approach reduces the cost of trust evaluation. Also, theoretical as well as simulation results show that our scheme demands less memory, energy, and communication overheads as compared to the current state-of-the-art trust management schemes and it is more suitable for large-scale sensor networks. Furthermore, GTMS also enables us to detect and prevent malicious, selfish, and faulty nodes.     

TRIP,a trust and reputation infrastructure-based proposal for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have drawn the attention of a number of researchers due to their several advantages and benefits. It is a very promising area of knowledge where investing new funds and effort is surely a wise move. Nevertheless, despite their multiple capabilities, new unresolved risks arise, and it is not always easy, or even feasible to cope with them. Recently, trust and reputation management has been proposed as a novel and accurate way to deal with some of these deficiencies. A considerable amount of works have been developed so far in this field concerning P2P networks, wireless sensor networks, ad hoc networks, etc. However, the application of behavioral-based trust and reputation management to VANETs is still at a preliminary stage. In this paper we survey the sate of the art, proving the current lack of proposals in this specific environment. We also suggest a set of design requirements for trust and reputation models specifically applicable to VANETs. Furthermore, we present our original proposal, TRIP, aimed to quickly and accurately distinguish malicious or selfish nodes spreading false or bogus messages throughout the network. We have also studied the level of fulfillment of each of the surveyed models with regard to each design requirement suggestion, comparing them with our approach. Finally, some preliminary experiments demonstrate the accurate performance of our trust and reputation mechanism under several different conditions.     

基于二项分布的无线传感器网络信任管理系统

由于无线传感器网络不同于传统网络的特点,导致其很容易受到来自妥协节点的内部攻击。信任管理系统是防御无线传感器网络内部攻击的最有效方法。针对无线传感器网络节点信誉和信任的评估,我们改进了用于无线传感器网络的基于贝塔的信誉系统BRSN( Beta Reputation System for Sensor Networks),提出了基于二项分布的无线传感器网络信任评估系统BTMS( Binomial-based Trust Management System)。 BTMS基于对节点行为的监控,利用二项分布来描述节点信誉的分布,并进一步得到节点信任值,从而指导中继节点的选择,降低内部攻击的危害。实验结果表明,利用BTMS可以有效的防御来自妥协节点的内部攻击,提高网络安全性。     

一种新的传感器网络密钥分配方案

密钥分配对于无线传感器网络（WSN）的安全起着基础性作用。由于传感器网络规模大、节点资源非常受限等特点,传统的基于公钥和可信任密钥分配中心等方式不能使用。提出了一种新的WSN密钥分配方案,并对其存储量、通信量、计算量和安全性进行了分析。该方案基于安全两方计算,计算负载小,安全性高,适合传感器网络。     

浅析无线传感器网络的密钥管理

集传感器技术、嵌入式计算技术、分布式信息处理技术及无线通信技术于一体的无线传感器网络,因其广阔的应用前景而受到学术界和工业界的高度重视。在大多数应用环境中用户对无限传感器网络的安全能力有很高的要求,因此安全成为制约无限传感器网络广泛应用的关键。为此文章深入分析和讨论了无线传感器网络密钥管理方面的一些基础内容,并主要对目前一些经典的密钥管理方案进行原理阐述和性能分析。     

WSN中一种防御广播认证中的DoS攻击策略

当将数字签名应用到广播认证时,网络很容易受到DoS( Denial of Service)攻击,比如攻击者不停地广播虚假数据包从而消耗网络的通信资源和计算资源.针对这种情况,提出一种基于弱认证和信誉等级的协议来防御此类DoS攻击.该协议针对分簇的无线传感器网络模型,利用中国剩余定理和单向函数来完成弱认证,同时还引入信誉...     

基于身份的无线传感器网络密钥系统

无线传感器络（WSN）是一类由众多微型传感器节点通过自组织的方式构成的网络。随着在军事、环境监测等方面的应用逐渐成为现实,其有效和安全通信问题由于自身的特性（如能量、计算能力和节点存储资源等的局限性）而显得更加突出。本文首先比较详细地介绍了无线传感器网络安全结构及其面临的问题;其次重点讨论了无线传感器网络密钥系统相关的研究现状;然后给出了一种有效的基于身份的无线传感器网络密钥系统方案及与其它方案的仿真比较实验。仿真实验结果表明,我们方案较其它密钥系统方案在处理时间和节点存储需求方面具有优势。     

Reputation-based role assignment for role-based access control in wireless sensor networks

