Scalable Trust-Based Secure WSNs

In this paper, we consider the scalable of wireless sensor networks with trust-based security. In our setting, the nodes have limited capability so that heavy computations are not suitable. So public key cryptographic algorithms are not allowed. We focus on the scalability of the network and proposed new testing algorithms and evaluation algorithms to test new nodes added, which give them reasonable values of trust. Based on these algorithms, we proposed new components for trust management system of wireless sensor networks.

There are different types of WSN architectures out there like hierarchical model, but we will be using the conventional architecture of a WSN which consists of all nodes having equal priority. The main reason for choosing this model is ease of scalability and rapid deployment. Conventional model does not require higher energy level Cluster Heads, so the hassle to integrate this node into a WSN is eliminated. We also need to manufacture only one type of Sensor. Our paper mainly focuses on rapid scalability of a WSN. Some of the applications are in Time Critical scenarios where deployment needs to be quick and hassle free. For example, we need to deploy a node in the emergency of a forest fire or we need to deploy a sensor network on the battlefield. There are existing digital signature authentication techniques in use but can be compromised if they fall in the wrong hands. Keys can be stolen from a sensor easily and then a hostile node with the same key can then be introduced into the network. Also some digital signatures use public key style algorithms that is not suitable for our hardware.
One possible node authentication technique is observing the behavior of the node for a given time frame. We can run a couple of tests to see how the new node behaves. In this way we can conclude if the node is friendly or hostile. A hostile node will fail the test since it will probably drop packets, alter messages, delay messages, etc. However, this test will be a rigorous test which may consume a large amount of energy of the new node. So the new node cannot set a time frame in which it acts honest since the test will drain all its energy which may lead to a dead node. In this paper, we propose a new method to authenticate new nodes for a WSN. The proposed algorithm uses an efficient hash function and the testing message is simple and short. This method can be a useful component of a trust management system for a scalable trust-based secure WSNs.
The rest of this paper are arranged as follows. In Section 2 we briefly review some related work. Section 3 introduces the model of our system and some techniques we will use in our algorithm. Section 4 gives our algorithms. Finally, Section 5 gives a brief summery of this paper.

Related Work
The paper [1] contains information on behavior evaluation of nodes in order to calculate trust for all nodes in the network. This paper describes that a general behavior evaluation process consists of four steps: expectation definition, actual output observation, difference calculation, and normalization of various task-specific evaluation. Out of these observations, behavior evaluation in routing and behavior of data processing is observed. Behavior evaluation in routing consists of tracking how successfully the packets were delivered. This is measured by two discrete values good or bad. While data processing consists of analyzing the quality of data reported by the node. These observations are then combined by two proposed combination frameworks, Bayesian Inference and Dempster-Shafer Theory of Evidence.
Another mechanism of determining misbehaving nodes using Watchdog has been explained in the paper [2] and [3]. A Watchdog mechanism has been proposed in these papers to locate misbehaving nodes by studying its behavior. As the name suggests the sending node listens to its neighboring node which is responsible for sending packet to the next node. It can detect if the packet has not been sent or the packet has been tampered. In watchdog a buffer has been implemented that holds recently sent packets. This buffer is then compared with overhead packets to check if they match. If a node remains in the buffer for a long time then it is assumed to have failed in forwarding the packet. Watchdog's weaknesses are that it might not detect a misbehaving node in the presence of ambiguous collisions, receiver collisions, limited transmission power, false misbehavior, collusion, and partial dropping. For the watchdog to work properly, it must know where a packet should be in two hops.
In the paper [4], the authors propose implementation of a separate set of designated supervising nodes. This node will solely be responsible for monitoring traffic of nodes within their range. It will thus study the behavior and data related operations of nodes and make their evaluations available to other sensors within the network. Their proposal combines certificate-based and behavior-based trust evaluations.
All the above work are based on a flat WSN architecture which is not scalable. [5] proposed a hierarchical dynamic trust management protocol for cluster-based WSNs, considering both social trust and QoS trust. [6] and [2] discused trust based security management and a survey of sensor network security is given in [7].

System Model
We consider a general WSN, which consists of a powerful base station (or sink) and randomly deployed sensor nodes. The power and resource of the nodes are limited. Sensor nodes are monitoring or collecting information over a field. Data are forwarded to the base station along the network. The security of the network are based on trust management schemes as those in [5] [8]. Because of the environment of the field changing, the WSN needs extension or change. So new nodes will be deployed and these new nodes need to join the network. The new nodes are also randomly deployed.
In this paper, we will not consider how to initial the network and how to establish trust-based security when the network formed. Rather, we focus on how to handle the change of the network while still keep the trust-based security. We will propose some method to establishing trust relationships between the new nodes and the existing nodes. So basically, our method will increase the scalability of the trust-based secure WSNs. In our model, the hardware of the nodes are lightweight. So it is not suitable for a node to perform complicated computations, which is a usually property of trust-based secure WSNs.

