Printer Friendly

TSRF: a trust-aware secure routing framework in wireless sensor networks.

1. Introduction

With the rapid advancements in Internet of Things (IoT), cloud computing, and social networks, smart city has attracted more and more attention in modern society. Smart city that relies on the different kinds of distributed smart devices can offer a wide range of applications for urban residents, such as environmental monitoring, traffic management, and social entertainments. These applications cannot only improve the living quality of city inhabitants, but also promote the realization of the low-carbon society.

Due to the characteristics of low cost, rapid deployment, and self-organized, wireless sensor networks (WSNs) play a crucial role in constructing the network and facilitate various services for smart city. The ubiquitous sensor nodes can both collect physical information of urban environments and control the public or private facilities in the context of smart city environments. Consequently, many studies of smart city have been made on the basis of WSNs technologies [1, 2].

With a limited radio communication range, wireless sensor nodes typically communicate with each other via a multihop path. In this case, the design of routing protocol that determines the data forwarding and transmission path is a key process to consider as it will directly affect the performance of WSNs, such as the network lifetime, packet delivery rates and end-to-end packet delay [3-6]. In this paper, we focus on security aspects of routing protocols in WSNs. Due to the open, distributed, and dynamic nature of WSNs, the routing protocols are highly vulnerable to various attacks [7, 8]. These attacks can be divided into two types: internal and external. The internal attacks are launched by compromised or malicious nodes in the network. The external attacks are launched by malicious nodes that have not access to the network [9, 10].

In order to protect WSNs against malicious and selfish behavior, different secure routing protocols have been developed over the years [11-13]. However, these routing protocols mainly rely on cryptographic primitives and authentication mechanisms which are not suitable for WSNs. The specific reasons can be summarized as follows: firstly, most cryptographic algorithms, especially the asymmetric encryption process, require high computational capabilities and power consumption [14, 15].However, the low-cost sensor nodes are usually resource constrained in memory size, energy capacity, and computational capabilities. Secondly, many encryption and authentication mechanisms in routing protocols require a central authority or centralized administration to operate [16, 17], which is usually impractical in WSNs. Finally, the sensor nodes deployed in a unattended area may be compromised by adversaries through physical means. Once the keys are leaked, all the security mechanisms may become ineffective. In other words, conventional secure routing protocols based on cryptographic primitives can resist some types of external attacks, but they cannot provide protection against malicious behavior of internal nodes.

Trust management is an effective solution to the above issues and could be a suitable component for the security architecture of WSNs [7, 18]. The notion of trust derives from social sciences, which is defined as the degree of beliefs about the behavior of other ones. As the trust management schemes have strong capabilities to identify the malicious entities and offer a prediction of one's future behavior, they can be used as a measure of security for securing routing. In order to find a secure route, the results of trust evaluation help to select the trustworthy next-hop node through which the source node will forward data to the sink node. As a result, a number of trust-based routing protocols have been proposed [19-22].

However, the traditional trust-based routing protocols still exist several key problems, which can be summarized as follows. Firstly, although the trust-based schemes can deal with the inherent attacks in wireless networks, they will also induce some new risks to which special consideration shall be given. Secondly, trust metric is significantly different from normal routing metrics such as the number of hops, delay, or other QoS requirements [7], but most trust models do not consider the particularity of trust metrics when designing routing protocols. Thirdly, the existing trust-based routing protocols have some limitations such as dependence on specific routing scheme or platform. In other words, security mechanisms may be invalid if the routing protocol of the network is changed. In addition, trust evaluation can be divided into two parts: trust computation and trust derivation [23]. Previous trust models mainly focus on the process of trust computation. In fact, the trust information is frequently exchanged in trust derivation to ensure the accuracy of trust evaluation, which dominates the overhead of routing procedure. Therefore, designing an efficient trust derivation scheme is a critical issue in the development of WSN-based networks.

In this paper, we propose a trust-aware secure routing framework (TSRF) in WSNs that aims to address the challenges mentioned above. We first analyze the attacks on trust-aware routing protocols especially the common ones to trust management systems. According to the analysis results, we propose specific trust computation and trust derivation schemes to deal with these attacks, which will be used in our routing framework design. Furthermore, an optimized routing algorithm is designed by utilizing mathematical methods. In our scheme, the routing algorithm consider not only the features of trust metric, but also other QoS requirements in path selection. Finally, we introduce the details of our routing strategies which are not confined to specific routing protocols. By conducting extensive simulations, we show that TSRF cannot only maintain the desirable security of the network, but also significantly reduce the routing overhead.

The rest of this paper is organized as follows. Section 2 provides a brief overview of related work. The common attacks on trust-based routing protocols in WSNs and their solutions are discussed in Section 3. Section 4 proposes a lightweight trust computation method and also designs an optimized routing algorithm by utilizing the theory of semirings. We provide detailed operation of our proposed routing strategies in Section 5, with simulation results and performance evaluation given in Section 6. Finally, important conclusions and potential future works are given in Section 7.

2. Related Work

2.1. Secure Routing Protocols Based on Cryptographic Primitives. With the growing trend in the field of security, there has been an increased effort in the research on routing protocols in recent years [24-26]. SAODV [24] is a security extension of the AODV protocol to resist against some routing attacks. In order to guarantee the data integrity and authenticity, all the routing messages in SAODV are digitally signed. In this case, intermediate nodes cannot send RREP as the RREP message must be signed by the destination node. Although a mechanism called double signature is introduced in SAODV to solve this issue, it will definitely increase the load of intermediate nodes. Cerri and Ghioni developed A-SAODV protocol [25] to mitigate the negative effects of SAODV. In A-SAODV, intermediate nodes reply to RREQs only if they are not overloaded and the source node can determine whether to use single signature or double signature according to the threshold of the current load state. However, the above proposals are security extensions of existing ad hoc routing protocols which are not suitable for resource constrained WSNs.

SAR is a secure routing protocol in WSNs that can discover the shortest path with desired security attributes [26]. The source node sets the desired security level for the route. Only the nodes with the same security level, which share encryption keys, can decrypt routing packets. Although SAR can ensure the data confidentiality to a certain extent, cryptographic primitives on which it mainly based will involve significant encryption overhead and limit its attractiveness for WSN applications [27, 28]. In addition, as the solution mainly utilizes encryption mechanisms, it is unable to prevent an internal attack launched by a compromised sensor node.

2.2. Secure Routing Protocols Based on Trust Evaluation. Driven by the demand for security and efficiency considerations, the trust-based routing protocols have been proposed for WSNs [11, 29, 30]. Paris et al. designed a new cross-layer metric called expected forwarding counter (EFW) for reliable routing in wireless networks. The EFW can motivate the cooperation between nodes and cope with the problem of selfish behavior. In [31], a bayesian game approach for preventing DoS attacks is presented in WSNs. Then, a secure routing protocol is also proposed by combining the bayesian approach with LEACH protocol. These routing protocols only aim at dealing with a particular attack, which is not sufficient to ensure the network security. Karlof and Wagner described the attacks against sensor networks and suggest countermeasures for secure routing [32], but they did not consider the effect of attacks on trust management systems. In other words, some new attacks against trust evaluation such as selfish and colluding attacks and their solutions were not included in the discussion. Yu et al. analyzed various attacks and countermeasures related to trust schemes in WSNs [33]. However, they simply categorized the different types of existing attacks and did not design secure routing protocols according to the analysis results.