Wireless sensor networks (WSNs) typically consist of large number of sensor nodes, which, depending on the application, are mostly left unattended in open environments for moderately long periods of time. Due to the wireless nature of the medium, it is quite possible that a node can be captured by an adversary, which may lead to its non-cooperative behavior or misbehavior with the rest of the nodes in the network. So, it is necessary to provide a security mechanism in the network that mandates only the authorized nodes to be able to access information. Some of the recent literature suggest using multilevel hierarchical architectures (MHA) in WSN. In such an approach, each group is assigned a task and a different role or level is assigned to nodes within a group. There exists a need for multilevel access control in these types of networks, in order to give authorization based on a node’s role - this is also called role-based access control (RBAC). In this paper, we propose a reputation-based role assigning scheme for RBAC. The main objective of this scheme is to manage reputation locally with minimum communication and delay overhead and to assign appropriate role or level to the deserved nodes in order to increase the throughput of overall network. Other parameters used in our scheme are the bootstrap time and energy. In this paper, we describe our scheme and prove its theoretical correctness. Simulation results show that our scheme leads to an increase in throughput. This scheme leads to increase in throughput by around 32% at the consumption of little more energy.     

Security threats scenarios in trust and reputation models for distributed systems

Trust and reputation management over distributed systems has been proposed in the last few years as a novel and accurate way of dealing with some security deficiencies which are inherent to those environments. Thus, many models and theories have been developed in order to effective and accurately manage trust and reputation in those communities. Nevertheless, very few of them take into consideration all the possible security threats that can compromise the system. In this paper, we present some of the most important and critical security threats that could be applied in a trust and reputation scheme. We will describe and analyze each of those threats and propose some recommendations to face them when developing a new trust and reputation mechanism. We will also study how some trust and reputation models solve them. This work expects to be a reference guide when designing secure trust and reputation models.     

自治网络中信任信誉模型的安全现状研究

随着P2P网络、Ad hoc、无线传感器网络的深入研究,信任和信誉成为保障这类自治网络安全的一个重要手段.虽然信任信誉系统在自治网络中起到了重要的作用,但其采用了间接推荐等技术,给信任信誉带来很多安全问题.介绍了信任信誉模型的相关概念,总结了目前对信任信誉模型的新攻击手段,并针对这些攻击,比较分析了在自治网络环境中具备一定防御能力的典型信任信誉模型的各自防御方法、防御效果以及性能情况.最后,在分析了现有研究存在的主要问题的基础上,展望了今后提高信任信誉模型安全性研究的主要方向.     

压缩感知的IPv6无线传感网信息隐藏方法

保障隐私数据安全是IPv6无线传感网安全的一个重要研究内容,信息隐藏技术能够利用隐私数据的特点实现数据的不可见性,在隐私安全保护方面发挥着重要作用.针对IPv6无线传感网的特点和数据隐匿性的安全需求,结合压缩感知理论,实现隐秘传输的计算开销集中在资源富裕的汇聚节点端.利用压缩感知,有效地将感知层节点端的计算开销大幅度降低,提出一种适用于IPv6无线传感网环境下的信息隐藏方法.该方法主要包括隐藏密钥的管理、嵌入算法的设计和提取算法的设计,以此为IPv6无线传感网敏感数据的传输提供隐匿性,保障网络中敏感数据的安全性.结果表明,该信息隐藏算法在嵌入过程中,随着敏感数据的增加,通信开销低于25%.     

A survey of key management schemes in wireless sensor networks

Wireless sensor networks have many applications, vary in size, and are deployed in a wide variety of areas. They are often deployed in potentially adverse or even hostile environment so that there are concerns on security issues in these networks. Sensor nodes used to form these networks are resource-constrained, which make security applications a challenging problem. Efficient key distribution and management mechanisms are needed besides lightweight ciphers. Many key establishment techniques have been designed to address the tradeoff between limited memory and security, but which scheme is the most effective is still debatable. In this paper, we provide a survey of key management schemes in wireless sensor networks. We notice that no key distribution technique is ideal to all the scenarios where sensor networks are used; therefore the techniques employed must depend upon the requirements of target applications and resources of each individual sensor network.     

A secure routing scheme based on social network analysis in wireless mesh networks无线网状网中一种基于社会网络分析的安全路由机制

As an extension of wireless ad hoc and sensor networks, wireless mesh networks (WMNs) are employed as an emerging key solution for wireless broadband connectivity improvement. Due to the lack of physical security guarantees, WMNs are susceptible to various kinds of attack. In this paper, we focus on node social selfish attack, which decreases network performance significantly. Since this type of attack is not obvious to detect, we propose a security routing scheme based on social network and reputation evaluation to solve this attack issue. First, we present a dynamic reputation model to evaluate a node’s routing behavior, from which we can identify selfish attacks and selfish nodes. Furthermore, a social characteristic evaluation model is studied to evaluate the social relationship among nodes. Groups are built based on the similarity of node social status and we can get a secure routing based on these social groups of nodes. In addition, in our scheme, nodes are encouraged to enter into multiple groups and friend nodes are recommended to join into groups to reduce the possibility of isolated nodes. Simulation results demonstrate that our scheme is able to reflect node security status, and routings are chosen and adjusted according to security status timely and accurately so that the safety and reliability of routing are improved.     

