Elsevier

Ad Hoc Networks

Volume 8, Issue 2, March 2010, Pages 181-192
Ad Hoc Networks

A protocol for data availability in Mobile Ad-Hoc Networks in the presence of insider attacks

https://doi.org/10.1016/j.adhoc.2009.07.001Get rights and content

Abstract

In Mobile Ad-Hoc Networks (MANETs), establishing trust relationships between the nodes in a decentralized fashion has been an important research issue for a long time. If the sender nodes accurately identify the legitimate nodes in the network, a robust routing can be provided while mitigating the effects of malicious nodes. Further, there is always a mutual interaction between a sender and its neighbor nodes during the communication. This mutual interaction can be easily modeled as a game between two or more players (one player being the sender and the rest being the receivers). Regardless of its type (legitimate or malicious), each player attempts to maximize its benefit during the game by choosing an optimal strategy. In this paper, we propose a secure and robust routing scheme in which the interaction between the sender and receiver nodes is modeled using a dynamic Bayesian game model. A repeated game is considered and opinions of a node about the types of other nodes is established using an acknowledgement mechanism from the destination. The proposed method uses the intersection of game theory, trust establishment and coding theory to resist colluding Byzantine (insider) attacks. The scheme guarantees the availability of message as long as a legitimate path exists. Through simulations we will show the efficiency of the scheme with respect to latency, availability and energy consumption in the presence of adversary.

Introduction

Mobile Ad-Hoc Networks (MANETs) play key roles in many military and civilian applications such as battlefields, environment monitoring and emergency response. The lack of infrastructure in MANETs requires the network nodes to implement the network tasks by themselves. Hence, network operation is based on the cooperation of nodes within neighborhood. For routing, intermediate nodes are used to forward a packet from a source to a destination node. Therefore, security becomes a challenging problem in this multihop environment with unreliable intermediate nodes.

The main threat for routing in a MANET is the existence of selfish and malicious nodes. The goal of a selfish node is to maximize its own welfare, on the other hand a malicious node tries to prevent the network from operating efficiently or properly. Without any countermeasures against these threats, the network performance decreases considerably.

We propose a secure and efficient routing scheme using a game theoretical approach and trust relationships between the nodes. We assume a “Dynamic Bayesian Game” model [1] among the nodes to find the optimal strategies of legitimate and malicious nodes. Moreover, using the “watchdog” technique [2] and the “acknowledgement” mechanism (ACK), we construct trust relationships between the nodes. Recent works [2], [3], [4], [5], [6], [7], [8], [9], [10] either do not consider the malicious nodes or build the trust relationships based on the watchdog mechanism, which has serious drawbacks in a wireless medium (especially in the presence of malicious nodes). Our main objective in this work is to mitigate the effects of malicious nodes to the network performance by establishing trust relationships and using a game theoretical approach between the network nodes. The network under interest is a MANET. Moreover, the network is assumed to be connected at any time instant. In other words, we assume that a path can be established between any two nodes at any time.

The rest of this paper is organized as follows. In the rest of this section, we summarize the related work in trust establishment and game theory in ad hoc networks and also mention the contributions of this paper. A brief description of the scheme is provided in Section 2. In Section 3, we analyze the game model, describe the parameter selection and show how the game changes dynamically. Trust establishment and using the trust values (node credentials) are studied in Section 4. In Section 5, we describe the adversarial model and the possible threats specific to our scheme. We evaluate and compare our scheme using computer simulations in Section 6. Eventually, the concluding remarks are provided in Section 7.

The main goal for building trust values (node credentials) among the nodes in MANETs is to protect Dynamic Source Routing (DSR) [11] from attackers and increase the performance of the network. In MANETs, a node evaluates another by using either direct or indirect measurements. Direct measurements are the ones that the node conducts itself to rate another node. On the other hand, indirect measurements are the ones that are received from other nodes regarding the credential of a specific node. Building node credentials by direct measurement is either achieved by using the watchdog mechanism or by using the ACK from destination. Building node credentials by relying on the direct measurements and using the watchdog mechanism is proposed in [2], [3], [5]. The purpose of the watchdog mechanism is to identify a malicious node by overhearing the communication of the next hop. In [2], [3], when a misbehavior is detected, it is reported to the source of the communication and the source updates the credential for the detected node. In [5], legitimate nodes reject the traffic initiated by the detected malicious nodes. In [6], [7], [4], [12], [13], [14], the use of indirect measurements to build node credentials is also allowed while the watchdog mechanism is used to obtain the direct measurements. In [12], [13], credentials obtained by direct and indirect measurements are updated using the Bayesian approach. [14] proposes an information theoretical approach to trust and reputation. Some major drawbacks of using the watchdog mechanism to obtain direct measurements are listed below:

  • 1.