Trust Parameter
Along with the authentication protocol we need a mechanism to calculate trust value. The parameter that will used to decide if the node is malicious or not is the Trust Parameter. We will adapt the basic idea of the trust parameter as proposed by Fenye Bao, Ing-Ray Chen, MoonJeong Chang, and Jin-Hee Cho in [5]. The parameters are as follows: The value of ij T denote the trust value that node i evaluates towards node j at time t and i w are weights in the range of [0,1] , where 1 2 3 4 = 1 w w w w + + + . This parameter consists four trust components. For different applications, the weight can be adjusted to fit different purposes.
The four components are as follows: 1. Intimacy: It is basically the number of interaction node i has with node j over the maximum interactions of node i with other neighboring nodes over a period of time.
2. Honesty: This is the experience that node i has experienced with node j by direct observation. Bad experiences may involved delay in transmission, packet dropping, interval and other factors. If node j exceeds the number of dishonesty threshold, it will be considered a dishonest node.
3. Energy: This parameter is used to analyze the amount of energy a node has mostly denoted as a percentage of the amount left. This determines if node j has enough energy to perform the required operation.
4. Unselfishness: This parameter determines if node j is being selfish such as not performing reporting, data forwarding and sensing functions faithfully. Node i will use direct observations and preferably latest experience with node j to calculate this parameter.
If the node i is not the neighboring node (1-hop node) of node j then it will use its past experiences from its neighboring nodes.
To calculate the value of any component X of the above four, the following equation is used:  t is the recommendation from node k towards node j . The above is called peer-to-peer trust evaluation in [5]. The details of the evaluations are omitted here. The readers are refereed to [5].
In general, we will use the following trust parameter: Here Com is the set of trust components which depends on applications and = 1.

One-Time Password
A one-time password (OTP) system was published as RFC 2289 (which is a revision of RFC 1938). This system uses a standard hash function such as MD4, MD5 or SHA-1. To create a one-time password, server sends a challenge message to user. Then the user chooses a secret pass-phrase which consists at least 10 characters. The pass phrase is concatenated with the seed. The result of the concatenation is passed through the secure hash function N times, where N is specified by the user. The resulting digest is the one-time password record. The next one-time password to be used is generated by passing through the secure hash function 1 N − times. To authenticate the user, the server passes the password through the secure hash function once and compares the result with the stored previous OTP. If the result of the operation matches the previous OPT, the authentication is successful and the accepted one-time password is stored for future use. In this way, a passphrases can be used for 1 N − times. The security of this system depends on the hash function's one-way property. The seed used here enables the user to use the same secret pass-phrase for different machines.
In our application, we use the basic idea of OTP for our purpose, but not as password. Since we just need the one-way property of the hash function, we use relatively efficient hash function MD5 denoted as h .
In a new node s , the following messages are installed before deployment:

The Scalable WSNs
The scalability of WSNs mostly depends on how the network evaluate the trust of newly added nodes. We can divide the initialization of the trust for the new nodes into two categories. One is using public key based cryptography. This method requires more on hardwares. Some kind of Trusted Platform Module cryptoprocessor chips are proposed (e.g., see [9]- [11]). This paper focus on more constrained devices, where public key systems are not suitable. Velloso et al in [12] have a brief discussion about the scalable ad hoc networks. In this paper, we investigate some detailed efficient algorithms for the scalable WSNs without using public key based cryptography.
Suppose we already have a WSN which uses trust-based security. Since the environment changed or some other reasons, more new nodes are deployed, which are supposed to join the existing network. We need to keep the trust-based security of the network after the new nodes joining.

New Nodes Testing
We propose the following basic algorithm to do the new nodes testing. In what follows, , i j denote nodes (existing nodes or new nodes), s denotes a new node, S denotes the base station or sink.

Evaluate Neighbors
Now we need some algorithms to let a new node estimate the trust value of its neighbor nodes, especially for the old nodes. One simple method is to use the above algorithm. We can change the above algorithm so that the old nodes are not distinguish from new nodes. One disadvantage of that method is that the station needs to broadcast information for every node. If the existing network is small, then that method is fine. However, if the network is big, then the station will broadcast big amount of messages. Note that the broadcast normally is done by the nodes in the network forwarding to the neighbors. So this method will consume a lot of energy of the network.
We outline the following algorithm for a new node to evaluate the neighbors.   The purpose of using majority in step 5 is to ignore possible malicious nodes sending fake evaluations. The above "majority principle" can also be used in general trust evaluation. When some formulas of Section 3.1 are used, we can just use the majority values.
For simplicity, we just divide the value of [ , ] a b into two parts. Actually, we can divide [ , ] a b into 3 or 4 equal parts and using one of these parts as Maj .

Evaluate Trust for New Nodes
The algorithm in subsection 4.1 gives some authentication information for new nodes, but not the value of trust. The results may give some positive value to some components in Com .
We will divide the components in Com into three parts. One part is full positive so the default values are full. Example for that kind of components is energy for new nodes. The second part is average so the default value is average. Example for this is unselfishness . The third part of components consists of the components related to node authentication which will depend on the results of the algorithm of Section 4.1.
Here the evaluation of trust for new nodes means the initialization of the trust of new nodes. After initialization, the new nodes are joint the network and the normal process of trust computations are performed.

Conclusion and Future Work
In this paper, we proposed new algorithms for the purpose of improving scalability of WSNs which depend on trust-based security. The main calculation of the algorithm is perform a simple hash function. The communications are short strings. So the algorithms are efficient in both time and space. For new nodes adding, the sink only needs to perform one network wide broadcast. Therefor the network energy consume of the scalable is also efficient.
The proposed algorithms can be one component of the trust management system for WSNs. In the future, we will further investigate the existing trust management systems and find out how to combine our component to the system and how to further improving. Some detailed implementations are also to be done in the future. Simulations can also used for the purpose of evaluation of our proposal.
Our current work is based on simple setting of WSNs. But the method is not difficult to be modified for other kind architectures, such as hierarchical structures. One possible future work is detailing the modification of the method for fitting other architectures.