1. Introduction
Due to ever increasing use of sensor based mobile devices for various applications like: household appliances, military purpose, virtual navigation, tele-geoprocessing appliances, tele-medicine, virtual navigation, vehicular networks etc. more is the demand of decentralized mechanism for mobile communication. MANETs can be constructed using similar decentralized approach with short range wireless technologies like: Bluetooth, Zigbee, WiFi etc. Sensor based MANET’s devices are resource constraint devices with limited bandwidth, computing, storage, energy etc. Thus, lightweight primitives are required to perform the necessary operations. One major challenge is the scarcity of resources in MANETs that increases the security threats and requirements to integrate lightweight cryptographic aspects. Lightweight cryptography is classified as cryptographic primitives and protocols. Primitives are the procedure to secure network through encryption/decryption, digital signature, hashing, message authentication codes etc. Various models are proposed to provide complete cryptographic solution for any system like: Bell-LaPadula Model, McCumber Model, Orange Book etc. [2]. McCumber model is preferred as compare to other models to provide security relationship between devices and communications [2]. In order to achieve complete security for MANETs, various lightweight cryptographic primitives are taken into consideration on three axes: X-axis {Transmission (TRA), Storage (STO), and Processing (PRO)}, Y-axis {Confidentiality (CON), Integrity (INT) and Availability (AVA)}, Z-axis {Human Factor (HFA), Policy & Practices (PPR) and Technology (TEC)}.
In this work, Trust management based fine grained access control mechanism is designed for end users in resource constraint networks using lightweight symmetric key management in {TRA- INT- HFA} and {TRA- AVA - HFA} pairs. Access control mechanism establishes relationships among nodes. These relationships are maintained through network policies which establish trust among nodes. Lightweight trust management based mechanism is processed through subgroup formation, trust computation, trust propagation, trust aggregation and trust evaluation life cycle. Nodes start forming subgroups or Frisbees at local level. These local groups are linked in a hierarchy through subgroup controller to form global view. Once a hierarchy is formed then trust of node is calculated through positive vibrations in centrality calculation. Centrality is the weighting factor of links between nodes to establish trust. Trust is propagated through multiple routes and aggregated at destination for duplicate values. Unknown trust score is predicted from historical data in evaluation phase. Further, the proposed mechanism is tested against attacks through outlier detection techniques. A mathematical analysis of bad mouthing attack and on-off attack is done and verified through Proverif toolkit.
The remainder of this paper is structured as follows. Section 2 summarizes existing work on key management, anomaly detection mechanism and trust management in fine grained access control. Section 3 describes the notation, symbols and definitions used in this work. In section 4, lightweight trust cycle with it’s four components: trust computation, trust propagation, trust aggregation and trust prediction are proposed. Section 5 describes the simulation of proposed scheme with analysis of anomalies and protection from well known attacks. This section also shows the performance analysis of network with proposed lightweight trust model. Lastly, section 6 present conclusions.
2. Related Work
In 1919, Arvid Damm proposed the automatic key generation mechanism. These automatic key generation mechanisms can be classified as: (i) Symmetric and asymmetric, (ii) Hybrid key, (iii) ID-based threshold key management, (iv) Re-keying based mechanisms, (iv) Group communication mechanisms etc [3]-[7]. In sensor based MANETs, Group key management is efficient approach for user rights. Group keys can be managed through different group key management protocols. First category of these protocols are based on Diffie-Hellman mechanism. For example, Group Diffie Hellman (GDH): GDH.1, GDH.2, GDH.3, A-GDH (Authenticated-GDH), SA-GDH [8]-[9] etc. Major concentration in these protocols is drawn towards reducing the number of communication steps and exponentiation calculations. However, these protocols lacks in providing proper authentication and non-repudiation. Second type of protocols that enhances the security level through session key, renewing procedure of session key and non-repuration through private identification marks are general group key management protocols. For example, Group Key Management Protocol (GKMP), Group Secure Association Key Management Protocol (GSAKMP), Group Data of Interpretation (GDOI), Dunigan and Cao (DC), Hao-Hua-Chu (HHC), Burmester Desmedt Group Key Agreement (BD GKA) etc. [10]-[19]. Similarly another set of protocols developed to provide identification based non-repudiation are classified as ID-based group key management (IGKM). For example, Bonch & Franklin, Yu & Tang, Deng, Mukherjee and Aggarwal and Zhang, Liu, Lou and Fang [20]-[23]. Sensor based ad-hoc networks consist of resource constraint device. Thus, these devices require lightweight key management algorithm to be integrated. In [24], three group key management protocols for lightweight devices are identified and compared: Teo & Tan, WLH and Tseng’s Protocol. It is found that Teo & Tan protocol perform better than other protocols in terms of security, delay and throughput. Further, a scheme is proposed over Teo & Tan protocol with virtual nodes to improve efficiency of network with similar quality of service parameters. In [1], Frisbee Model is integrated with Markov chain to minimize the losses of resource constraint devices with virtual nodes. Local View Formation Algorithm (LVFA) was integrated with Global View Formation Algorithm (GVFA) to calculate the anomaly score which help to find outliers in network.
