Trust and reputation in mobile environments

Trust and Reputation in Mobile Environments


Andrada A¸tef˘noaie
s a

Computer Science Faculty of Ia¸i
s

December 14, 2012

1/41


Contents
1 Introduction
2 Social perspective
3 Trust in MANETs and WSNs
4 Overview of Reputation and Trust Based Systems
5 Components of Reputation and Trust Based Systems
Information Gathering
Information Sharing
Information Modelling
Decision Making
6 Examples of Reputation and Trust-based Systems
Core
Conﬁdant
7 Open problems
8 Conclusions
9 Bibliography
2/41

Introduction

MANETs and WSNs - Problems

Mobile Ad Hoc Networks and Wireless Sensor Networks ⇒
tremendous technological advances over the last few years ⇒ risk
of newer threats and challenges and the responsibility of ensuring
safety, security, and integrity of information communication over
these networks.

MANETs ⇒ vulnerable to diﬀerent types of attacks and security threats
(complete autonomy of the member nodes, lack of any centralized
infrastructure).

WSNs ⇒ unique problems due to their usual operations in unattended
and hostile areas. Also, it is imperative to produce sensors at very low
costs⇒ to produce tamper-resistant sensors ⇒ very easy for an adversary
to physically capture a sensor node and bypass its limited cryptographic
security.

3/41

Introduction

Trust and Reputation

⇒ resolved by modelling MANETs and WSNs as reputation and
trust-based systems.

As in real life, we tend to believe and interact only with people who we
see as having a good reputation. Reputation can be deﬁned as a person’s
history of behaviour, and can be positive, negative, or a mix of both.
Based on this reputation, trust is built. Trust can be seen as the
expectation that a person will act in a certain way.

Reputation: opinion of one entity about another ⇒
trustworthiness of an entity.
Trust: expectation of one entity about the actions of another.

4/41

Social perspective

Trust and uncertainty

Trust: important factor aﬀecting consumer behaviour, especially in
the e-commerce context where uncertainty abounds.
Uncertainty:
⇒ originates from two sources: information asymmetry and
opportunism.
⇒ degree to which an individual or organization cannot anticipate
or accurately predict the environment

5/41

Social perspective

Trust beliefs and trust intention

Trust means that the trustor believes in, and is willing to depend
on, the trustee. Theory of reasoned action ⇒ trusting beliefs and
trusting intention.
Trusting beliefs ⇒ multidimensional, representing one’s beliefs
that the trustee is likely to behave in a way that is benevolent,
competent, honest, or predictable in a situation. Most frequently:
competence, benevolence, and integrity.
Trusting intention is the extent to which one is willing to depend
on the other person in a given situation.

6/41

Social perspective

Information asymmetry and Opportunistic behaviour

Information asymmetry is defined as the difference between the
information possessed by buyers and sellers.
Opportunistic behaviour is prevalent in exchange relationships.
In the on-line buyer-seller relationship, the seller may behave
opportunistically by trying to meet its own goals without
considering the consumer’s benefits.

7/41

Social perspective

Trust antecedents : calculus , knowledge institution based

Calculus-based trust ⇒ credible information regarding the
intentions or competence of the trustee.
Knowledge-based trust ⇒ aggregation of trust related
knowledge by the involved parties ⇒ accumulated either ﬁrst-hand
(based on an interaction history) or second-hand
Institution-based trust ⇒ one believes the necessary impersonal
structures are in place to enable one to act in anticipation of a
successful future endeavour

8/41

Trust in MANETs and WSNs

MANET - Problems

MANETs: nodes are autonomous and do not have any common
interest ⇒ selﬁsh behaviour ⇒ need incentive and motivation to
cooperate

Non-cooperative behaviour of a node:
selﬁsh intention (e.g. save power)
malicious intention (e.g. denial-of-service attacks).

9/41


WSN - Problems

WSNs - all sensors belong to a single group/entity and need to
cooperate towards the same goal ⇒ incentive is less of a concern.
In the same time, WSNs are vulnerable to physical capture ⇒
make the sensor nodes tamper-proof ⇒ expensive

tamper-prooﬁng the nodes ⇒ not a viable solution: An adversary
might change sensors to start misbehaving and disrupt
communication in the network and afterwards to launch an attack
from insider ⇒ need of security mechanisms to make WSNs able
to cope with insider attacks.