    The fact that the monitoring node (the one which uses the watchdog mechanism) hears the transmission of its next hop does not mean that the following node in the path actually receives the packet. In other words, a malicious node may transfer a packet such that its previous-hop neighbor (who uses the watchdog mechanism) hears the transmission while its next-hop neighbor (who is supposed to receive the packet) does not. This can easily be achieved by adjusting the transmission power of the antenna (given that the previous-hop neighbor is located closer than the next-hop neighbor) or by using a directional antenna. Hence, the malicious node achieves its goal by preventing the legitimate flow without being penalized.

  • 2.

    When there are consecutive malicious nodes in the path, it becomes very easy to cheat a monitoring node and gain credit for a malicious node (even though it keeps misbehaving). If one of the next-hop neighbors of a malicious node is also malicious, it can always send its packets to its malicious neighbor. Hence, its previous-hop neighbor (who uses the watchdog mechanism) hears the legitimate transmission and gives credit to the malicious node while its malicious next-hop neighbor drops the packets to prevent the legitimate flow.

We note that it is not guaranteed that the scenarios we listed above will occur all the time. However, as the malicious nodes in the network and the resources of the adversary increases, it is very likely to observe these scenarios. Hence, we claim that relying on the watchdog mechanism to obtain direct measurements (hence, to build trust relationships) is deceptive and misleading most of the time.

In [15], [16], node credentials are constructed using the ACK messages sent by the destination node. The major drawback of these schemes is that, if a path dies due to a malicious node, the source will need to retransmit all the packets it sent via a different path. Moreover, the diversity of latency for different paths can affect the overall scheme negatively. On the other hand, as we will describe, our scheme does not suffer from this because of the use of rateless coding. In [15], [16], possible routes from the source to the destination are established before the data transfer begins. Hence, even if one node is compromised from these routes, data availability is lost even though source and destination may have other alternative paths. In contrast, our scheme provides data availability as long as there is a legitimate path between the source and destination, since we construct the paths on-the-fly using our trust-metric.

Recently, researches started to use game theory to analyze wireless networks. Especially Bayesian game theoretical model [1] is commonly used to analyze wireless networks with selfish/attacker nodes. In reputation based schemes which use the Tit-for-tat strategy (e.g., [6], [17]), each node monitors its neighbors and behaves based on the previous behavior of its neighbors. However, in these schemes, even if all the nodes are willing to cooperate, packet collision or noise may infer with accurate monitoring, resulting in zero throughput even if there is no malicious node in the network. Generous Tit-for-tat is proposed in [8] to fix this problem. However, to achieve full cooperation in [8], the probability that a forwarded packet was not overheard by the originating node (pe) should be accurately estimated. In [9], authors proposed a reputation mechanism called DARWIN which does not depend on the perfect estimation of pe. However, the scheme does not consider malicious nodes and assumes that all nodes share their perceived dropping probabilities with each other. A Bayesian attacker/defender game is studied in [10]. Optimal behaviors of the defender and attacker is analyzed for static and dynamic Bayesian games. However, the game is only between two players and the trust values (credentials) of the players are calculated only by using the watchdog mechanism. On the other hand, we consider a game between a legitimate sender and the combination of legitimate and malicious receivers. Further, we do not use the watchdog mechanism to update the opinions of the nodes for their neighbors.

The main contributions of our scheme are summarized in the following.

  • 1.

    By the intersection of the trust establishment, the game theoretic approach and modern error control coding, we provide a robust scheme with low latency and high data availability in the presence of the adversary.

  • 2.

    As opposed to previously proposed trust management schemes (which use game theory), we consider a game between more than two network nodes, and find the optimal behaviors of all the nodes which are involved in the game.

  • 3.

    We provide a robust scheme against the collaboration of malicious nodes. Most of the previous schemes which only depend on the watchdog mechanism (to build the trust relationships) are vulnerable to the collaboration of malicious nodes. On the other hand, our scheme guarantees the delivery of the message packets as long as a legitimate path exists between the source and the destination. This robustness comes with communication/computation efficiency.

  • 4.

    In the proposed scheme the paths from the source to the destination are established on-the-fly by the back pressure policy. Hence, the latency and data availability of our scheme do not suffer when a specific path involves malicious or selfish nodes. Moreover, this mechanism encourages to use the paths that provide the lowest latency even if there is no malicious activity in the network.