After developing the group keys for users, the permissions to access network information is control through access control mechanisms. Access control mechanisms ensure that the user and information interactions are authorized to enable data sharing. Level of access rights help to measure the significance of data sharing. Mechanism like fine-grained access control is developed to clarify the controls. Fine-grained access control mechanisms can be classified as: (A) Attribute based techniques: (i) Single secret sharing scheme and (ii) Multi secret sharing scheme. Multi secret sharing scheme can be classified as: (a) Weighted Muti-Secret Sharing, (b) Polynomial based techniques, (c) Chinese remainder based techniques, (d) Hierarchical techniques etc. (B) Identity based techniques: Fuzzy identity based mechanism. (C) Role based techniques: Ontology-based role interaction access control. Inconsistency and incompleteness are the general properties to analyze policy. Schaad and Moffett proposed role based access control policy to check the constraint violations due to administration overhead [25]. Formal methods plays an important role to check the mistakes in defining the policies that may arise due to expressiveness property of policies [26]. Fisler et. al. [27] developed a Margrave tool to check the userspecifies properties of a policy. Alloy [28]-[30] and Margrave help to check duty constraints, roles, absence or presence permission and behavioral response from policy members. For example, subgroup member, controller, virtual member and controller are policy members in this work. Constraints among roles and responsibilities of these policy members is analyzed using these toolkits. Specifying and enforcing constraint in role based access control policies is necessary to enhace the security of such systems [31]. Multiple policies in one system may exhibit common or mutually exclusive properties. Conflicts among these policies is required to be checked and avoid to implement necessary security requirements [32]. In this work, margrave vocabulary and policy are designed for trust based policy analysis to put constraint for avoiding conflcits.
Trust must be established to provide the fine grained access control in sensor network. Description field of Table 1 shows the permission access control sets used in this work for members. Trust is a subjective parameter and can be defined in various ways [33]-[35]. Various parameters that can be taken into consideration for trust evaluation are: expectancy, attitude, belief, reliability, availability, confidence etc. [36]-[37]. A trust management system consists of trust computation, trust propagation, trust aggregation, trust prediction and trust applications [37]. Trust computation can be classified as: (a) Distributed trust computations and (b) Centralized trust computations. Pirzada et. al. developed a reliability based dynamic trust computational method for pure ad hoc networks [38]. This is a centralized authority based mechanism for trust management. A centralized authrotiy failure could lead to major system fault, therefore decentralized approach is required to compute trust. Probst et. al. proposed a statistical distributed approach for trust computation [39]. Distributed approaches put dynamic topology challenge to ad hoc networks. Reports from neighboring nodes help to update trust among sensor nodes in a dynamic model proposed by Liu et. al. [40]. Major challenge in this dynamic network is scalability. Xiong et. al. integrated and evaluated the network performance through peer to peer communication [41]. Velloso et. al. proposed experience based upon dynamic maturity model for trust computation. Majority of trust based mechsnims are prone to attacks due to its objectivity, thus some evaluation schemes should be integrated to increase the security. Sun et. al. has integrated evaluation schemas to identify attack in such networks [42]-[44]. Dynamic trust based propagation methods are required to increase the network security. Cheng et. al. and Trifunovic et. al. proposed such social network based distributed trust propagation method [45]-[46]. Due to its computational complexity these mechanisms are infeasible for sensor networks. Quericia et. al. proposed lightweight trust propagation methods for sensor networks [47]. After trust propagation, it’s value is aggregated at destination. Lightweight trust aggregation methods are proposed by Huang et. al., Bachrach et. al. and Padro et. al. independently [48]-[50]. For some nodes multiple trust or no trust could reach at destination. Some prediction mechanism are required that could be based on past experience. Wang. et. al. proposed a generlized model for trust aggregation [51]. Jonker et. al. added the past experience to increase the unknown or duplicate values and Ham et. al. built reputation on past as well as weighted path values [52]-[53]. Predictions can be evaluated against attacks through outlier detection techniques. Outliers are the deviations of data from its regular data to ensure availability of network in {TRA- AVA - HFA}. Outliers can be classified on different categories: (i) Node & Network based, (ii) Local, Global & Semi-global based, (iii) Error, event or attack based, (iv) Bayesian network based, (v) Nearest neighbor based, (vi) Spectral decomposition based, (vii) Statistical based mechanisms, (viii) Supervised & Unsupervised based, (ix) Distance, density, machine learning or soft computing based etc. [54]-[58]. There is a need to use lightweight mechanism for finding an error in sensor based ad-hoc networks. Traag et. al. proposed a Markov chain based technique to distinguish between an event or error for mobile phones [59]. For MANETs, modifications over this technique is prepared and integrated with Teo & Tan’s protocol for anomaly score calculation [1]. Rights to symmetric key for accessing important data can be constrained using access control mechanisms and policies after detection of anomaly in network.
Table 1.Symbols and Notations
3. Definitions and Notations
3.1 Definitions
Definition 1: (Trust [37]): Trust is an honest behavior or positive vibration sent to gain access to secret data. It is a subjective measure based on reliability, availability, confidence, quality of service, risk, accuracy, repudiation etc.
Definition 2: (Access set ‘y’ [60]): A collection of mobile sensor nodes where, j,k ∈{1,2,3….n}, those are given rights to access on secret data. Participants of ‘y’ are known as an authorized users and the participant not in ‘y’ are called as an unauthorized users.
Definition 3: Centrality of an edge is defined as probability of any mobile sensor node to follow a particular path. A node can follow a different path in dynamic topology based networks. Markov path chain help to find probability of following a particular path based on hidden states. Positive and negative values of centrality are based on anomaly score. A path with detection of outliers is considered as negative. Otherwise, It will be positive.
3.2 Symbols &Notations
Table 1 shows the symbols and notations used in this work.