10/41


Misbehaviour of nodes

Reputation and trust-based systems enable nodes to make
informed decisions on prospective transaction partners.

11/41


Eﬀects of nodes misbehaviour

Examples of eﬀects of the misbehaviour of nodes:
packet loss increased
denial-of-service experienced by honest nodes in the network
There were theoretical studies that emphasized the following ides:
increased cooperation more than proportionately increases the
performance for small networks with fairly short routes
prevention measures (encryption, authentication) reduce the
success of intrusion attempts in MANETs, but cannot
completely eliminate them.

12/41

Overview of Reputation and Trust Based Systems

System goals

1 provide information that allows nodes to distinguish between
trustworthy and non-trustworthy nodes.
2 encourage nodes to be trustworthy.
3 discourage participation of nodes that are untrustworthy.
4 cope with any kind of observable misbehaviour
5 minimize the damage caused by insider attacks.

13/41


Properties

In order to work eﬀectively the system should have the following
properties:
1 Long-lived entities that inspire an expectation of future
interaction.
2 The capture and distribution of feedback about current
interactions (such information must be visible in the future).
3 Use of feedback to guide trust decisions.

14/41


Properties

Properties of the trust metric:
1 Asymmetric (if node A trusts node B, then it is not
necessarily true that node B also trusts node A),
2 Transitive: (if node A trusts node B and node B trusts node
C, then node A trusts node C),
3 Reﬂexive: (node always trusts itself).

15/41


Initialization

Reputation and trust-based systems can be initialized in one of the
following presented ways:
1 All nodes in the network are considered trustworthy. Nodes
trust each other node in the network. Reputation of nodes is
decreased by every bad encounter.
2 All nodes are considered to be untrustworthy and no node
trusts any other node within the network. Reputation of
nodes is increased with every good encounter.
3 All nodes are neither considered trustworthy nor
untrustworthy. They all take a neutral reputation value to
begin with. Reputation of nodes is increased or decrease with
every good respectively bad encounter.

16/41


Classification
Classification of such systems can be done based on the following
criteria:
1 Observation: First-Hand (direct observation, own experience) or
second-hand (information obtained through peers).
2 Information Symmetry: Symmetric (same amount of information) or
Asymmetric (different amount of information).
3 Centralization: Centralized (one entity maintains reputation of all
nodes) or Distributed (each node maintains reputation of all nodes
he cares about). In case of the second one reputation can be stored
Local or Global.
4 Trust among peers: Credential-based or Behaviour based trust
management systems
.
17/41


Pros and cons

Reputation and trust-based systems:
+ one of the best solutions for dealing with selﬁsh misbehaviour.
+ robust solutions to curtail insider attacks.
+ for the most part, self maintaining.

− added overhead, both in computation and communication,
− a new dimension of security consideration ⇒ adversary might
attack the system based on the reputation system itself.

18/41

Components of Reputation and Trust Based Systems

Information Gathering

Information Gathering - the process by which a node collects
information about nodes it cares about ⇒ concerned only with
ﬁrst-hand information.

Most reputation and trust-based systems make use of a component
called Watchdog to monitor their neighbourhood and gather
information based on promiscuous observation.

19/41


Information Sharing

Information Sharing- concerned with dissemination of ﬁrst-hand
information gathered by nodes.
Information can be shared among nodes in the following ways:
friends list, blacklist, and reputation table.
For sharing information, three important issues have to be
addressed:
1 Dissemination frequency: Proactive Dissemination and
Reactive Dissemination
2 Dissemination locality: Local and Global
3 Content of information disseminated: Raw and Processed.

20/41


Information Modelling

Information Modelling - deals with combining the ﬁrst-hand and
second-hand information meaningfully into a metric. It also deals
with maintaining and updating this metric.

21/41


Decision Making

Decision Making - responsible for taking all the decisions.
Decisions made by this component ⇒ based on the information
provided by the information modelling component.