The fundamental purpose of trust-based routing protocol is to establish a trustworthy and efficient route between two nodes that can send data from the source to the destination. Routing algorithms determine the results of routing selection, which will directly affect the performance of trust-based routing, such as network security, routing delay, and computational overhead. Consequently, routing algorithm is one of the most important components in trust-aware routing protocols. The odorakopoulos and Baras analyzed the effect of trust metric from the perspective of mathematical methods [18]. By utilizing the theory of semirings, they proved that the indirect trust relation can be set up without previous direct interaction. To further study the features of trust metric in routing algorithms, a formal study of trust-based routing was proposed in [7]. In this paper, four unique features of trust metric are identified compared with QoS-based routing metrics. The authors also analyzed the compatibility of trust metrics and routing protocols. However, they did not consider the situation that both trust metric and QoS-based metrics are required for designing routing algorithms in practical applications. The applications in WSNs may have different QoS requirements in terms of end-to-end packet delay, packet delivery rates, and network lifetime. Generally speaking, the QoS-based routing metrics should be optimized under the premise of security assurance.

In order to build well-established trust relationships without relying on any predefined assumption, Ren et al. proposed a probabilistic solution based on distributed trust model [34]. In the proposal, a secret dealer was introduced in the system bootstrapping phase and provides the sensor nodes with sufficient trust evidences. Although these designs can simplify the process of trust initialization, the need for a centralized secret dealer limits its application to WSNs. Because WSNs inherit the properties of a wireless ad hoc network, where fixed infrastructure is not a necessary component. A novel on-demand unicast routing protocol (TSR) was presented in [23]. TSR help the network build a simple trust prediction model based on evaluated node's historical behavior. According to assessment results, the nodes can select the shortest trusted route to transmit required packets. But indirect trust is not considered in TSR, which may affect the accuracy of trust computation. Zahariadis et al. proposed a distributed trust model that relies on both direct and indirect trust observations to evaluate the trust of nodes [35]. By applying the trust model to geographical routing scheme, the proposal cannot only reduce the routing overhead but also resist some common attacks. However, this trust-aware scheme depends on the specific routing scheme, which restricts the scope of applications.

2.3. Trust Derivation. The trust evaluation systems normally include two parts: trust computation and trust derivation. Most previous trust-based schemes only focused on the trust computation process by adopting mathematical analysis and modeling tools. In fact, the trust derivation that collects trust information for evaluation dominates the overhead of routing establishment. Consequently, the trust derivation is a major subject of study for trust-aware routing protocols. In [36], a trust-aware routing protocol (TARP) was proposed. Two steps are used to find a trusted neighbor node. The first step is called the "One Hop Check" and will only be initiated by the source node that has some data to send. The source node will send a Neighbor Request to all its neighbors asking them for their trust attributes. Once it receives the trust attributes, the source node will choose the most trusted node. In step two, the source node will make a credit check on the preselection node by communicating directly with its neighbors. For this purpose, the source node will use a different channel and a temporarily higher energy than the one used in step one. The source node will send a far neighbor request to nodes. In this case, more neighbor nodes of preselection node will receive the request and response with a far neighbor reply. However, to implement this approach, frequency-hopping and time synchronization technologies are needed. These complex MAC scheduling mechanisms may limit the applications making it unattractive to WSNs.

Reputation broadcast (also called flooding mechanism) is another common method for receiving recommendations from neighbors [37]. The source or the evaluating node broadcast the trust request that carries the identification of the evaluated node. If a receiving node is a neighbor of the evaluated node, it will reply the corresponding trust information. Otherwise, it only forwards the trust request packets. Since flooding is involved in the process, this approach may produce a high overhead and incur lengthy latency. It is obvious that a robust trust derivation procedure relies on adequate collection of trust information from the network for computation. To overcome drawbacks of flooding, the common method is the use of a certain control mechanism in flooding (e.g., setting a small value to the hop limit of broadcast packets). But the performance of these methods is still easily affected by many factors such as network size and node density.

3. The Analysis of Attacks and Countermeasures

3.1. Network Model. In this paper, we consider a WSN consisting of a few sink nodes and a number of sensor nodes that are randomly distributed in a designated area. Each sensor node is in charge of both detecting events and acting as a router in order to forward packets. All the sensor nodes are resource constrained and have the same limited radio coverage. Consequently, end-to-end communication in a WSN is normally achieved via multihop relaying where a communication path is established in a distributed manner. We also assume that all the sensor nodes are compromisable if there are no security mechanisms protecting them. In addition, WSNs may consist of sensor nodes from different manufacturers or service providers. In this case, the selfish nodes may not completely cooperate with each other.

3.2. The Analysis of Attacks on Routing Protocols. Routing protocols are the most critical component of the network as they address the problem of how to realize data transmission services. However, many classic routing protocols assume that the operating environment is trustworthy and do not consider security issues. However, this assumption is not realistic in many cases. With the open and remote deployment environment, WSNs are generally susceptible to various attacks, including blackhole attack, wormhole attack, sybil attack, and so on [33, 38]. Consequently, secure routing is very important to guarantee the network functionality in the face of malicious or selfish attacks. In this paper, we first analyze attacks on routing protocols in WSNs. The common attacks can be illustrated as follows.

(i) Blackhole attack: a malicious node discards all the packets it should forward.

(ii) Greyhole attack: an attacker drops certain type of packets (routing packets, data packets from a designated node, etc.) and only forwards part of them.

(iii) Sinkhole attack: a compromised node attracts nearly all the traffic from a particular area and disguises itself as a sink node.

(iv) Wormhole attack: a pair of adversaries tunnel packets that received in one part of the network and replay them in another part through a low-latency link.

(v) Sybil attack: a single node illegitimately presents multiple identities to other nodes in the network.

(vi) DoS attack: a DoS attacker can disrupt legitimate communication of other nodes by flooding the network with redundant or false traffic.

(vii) Sniffing attack: an attacker can intercept and eavesdrop the data of interest.

(viii) Message Tampering: a malicious node tampers the receiving message before forwarding it to other nodes.

(ix) Replay Attack: an attacker may not acquire the data information but can simply replay earlier packets received from other nodes.

As described in Section 1, the attacks can be divided into two types according to their origin: internal and external. In addition, the various attacks can also be categorized into two classes on the basis of their nature [10]: passive and active. In passive attacks, malicious nodes may gather sensitive information or behave selfishly in collaborative operations, such as routing, to passively affect the proper operation of WSNs. In active attacks, malicious nodes may actively request sensitive information, influence the behavior of surrounding nodes, or affect the normal operation of WSNs using attacks such as Denial of Service (DoS).