4. Proposed Methodology
4.1 Frisbee Construction
In order to reduce losses, “Frisbee Model” is used to construct local zones as MANETs are having scarcity of resources [61]. Therefore, Frisbees are formed using trust establishment. If each node’s trajectory is observed and attendance of an event is marked then its trust value increases. Probability P(i, j) of any mobile node MNx to move from to using Markov chain through states where z∈{1,2,3….n}, is calculated as:
If routing and communication states are integrated then probability can be calculated as:
Probability of following a particular path that will proceed to regular event region ‘R’ is calculated as: where is average value of Ps. According to Markov chain, every next state is dependent upon subsequent states. Thus probability of subsequent regular event can be calculated as:
Fig. 1. shows the Frisbee formation process at local level. Figure 1a and figure 1b show the trajectory path of single node which leads to single hop nearest neighbour sensing Frisbee formation. As shown in figure 1c, If Frisbee formation process is continued then the sequence of Frisbees are formed and each have its own subgroup controller.
Figure 1Frisbee formation during LVFA
4.2 Lightweight Trust Computation
Once the probability of a node to follow a particular path is calculated, it’s trust value can be passed along with other nodes in a particular Frisbee using distributed or centralized computational methods. Distributed methods can be classified as: Neighbor sensing, Recommendation based and Hybrid methods. Centralized method is a trust agent based method [37]. Fig. 1b shows the single hop nearest neighbor sensing Frisbee formation. Algorithm 1 describes the behavior trust formation based on routing packets.
Algorithm 1: Trust Formation using routing behavioral characteristics.
Premises: is a set of neighboring nodes of node i. Let μ∈{μ+, μ-} be the set of positive acknowledgement (μ+) and negative acknowledgement or no acknowledgement (μ-). Let μ+ consists of two set values Let ‘WE’ be the weight assigned to edge E. can have two values rand it epresents the centrality score of edge Ei, which is a subset of positive and negative centrality value.
Example: In order to understand the trust computation process, let take an example of graph ‘G’ with possibility of multiple vertices between edges in a local subgroup as shown in Fig. 2. Fig. 3 shows the resultant graph of Fig. 2. Value of weights in figure 3 varies according to centrality calculation method. If Fig. 2 and Fig. 3’s graphs are taken as directed graphs then Table 2 shows the directions and their values. Magnitude of negative values is considered for calculation as it is assumed in distance and signal calculation methods that there is no negative value. Table 3 shows the maximum values of W1, W3 and W6, which provides better trust by taking negative centrality values into consideration. It can also be considered as a good method because remaining weight values are similar to values of other methods. Eigen trust transformation is second good method as compared to distance and signal strength. Thus distance and signal strength method will not always provide good trust transformations.
Fig. 2.Weighted Directed graph to calculate trust
Fig. 3.Single Edge Transformed Weighted Directed graph to calculate trust
Table 2.Centrality values for the graph.
Table 3.Trust computation using different methods
4.3 Lightweight Trust Propagation
Propagation of trust and anomaly values is performed using hierarchical trust formation. If anomaly score exceeds a threshold value then that node is considered as outlier. Further, its value can be transmitted to topmost subgroup controller through other subgroup controllers at different layers in order to form a global view. Similarly, trust value is also passed. Algorithm 2 describes the trust and anomaly score propagation among subgroups in a hierarchy.
Algorithm 2: Local trust collection and anomaly detection
Premises: Let HLi be the hierarchy of subgroup with height ‘h’.
Goal: To collect anomaly scores and trust values. Securely propagate these values to subgroup controller at next hierarchical layer.
Step 1: Subgroup controller collects anomaly and trust values.
4.4 Lightweight Trust Aggregation
Hierarchical group formation proposed in this work make it proficient enough to handle multiple trust values received from different locations. Although trust aggregation is not mandatory for checking multiple values but execution of trust accumulation in this can be performed through different ways: (i) Sequential Aggregation, (ii) Conditional sequential aggregation, (iii) Parallel Aggregation and (iv) Parallel loop aggregation [37][63]. Proposed hierarchical mechanism can be extended with trust aggregation schemes. As shown in Fig. 4, this extension is required for nodes that are away from with more than 1-hop to avoid duplicates. Algorithm 3 describes the method of trust accumulation in trust aggregation.
Fig. 4.Trust aggregation at local subgroup level.
Algorithm 3: Trust aggregation at local and global level.
Goal: Design a local trust aggregation (LTA) and Global trust aggregation (GTA) functions to avoid duplicate communication. Primary GTA (PGTA) is the trust score in main group.
Method 1: Sequential Trust Aggregation (STA)
Step 1: Every subgroup member asses its WE value to nearby trusted nodes in order to transmit the value to
Step 2: Every subsequent node will aggregate this value in LTA function. LTA received at will contain following values:
Step 3: In order to avoid duplicate packets, identification marks of nearby nodes to subgroup controller can be added and form the final LTA list at ithlayer in jth group as:
Step 4: where j∈{1,2,…,n} is passed to HLi+1 layer to form a global trust aggregation.
Step 5: values are passed to (i+1)th, (i+2)th layers and finally reaches to (i+n)th layer.
Method 2: Conditional Sequential Trust Aggregation (CSTA)
Goal: Condition of mirror values is checked at nodes closer to in order to remove looping in sequential trust aggregation.
Step1 to step3 are same as in method 1.
Step4: Check and remove mirror values in
Step 5 & 6 will be same as step 4 & 5 of method 1. Since duplicate values are checked at local level therefore there is no need to check at global level.
Method 3: Parallel Trust Aggregation (PTA)
Step 1: Every subgroup member passes its WE value to nearby trusted nodes in order to transmit it’s value to
Step 2: Every subsequent node will aggregate this value to LTA. LTA received at may contain duplicate values of trust:
Step 3: Check and remove mirror values in
Method 4: Parallel Loop Aggregation (PLA)
Step 1: Every subgroup member passes its WE value to nearby trusted nodes in order to transmit it’s value to If some receive back it’s aggregate value in the list then it will run following procedure to remove duplicates
Step 2: Non duplicate values are aggregated in the list as:
Step 3: Same as step 4 and step 5 of Method 1.