Energy-efficient and high-accuracy secure data aggregation in wireless sensor networks

Due to the inherent characteristics of resource-constrained sensors, communication overhead is always a major concern in wireless sensor networks (WSNs). Data aggregation is an essential technique to reduce the communication overhead and prolong network lifetime. Since data aggregation results are usually used to make critical decisions, the accuracy of final aggregation results is very important. Furthermore, as wireless sensor networks are increasing being deployed in security-critical applications, we should take security into consideration as well. Therefore, for such applications, data aggregation protocols must be highly energy efficient and highly accurate while being able to prevent an adversary from stealing private data held by each sensor node. In this paper, we propose an energy-efficient and high-accuracy (EEHA) scheme for secure data aggregation. The main idea of our scheme is that accurate data aggregation is achieved without releasing private sensor readings and without introducing significant overhead on the battery-limited sensors. We conduct extensive simulations to evaluate the performance of EEHA. Our analysis and simulations show that EEHA is more efficient and accurate than the existing scheme.     

无线传感器网络中动态密钥管理方案的研究

无线传感器网络的分布式、自组织特性使其广泛应用于商业和军事应用领域中.密钥管理作为传感器网络中提供安全功能的基本服务,在认证和加密过程中起着至关重要的作用.提出了一种适用于无线传感器网络的基于分组的动态密钥管理方案,此方案在实现时并不需要使用基站和簇头节点,从而保证了方案的通用性,同时动态密钥更新特性又进一步确保了传感器网络的安全不受被捕获节点的影响.本文最后分析了方案的连通性和安全性特性.     

分布式多信任域信任管理技术研究综述

随着Internet技术的迅速发展和广泛应用,出现了基于Internet虚拟社会,如P2P、网格、无线网络、多代理网络、无线传感器网络等,从而引起了信任概念从人类交互世界向虚拟交互世界的迁移。近年来研究者针对虚拟交互世界提出了各种信任管理模型,这些模型的多样性使得在实际应用中会产生多种信任域。一些文献提出了如何实现多信任域中代理间的可信交互。分析了多信任域的相关概念及其产生的原因,对选取新的典型的多信任域信任管理模型及其使用的各种方法进行了评述;分析了目前研究中存在的问题,并展望了未来的发展方向。研究表明,多信任域中代理间的可信交互是目前信任管理中的难点问题。     

Adaptive security design with malicious node detection in cluster-based sensor networks

Distributed wireless sensor networks have problems on detecting and preventing malicious nodes, which always bring destructive threats and compromise multiple sensor nodes. Therefore, sensor networks need to support an authentication service for sensor identity and message transmission. Furthermore, intrusion detection and prevention schemes are always integrated in sensor security appliances so that they can enhance network security by discovering malicious or compromised nodes. This study provides adaptive security modules to improve secure communication of cluster-based sensor networks. A dynamic authentication scheme in the proposed primary security module enables existing nodes to authenticate new incoming nodes, triggering the establishment of secure links and broadcast authentication between neighboring nodes. This primary security design prevents intrusion from external malicious nodes using the authentication scheme. For advanced security design, the proposed intrusion detection module can exclude internal compromised nodes, which contains alarm return, trust evaluation, and black/white lists schemes. This study adopts the two above mentioned modules to achieve secure communication in cluster-based sensor networks when the network lifetime is divided into multiple cluster rounds. Finally, the security analysis results indicate that the proposed design can prevent and detect malicious nodes with a high probability of success by cluster-based and neighbor monitor mechanisms. According to the performance evaluation results, the proposed security modules cause low storage, computation, and communication overhead to sensor nodes.     

无线传感器网络安全概述

对无线传感器网络的概念、特征进行了简单的介绍,讨论了无线传感器网络特性所带来的安全问题及目前采取的安全机制。其次分析了无线传感器网络的安全目标及特性,并对网络中常见的攻击进行了介绍,最后研究了无线传感器网络目前主要采用的安全路由、密钥管理、身份认证以及入侵检测方面的安全策略,其中重点分析了无线传感器网络入侵检测特点及研究现状。