Docstoc

Reputation

Document Sample
Reputation Powered By Docstoc
					Reputation-based Framework for
 High Integrity Sensor Networks
    Adapted from the original presentation
    made by the authors
    High Integrity Sensor Networks



  How can the end-user rely on the
              information
provided to it by the sensor network?




                                        2
  Why does misbehavior takes place?

         Information returned may be distorted



Noise: unavoidable     Fault:            Malicious attacks:
•In sensing            Persistent,
•In communication                        (External attacker,
                       transient,
                                         compromised nodes)
                       intermittent
                       malfunction




                                                               3
           Where does misbehavior takes
                     place?

Collaborative and local                      Sensing
    data processing                          ????
      ????


                      Networking
                 Cryptography
                     Key Establishment
                  Cryptographic frameworks
                       Secure routing
                            ……




         Is Network Security enough?
                                                       4
        Decentralized decision making
    I detected          I detected
   a car at (x,y)      a car at (x,y)
 I detected               It was a
a car at (x,y)       false alarm. No
                         such car!

   I detected
  a car at (x,y)



                 Misbehavior while routing information
   I detected
  a car at (x,y)


  Misbehavior even while generating information

                                                         5
     Limitations of network security
• Distributed collaborative data processing
  – Network security -> Make sure that only authenticated nodes
    participate.
  – Network security cannot -> Verify if nodes function properly


• Distributed data gathering
  – Network security can -> message integrity, confidentiality,
    secure relaying.
  – Network security cannot -> data authentication.

 Compromise nodes have access to valid keys!

                                                              6
Reputation based framework for sensor
          networks (RFSN)
         How do nodes trust each other?
How do nodes trust the information provided by other
                       nodes?
 Embedded in every social network is a web of trust
 • How does human societies evolve?
    – Principle of reciprocal altruism
       • Be nice to others who are nice to you
    – When faced with uncertainties
       • Trust them who have the reputation of being trustworthy


    Proposed solution: Form a similar community of
      trustworthy nodes in the network over time
                                                                   7
               Why this approach?
• Sensor network already follow a community
  model
  – Individual nodes do not have any utility
  – Collaborative information gathering, data processing and
    relaying.


• Missing element is trust….
  – Nodes are dumb and they collaborate with every node.
  – Internal adversaries exploit this very fact!
  – Faulty sensors results in equally detrimental effects.

• RFSN incorporates intelligence into nodes
  – Exposes trust as an explicit metric!
  – Cooperate with ONLY those nodes that are trustworthy.
                                                               8
     Node level skeleton structure of
                 RFSN
    Watchdog
    mechanism        Reputation        Trust          Behavior




                     Second hand
                      information


   Observe the action of other nodes – Watchdog mechanism
   Develop a perception of other nodes over time – Reputation
   Predict their future behavior – Trust
   Cooperate/Non-cooperate with trustworthy nodes – Behavior
   Share experiences to facilitate community growth – Second
    hand information
                                                             9
         Reputation representation
• Probabilistic formulation
   – Use beta distribution to represent reputation of a node.
                              (   )  1
         Rij  Beta( ,  )              x (1  x)  1 0  x  1,  0,   0
                              ( )(  )

         Reputation of node j from the perspective of node i


• Why beta distribution?
   – Simple to store: Just characterized by 2 parameters.
   – Intuitive: α and β represents magnitude of cooperation and non-cooperation.
   – Efficient: Easy reputation updates, integration, trust formulation.

• Maintain reputation for just neighboring nodes
   – Use locality – Provides scalability.



                                                                                   10
                 Reputation updates
  • Problem formulation
      – Node i wants to update Rij = Beta(αj, βj) based on r cooperative and s non-
        cooperative observations about j.

