190 likes | 329 Views
Reputation-based Framework for High Integrity Sensor Networks. Adapted from the original presentation made by the authors. High Integrity Sensor Networks. How can the end-user rely on the information provided to it by the sensor network?. Why does misbehavior takes place?.
E N D
Reputation-based Framework for High Integrity Sensor Networks Adapted from the original presentation made by the authors
High Integrity Sensor Networks How can the end-user rely on the information provided to it by the sensor network?
Why does misbehavior takes place? Information returned may be distorted Noise: unavoidable • In sensing • In communication Fault: Persistent,transient,intermittent malfunction Malicious attacks: (External attacker, compromised nodes)
???? ???? Where does misbehavior takes place? Collaborative and local data processing Sensing Networking Cryptography Key Establishment Cryptographic frameworks Secure routing …… Is Network Security enough?
I detected a car at (x,y) It was a false alarm. No such car! I detected a car at (x,y) I detected a car at (x,y) Misbehavior while routing information I detected a car at (x,y) Misbehavior even while generating information I detected a car at (x,y) Decentralized decision making
Limitations of network security • Distributed collaborative data processing • Network security -> Make sure that only authenticated nodes participate. • Network security cannot -> Verify if nodes function properly • Distributed data gathering • Network security can -> message integrity, confidentiality, secure relaying. • Network security cannot -> data authentication. Compromise nodes have access to valid keys!
Embedded in every social network is a web of trust • How does human societies evolve? • Principle of reciprocal altruism • Be nice to others who are nice to you • When faced with uncertainties • Trust them who have the reputation of being trustworthy Reputation based framework for sensor networks (RFSN) How do nodes trust each other? How do nodes trust the information provided by other nodes? Proposed solution: Form a similar community of trustworthy nodes in the network over time
Why this approach? • Sensor network already follow a communitymodel • Individual nodes do not have any utility • Collaborative information gathering, data processing and relaying. • Missing element is trust…. • Nodes are dumb and they collaborate with every node. • Internal adversaries exploit this very fact! • Faulty sensors results in equally detrimental effects. • RFSN incorporates intelligence into nodes • Exposes trust as an explicit metric! • Cooperate with ONLY those nodes that are trustworthy.
Watchdog mechanism Reputation Trust Behavior Second hand information Node level skeleton structure of RFSN • Observe the action of other nodes – Watchdog mechanism • Develop a perception of other nodes over time – Reputation • Predict their future behavior – Trust • Cooperate/Non-cooperate with trustworthy nodes – Behavior • Share experiences to facilitate community growth – Second hand information
Reputation representation • Probabilistic formulation • Use beta distribution to represent reputation of a node. Reputation of node j from the perspective of node i • Why beta distribution? • Simple to store: Just characterized by 2 parameters. • Intuitive:α and β represents magnitude of cooperation and non-cooperation. • Efficient: Easy reputation updates, integration, trust formulation. • Maintain reputation for just neighboring nodes • Use locality – Provides scalability.
Solution • Beta distribution is conjugate prior of binomial distribution. • Model P(observations/belief) as Bin(r+s,r) Reputation updates • Problem formulation • Node i wants to update Rij = Beta(αj, βj) based on r cooperative and s non-cooperative observations about j. • Approach Old reputation, Beta(αj, βj) New reputation, ?? ????
Update algorithm • Implications • Simple, efficientand strong foundation to statistic. • Diversity – No restrictions on (r, s) • Not necessarily has to be integers • Beta distribution still well defined. • Nodes can give higher rating to critical events. • Allow partial ratings.
Different from updation step • Reputation of reporter node, k, should also reflect in final result • Approach • Use belief theory Reputation integration • Problem formulation • Node i receives reputation information about node j through node k. • Represented by (αjk ,βjk).
Trust • Problem formulation • What is the expectation of its next action being cooperative? • Approach • Want to estimate θ, future behavior of node j • Prior knowledge – None - Uniform in (0,1). • Observations – αj as cooperative, βj as non-cooperative - Binomial
Behavior • How to classify nodes as good/bad? • Use a simple thresholding technique on trust • What is Bij ? • An abstract quantity. • Node i further action will decide on this • Don’t route packet through j. • Don’t send sensor data to j. • Choosing threshold • Flexible • Allow for dynamic configurability by the user. • Diverse • Can be application specific. • Reflect the security needed by that application.
Conclusions • Generalized • Can handle malicious as well as non-malicious misbehavior. • Can handle misbehavior in networking, sensing as well as data processing. • Scalable • Maintain reputation only about neighboring nodes. • Diverse • Security can be tuned to meet application demands • Events can be rated at completely arbitrary scales • Reconfigurable • All our design choices are governed by this criteria. BUT LOTS OF WORK STILL NEEDS TO BE DONE….
Ongoing research work: Watchdog Mechanism Watchdog mechanism is the heart of RFSN • Generalized watchdog mechanism is not feasible! • Modules developed will be context specific. • Designing individual modules • Outlier detection schemes, Consensus based protocols, …. • Key is the scale! • Relies on redundancy and consistency in a local neighborhood.
Watchdog Mechanism (Contd….) • Limits to which a framework based on homogeneous resources can work • Find out these limits? • Can introducing heterogeneous resources help? • For example a trusted sensor -> equivalent to an access point. • Problem is much simpler for the non-malicious case -> faulty nodes and noise. • Malicious attacker can act completely arbitrarily! • Ongoing work: Fault tolerant temperature monitoring system using mica motes
Open problems • Bootstrapping network. • How does trust gets established? • Intelligent adversaries • Cooperate and non-cooperate periodically. • Context aware reputation • Is node with a bad temperature sensor bad for routing? • Multilayered RFSN seems like a feasible solution.