4.5 Lightweight Trust Prediction & Evaluation
Trust prediction methods are used to potentially calculate trust values of nodes based on present and past behaviors [37]. In algorithm 1, trust is predicted based on probability of following a path and anomaly score. Therefore, no extra mechanism is required to calculate trust of unknown nodes based on certain behavior. Anomaly analysis and protection from attacks is done in next section to evaluate the proposed trust system.
5. Simulation and Analysis
5.1 Anomaly Analysis
Simulation of this work is done using ns-3 simulator on Linux platform [64]. Variation of 50 to 200 nodes is done with different anomaly detection parameters: Anomaly detection ratio (ADR), Wrongly calculated anomaly ratio (WCAR), Average local anomaly detection ratio (ALADR) and Average local wrongly calculated anomaly ratio (ALWCAR)[1]. Table 4 shows the analysis of various ratios.
Table 4.Different detection ratios to calculate success rate.
Observation 1: It is observed that with the increase in number of nodes, the ADR decreases and WCAR increases. It is observed that these changes are due to increase in trust level with increase in number of nodes therefore some virtual programmed nodes are added in each subgroup. These programmed nodes will try to gain maximum trust of other nodes with maximum probability of acting as outlier to disgruntle the network user access. Algorithm 4 represents the programmed concept to make virtual nodes.
Algorithm 4: Programmed virtual node to add anomaly with trust satisfaction.
Goal: To observe the reasons of decrease in ADR with increase in number of nodes.
Premises: are the virtual programmed subgroup members to act as outliers. is the trust score of virtual programmed node.
Step 1: Make some nodes in every subgroup. These nodes will try to increase their value with minimum anomaly score.
Step 2: will be able to get access to network services with trust value if it gets new equals to
Step 3: will be increased by virtual programmable nodes with their self motivation.
Table 5 shows the results of anomaly detection when trust level of virtual programmable nodes is varied. If trust level is high then ADR decreases with increase in number of nodes but if trust is low then ADR increases with increase in number of nodes. Similar results are observed with WCAR also. Thus it can be observed that with the increase in number of nodes ADR is strongly dependent on trust level. High trust level signifies that the proposed work is well suited for large scale network and with minimum anomalies. Whereas low trust increases the chances of unauthorized access.
Table 5.Anomaly scores at different trust levels.
Observation 2: It is also observed that ADR ratio at global level is having errors as compared to local level i.e. ALADR. Thus it can be said that these error happens because of (i) Communication barrier or (ii) Attacks. In order to remove the barrier in secure transmission, correction in local algorithm is made in previous work [1]. In this work, proposed algorithms are tested against different attacks: (i) Bad Mouthing Attack and (ii) On-off Attack [65]. Fig. 5 verifies the protection of system from discussed attacks using ProvVerif automated verification tool.
Fig. 5.ProvVerif results showing passing of all tests
Attack 1: Bad Mouthing Attack.
Description: Trust evaluation is strongly dependent on response from others. This response can be judged from [negative, positive] or [high, low] values. Some node can show fraudulent behavior in order to gain advantage or provide benefit to favorable group of nodes. During fraudulent behavior, nodes can intentionally take benefits in terms of: (i) Trust computation and assigning high or low value to one or a group of nodes. If a malicious node wants to incorporate denial of service attack, provide malicious services, create a central point of attack etc. then a high trust value is assigned. But if malicious node wants to drive some honest nodes out of the subgroup, reduces the CENTRALITY value etc. then low trust value is assigned. (ii) Provide different trust response to different set of groups. A negative discrimination means providing good service to all except few. For example, providing good trust value to existing subgroup members but lesser value to new subgroup members coming from other subgroups with high confidence. A positive discrimination means providing good trust service to majority and average to some serving nodes. For example, providing high trust value to existing subgroup members except average trust value to boundary cases. It may be because subgroup controller is not having confidence over those nodes [66].
Background: Various techniques used to remove these attacka are: provide controlled anonymity, incorporating cluster filtering, channel aware detection algorithm [66]-[71].
Proposed System Protection: The proposed system is secures from Bad Mouthing Attack as:
Proposed system protection can be analyzed by checking the system against fault acceptance probability (FAP).
FAP = Probability + Probability[following path as calculated by PS] = Probability[High value of Anomaly Score or high value of or high value of Probability = Probability [Acceptable value of or or or + Probability
Probability of fault acceptance of proposed system is depedent on behavior of nodes which includes distance among nodes, signal strength of nodes, movement of nodes, routing and communication capabilities of nodes, number of neighboring active and sleeping nodes and trust weight between target node and neighboring nodes. Hence it can be assumed that system is propected against the attack until threshold value of anomaly detection is under threshold and behavior factor of target nodes are taken into consideration.
Attack 2: On-Off Attack
Description: Due to dynamic nature of trust, Node may follow different paths to attend an event. At time t1, it may show positive vibrations to follow a particular path but at time t2 it can show negative vibrations to follow original however positive vibration to different path attends the same regular event and probability value decides the path in this work. Higher probability value and low anomaly score determines the chance of a node to follow a particular path. There may be deviation in following a particular path because of side channels like: environment, voltage fluctuation etc. The bearable amount of deviation is considered as forgetting factor. In this work, forgetting factor is calculated as:
Background: Adaptive forgetting scheme is proposed to remove on-off attack [65].