  • Approach
                                           P(Observation / Belief ) * P( Belief )
              P( Belief / Observation) 
                                                    Normalization
                                                                Old reputation, Beta(αj, βj)
New reputation, ??
                                            ????
   • Solution
       – Beta distribution is conjugate prior of binomial distribution.
       – Model P(observations/belief) as Bin(r+s,r)

                       Bin(r  s, r ) * Beta( j ,  j )
               Rij                                         Beta( j  r ,  j  s )
                              Normalizat ion

                                                                                        11
                  Update algorithm
                                 new   j  r
                                  j

                                  jnew   j  s


• Implications
   – Simple, efficient and strong foundation to statistic.

• Diversity – No restrictions on (r, s)
   – Not necessarily has to be integers
       • Beta distribution still well defined.
   – Nodes can give higher rating to critical events.
   – Allow partial ratings.




                                                             12
             Reputation integration
• Problem formulation
  – Node i receives reputation information about node j through node k.
      • Represented by (αjk ,βjk).

               new   j   k ;  jnew   j   jk
                j             j




• Different from updation step
   – Reputation of reporter node, k, should also reflect in final result

• Approach
   – Use belief theory

                                                  {2 *  k *  k }
                     new   j 
                                                               j

                                     {( k  2) * ( k   jk  2)}  {2 *  k }
                      j
                                                     j

                                                   {2 *  k *  jk }
                     jnew   j 
                                     {( k  2) * ( k   jk  2)}  {2 *  k }
                                                     j

                                                                                   13
                               Trust
• Problem formulation
  – What is the expectation of its next action being cooperative?


• Approach
  – Want to estimate θ, future behavior of node j
     • Prior knowledge – None - Uniform in (0,1).
     • Observations – αj as cooperative, βj as non-cooperative - Binomial




              Bin( j   j , j ) * Beta(1,1)
    P( )                                        Beta( j  1,  j  1)
                     Normalizat ion
                                                      j 1
        Tij  E[ ]  E[ Beta( j  1,  j  1)] 
                                                   j j 2
                                                                            14
                              Behavior
• How to classify nodes as good/bad?
  – Use a simple thresholding technique on trust

                           cooperateTij  TH 
                    Bij                           
                          don' tcooperateTij  TH 

• What is Bij ?
   – An abstract quantity.
   – Node i further action will decide on this
       • Don’t route packet through j.
       • Don’t send sensor data to j.


• Choosing threshold
   – Flexible
       • Allow for dynamic configurability by the user.
   – Diverse
       • Can be application specific.
       • Reflect the security needed by that application.

                                                            15
                        Conclusions
• Generalized
  – Can handle malicious as well as non-malicious misbehavior.
  – Can handle misbehavior in networking, sensing as well as data
    processing.


• Scalable
  – Maintain reputation only about neighboring nodes.


• Diverse
  – Security can be tuned to meet application demands
  – Events can be rated at completely arbitrary scales


• Reconfigurable
  – All our design choices are governed by this criteria.

BUT LOTS OF WORK STILL NEEDS TO BE DONE….
                                                                    16
   Ongoing research work: Watchdog
                Mechanism
     Watchdog mechanism is the heart of RFSN

• Generalized watchdog mechanism is not
  feasible!
  – Modules developed will be context specific.


• Designing individual modules
  – Outlier detection schemes, Consensus based protocols,
    ….

• Key is the scale!
  – Relies on redundancy and consistency in a local
    neighborhood.
                                                            17
 Watchdog Mechanism (Contd….)
• Limits to which a framework based on homogeneous
  resources can work
   – Find out these limits?


• Can introducing heterogeneous resources help?
   – For example a trusted sensor -> equivalent to an access point.


• Problem is much simpler for the non-malicious case ->
  faulty nodes and noise.
   – Malicious attacker can act completely arbitrarily!
   – Ongoing work: Fault tolerant temperature monitoring system using
     mica motes


                                                                        18
                 Open problems
• Bootstrapping network.
  – How does trust gets established?

• Intelligent adversaries
  – Cooperate and non-cooperate periodically.


• Context aware reputation
  – Is node with a bad temperature sensor bad for routing?
  – Multilayered RFSN seems like a feasible solution.



                                                             19

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:2/17/2012
language:
pages:19