370 likes | 381 Views
Explore a secure routing protocol, TAODV, based on trust relationships in Mobile Ad Hoc Networks. Learn trust calculation, framework, and updates without added overhead.
E N D
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi Term Presentation 2004-4-27
Outline • Introduction • Framework of TAODV • Trust model for TAODV • Routing operations in TAODV • Analyses and simulations • Conclusion
Now Comes to: • Introduction • Framework of TAODV • Trust model for TAODV • Routing Operations in TAODV • Analyses and Simulations • Conclusion
Introduction • Mobile Ad Hoc Network (MANET) • No fixed infrastructure • Multi-hop routing by cooperation of nodes in a self-organized way • Nodes has high mobility • Underlying medium is wireless • Frequent link layer errors • Vulnerable to kinds of attacks
Routing Protocols for MANET • DSR: • The Dynamic Source Routing Protocol • DSDV: • Destination-Sequenced Distance Vector Protocol • AODV: • Ad Hoc On-Demand Distance Vector Protocol • Two main routing messages: • RREQ: Routing REQuest • RREP: Routing REPly
Applications of MANET • Personal area networking • Meeting rooms • Disaster relief • Battlefield operations High Security Requirements
Previous Security Solutions for MANET • Secure routing protocol • may perform digital signature authentication at each routing message • huge overhead • Key management mechanism • usually need a super-trusted third-party to issue certificates • destroy the self-organization nature of MANET
Previous Security Solutions for MANET (con’d) • Intrusion detection mechanism • Listen, collect and analyze all traffics on each node • Huge process overhead Our aim is to design a secure routing protocol, called TAODV (Trusted AODV Routing Protocol), without introducing huge overhead or destroying the self-organization nature of MANET
Now Comes to: • Introduction • Framework of TAODV • Trust model for TAODV • Routing Operations in TAODV • Analyses and Simulations • Conclusion
Main Ideas of TAODV • A secure routing protocol for MANET • Use trust relationships among nodes for routing • Employ a trust model derived from subjective logic • Trust calculation is not very time-consuming • Need not sign and verify digital signature at each routing message • Cooperate with a self-organized key management mechanism • such as some threshold solutions • We take AODV for example to illustrate our idea
Four Modules of TAODV • Basic routing protocol (AODV in this work) • Trust model • Define the algorithms or rules to combine, judge, and update trust information based on subjective logic • Trusted routing protocol • Self-organized key management mechanism • generate a {secret, public} key pair for each node and distribute public keys in a secure self-organized way • A pre-requisition, will not discuss it in this presentation
Module of Trusted Routing Protocol • Include operations of • trust recommendation • trust combination • trust judgement • trust update • signature authentication • trust authentication
Now Comes to: • Introduction • Framework of TAODV • Trust model for TAODV • Routing Operations in TAODV • Analyses and Simulations • Conclusion
Representation of Trust • Use Opinion to represent trust: • A two-dimensional, but three-element metric • -- Probability of node A believing in node B • -- Probability of node A disbelieving in node B • -- Probability of node A’s uncertainty about B • We define that
Combination of Trust • Discounting Combination: • Combine trusts along one path • Combine • Equation: Let
Combination of Trust (con’d) • Consensus Combination: • Combine trusts from several paths • Combine • Equation: Let
Mapping Between Evidence and Opinion space • Mapping from evidence space to opinion space: • αis a parameter • imply the change rate of b, d, and u • we can adjust it to meet our application • p : positive evidences • n : negative evidences
Mapping Between Evidence and Opinion space (con’d) • Mapping from opinion space to evidence space: • We can update trust information from evidence space mapping to opinion space, or vice versa
Now Comes to • Introduction • Framework of TAODV • Trust model for TAODV • Routing Operations in TAODV • Analyses and Simulations • Conclusion
Trust Recommendation • Exchange trust information • Three types of message: • TREQ: Trust REQuest • TREP: Trust REPly • TWARN: Trust WARNing • Broadcast TWARN when a node’s disbelief value is zero
Trust Recommendation (con’d) • Message Structure • TREQ • TREP
Trust Judgement • Predefined trust judging rules b – belief d – disbelief u – uncertainty h – threshold which can be adjusted to meet different security level (default h=0.5)
Trust Update • Update of Evidences • Successful Communication Positive events: p++ • Failed Communication Negative events: n++ • Mapping from opinion space • Update of opinion • Combination from different recommendations • Mapping from evidence space
Routing Table Extension • Add three fields into original routing table • Positive events • Negative events • Opinion • New routing table format
Routing Message Extension • Add such fields into original routing messages • Trust information, or • Digital signature information • RREQ TRREQ • RREP TRREP • Message structure:
General Process of TAODV • On initialization, each node’s opinion towards others is (0,0,1), which means total uncertainty of other nodes’ trustworthiness. • Nodes perform signature authentication during the initialization period. • After some trust exchanges and data communications, thus with the increase of either positive or negative events, the uncertainty will be decreased and the trust relationship among nodes are forming. • When the trust relationship in the network has been established, the authentication of nodes will mainly use trust authentication.
C S P D N Trusted Routing Discovery • S originated a routing request to D • C is the current node • P is C’s precursor, N is the next hop • Suppose threshold=0.5
Routing Process at Current Node Trust exchange step1: Authenticate P step2: Authenticate S step3: step4: Authenticate D
Trust exchange for opinions to S, D, P Combine opinion(C,P) d>0.5 U>0.5 or b,d,u<=0.5 Judge opinion(C,P) b>0.5 Combine opinion(C,S) U>0.5 or b,d,u<=0.5 d>0.5 Judge opinion(C,S) b>0.5 Combine opinion(C, D) Y d>0.5 U>0.5 or b,d,u<=0.5 Signature authentication Judge opinion(C, D) Have route? b>0.5 N enqueue Correct? Have route? N Y N Y Deny TRREP Re-TRREQ TRREP Deny Wait for RREQ Routing Process at Current Node
Now Comes to: • Introduction • Framework of TAODV • Trust model for TAODV • Routing operations in TAODV • Analyses and simulations • Conclusion
Performance Analysis • Communication overheads can be sharply reduced by avoiding signature generation and verification at each routing message. • Bandwidth overheads can be largely reduced because of replacing 1024/2048 bit signatures to simple trust values.
Security Analysis • If no misbehavior, trust value will keep increasing. • If an external malicious node, it will at once be denied due to not providing valid signature. • We only consider to prevent external attacks. • Internal attacks can be eased through certificates renewal.
Simulation Environment • Simulator: ns-2
Selected Simulation Results Throughput of receiving bits VS Average End2End delay (pause time: 10s)
Conclusion • TAODV is a trusted routing protocol which cooperates with a self-organized key management mechanism. • It introduces less computation overheads than previous secure routing protocol solutions and also guarantee a certain security level. • It performs trusted routing in a self-organized way.
Q&A Thank You!