Proposed System Protection: The proposed system is secured from on-off attack because the proposed system provides the feasibility to decide the path with high value of trust aggregation. Four methods of trust aggregation are integrated from literature [37][63]. These methods provide the loop free, conditional checking and overwriting avoidance features to trust in trust aggregation phase. Most importantly, these values are passed through subgroup controller, which is assumed to be the high energy trust node. Even if some node at time t1 shows different trust than at time t2, subgroup controller can boost the trust by passing it’s trust value of t1. Table 6 shows the comparative analysis of trust aggregation methods to remove on-off attack. FAP against on-off attack = Probability [following a path calculated in PS] = Probability [ high value of path calculated in PS] + Probability[deviation]. This deviation value is an acceptable change of path. FAP against on-off attack = Probability [maximum time following the same path] + Probability [deviation] = (1-Probability(maximum time following new path)) + Probability [deviation]. Now if ‘N’ communications are made by some target node then FAP against on-off attack can be calculated as: (1- (N/N+(N-1)/N+(N-2)/N+(N-3)/N+ ……(N-M+1)/N) + Probability[deviation]. Here M is minimum acceptable limit of existing paths. According to birthday paradox, complexity of following a different path is represented as: eM/2. Hence probability of following same path is high if node is honest.
Table 6.N=NO, Y=YES
5.2 Lightweight Analysis
5.2.1 Lightweight Modeling and Analysis
Various formal method analysis based languages are available to perform software abstraction succinctly and efficiently. For example: B, Z, VDM, Alloy etc. [28]-[30]. Alloy is designed to have lightweight analysis rather than concentrating on proof and it provides powerful, small and simple design, automatic and animation analysis with fewer concepts than other languages. Alloy Analyzer is simulation and checking tool to analyze lightweight relationships for Alloy models. Table 7 shows the analysis of automatic subgroup controller, subgroup member and intruder alloy model. In this analysis, variation of number of subgroup controllers, subgroup members and intruders entities are analyzed to find the values that are acceptable for lightweight relationships. In preliminary analysis, relationships are analyzed for 1, 5 and 10 numbers of each entity using proposed trusted and basic strategies. Here, Basic strategy is implementation of identification, authentication, grouping and ownership transfer without proposed trust management cycle. Table 7 shows the time and number of steps required to find intruders in both strategies. Minimum of 14 steps in 23 msec. are required to find single intruder in trusted strategy as compared to 11 steps in 22 msec. for basic strategy in presence of 1 subgroup controller, 1 subgroup member and 1 intruder. Where, step is number of packet checker communications made to find intruder. With increase in any entity, the time and steps increases. This increase is 5 times more if subgroup controller or members are 5 more than intruders because in each of these scenarios number of authentic communications is more. Hence, more time and steps are required if network size increases with increase in any entity. Next, maximum bound of both strategies is find out by increasing the entities. It shows that lightweight relationships are not acceptable for 30 subgroup controller, 60 subgroup member and 40 intruders because of unacceptable increase in number of steps to find intruders.
Table 7.Automatic subgroup controller-intruder analysis (time in msec.).
5.2.2 Analysis of Lightweight Primitives
As shown in Fig. 6, confusion layer for lightweight primitives uses simple logical operations like: AND, OR, NOT etc. to minimize the hardware cost in terms of gate equivalents (GE). Here, A to P represents the data portion of rijandael matrix and rc1 to rc16 are the round constants. The data portion is processed through addconstant, substitute bytes and shift row phases. To achieve confidentiality and authentication using lightweight primitives, LED for encryption/decryption and PHOTON for hashing is integrated, modeled and analyzed with proposed trusted mechanism [72]. Both of these primitives are based on three operations: xoring the key, confusion and diffusion functions. Table 8 shows the comparative analysis of substitution permutation network (SPN) based lightweight primitives (LED, PHOTON) with simple primitive (Advanced Encryption Standard (AES)) for proposed schema. In SPN networks, these three primitives use similar strategy. GE of lightweight primitive (LED and PHOTON) is less as compared to simple primitive (AES). Modeling and execution of these primitives shows that token generated in terms of variables and clauses for lightweight primitives are much lesser than simple primitive. Lightweight primitive consume less time to generate these tokens and complete operations with minimum use of GE.
Fig. 6.Alloy specification for confusion layer in SPN based lightweight primitive
Table 8.Simple vs Lightweight Primitive Analysis for Proposed Schema
5.2.3 Lightweight Fine Grained Access Control Policy Analysis
Fig. 7 and Fig. 8 show the policy and its vocabulary used for proposed schema. Proposed trust based mechanism is having: and with permission set{READ, WRITE, ACCESS, USE, MODIFY}, {READ, ACCESS, USE}, {READ, ACCESS, USE}and {READ, WRITE, ACCESS, USE, MODIFY} respectively. Fig. 8 shows that and are having access from bottom to top i.e from localgroups to network. Whereas and are having access to local groups only. These acess permission are avaiable to respective member if there is no conflict between actions and resources. In order to avoid any conflict, every member establishes relationship by processing through following phases in priority: TrustCompute, TrustPropagate, TrustAggregate, TrustEvaluate, Interested, NotInterested, DenyAccess and AllowAccess. Here, TrustCompute, TrustPropagate, TrustAggregate and TrustEvaluate are the proposed trust management phases. After passing through these phases, it has to show interest to access or deny participation. Member can compute trust and propagate its value to subgroup controller only. Subgroup controller can propagate, aggregate or evaluate trust score at global, hierachical or network level. Policy is checked through margrave language in racket toolkit. Results show that there is no conflict in any relationship among any member of proposed schema. It also confirms that subjects mentioned in vocabulary can perform necessary actions in resources and make decisions provided that it should not violates the conflicts and assigned tasks.
Fig. 7.Access Control Margrave Vocabulary used in Policy for Proposed Schema
Figure 8Margrave policy for Access Control in Proposed Scheme.