Table 1 summarizes the different types of attacks, effectiveness of countermeasures, and instances of attack behavior. We can find that trust-based mechanisms can resist the majority of various attacks, while cryptography and authentication mechanisms cannot provide protection against most of the attacks launched by internal malicious nodes. The reason is that the internal sensor nodes in WSNs may have a probability to be compromised by external attackers due to the lack of physical protection. Then the attacker can easily use compromised nodes to obtain the key, which may cause encryption schemes invalid. On the contrary, the security features of trust-based schemes are mainly implemented via distributed intrusion detection mechanisms such as watchdog and pathrater [39]. In this case, the malicious or selfish behavior can be seized no matter where the attacks come from (inside or outside of the network). Consequently, trust management can provide a better resistance capability for the internal attacks on routing protocols. In addition, sybil attack and sniffing attack are difficult to detect by trust-based mechanisms, they can be avoided by adopting location verification [35] and frequency-hopping techniques, respectively, which is not in the scope of this paper.

3.3. The Analysis of Attacks on Trust Models. Although trust management systems can deal with most of the existing attacks on routing protocol and help improve the security of the network, they may become a new attractive target for attacks [38, 40]. For example, due to the cost and resources constraints, the intrusion detection system is difficult to guarantee 100%accuracy of detecting. Consequently, it is possible that some malicious or misbehaved nodes are wrongly included in the trusted set of nodes that provide recommendations at some point. In this case, the misbehaved nodes may launch passive or active attacks on routing protocols and impair the performance of the network.

In this subsection, we identify some possible attacks on trust models for WSNs and discuss their countermeasures. Some of the most common attacks to a trust management system are summarized as follows.

(i) On-off attack: a malicious entity behaves well and badly alternatively in order to remain in the trusted set of nodes.

(ii) Conflicting behavior attack: a malicious node behaves differently to nodes in different groups.

(iii) Selfish attack: a selfish attacker does not reply to recommendation information when receiving a trust request.

(iv) Bad mouthing attack: a misbehaved node provides dishonest recommendations and propagates negative/ positive recommendation information about well-behaved/malicious nodes, which might affect the accuracy of trust evaluation.

(v) Collusion attack: more than one malicious node colludes with one another to disrupt the network operation (e.g., providing dishonest recommendations about other nodes).

In order to design a secure framework for trust-aware routing protocols in WSNs, it is necessary to develop corresponding countermeasures against the above attacks, which do not require complex calculation process and much additional overhead. We first introduce an adaptive decay time factor into our trust computation model, which can solve the problems caused by on-off attacks. In our trust evaluation system, the behavior of sensor nodes should be monitored by their neighbors. Both the direct trust and the recommendations provided by other nodes should be considered. In this case, if a conflicting behavior attacker behaves differently to different nodes, it can be quickly detected and expelled from the network. Furthermore, we propose a lightweight trust derivation scheme to resist selfish attacks. By introducing the inconsistency check mechanism, our trust evaluation scheme can also reduce or even eliminate the effects of bad mouth attacks and collusion attacks. The specifications of these countermeasures will be described in Sections 4 and 5.

4. Routing Algorithm

4.1. System Model. We utilize graph model to analyze routing issues in WSNs. For a weighted directed graph G(V, E, [omega]), the set of vertices V stands for the sensor nodes in the network. E [subset equal to] V x V is the edge set which represents the relations of nodes. The weighted label [omega] stands for metrics used for measuring links or paths. For each e(i, j) [member of] E, we consider that node i is the issuer and node j represents the target. A path p from [v.sub.1] to [v.sub.n] is denoted by p([v.sub.1], [v.sub.n]) [??] ([v.sub.1], [v.sub.2], ... , [v.sub.n]).

Trust model essentially performs trust derivation, computation, and application [20]. In this paper, we adopt watchdog [39] as the foundation of detection mechanisms. Each sensor node is responsible for monitoring the behavior of its neighbors and evaluating their trust level. More specifically, the detection results are utilized for the evidence of trust computation. t(i, j) represents the trust value of node j for node i. In our model, node i is the evaluating device and node j is the evaluated one. The trust t of an arbitrary node includes direct trust dt and indirect trust it. Direct trust is based on direct observations of each node that participates in data communication, while indirect trust, which is also called recommendation trust, stands for the trust relations between distributed nodes without direct interactions.

In order to further construct the routing model and study the optimality of routing protcols, we view [G.sub.H](V, [E.sub.H], h) as the physical graph where [E.sub.H] stands for the set of directed wireless physical links. Similarly, [G.sub.R](V, [E.sub.R], r) denotes the routing graph on which path selection and packet forwarding are performed. Consequently, the routing problems can be considered as the selection of the optimal path on a weighted physical graph [G.sub.H](V, [E.sub.H], h) by utilizing the routing metric r. In our model, the routing metric r is the combination of the trust metric and other QoS metrics such as delay and packet loss rate, which is constrained by trust graph [G.sub.T](V, [E.sub.T], t) and corresponding QoS Graph [G.sub.Q](V, [E.sub.Q], q). All the optimal paths p* can ultimately formthe optimal routing graph [G.sup.*.sub.R](V, [E.sub.R], r). In this paper, we define the optimal route as the maximizing of the desired service quality under the premise of security assurance.

4.2. Trust Computation of Nodes. Normally, the sensor nodes are highly constrained in terms of computational power, energy, memory, and bandwidth, so the design of security mechanisms for WSNs is significantly challenging. We first propose a lightweight computation method to evaluate the trust value of sensor nodes in WSNs, which is an extension to our previous work [41]:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (1)

Including [beta] + [alpha] = 1, [beta] > 0, [alpha] > 0. t(i, j) represents the trust value of node j for node i. dt(i, j) is the direct trust value. it(k, j) stands for the recommendations provided by node k which belongs to the neighbor set [C.sub.j] of node j. n denotes the number of neighbors and l represents the sequence number of the evaluation records. [beta] and [alpha] are weighed factors which are associated with the security policies. A larger value for [beta] indicates that the sensor node in WSNs is more convinced about its own judgement. Similarly, a larger value for [alpha] means that the recommendations provided by other nodes are more trustworthy in trust evaluation process. In addition, the trust value is subject to 0 [less than or equal to] t [less than or equal to] 1. Generally, we believe that the higher trust value the sensor node is, the more trustworthy it has. The effect of conflicting behavior attacks can be reduced by setting adequate values of [beta] and [alpha]. Because the behavior of nodes is monitored by its neighbors in the network, if a malicious node behaves differently to different nodes, it can be detected by considering the combination of direct trust and indirect trust.

The computation of direct trust is given by

dt[(i, j).sup.l]= [[gamma].sub.1] x d[t.sub.P(j])[(i, j).sup.l-1]+ [[gamma].sub.2] x d[t.sub.N(j])[(i, j).sup.l-1]+ ids[(i, j).sup.l],(2)

where d[t.sub.P(j])[(i, j).sup.l-1] represents the direct trust value of node j for node i based on node j's past well-behaved behavior, while d[t.sub.N(j])[(i, j).sup.l-1] is the direct trust value of node j for node i based on node j's past malicious behavior. [[gamma].sub.1] and [[gamma].sub.2] correspond to the exponential decay time factor of the positive and negative assessment, respectively. The ids[(i, j).sup.l] denotes the assessment for current behavior of device j by utilizing intrusion detection systems. The ids(i, j) is given by

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (3)

where P(j) and N(j) represent the positive and negative assessment for device j's behavior, respectively. These parameters should follow the rule that good reputation is more difficult to gain than the bad one. The value of ids(x) should be set to zero if the judgment for nodes' behavior is not absolutely sure.