Basic decision ⇒ binary decision, on who to trust and who not to
(be one of cooperate/dont-cooperate, forward/dont-forward, etc).

22/41

Examples of Reputation and Trust-based Systems
Core

Core - About
A Collaborative Reputation Mechanism to enforce node
co-operation in Mobile Ad hoc Networks.
a distributed, symmetric reputation model
uses ﬁrst-hand and second-hand information for updating
reputation values.
uses bi-directional communication symmetry and dynamic
source routing (DSR) protocol for routing.
assumes wireless interfaces that support promiscuous mode
operation
nodes ⇒ members of a community ⇒ have to contribute on a
continuing basis to remain trusted, else reputation will
degrade until eventually they are excluded from the network.
each node: a watchdog mechanism for promiscuous
observation.
23/41

Core

Core - About

addresses only the selﬁsh behaviour problem.
reputation ⇒ formed and updated along time ⇒ subjective
reputation, indirect reputation, and functional reputation
past observations are more important than the current
observations.
two types of protocol entities, requester (ask execution of
function f ) and provider (execute f )
use of reputation table (RT), with one RT for each function:
unique ID, recent subjective reputation, recent indirect
reputation, and composite reputation for a predeﬁned
function. RTs are updated in two situations: during the
request phase and during the reply phase.

24/41

Core

Core - Information gathering

The reputation of a node computed from ﬁrst-hand information is
referred to as subjective reputation (calculated directly from a
node’s observation). Subjective reputation is calculated only for
the neighbouring nodes and it is updated only during the request
phase. If a provider does not cooperate with a requester’s request,
then a negative value is assigned to the rating factor σ of that
observation and consequently the reputation of the provider will
decrease (value varies between -1 and 1). New nodes, when they
enter the network, are also assigned a neutral reputation value
since enough observations are not available to make an assessment
of their reputation.

25/41

Core

Core - Information sharing

Indirect reputation (second-hand information) is used to model
MANETs as complex societies. One node sees the others through
the opinion of the society. Core adds the following restriction: only
positive information can be exchanged (prevents bad mouthing
attacks on benign nodes). Each reply message consists of a list of
nodes that cooperated and like this indirect reputation will be
updated only during the reply phase.

26/41

Core

Core - Information modelling

Functional reputation (combined value of subjective and indirect
reputation for diﬀerent functions) is used to test how trustful a
node is with respect to diﬀerent functions. In CORE, reputation is
compositional. Thus, the global reputation for each node is
obtained by combining the three types of reputation. Positive
reputation values are decremented along time to ensure that nodes
cooperate and contribute on a continuing basis.

27/41

Core

Core - Decision making

When a node has to make a decision: it checks the reputation
value of the requester. Positive values indicates well behaved
entities. If the value is negative, the node is tagged as a
misbehaving entity and denied the service. A misbehaving entity is
denied service unless it cooperates and ameliorates its reputation
to a positive value.
Reputation ⇒ hard to build (reputation decreases every time the
watchdog detects a non cooperative behaviour and it also gets
decremented in time to prevent malicious nodes from building
reputation and then attacking the system resources.

28/41

Core

Core - Discussion

1 if reputation is high, a node can misbehave temporarily
2 CORE prevents false accusation attacks, conﬁning the
vulnerability of the system to only false praise
3 since only positive information is shared, the possibility of
retaliation is prevented. There is a problem with combining
the reputation values for various functions into a single global
value.
4 CORE also ensures that disadvantaged nodes that are
inherently selﬁsh due to their critical energy conditions are not
excluded from the network using the same criteria as for
malicious nodes

29/41

Confidant

Confidant - About
Cooperation Of Nodes - Fairness In Dynamic Ad-hoc NeTworks.
inspired by ”The Selfish Gene” by Dawkins which states
reciprocal altruism is beneficial for every ecological system
when favors are returned simultaneously because of instant
gratification.
main purpose: make misbehaviour unattractive in MANETs
based on selective altruism and utilitarianism.
distributed, symmetric reputation model which uses both
first-hand and second-hand information for updating
reputation values.
aims to detect and isolate misbehaving nodes
for routing: used DSR
assumes that no tamper-proof hardware is required for
itselfother nodes to modify their values.
30/41

Confidant

Confidant - Components
Confidant has four components at each node: Monitor, Trust
Manager, Reputation System, and Path Manager.