5.3 Result Analysis
In simulation, initially zero trust is established among mobile nodes. Nodes use three different MANET’s routing protocols to establish trusts: Ad-hoc On-demand Distance Vector (AODV), Destination Sequenced Distance Vector (DSDV) and Dynamic Source Routing (DSR). Fig. 9 shows the effect of varying the number of nodes among these routing protocols. AODV with 50, 100 and 200 nodes give minimum delay and this delay decreases with increase in simulation time. It can also be observed that delay increases with increase in number of nodes however this growth will not be more than 20%. More passages are available for data communication due to increase in number of nodes. Fig. 10 shows comparison of jitter, initial setup, propagation and processing delays. It can be observed that AODV posses minimum figures as compared to DSDV and DSR. This is because both proposed trust scheme and AODV protocol are reactive in nature and build path prior to data transmission. A minimum traffic delay is developed because of establishing new routes. As shown in Fig. 11, throughput and power consumptions for three protocols are almost equal. But AODV provides minimum delay with same throughput and power consumption among three routing protocols thus AODV is considered to be the best protocol for proposed scheme.
Fig. 9.End to end delay comparison of proposed scheme over MANET routing protocols with variation in number of nodes.
Fig. 10.Delay Comparison of proposed scheme over MANET routing protocols.
Fig. 11.Power vs Throughput comparison over MANET routing Protocols.
5. Conclusion
In this work, a new method is presented for lightweight trust computation, propagation, aggregation and prediction. The system computes trust at local subgroup level from it’s members by calculating centrality score and transmit it to top hierarchies. Therefore, taking into consideration the entire system access control with single primary subgroup, Frisbee model is integrated to create such subgroups and hierarchies to avoid harmful losses for resource constraint networks. Access control policies designed for every member in network are modeled in Alloy and analyzed in Margrave. It is observed that lightweight strategy consume less time and show no right conflicts with minimum use of hardware resources. Furthermore, it is found that the proposed system is protected from various attacks with better quality of service incents subgroup members which can share access rights and self-defense of their own secure data for inauthentic data. At last, lightweight mechanism used in this work increases the complexity of system with time and number of rounds. Thus a re-initialization after regular intervals of time will boost the network services.
References
- A. Kumar, K. Gopal and A. Aggarwal, "Outlier Detection and Treatment for Lightweight Mobile Ad Hoc Networks", Int. Conf. on Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE 2013), Greater Noida, India, volume 115, pp 750-763, 2013.
- J. McCumber, Assessing and Managing Security Risk in IT Systems: A Structured Methodology, 1st Edition, CRC Press, 2005.
- Henk C. A. van Tilborg, Encyclopedia of Cryptography and Security, 2nd edition, Springer-verlag, USA, 2011.
- C. Adam and S. Farrell, "Internet X.509 public key infrastructure: Certificate management protocols." Internet Request for Comments 2510, 1999.
- B. Ramsdell, "S/MIME Version 3 certificate handling", Internet Request for Comments 2632, 1999.
- C. Boyd and A. Mathuria, "Key establishment protocols for secure mobile communications: A selective survey", Elsevier Computer Communication, vol. 23, issues 5-6, pp. 575-587, 1998.
- T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithm", IEEE Transaction on Information Theory, vol. 31, pp. 469-472, 1985. https://doi.org/10.1109/TIT.1985.1057074
- Yair Amir, Yongdae Kim, Cristina Nita-Rotaru, and Gene Tsudik, "On the Performance of Group Key Agreement Protocols", ACM Transactions on Information and System Security", nol. 7, no. 3, Pages 457-488, (August 2004). https://doi.org/10.1145/1015040.1015045
- Paul Judge, Mostafa Ammar, "Security Issues and Solutions in Multicast Content Distribution: A Survey," IEEE Network Magazine, pp. 30-36, 2003.
- H. Harney, C. Muckenhirn, "Group Key Management Protocol Architecture", Internet Request for Comments 2094, July 1997.
- H. Harney, C. Muckenhirn, "Group Key Management Protocol Specification", Internet Request for Comments 2093, July 1997.
- H. Harney, U. Meth, A. Colegrove, "Group Secure Association Key Management Protocol", Internet Request for Comments 4535, June 2006.
- B. Weis, S. Rowles and T. Hardjono, " The Group Domain of Interpretation", Internet Request for Comments 6407, October 2011.
- M. Baugher, B. Weis, T. Hardjono, H. Harney, "The Group Domain of Interpretation", Internet Request for Comments 3547, July 2003.
- P. Hoffman, "Algorithm for Internet Key Exchange version 1 (IKEv1)", Internet Request for Comments 4109, May 2005.
- C. Kaufman, "Internet Key Exchange (IKEv2) Protocol", Internet Request for Comments 4306, December 2005. http://www.ietf.org/rfc/rfc4306.txt
- T. H. Dunigan and C. Cao, "Group Key Management", Technical Report ORNL/TM-13470, 1998.
- M. Burmester and Y. Desmedt, "A Secure and scalable group key exchange system", In Information Processing Letters, 94(3), pp. 137-143, 2005. https://doi.org/10.1016/j.ipl.2005.01.003
- M. Burmester and Y. Desmedt, "A secure and efficient conference key distribution system", In proceedings of Eurocrypt, LNCS 950, pp. 275-286, Springer-Verlag, 1995.
- D. Bonch and M. Franklin, "Identity-based encryption from weil pairing," Advances in Cryptology-Crypto 2001, LNCS 2139, pp. 213-229, Springer-Verlag, 2001.
- J. V. D. Merwe, D. Dowoud and S. McDonald, "A Survey on Peer to Peer key management for Mobile Ad Hoc Networks", ACM Computing Surveys, vol. 39, No. 1, Article 1, April 2007.