In order to deal with on-off attacks, we introduce an adaptive exponential decay time factor [gamma], which can be shown as below:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (4)

where [t.sub.c] stands for the current time and [t.sub.c]-1 represents the time when the last interaction happens. According to the above equations, the trust value will decrease with the elapse of the time. When [gamma] [right arrow] 0, it means that the results of recent interactions are much more important than those of older ones. The weight factors should depend on the context. An on-off attacker can behave well and badly alternatively to gain a relatively high reputation. In this case, we can set a low value of [gamma] for well-behaved records of nodes and set a high value for malicious records. This mechanism implies that the malicious behaviorwill be remembered for a longer time than the well-behaved behavior. As a result, the on-off attacker is difficult to build a good reputation which requires a long-time interaction and consistent well-behaved behavior of nodes. Then the following represents the indirect trust evaluation process:

[n.summation over ((k[member of][C.sub.j],k [not equal to] i)]it[(k, j).sup.l]=[n.summation over ((k[member of][C.sub.j],k [not equal to] i)]dt[(k, j).sup.l]x dt[(k, j).sup.l]. (5)

In this model, we employ the trust chain to evaluate the indirect trust of sensor nodes. dt(i, k) stands for the direct trust value of node k for node i. dt(k, j) represents the direct trust value of node j for node k that provides the recommendation data. To deal with the bad mouthing attack and collusion attack, we propose an inconsistency check scheme, which is given by

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (6)

As previously mentioned, the collected recommendations may include false data provided by bad mouthing attackers and collusion attackers. For each recommendation, our trust computation model uses a threshold [epsilon] to determine whether the data is suspicious. If [absolute value of dt[(k, j).sup.l]- ic[(i, j).sup.l]] > [epsilon], the recommendation data will be discarded. In this case, if a malicious node that is incorrectly included in the trusted set of devices provides false data, it can be quickly detected as its false recommendation may have a significant difference (higher or lower) from true ones.

4.3. Trust Computation of Paths. When a source node prepares to transmit packets to a destination node via multihop communication, it must evaluate the trust value of the route. Different methods based on the results of nodes' trust assessment can be applied to the process of path trust computation. Generally, the design of trust computation of paths should comply with the following rules. Firstly, the trust information cannot be increased via propagation [42]. In other words, the trust value of a path should not be greater than the trust value of any intermediate node in the path. Secondly, the destination node is considered to be a trusted entity in trustmanagement systems and its trust value for any other node in the path should be set to 1.

If we choose the most trusted path determined by the highest product of all trust values along the path, the trust of a path p can be computed by

t(p) = [PI]({t (i, j) | i, j [member of] p, i [right arrow] j}) , (7)

where node i and node j are neighbors. node j is the next hop of node i. As shown in Figure 1, [v.sub.0] is the source node and [v.sub.5] is the destination node. There are three paths from the source to the destination. Among them, ([v.sub.0], [v.sub.3], [v.sub.4], [v.sub.5]) is the most trusted path (t([v.sub.0] , [v.sub.3], [v.sub.4], [v.sub.5]) = 0.7, t([v.sub.0] , [v.sub.1], [v.sub.2], [v.sub.5]) = 0.64, t([v.sub.0] , [v.sub.3], [v.sub.2], [v.sub.5]) = 0.63).

We can also choose the most trusted path determined by the highest minimum trust values of intermediate nodes in the path. The trust of a path p can be represented as follows:

t(p) = min ({t (i, j) | i,j [member of] p, i [right arrow]j}). (8)

The function min(*) returns the minimum value from the input set. In this case, ([v.sub.0] , [v.sub.1], [v.sub.2], [v.sub.5]) is the most trusted path (t([v.sub.0] , [v.sub.1], [v.sub.2], [v.sub.5]) = 0.8, t([v.sub.0] , [v.sub.3], [v.sub.2], [v.sub.5]) = 0.7, t([v.sub.0] , [v.sub.3], [v.sub.4], [v.sub.5]) = 0.7).

4.4. Routing Metrics. In practical applications, routing metrics may include both trust metric that can ensure the security of the network and QoS metrics which are used for improving the service quality. So the routing metrics of a path p can be denoted by r(p) [??] (t(p), [q.sub.1](p), [q.sub.2](p) ... [q.sub.n](p)), where [q.sub.1](p), [q.sub.2](p) ... [q.sub.n](p) are different QoS metrics of the path p. As described above, the different calculation method of routing metrics, such as trust metrics, may effect the results of routing selection. In order to avoid interfering with the design of routing algorithms, we introduce a mathematical theory called semiring in this paper. The rigorous mathematical proof and mathematical properties of semiring were proposed in [7, 18].

Definition 1. A semiring is an algebraic structure (S, [direct sum], [cross product], [bar.0], [bar.1], [less than or equal to]), where S is a set. [direct sum], [cross product], and [less than or equal to] are operators with the following properties.

(i) [direct sum] is commutative and associative. For [direct sum], [bar.0] is a neutral element:

a [direct sum] b = b [direct sum] a,

(a [direct sum] b) [direct sum] c = a [direct sum] (b [direct sum] c) ,

a [direct sum] [bar.0] = a. (9)

(ii) [cross product] is associative. For [cross product], [bar.1] is a neutral element and [bar.0] is an absorbing element:

(a [cross product] b) [cross product] c = a [cross product] (b [cross product] c) ,

a [cross product] [bar.0] = [bar.0],

a [cross product] [bar.1] = a. (10)

(iii) [less than or equal to] is an order relation with respect to the operators:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (11)

Definition 2. A semiring of trust is an algebraic structure (T, [[direct sum].sub.T], [[cross product].sub.T], [[bar.0].sub.T], [[bar.1].sub.T], [less than or equal to]), where T is the set of trust metric which defines the process of operators. [[cross product].sub.T] and [[direct sum].sub.T] represent an operator to concatenate trust metric along a path and aggregate trust metric across paths, respectively.

Definition 3. A semiring of QoS is an algebraic structure (Q, [[direct sum].sub.Q], [[cross product].sub.Q], [[bar.0].sub.Q], [[bar.1].sub.Q], [less than or equal to]), where Q is the set of QoS metric. [[cross product].sub.Q] and [[direct sum].sub.Q] represent an operator to concatenate QoS metric along a path and aggregate QoS metric across paths, respectively.

4.5. Routing Selection. By utilizing the theory of semirings, we can conveniently describe the selection of the optimal route. For example, if we want to choose the most trusted path p([v.sub.1], [v.sub.n]) in the network, the optimal route is given by

p*([v.sub.1], [v.sub.n]) = [[direct sum].sub.T] [t (p ([v.sub.1], [v.sub.k])) [[cross product].sub.T]t (p ([v.sub.k], [v.sub.n]))] , (12)

where k [member of] p([v.sub.1], [v.sub.n]). We assume that the trust of the path is computed by (7). Therefore, the operator [[cross product].sub.T] stands for "x" and the operator [[direct sum].sub.T] represents "max(*)". Similarly, if we want to find the path with minimum delay, the optimal route can be described as below:

p*([v.sub.1], [v.sub.n]) = [[direct sum].sub.D] [d (p ([v.sub.1], [v.sub.k])) [[cross product].sub.D]d (p ([v.sub.k], [v.sub.n]))] , (13)

where k [member of] p([v.sub.1], [v.sub.n]). d is the delay time of a path. [[cross product].sub.D] and [[direct sum].sub.D] represent "+" and "min(*)", respectively.