31/41

Conﬁdant

Conﬁdant - Information Gathering

The Monitor: helps nodes to passively observes their 1-hop
neighbourhood.
nodes can detect deviations by the next node on the source
route ⇒ have a copy of a packet while listening to the
transmission of the next node ⇒ any content change can be
detected ⇒ the monitor registers these deviations ⇒ report
bad behaviour to the reputation system.
the monitor also forwards ALARMS to the Trust Manager for
evaluation

32/41

Conﬁdant

Conﬁdant - Information Gathering

Trust Manager: handles all the incoming and out-going ALARM
messages.
Incoming ALARMs (from any node)⇒ source has to be checked
for trustworthiness⇒ looking at trust level of the reporting node.
Outgoing ALARMS ⇒ generated by the node itself after it was
detected a malicious behaviour.
Recipients: friends ⇒ friends list by each node.
The Trust Manager:
contains: alarm table (information about alarms), trust table
(trust levels for nodes), and friends list (all friends of node).
responsible: providing or accepting routing information.

33/41

Confidant

Confidant - Information Modelling

Reputation System ⇒ table consisting of entries for nodes and
their rating.
Ratings ⇒ changed when there is sufficient evidence of malicious
behaviour (has occurred at least a threshold number of times to
rule out coincidences) ⇒ updated according to a rate function
(greatest weight: personal experience, smaller weight: observations
in the neighbourhood, even smaller weight: to reported experience)
⇒ the reputation entry for the misbehaving node is updated
accordingly.
Node = rating below a predetermined threshold ⇒ Path Manager
is summoned.

34/41

Conﬁdant

Conﬁdant - Decision Making

Path Manager ⇒ the decision maker ⇒ responsible for:
path re-ranking according to the security metric ⇒ deletes
paths containing misbehaving nodes
taking necessary actions upon receiving a request for a route
from a misbehaving node.

35/41

Conﬁdant

Conﬁdant - Discussions

only negative information is exchanged between nodes ⇒
system is vulnerable to false accusation of benign nodes by
malicious nodes.
false praise attacks are prevented since no positive information
is exchanged ⇒ eliminates the possibility of malicious nodes
colluding to boost the survival time of one another.
since negative information = shared between nodes ⇒ an
adversary gets to know his situation ⇒ change his strategy

36/41

Confidant

Confidant - Discussions

nodes that are excluded will recover after a certain timeout
failed nodes are treated like any other malicious node
authors have not explained how the actual reputation is
computed and how it is updated using experienced, observed
and reported information.
authors have not provided any evidence to support their
rationale behind the differentiation of weights.

37/41

Open problems

Reputation and trust-based systems are still in the ﬁrst phase when
it comes to MANETs and WSNs ⇒ current open problems:
the bootstrap problem.
intelligent adversary strategies.

38/41

Conclusions

Reputation and trust: very important tools ⇒ used since the
beginning to facilitate decision making in diverse ﬁelds from an
ancient ﬁsh market to state of the art e-commerce.

39/41

Bibliography

Bibliography

“Reputation and Trust-based Systems for Ad Hoc and Sensor
Networks”, Avinash Srinivasany, Joshua Teitelbaumy, Huigang
Liangz, Jie Wuy and Mihaela Cardeiy
“A Survey on Reputation and Trust-Based Systems for
Wireless Communication Networks”, Jaydip Sen
“Trust and Reputation Systems for Wireless Sensor Networks”,
Rodrigo Roman, M. Carmen Fernandez-Gago, and Javier
Lopez
“Performance Analysis of the CONFIDANT Protocol
(Cooperation Of Nodes: Fairness In Dynamic Ad NeT
works)”, Sonja Buchegger, Jean-Yves Le Boudec

40/41

Bibliography

Thank you!

41/41

Trust and reputation in mobile environments

Recommandé

Recommandé

Contenu connexe

Similaire à Trust and reputation in mobile environments

Similaire à Trust and reputation in mobile environments (20)

Trust and reputation in mobile environments