- H. Deng, A. Mukherjee, D. Aggarwal, " Threshold and identity based key management and authentication for wireless ad hoc networks," in Proc. of the international conference on information technology: Coding and Computing (ITCC's 04), pp. 1-9, 2004.
- Y. Zhang, W. Liu, W. Lou and Y. Fang, " Securing mobile ad hoc networks with certificateless public keys," IEEE Transaction on Dependable and Secure Computing, vol. 3, pp. 386-399, 2006. https://doi.org/10.1109/TDSC.2006.58
- A. Kumar, A. Aggarwal, Charu, "Efficient Hierarchical Threshold Symmetric Group Key Management Protocol for Mobile Ad Hoc Networks," in Proc. of International Conference on Contemporary Computing (IC3 2012), JIIT, Noida, India, pp. 335-346, 2012.
- A. Schaad and J. D. Moffett, "A lightweight approach to specification and analysis of role based access control extensions", Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT'02), New York, NY, USA, pp. 13-22, 2002.
- J. W. Bryans, J. S. Fitzgerald, "Formal engineering of XACML access control policies in VDM++", ICFEM 2007, Butler, M. Hinchey, M. G., Larrondo-Petrie, M. M. (eds.), LNCS, Springer, Heidelberg, vol. 4789, pp. 37-56, 2007.
- K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz, "Verification and change-impact analysis of access control policies," in Proc. of 27th International Conference on Software Engineering, pp. 196-205, 2005.
- D. Jackson, Software Abstractions: Logic, Languages, and Analysis, MIT Press, ISBN: 978-0-262-10114-1, 2006.
- D. Jackson, "Micromodels of Software: Lightweight Modelling and Analysis with Alloy", Software Design Group, MIT Lab Manual, Feb. 2002.
- D. Jackson, "Alloy: a lightweight object modelling notation", ACM Trans. Soft. Eng. Methodol., vol. 11, no. 2, pp. 256-290, 2002. https://doi.org/10.1145/505145.505149
- J. Crampton, "Specifying and enforcing constraints in role-based access control," in Proc. of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 43-50, 2003.
- R. Sandhu and P. Samarati, "Access control: Principles and practice", IEEE Comm., pp. 2-10, Sept. 1994.
- R. C. Mayer, J. H. Davis and F. D. Schoorman, "An integrative Model of Organizational Trust", Academy of Management Executive, vol. 20(3), pp. 709-773, 1995.
- A. Josang, "The right type of trust for distributed systems," in Proc. of the ACM New Security Paradigms Workshop, pp. 119-131, 1996.
- D. Denning, "A new paradigm for trusted systems", in Proc. of ACM New Security Paradigm Workshop, pp. 36-41, 1993.
- D. H. Mcknight and N. L. Chervany, "The meaning of trust", University of Minnesota, Technical repors, http://misrc.umn.edu/wpaper/WorkingPapers/9604.pdf, 1996.
- K. Govindan, P. Mohapatra, "Trust Computations and Trust Dynamics in Mobile Adhoc Networks: A Survey", IEEE Communications Surveys and Tutorials, vol. 14(2), pp. 279-298, 2012. https://doi.org/10.1109/SURV.2011.042711.00083
- A. A. Pirzada and C. McDonald, "Establishing Trust in Pure Ad-hoc Networks" , Australasian Computer Science Conference, The university of Otago, Dunedin, New Zealand, 2004.
- M. J. Probst and S. K. Kasera, "Statistical trust establishment in wireless sensor networks", in Proceedings of the 13th International Conference on Parallel and Distributed Systems, pp. 1-8, 2007.
- Z. Liu, A. W. Joy and R. A. Thompson, " A dynamic trust model for mobile ad hoc networks", in Proc. of IEEE International Workshop on Future T rends of Distributed Computing Systems, FTDCS'04, pp. 80-85, May 2004.
- L. Xiong and L. Liu, "PeerTrust: Supporting reputation-based trust in peer-to-peer communities", IEEE Transaction on Knowledgement and Data Engineering, Special Issue on Peer-to-Peer Based Data Management, vol. 16, no. 7, pp. 843-857, July 2004.
- P. B. Velloso, R. P. Laufer, D. O. Cunha, O. C. M. B. Duarte and G. Punjollel, "Trust management in mobile ad hoc networks using a scalable maturity-based model", IEEE Trans. Netw. Service Manag, vol. 7, No. 3, pp. 172-185, Sep. 2010. https://doi.org/10.1109/TNSM.2010.1009.I9P0339
- Y. L. Sun, Z. Han, W. Yu and K. J. Ray Liu, "A trust evaluation framework in distributed networks: Vulnerability analysis and denfense against attacks", in Proc. of IEEE International Conference on Computer Communications, INFOCOM'06, pp. 1-13, April 2006.
- Y. Sun, W. Yu, Z. Han and K. J. Ray Liu, "Information theoretic framework of trust modeling and evaluation for ad hoc networks", IEEE Journal on Selected Areas of Communication, Vol. 24, No. 2, pp. 305-317, Feb. 2006. https://doi.org/10.1109/JSAC.2005.861389
- N. Cheng, K. Govindan and P. Mohapatra, "Rendezvous based trust propagation to enhance distributed network security", in Proc. of INFOCOM-2011 Workshop SCNC, 2011., pp. 1066-1070, April 2011.
- S. Trifunovic, F. Legendre and C. Anastasiades, "Social trust in opportunistic networks", in Proc. of INFOCOM IEEE Conference on Computer Communications Workshops, pp. 1-6, 2010.
- D. Quercia, S. Hailes and L. Capra, "Lightweight distributed trust propagation", in Proc. of The Seventh IEEE International Conference on Data Mining, pp. 282-291, 2007.