Then, we can propose the routing algorithm which considers diverse routingmetrics. We assume that V is the set of all the nodes in the network and V* is the set of nodes that have optimal routes to the destination node. When a source node [v.sub.i] [member of] V - V* wants to find its optimal route to the destination node [v.sub.n], it should first sort the routing metrics based on their priorities. We define the priority assignment of routing metrics as [??](p([v.sub.i], [v.sub.n])) [??] ([q.sub.0], [q.sub.1], ... , [q.sub.m]). [q.sub.0] has the highest priority ([q.sub.0] [greater than or equal to] [q.sub.1] [greater than or equal to] ... [q.sub.m]). In our model, we think that the QoS of networks should be improved under the premise of security assurance. Consequently, we set [q.sub.0] = t(p). Then the source node [v.sub.i] traverses its forwarding set [GAMMA]([v.sub.i]) which is the set of candidate nodes chosen to forward packets in order to evaluate the trust of path p([v.sub.i], [v.sub.n]). We define a threshold of path trust as t(p([v.sub.i], [v.sub.n]))th. If any path trust value ([v.sub.i], p([v.sub.k], [v.sub.n]), [v.sub.k] [member of] [GAMMA]([v.sub.i])) is greater than the threshold, it will be added into the candidate set of the optimal paths [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] If no one can satisfy the security requirements of paths, node [v.sub.i] cannot find the optimal route to node [v.sub.n] and will be disconnected from the network. Similarly, node [v.sub.i] should traverse the route selection process measured by other QoS metrics. Finally, the optimal route from node [v.sub.i] to node [v.sub.n] can be selected, which is denoted by p*??([v.sub.i], [v.sub.n]). The specifics of our routing algorithm are shown in Algorithm 1.

ALGORITHM 1: Routing algorithm.

(1) Process Initialization
(2) [G.sup.*.sub.R](V, [E.sub.R], r) = [v.sub.n], [v.sub.n] is the
    destination node
(3) Add [v.sub.n] to V*, V* represents the set of nodes that have
    optimal routes to [v.sub.n]
(4) while V [not equal to]V* do
(5)   for all node [v.sub.i] [member of] V-V* do
(6)     Sort r(p([v.sub.i], [v.sub.n]))
(7)     Obtain [??](p([v.sub.i], [v.sub.n])) [??] ([q.sub.0],
        [q.sub.1], ... , [q.sub.m])
(8)     where [q.sub.0] = t(p([v.sub.i], [v.sub.n]))
(9)     for all [v.sub.k] [member of] [GAMMA]([v.sub.i]) do
(10)      if t ([v.sub.i], [v.sub.k]) [[cross product].sub.T]t (p
          ([v.sub.k], [v.sub.n])) [greater than or equal to] t
          [(p([v.sub.i], [v.sub.n])).sub.th] then
(11)         Add [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]
(12)      end if
(13)    end for
(14)    if [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] then
(15)       [v.sub.i] is disconnected from the network
(16)       Continue;
(17)    end if
(18)    for j = 1; j < m; j + + do
(19)        [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]
(20)        where [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]
(21)    end for
(22)    if [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] then
(23)       [v.sub.i] is disconnected from the network
(24)       Continue;
(25)    else
(26)       Add [v.sub.i] to V*
(27)       Add [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]
(28)       return [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]
(29)    end if
(30)  end for
(31) end while
(32) END Process


5. The Scheme of TSRF

5.1. Routing Strategy. Generally, the routing protocols in WSNs have to meet strict energy saving and security requirements. In this section, we propose a lightweight and secure routing scheme which does not rely on specific routing protocols. Figure 2 shows an example on how a source node ([v.sub.0]) finds the optimal route to the destination node ([v.sub.11]). The detailed procedure of our trust-ware routing protocol works as follows.

Step 1. When the source node [v.sub.0] prepares to send packets to the destination node [v.sub.11], node [v.sub.0] initializes the trust derivation process and sends a trust request packet to its neighbor nodes (e.g., node [v.sub.2]). The trust request is a 6ary tuple, and is denoted as TR = <[s.sub.id] , [t.sub.id], t[(p).sub.th], ts, s, hl>, where [s.sub.id] is the evaluating node's ID and [t.sub.id] is the evaluated nodes' ID. t[(p).sub.th] represents the threshold of path trust. ts is the timestamp and s stands for the sequence number of trust request packet. hl denotes the hop limit of trust request packet. To reduce the overhead of trust derivation procedure, the hop limit value of the trust request packet should be set to one. This value should be decremented by one every time the trust request packet is forwarded if it is not zero. In this example, [s.sub.id] is equal to node [v.sub.0] 's ID and [t.sub.id] is equal to node [v.sub.2]'s ID. Node [v.sub.2] that receives the trust request packet should first check if it has already received the same request. If it has, the request should be immediately discarded. If not, the node should broadcast this trust request to all its neighbors.

Step 2. When receiving the trust request packet, the nodes except the evaluating one should check whether the evaluated node is its neighbor (node [v.sub.0] will simply discard this request as it is the source of the trust request). If not, it remains silent. Otherwise, the nodes ([v.sub.1], [v.sub.3] and [v.sub.6]) may unicast a trust reply to the evaluating node ([v.sub.0]) through the existing reverse routes. Then, these nodes will drop the broadcast trust request packets if the hop limit value is equal to zero.

Step 3. After obtaining the recommendations provided by the neighbors of the evaluated node, the evaluating node [v.sub.0] computes the trust value by combining direct trust with indirect trust. Then, node [v.sub.0] can determine whether the evaluated node [v.sub.2] should be trusted according to the required path trust constraint. The method of trust computation is described in Section 4. Similarly, node [v.sub.0] can find a trusted forwarding set ([v.sub.2], [v.sub.3]) and send the route request to these nodes in the forwarding set.

Step 4. If an intermediate trusted node that receives the route request has the optimal route to the destination node, it will send a route reply to the source node. Then, the source node [v.sub.0] can find the optimal route to the destination node [v.sub.11]. Go to Step 6. If not, the intermediate trusted node will repeat Steps 1-3 to find the next trusted one.

Step 5. Once the route request hits the destination, the destination node [v.sub.11] will send a route reply to the source node [v.sub.0] via the selected reverse route. The routing algorithm is described in Algorithm 1.

Step 6. Finally, node [v.sub.0] can send data packets to node [v.sub.11] through the optimal route.

From the previously mentioned descriptions, we can see that the direct trust derivation process which is based on the direct observations of evaluating node will not produce much communication cost, because it mainly relies on its own detection system. By contrast, the recommendation mechanism is closely related to the communication overhead due to the packet interactions. In this paper, we only choose the recommendations provided by the neighbor nodes of the evaluated one. Because most malicious behaviors can be detected by the neighbors and this mechanism can obviously reduce the overhead of trust derivation. In addition, the whole trust derivation procedure can be monitored by the evaluating node in our scheme. In this case, if a selfish node does not participate in recommendation mechanism for its battery saving, its trust value will be degraded in our trust model and finally be evicted from the network.