Section snippets

Overview of the scheme

The proposed scheme mainly consists of three mechanisms; game between the nodes, trust establishment and rateless coding. In general, the game theory studies the interactions between the players. In a typical game, a player tries to maximize its benefit by choosing the correct strategy considering the strategies of the other players. When the cost and gain of a player depends on the strategies of the other players, game theory helps to find the optimal strategies of all players. This model is

Analysis of the game

We consider the interaction between a legitimate sender node and its receivers. The legitimate node picks its maxn neighbors as its potential receivers based on a metric depending on neighbors’ credentials and distances to the destination (as explained in Section 4). In our model, each legitimate node only knows the probabilities of its neighbors being malicious. The sender has two possibilities after sending the packet. It may decide to use its watchdog mechanism to see whether its next hop

Building credentials

Node Credentials take values between zero (i.e., malicious) and one (i.e., trustworthy). Credentials are built by using the ACK from the destination node. Destination node sends ACK packets to its downstream region with a period of ACKT. A node which receives this ACK packet identifies the IDs of the packets that are received by the destination thus far. When the ACK is received from the destination at time t, a legitimate node first determines the packet with the maximum ID (maxID) that is

Adversary model

We consider the insider adversary who is allowed to do anything that a legitimate network node can do. An insider adversary takes part in the ongoing transmission, drops the legitimate packets that it receives, modifies the legitimate packets before it forwards them to the next hop or tries to reveal the message sent from the source to the destination. We note that these attacks has a serious impact on the latency, throughput and data availability. Moreover, we consider that multiple malicious

Simulations

In order to illustrate the performance of our scheme and see the effects of different design parameters, we evaluate the proposed scheme via computer simulations. The parameters we use for our simulations are listed in Table 3. We assume that nodes move inside a specific boundary based on the “random-way-point” (RWP) model [21]. Hence, we describe the movement pattern of independent nodes by simple terms. At the end of each time-slot, each node moves to its new location based on the RWP model

Conclusions

This paper was concerned with secure and efficient routing in the presence of malicious nodes, where adversary may compromise nodes, then drops or modifies packets, injects bogus packets or mounts routing attacks. We proposed a routing scheme which depends on the trust establishment and a dynamic Bayesian game model between the network nodes. Besides we used rateless codes at the source to avoid retransmissions and to increase data availability. We showed upon simulations that the proposed

Erman Ayday received his B.Sc. degree in electrical and electronics engineering from Middle East Technical University, Ankara, Turkey, in 2005. He received his M.S. degree in electrical and computer engineering from School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, in 2007. He is currently a Research Assistant in the Information Processing, Communications and Security Research Laboratory and pursuing his Ph.D. degree at the School of Electrical and

References (24)

  • D. Fudenberg et al.

    Game Theory

    (1991)
  • S. Marti, T. Giuli, K. Lai, M. Baker, Mitigating routing misbehavior in mobile ad hoc networks, in: Proceedings of ACM...
  • K. Paul, D. Westhoff, Context aware detection of selfish nodes in dsr based ad-hoc networks, in: Proceedings of the...
  • S. Buchegger, J. Boudec, Performance analysis of confidant protocol (coorperation of nodes: Fairness in dynamic ad-hoc...
  • S. Bansal, M. Baker, Observation-based cooperation enforcement in ad hoc networks, Research Report cs.NI/0307012,...
  • Q. He, D. Wu, P. Khlosa, Sori: a secure and objective reputation-based incentive scheme for ad hoc networks, in:...
  • P. Michiardi, R. Molva, Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc...
  • F. Milan, J.J. Jaramillo, R. Sirikant, Achieving cooperation in multihop wireless networks of selfish nodes, Workshop...
  • J. Jaramillo, R. Srikant, Darwin: distributed and adaptive reputation mechanism for wireless ad-hoc networks, in:...
  • J. Liu, C. Comaniciu, H. Man, A bayesian game approach for intrusion detection in wireless ad hoc networks, Workshop on...
  • D. Johnson, Routing in ad hoc networks of mobile hosts, in: Proceedings of Workshop on Mobile Computing Systems and...
  • S. Buchegger, J. Boudec, A robust reputation system for p2p and mobile ad-hoc networks, in: Proceedings of the Second...
  • Cited by (0)

    Erman Ayday received his B.Sc. degree in electrical and electronics engineering from Middle East Technical University, Ankara, Turkey, in 2005. He received his M.S. degree in electrical and computer engineering from School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, in 2007. He is currently a Research Assistant in the Information Processing, Communications and Security Research Laboratory and pursuing his Ph.D. degree at the School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA. His current research interests include wireless network security, game theory for wireless networks and trust and reputation management.

    Faramarz Fekri received the B.Sc. and M.Sc. degrees from Sharif University of Technology, Tehran, Iran, in 1990 and 1993, respectively, and the Ph.D. degree from the Georgia Institute of Technology, Atlanta, in 2000. From 1995 to 1997, he was with the Telecommunication Research Laboratories (TRLabs), Calgary, AB, Canada, where he worked on multicarrier spread spectrum systems. Since 2000, he has been with the faculty of the School of Electrical and Computer Engineering, Georgia Institute of Technology. His current research interests lie in the general field of signal processing and communications, in particular, wavelets and filterbanks, error control coding, cryptography, and communication security. In the past, he conducted research on speech and image processing. Dr. Fekri received the 2000 Sigma Xi Best Ph.D. Thesis Award from the Georgia Institute of Technology for his work on finite-field wavelets and their application to error control coding. He also received the National Science Foundation CAREER award in 2001.

    View full text