- Ms", Autonomous Agents and . Pardo, "Aggregation of trust for iterated belief revision in probabilistic logics", Scalable Uncertainity Management, Lecture notes in computer science, Springer-Verlag, pp. 165-179, 2009.
- Y. Bachrach, A. Parnes, A.D. Procaccia and J. S. Rosenschein, "Gossip-based aggregation of trust in decentralized reputation systems", Autonomous Agents and Multi-Agent Systems, vol. 19, No. 2, pp. 153-172, 2009. https://doi.org/10.1007/s10458-008-9073-6
- J. Huang and D. Nicol, "A calculus of trust and its application to PKI and identity management", in Proc. of The 8th ACM Symposium on Identity and Trust on the Internet, IDtrust'09, pp. 23-37, 2009.
- X. Wang, L. Liu and J. Su, "Rlm: A general model for trust representation and aggregation", IEEE Transaction on Services Computing, Vol. 5. No. 1, pp. 131-143, 2012. https://doi.org/10.1109/TSC.2010.56
- C. M. Jonker and J. Treur, "Formal analysis of models for the dynamics of trust based on experiences", in MAAMAW'99: Proceedings of the 9th European Workshop on Modelling Autonomous Agents in a Multi-Agent World, pp. 221-232, 1999.
- F. M. Ham, E. Y. Imana, A. Ondi, R. Ford, W. Allen and M. Reedy, "Reputation prediction in mobile adhoc networks using RBF neural networks", Engineering Applications of Neural Networks Communications in Computer and Information Science, EANN, CCIS 43, pp. 485-494, 2009.
- V. Chandola, A. Banerjee and V. Kumar, "Outlier Detection: A Survey", ACM Computing Surveys, pp. 1-72, 2009.
- Y. Zhang, N. Meratnia and P. Havinga, "Outlier Detection Techniques for Wireless Sensor Networks: A Survey", IEEE Communication Surveys & Tutorials, Vol. 12, No. 2, pp. 159- 170, 2010. https://doi.org/10.1109/SURV.2010.021510.00088
- P. Gogoi, B. Borah and D. K. Bhattacharyya, "Anomaly Detection Analysis of Intrusion Data using Supervised and Unsupervised Approach", Journal of Convergence Information Technology, Vol. 5, No. 1, Feb. 2010.
- P. Gogoi, D. K. Bhattacharyya, B. Borah, J. K. Kalita, " A Survey of Outlier Detection Methods in Network Anomaly Identification", The Computer Journal, vol. 54, issue 4, pp. 570-588, April 2011. https://doi.org/10.1093/comjnl/bxr026
- D. M. Hawkin, "Identification of Outliers", Chapman and Hall, London, 1980.
- V. A. Traag, A. Browet, F. Calabrese and F. Morlot, "Social Event Detection in Massive Mobile Phone Data Using Probabilistic Location Interference", SocialCom/PASSAT, pp. 625-628, October 9-11, 2011.
- A. Beimel, "Secure Scheme for secret Sharing and Key Distribution", Ph. D. thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.
- A. Cerpa, J. Elson, D. Estrin, L. Girod, M. Hamilton and J. Zhao, "Habitat Monitoring Application Driver for Wireless Communication Technology", In Proceedings of the ACM SIGCOMM Workshop on Data Communication in Latin America and the Caribean, San Jose, Costa Rica, volume 31, issue 2, pp. 20-41, 2001.
- M. Burmester and Y. Desmedt, "A secure and efficient conference key distribution system", Advances in Cryptology-Eurocrypt'94, pp. 275-286, 1994.
- J. Huang and D. Nicol, "A calculus of trust and its application to PKI and identity management", in The 8th ACM Symposium on identity and Trust on the Internet, IDtrust'09, pp. 23-37, 2009.
- NS3 Simulator, http://www.nsnam.org
- Y. L. Sun, Z. Han, W. Yu and K. J. R. Liu, "A trust evaluation framework in distributed networks: Vulnerability analysis and defense against attacks", in Proc. of 25th IEEE International Conference on Computer Communications (INFOCOM 2006), pp. 1-13, April 2006.
- C. Dellarocas, "Mechanism for coping with unfair rating and discriminatory behavior in online reputation reporting systems", In proceedings of ICIS,pp. 520-525, 2000.
- V. V. Vigilkumar, V. M. A. Rajam, "Detection of Colluding Selective Forwarding Nodes in Wireless Mesh Networks Based on Channel Aware Detection Algorithm", MES Journal of Technology and Management, pp. 62-66, Vol II, Issue 1, ISSN: 0976-3724, 2011.
- Y. L. Sun, Y. Liu, "Security of Online Reputation Systems: The evolution of attacks and defenses", IEEE Signal Process Mag. Vol 29(2), pp. 87-97, 2012. https://doi.org/10.1109/MSP.2011.942344
- Y. Sun, H. Luo, S. K. Das, "A Trust Based Framework for fault tolerant data aggregation in wireless multimedia sensor networks", IEEE Trans. Dependable Sec. Comput., vol. 9(6), pp. 785-797, 2012. https://doi.org/10.1109/TDSC.2012.68
- S. D. Kamvar, M. T. Schlosser and H. Garcia Molina, "The eigentrust algorithm for reputation management in p2p networks", in Proceedings of the 12th international conference on world wide web, pp. 640-651, 2003.
- P. England, Q. Shi, B. Askwith and F. Bouhafs, A Survey of Trust Management in Mobile Ad Hoc Networks, ISBN: 978-1-902560-26-7, 2012.
- M. R. S. Abyaneh, "Security Analysis of Lightweight Schemes for RFID Systems", Ph. D. THESIS, University of Bergen, Norway, (June 2012).