5.2. Route Maintenance. When a newly node joins the network, its behavior will be evaluated by its neighbors. As shown in Figure 2, the established route is ([v.sub.0] , [v.sub.2], [v.sub.6] , [v.sub.11]). In our model, only the upstream node can launch the route maintenance procedure of the downstream node (e.g., [v.sub.2] is the upstreamnode of [v.sub.6]). Each time a transaction takes place, the direct trust of node [v.sub.6] for node [v.sub.2] will be immediately updated. If the variation of direct trust value of node [v.sub.6] for node [v.sub.2] is greater than the trust update threshold [tau] ([DELTA]dt([v.sub.2], [v.sub.6]) > [tau]), node [v.sub.2] will launch the trust evaluation process for node [v.sub.6] . The trust evaluation process is similar to the procedure of our trust-ware routing scheme (from Step 1 to Step 3). If the trust value of node [v.sub.6] for node [v.sub.2] cannot meet the required path trust constraint, node [v.sub.2] will send a routing update packet to the source node [v.sub.0] via the reverse route. When receiving this routing update packet, node [v.sub.0] starts the process of finding the new optimal route.

6. Simulation Results and Performance Evaluation

In this section, the NS-2 simulator [44] is used to evaluate the performance of TSRF. Our simulations model a network consisting of 100 sensor nodes placed randomly within a 200m x 200m area. We define two types of sensor nodes in the simulations: well-behaved nodes and malicious nodes. The malicious nodes can launch greyhole, tampering, on-off, and bad mouth attacks in the simulated scenarios. We first consider the impact on the network caused by each attack; then the case that all the four attacks are launched simultaneously is also be analyzed. All the default simulation parameters that we have chosen are summarized in Table 2.

The simulations can be divided into two parts. First, we analyze the effect of attacks on our scheme by introducing several common attacks into the network. Then, we further discuss the effectiveness and security of our proposed scheme by comparing the performance of TSRF with other trust-based mechanisms in routing protocols.

6.1. The Effect of Attacks on TSRF. We first assume that the malicious nodes launch greyhole attacks (drop 50% packets) and then analyze their impact on the average packet delivery ratio of the network. As shown in Figure 3, the average packet delivery ratio is close to 100% when there are no attacks in the network. However, if there are some malicious nodes launching greyhole attacks (from 10 s), the average packet delivery ratio will suffer a degradation. By introducing TSRF into the classic routing protocol in WSNs (GPSR), the average packet delivery ratio significantly increases as the elapse of simulation time. Because our scheme can help source nodes find trusted routes that exclude the influence of greyhole attackers to the destination node. Furthermore, the threshold of path trust is a critical factor for the trust evaluation process in our design. The higher threshold of path trust (0.4) will lead to a higher packet delivery ratio as it can promote the trust evaluation systems to detect the malicious nodes more quickly. If the network can seize all the behavior of the node correctly, the higher the threshold of path trust we choose, the higher packet delivery ratio can be obtained. However, it is almost impossible to realize it in actual conditions as an error probability of detection may exist in the detection mechanisms. In this case, an unreasonably high value of path trust constraint may cause error trust evaluation events. Consequently, the threshold of path trust should be reasonably selected in the context of different applications. We can get a similar conclusion when the malicious nodes launch message tampering attacks (prevent the valid packets from reaching the destination by modifying the content of packets) in the simulation, which is illustrated in Figure 4.

As shown in Figure 5, the trust value typically grows over time if no abnormal behavior occurs (from 30 s to 70 s). However, the trust value decreases significantly when the malicious nodes launch on-off attacks (from 75 s to 95 s). Generally, we can find that the lower proportion of on-off behavior (20%) makes the malicious node gain a relatively higher reputation. As an adaptive exponential decay time factor is introduced into our trust evaluation model, the negative assessment will decay more slowly than the positive one. Compared with the trust evaluation process without considering the decay time factor, our proposed scheme can provide better resistance capability against on-off attacks. By utilizing TSRF, the on-off attacker is difficult to build a good reputation or get rid of bad reputation, which requires a long-time interaction and consistent well-behaved behavior of nodes. For example, the trust value of malicious nodes that launch on-off attacks is 0.51 without introducing the adaptive decay time factor, while the trust value of them is equal to0.29 measured by TSRF (the proportion of malicious behavior = 0.5, at 90s).

We also proposed an inconsistency check scheme to provide protection against bad mouth attacks, which is illustrated in Figure 6. In the simulation, the bad mouth attackers provide negative/positive recommendation information about well-behaved/malicious behavior. Consequently, the trust value is relatively low when assessing well-behaved behavior (from 30 s to 70 s) under bad mouth attacks, and vice versa. More bad mouth attackers (the proportion of bad mouth attackers = 0.5) may cause a greater impact on trust evaluation process than less ones do (the proportion of bad mouth attackers = 0.25). In this case, our inconsistency check scheme can filter out most of false recommendations as they normally have a significant difference (higher or lower) from the ones provided by well-behaved nodes. Finally, the accuracy of trust evaluation can be improved by adopting the proposed inconsistency check scheme.

6.2. The Effectiveness and Security of TSRF. The procedure of route establishment mainly includes trust derivation and traditional route discovery schemes. In this paper, we proposed a lightweight trust derivation scheme which does not rely on specific routing protocols. We first introduce TSRF into BAR routing protocol and compare its overhead with some conventional trust derivation schemes such as flooding and flooding with hop limit methods. Then, the time spent on routing establishment is also studied by introducing TSRF into GPSR routing protocol.

Routing overhead is an important factor we should consider when designing routing protocol forWSNs. In Figure 7, we can see that the routing overhead of flooding is much higher than the other three schemes due to its large number of broadcast and rebroadcast packets. The overhead of BAR without security mechanisms and flooding method remains stable as the former mainly depends on network uptime, while the latter depends on the number of nodes in the network. Imposing hop limit in flooding or using our trust derivation approach in TSRF can significantly reduce the routing overhead of the network with security mechanisms. Comparing the two improved schemes, when the average number of neighbor nodes is small, these two schemes produce similar overhead. However, the routing overhead produced by the formerwill growwith the increasing number of neighbor nodes (node density). In contrast, the overhead produced by TSRF remains relatively stable throughout. For example, when the average number of neighbor nodes is equal to 14, our approach saves 79.4% of routing overhead than flooding with 2-hop limit. More saving can be expected for denser networks.

Figure 8 represents the different time spent to complete the routing establishment process between TSRF and other mechanisms. It is clear that latency performance exhibits similar phenomena as those in routing overhead, with more obvious advantages over other schemes. For example, compared with the flooding with 2-hop limit, our scheme can save 32.2% of time when the average number of neighbor nodes is equal to 14.

To validate the security of TSRF, we assume that malicious nodes will launch greyhole, tampering, on-off, and bad mouth attacks on the network (from 20s). The probability of each one is 25%. In the simulation, we vary the number of malicious nodes and analyze their effects on the average packet delivery ratio. As shown in Figure 9, more malicious nodes will indeed cause greater damage to the network. TSRF can offer an effective solution to these attacks. By introducing TSRF into existing routing protocol, the average packet delivery ratio has increased constantly, because TSRF will quickly launch a route update procedure to find a trusted route when detecting malicious intermediate nodes in the previous path.

TSR [23] is a trust evaluation scheme that only considers the direct trust value. We compare its performance with our proposed scheme when introducing them into the same routing protocol. The correctness of the trust evaluation is based on the accuracy of intrusion detection mechanisms. If all the behavior of nodes can be detected accurately, the indirect trust data are not necessary. However, it is almost impossible to realize it in actual conditions. Consequently, we take an error probability of detection into account and set it to 0.1. In Figure 10, we can see that the average packet delivery ratio will suffer a significant degradation when malicious nodes launch attacks on the network (from 20 s). As some error detecting events may occur in the simulated scenarios, TSRF can improve the security of the network compared with TSR. This situation is more obvious when the number of malicious nodes increases. Because TSRF both take direct trust and indirect trust into consideration, which can provide better resistance capability for error detecting events.

7. Conclusion and Future Work

In this paper, we first analyzed characteristics of various attacks on trust-based routing protocols. Then, we proposed a lightweight trust computation and trust derivation scheme to deal with these attacks. By utilizing the semirings theory, an optimized routing algorithm was also presented which considered the combination of trust metric and other QoS metrics. Compared with some traditional trust-ware mechanisms, the simulation results showed that TSRF had a wide applicability and could improve the performance of the network under the premise of security assurance, especially in a dense networks.

In the future, we plan to design distributed intrusion detection systems for WSNs which can both enhance the accuracy of trust evaluation and improve the security of WSNs.

http://dx.doi.org/10.1155/2014/209436

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of the paper.

Acknowledgments

This work was supported in part by National Basic Research Program of China ("973 program") (2013CB329101), National Natural Science Foundation of China (NSFC) under Grant (no. 61201204, no. 61100217, no. 61100219), SRFDP (20110009120004), and in part by the Basic Research Supporting of Beijing Jiaotong University under Grant no. 2012JBM011.

References

[1] T. Watteyne and K. S. J. Pister, "Smarter cities through standards-based wireless sensor networks," IBMJournal of Research and Development, vol. 55, no. 1-2, pp. 7-10, 2011.

[2] Y. Cao, C. Xu, J. Guan, F. Song, and H. Zhang, "Environment-aware CMT for efficient video delivery in wireless multimedia sensor networks," International Journal of Distributed Sensor Networks, vol. 2012, Article ID 381726, 12 pages, 2012.

[3] B. C. Villaverde, S. Rea, and D. Pesch, "InRout-a QoS aware route selection algorithm for industrial wireless sensor networks," Ad Hoc Networks, vol. 10, no. 3, pp. 458-478, 2012.

[4] D. A. Tran and H. Raghavendra, "Congestion adaptive routing in mobile ad hoc networks," IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 11, pp. 1294-1305, 2006.

[5] H.-X. Tan, M.-C. Chan, W. Xiao, P.-Y. Kong, and C.-K. Tham, "Information quality aware routing in event-driven sensor networks," in Proceedings of the IEEE INFOCOM, March 2010.

[6] M. Zhang, C. Xu, J. Guan, R. Zheng, Q. Wu, and H. Zhang, "A novel physarum-inspired routing protocol for wireless sensor networks," International Journal of Distributed Sensor Networks, vol. 2013, Article ID483581, 12 pages, 2013.

[7] C. Zhang, X. Zhu, Y. Song, andY. Fang, "Aformal study of trust-based routing in wireless ad hoc networks," in Proceedings of the IEEE INFOCOM, March 2010.

[8] L. Abusalah, A. Khokhar, and M. Guizani, "A survey of secure mobile Ad hoc routing protocols," IEEE Communications Surveys & Tutorials, vol. 10, no. 4, pp. 78-93, 2008.

[9] Y. Zhou, Y. Fang, and Y. Zhang, "Securing wireless sensor networks: a survey," IEEE Communications Surveys & Tutorials, vol. 10, no. 3, pp. 6-28, 2008.

[10] D. Djenouri, L. Khelladi, and N. Badache, "A survey of security issues in mobile ad hoc networks," IEEE Communications Surveys, vol. 7, no. 4, pp. 2-28, 2005.

[11] S. Paris, C. Nita-Rotaru, F. Martignon, and A. Capone, "EFW: a cross-layer metric for reliable routing in wireless mesh networks with selfish participants," in Proceedings of the IEEE INFOCOM, pp. 576-580, April 2011.

[12] S. Buchegger and J.-Y. Le Boudec, "Performance analysis of the CONFIDANT protocol (Cooperation of nodes: Fairness in dynamic ad-hoc networks)," in Proceedings of the 3rd ACM International Symposium on Mobile Ad Hoc Networking and Computing (MOBIHOC '02), pp. 226-236, June 2002.

[13] J. J. Garcia-Luna-Aceves and M. Spohn, "Source-tree routing in wireless networks," in Proceedings of the 7th International Conference on Network Protocols (ICNP '99), pp. 273-282, November 1999.

[14] J. Cordasco and S. Wetzel, "Cryptographic versus trust-based methods for MANET routing security," Electronic Notes in Theoretical Computer Science, vol. 197, no. 2, pp. 131-140, 2008.

[15] S. G. Yoo, K. Y. Park, and J. Kim, "A security-performance-balanced user authentication scheme for wireless sensor networks," International Journal of Distributed Sensor Networks, vol. 2012, Article ID382810, 11 pages, 2012.

[16] M. L. Das, "Two-factor user authentication in wireless sensor networks," IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1086-1090, 2009.

[17] P. Ning, A. Liu, and W. Du, "Mitigating DoS attacks against broadcast authentication in wireless sensor networks," ACM Transactions on Sensor Networks, vol. 4, no. 1, article no. 1, 2008.

[18] G. Theodorakopoulos and J. S. Baras, "On trust models and trust evaluation metrics for ad hoc networks," IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 318-328, 2006.

[19] G. Zhan, W. Shi, and J. Deng, "Design and implementation of TARF: a trust-aware routing framework for WSNs," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 2, pp. 184-197, 2012.

[20] A. A. Pirzada, C. McDonald, and A. Datta, "Performance comparison of trust-based reactive routing protocols," IEEE Transactions on Mobile Computing, vol. 5, no. 6, pp. 695-710, 2006.

[21] X. Li, Z. Jia, P. Zhang, R. Zhang, and H. Wang, "Trust-based on-demand multipath routing in mobile ad hoc networks," IET Information Security, vol. 4, no. 4, pp. 212-232, 2010.

[22] J.-H. Cho, A. Swami, and I.-R. Chen, "A survey on trust management for mobile ad hoc networks," IEEE Communications Surveys and Tutorials, vol. 13, no. 4, pp. 562-583, 2011.

[23] H. Xia, Z. Jia, X. Li, L. Ju, and E. H.-M. Sha, "Trust prediction and trust-based source routing in mobile ad hoc networks," Ad Hoc Networks, vol. 11, no. 7, pp. 2096-2114, 2013.

[24] M. G. Zapata and N. Asokan, "Securing ad hoc routing protocols," in Proceedings of the 1st ACM Workshop on Wireless Security, pp. 1-10, September 2002.

[25] D. Cerri and A. Ghioni, "Securing AODV: the A-SAODV secure routing prototype," IEEE Communications Magazine, vol. 46, no. 2, pp. 120-125, 2008.

[26] Y. Wang, G. Attebury, and B. Ramamurthy, "A survey of security issues in wireless sensor networks," IEEE Communications Surveys & Tutorials, vol. 8, no. 2, pp. 2-22, 2006.

[27] J. Cordasco and S. Wetzel, "Cryptographic versus trust-based methods for MANET routing security," Electronic Notes in Theoretical Computer Science, vol. 197, no. 2, pp. 131-140, 2008.

[28] P. Narula, S. K. Dhurandher, S. Misra, and I. Woungang, "Security in mobile ad-hoc networks using soft encryption and trust-based multi-path routing," Computer Communications, vol. 31, no. 4, pp. 760-769, 2008.

[29] K.-S. Hung, K.-S. Lui, and Y.-K. Kwok, "A trust-based geographical routing scheme in sensor networks," in Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC '07), pp. 3125-3129,March 2007.

[30] M. E. Mahmoud and X. Shen, "Trust-based and energy-aware incentive routing protocol for multi-hop wireless networks," in Proceedings of the IEEE International Conference on Communications (ICC '11), June 2011.

[31] M. Mohi, A. Movaghar, and P. M. Zadeh, "A bayesian game approach for preventing DoS attacks in wireless sensor networks," in Proceedings of the IEEE International Conference on Communications andMobileComputing (CMC'09), pp. 507-511, January 2009.

[32] C. Karlof and D. Wagner, "Secure routing in wireless sensor networks: attacks and countermeasures," Ad Hoc Networks, vol. 1, no. 2-3, pp. 293-315, 2003.

[33] Y. Yu, K. Li, W. Zhou, and P. Li, "Trust mechanisms in wireless sensor networks: attack analysis and countermeasures," Journal of Network and Computer Applications, vol. 35, no. 3, pp. 867-880, 2012.

[34] K. Ren, T. Li, Z. Wan, F. Bao, R. H. Deng, and K. Kim, "Highly reliable trust establishment scheme in ad hoc networks," Computer Networks, vol. 45, no. 6, pp. 687-699, 2004.

[35] T. Zahariadis, P. Trakadas, H. C. Leligou, S. Maniatis, and P. Karkazis, "A novel trust-aware geographical routing scheme for wireless sensor networks," Wireless Personal Communications, vol. 69, no. 2, pp. 805-826, 2013.

[36] L. Abusalah, A. Khokhar, andM. Guizani, "Trust aware routing in mobile ad hoc networks," in Proceedings of the IEEE Telecommunications Conference (GLOBECOM '06), pp. 1-5, December 2006.

[37] S. R. Zakhary and M. Radenkovic, "Reputation-based security protocol for MANETs in highly mobile disconnection-prone environments," in Proceedings of the 7th International Conference on Wireless On-demand Network Systems and Services (WONS '10), pp. 161-167, February 2010.

[38] Y. L. Sun, Z. Han, W. Yu, and K. J. R. Liu, "A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks," in Proceedings of the 25th IEEE International Conference on Computer Communications (INFOCOM '06), pp. 1-13, April 2006.

[39] S. Marti, T. J. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehavior in mobile ad hoc networks," in Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (MOBICOM'00), pp. 255-265, ACM, August 2000.

[40] J. Lopez, R. Roman, I. Agudo, and C. Fernandez-Gago, "Trust management systems for wireless sensor networks: best practices," Computer Communications, vol. 33, no. 9, pp. 1086-1093, 2010.

[41] J.Duan, D. Gao, C. H. Foh, andH.Zhang, "TC-BAC: a trust and centrality degree based access control model in wireless sensor networks," Ad Hoc Networks, vol. 11, no. 8, pp. 2675-2692, 2013.

[42] Y. L. Sun, W. Yu, and Z. Han, "Information theoretic framework of trust modeling and evaluation for ad hoc networks," IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 305-315, 2006.

[43] B. Karp and H. T. Kung, "GPSR: greedy perimeter stateless routing for wireless networks," in Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (MOBICOM '00), pp. 243-254, ACM, August 2000.

[44] K. Fall and K. Varadhan, "The ns Manual,"The VINT Project 1, 2002.

Junqi Duan, Dong Yang, Haoqing Zhu, Sidong Zhang, and Jing Zhao

National Engineering Laboratory for Next Generation Internet Interconnection Devices, School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China

Correspondence should be addressed to Dong Yang; dyang@bjtu.edu.cn

Received 5 August 2013; Accepted 28 November 2013; Published 8 January 2014

Academic Editor: Yuan He

TABLE 1: Attacks on routing protocols in WSNs.

Attacks      Internal   External   Active   Passive

Blackhole    [check]       x       [check]     x

Greyhole     [check]       x       [check]     x

Sinkhole     [check]       x       [check]     x

Wormhole     [check]       x       [check]     x

Sybil        [check]       x       [check]     x

DoS          [check]    [check]    [check]     x

Sniffing        x       [check]      x      [check]

Tampering    [check]       x       [check]     x

Replay       [check]    [check]    [check]     x

Attacks        Effectiveness      Effectiveness
              of cryptography     of trust-based
             and authentication     mechanisms
                 mechanisms

Blackhole            x               [check]

Greyhole             x               [check]

Sinkhole             x               [check]

Wormhole             x               [check]

Sybil             [check]               x

DoS               [check]            [check]

Sniffing          [check]               x

Tampering            x               [check]

Replay               x               [check]

Attacks      Aggressive behavior

Blackhole    Discard all the routing packets

Greyhole     Drop part of routing packets

Sinkhole     Spoof or replay an extremely high quality route
             advertisement to attract the nearby traffic

Wormhole     Distort the network topology by making two distant
             nodes convince that they are only one or two hops away

Sybil        Manipulate route discovery and route maintenance
             by creating several fake IDs

DoS          Flood the network with a huge amount
             of routing packets

Sniffing     Eavesdrop routing information

Tampering    Tamper routing packets

Replay       Replay the received routing packets

TABLE 2: Simulation parameters.

Parameters                                 Values

Simulation time                             500 s
Monitoring area                      200 x 200 [m.sup.2]
Number of nodes                              100
Communication Range                         40 m
Packet Interval                              5s
Length of data packet                     100 bytes
Routing protocol                     GPSR [43] & BAR 30]
MAC layer protocol                      IEEE 802.15.4
Initial trust value                          0.5
Distrust interval                         [0, 0.4)
Error probability of detection               0.1
The proportion of malicious nodes            20%
P{a)                                        0.01
N(a)                                        -0.1
[gamma]1,[gamma]2                        0.90, 0.99
[alpha], [epsilon]                        0.7, 0.15
                                         min(*), 0.4
COPYRIGHT 2014 Sage Publications, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Research Article
Author:Duan, Junqi; Yang, Dong; Zhu, Haoqing; Zhang, Sidong; Zhao, Jing
Publication:International Journal of Distributed Sensor Networks
Article Type:Report
Date:Jan 1, 2014
Words:10741
Previous Article:Development of energy-efficient routing protocol in wireless sensor networks using optimal gradient routing with on demand neighborhood information.
Next Article:An anonymous routing protocol with authenticated key establishment in wireless ad hoc networks.
Topics:

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters