rate set of designated supervising nodes. This
node will solely be responsible for monitoring traffic of nodes within their range. It will thus study the behavior
and data related operations of nodes and make their evaluations available to other sensors within the network.
Their proposal combines certificate-based and behavior-based trust evaluations.
All the above work are based on a flat WSN architecture which is not scalable.
[5] proposed a hierarchical dynamic trust management protocol for cluster-based WSNs, considering both
social trust and QoS trust. [6] and [2] discused trust based security management and a survey of sensor network
security is given in [7].
3. System Model
We consider a general WSN, which consists of a powerful base station (or sink) and randomly deployed sensor
A. Agrawal, R. Z. Wei
19
nodes. The power and resource of the nodes are limited. Sensor nodes are monitoring or collecting information
over a field. Data are forwarded to the base station along the network. The security of the network are based on
trust management schemes as those in [5] [8]. Because of the environment of the field changing, the WSN needs
extension or change. So new nodes will be deployed and these new nodes need to join the network. The new
nodes are also randomly deployed.
In this paper, we will not consider how to initial the network and how to establish trust-based security when
the network formed. Rather, we focus on how to handle the change of the network while still keep the
trust-based security. We will propose some method to establishing trust relationships between the new nodes
and the existing nodes. So basically, our method will increase the scalability of the trust-based secure WSNs. In
our model, the hardware of the nodes are lightweight. So it is not suitable for a node to perform complicated
computations, which is a usually property of trust-based secure WSNs.
3.1. Trust Paramet er
Along with the authentication protocol we need a mechanism to calculate trust value. The parameter that will
used to decide if the node is malicious or not is the Trust Parameter. We will adapt the basic idea of the trust
parameter as proposed by Fenye Bao, Ing-Ray Chen, MoonJeong Chang, and Jin-Hee Cho in [5]. The para-
meters are as follows:
12 34
()= ()()()()
intimacyhonesty energy unselfishness
ij ijijijij
TtwTtwTtwTtwTt+ ++
(1)
The value of
ij
T
denote the trust value that node
evaluates towards node
j
at time
t
and
i
w
are
weights in the range of
[0,1]
, where
1234
=1wwww+++
. This parameter consists four trust components. For
different applications, the weight can be adjusted to fit different purposes.
The four components are as follows:
1. Intimacy: It is basically the number of interaction node
has with node
j
over the maximum
interactions of node
i
with other neighboring nodes over a period of time.
2. Honesty: This is the experience that node
i
has experienced with node
j
by direct observation. Bad
experiences may involved delay in transmission, packet dropping, interval and other factors. If node
j
exceeds
the number of dishonesty threshold, it will be considered a dishonest node.
3. Energy: This parameter is used to analyze the amount of energy a node has mostly denoted as a percentage
of the amount left. This determines if node
j
has enough energy to perform the required operation.
4. Unselfishness: This parameter determines if node
j
is being selfish such as not performing reporting, data
forwarding and sensing functions faithfully. Node
will use direct observations and preferably latest
experience with node
j
to calculate this parameter.
If the node
i
is not the neighboring node (1-hop node) of node
j
then it will use its past experiences from
its neighboring nodes.
To calculate the value of any component
X
of the above four, the following equation is used:
,
,
(1)()()ifandare1-hop neighbors;
()= {(1)()( )},otherwise.
XXdirect
ij ij
X
ij XX recom
k Nijkj
i
Tt tTtij
Tt avgT ttTt
αα
γγ
−−∆ +
−−∆ +
(2)
where
t
is the trust update interval,
,
()
X direct
ij
Tt
is based on direct observations,
i
N
consists of nodes which
are i's 1-hop neighbor, and
,
()
X recom
kj
Tt
is the recommendation from node
k
towards node
j
.
The above is called peer-to-peer trust evaluation in [5]. The details of the evaluations are omitted here. The
readers are refereed to [5].
In general, we will use the following trust parameter:
()= ().
X
ijX ij
X Com
T twTt
(3)
Here
Com
is the set of trust components which depends on applications and
=1.
X
X Com
w
For example, in [2],
={,, ,}Comintimacy honesty energyunselfishness
.
A. Agrawal, R. Z. Wei
20
3.2. One-Time Password
A one-time password (OTP) system was published as RFC 2289 (which is a revision of RFC 1938). This system
uses a standard hash function such as MD4, MD5 or SHA-1. To create a one-time password, server sends a
challenge message to user. Then the user chooses a secret pass-phrase which consists at least 10 characters. The
pass phrase is concatenated with the seed. The result of the concatenation is passed through the secure hash
function
N
times, where
N
is specified by the user. The resulting digest is the one-time password record.
The next one-time password to be used is generated by passing through the secure hash function
1N
times.
To authenticate the user, the server passes the password through the secure hash function once and compares
the result with the stored previous OTP. If the result of the operation matches the previous OPT, the
authentication is successful and the accepted one-time password is stored for future use. In this way, a pass-
phrases can be used for
1N
times.
The security of this system depends on the hash functions one-way property. The seed used here enables the
user to use the same secret pass-phrase for different machines.
In our application, we use the basic idea of OTP for our purpose, but not as password. Since we just need the
one-way property of the hash function, we use relatively efficient hash function MD5 denoted as
h
.
In a new node
s
, the following messages are installed before deployment:
s
U
: the unique node ID of the new node
s
.
s
N
: an integer which denotes the times of hash. It is not necessary that all the nodes have different values
of
N
. Usually we can set a range for
s
N
, e.g.,
150 200N≤≤
.
s
U
P
: a random string having at least 10 characters.
These values are also stored in the base station securely.
Each node also has an MD5 algorithm.
4. The Scalable WSNs
The scalability of WSNs mostly depends on how the network evaluate the trust of newly added nodes. We can
divide the initialization of the trust for the new nodes into two categories. One is using public key based
cryptography. This method requires more on hardwares. Some kind of Trusted Platform Module crypto-
processor chips are proposed (e.g., see [9]-[11]).
This paper focus on more constrained devices, where public key systems are not suitable. Velloso et al in [12]
have a brief discussion about the scalable ad hoc networks. In this paper, we investigate some detailed efficient
algorithms for the scalable WSNs without using public key based cryptography.
Suppose we already have a WSN which uses trust-based security. Since the environment changed or some
other reasons, more new nodes are deployed, which are supposed to join the existing network. We need to keep
the trust-based security of the network after the new nodes joining.
4.1. New Nodes Testing
We propose the following basic algorithm to do the new nodes testing. In what follows,
,ij
denote nodes
(existing nodes or new nodes),
s
denotes a new node,
S
denotes the base station or sink.
1.
S
broadcasts a new_node_join code. This broadcast lets the nodes in the WSN know that new nodes are
joining the network.
2. Each new node
s
calculates a value
s
H
which equals to
1
s
N
times hash of
||
s
sU
UP
and updates
s
N
to
1
s
N
.
1
=(((||))).
s
s
s sU
N
HhhhUP


3.
s
sends
(, )
ss
UH
to its neighbors.
4. When a node
i
received
(, )
ss
UH
, it was recorded to
i
R
.
5.
S
broadcasts
(,)
ss
UC
for all the new nodes
s
, where
s
C
equals to to
s
N
times hash of
||
s
sU
UP
=(((||))).
s
s
s sU
N
ChhhUP


6. When node
i
receives
(,)
ss
UC
,
i
checks if
s
U
is in the record. If it is, then
i
compute
()
s
hH
A. Agrawal, R. Z. Wei
21
where
s
H
is from the
i
R
.
i
then compare the resulting value with
s
C
. If two values are the same, then
i
adds one credit for
s
.
i
updates the record
s
C
to
s
H
for future use.
7. The steps 2, 3 and 6 are repeated for
n
times, where
n
is a predefined integer or broadcasted by
S
.
A malicious node
m
may perform the following attack. After receiving
(, )
ss
UH
,
m
sends out
(,)
s
UH
,
where
H
is some random string. The purpose of
m
is letting the neighbor of
s
think that
s
is not
authenticated at the next round.
To avoid that kind of attack, node
i
does not update the record
i
R
if the values in step 6 are not equal. The
record is updated only if the value
s
H
is accepted.
4.2. Evaluate Neighbors
Now we need some algorithms to let a new node estimate the trust value of its neighbor nodes, especially for the
old nodes. One simple method is to use the above algorithm. We can change the above algorithm so that the old
nodes are not distinguish from new nodes. One disadvantage of that method is that the station needs to broadcast
information for every node. If the existing network is small, then that method is fine. However, if the network is
big, then the station will broadcast big amount of messages. Note that the broadcast normally is done by the
nodes in the network forwarding to the neighbors. So this method will consume a lot of energy of the network.
We outline the following algorithm for a new node to evaluate the neighbors.
1.
s
sends a eva_neighbor_req code to its neighbor nodes.
2.
s
sends a list
s
L
of nodes, for which
s
wants to evaluate the trust.
3. Optionally,
s
can send out a request of multi-hops. In this case,
s
can specify how many hops
s
wants to forward.
4. When a node
i
received
s
L
, it sends
( )
, ,()
ij
i jTt
to
s
for all
s
jL
.
i
also forward
s
L
to the
neighbor nodes, if requested.
5.
s
calculates
()
sj
Tt
after receiving all the feed back as follows: Suppose the smallest value it received is
a
and the largest value is
b
. Then
s
checks to see the majority of the received values are at
[,() / 2]aa b+
or
[() / 2,]ab b
+
. Let
Maj
be these majority values. If the distribution of the values are evenly, then
Maj
contains all the values. Then
()={ ()}.
sji Majij
TtavgTt
The purpose of using majority in step 5 is to ignore possible malicious nodes sending fake evaluations.
The above majority principlecan also be used in general trust evaluation. When some formulas of Section
3.1 are used, we can just use the majority values.
For simplicity, we just divide the value of
[,]
ab
into two parts. Actually, we can divide
[,]ab
into 3 or 4
equal parts and using one of these parts as
Maj
.
4.3. Evaluate Trust for New Nodes
The algorithm in subsection 4.1 gives some authentication information for new nodes, but not the value of trust.
The results may give some positive value to some components in
Com
.
We will divide the components in
Com
into three parts. One part is full positive so the default values are
full. Example for that kind of components is
energy
for new nodes. The second part is average so the default
value is average. Example for this is
unselfishness
. The third part of components consists of the components
related to node authentication which will depend on the results of the algorithm of Section 4.1.
Here the evaluation of trust for new nodes means the initialization of the trust of new nodes. After initia-
lization, the new nodes are joint the network and the normal process of trust computations are performed.
5. Conclusion and Future Work
In this paper, we proposed new algorithms for the purpose of improving scalability of WSNs which depend on
trust-based security. The main calculation of the algorithm is perform a simple hash function. The communi-
cations are short strings. So the algorithms are efficient in both time and space. For new nodes adding, the sink
only needs to perform one network wide broadcast. Therefor the network energy consume of the scalable is also
efficient.
A. Agrawal, R. Z. Wei
22
The proposed algorithms can be one component of the trust management system for WSNs.
In the future, we will further investigate the existing trust management systems and find out how to combine
our component to the system and how to further improving. Some detailed implementations are also to be done
in the future. Simulations can also used for the purpose of evaluation of our proposal.
Our current work is based on simple setting of WSNs. But the method is not difficult to be modified for other
kind architectures, such as hierarchical structures. One possible future work is detailing the modification of the
method for fitting other architectures.
References
[1] Huang,L., Li, L.and Tan,Q. (2006) Behavior-BasedTrust in Wireless Sensor Network.Proceedings of the 2006 interna-
tional conference on Advanced Web and Network Technologies, and Applications, 214-223.
[2] Marti, S., Giuli, T.J., Lai, K. and Baker, M. (2000) Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. Pro-
ceedingsof the 6th Annual International Conference on Mobile Computing and Networking, 255-265.
[3] Ganeriwal, S., Balzano, L.K. and Srivastava, M.B. (2008) Reputation-Based Framework for High Integrity Sensor
Networks.ACM Transactions on Sensor Networks (TOSN), 4, Article No. 15.
http://dx.doi.org/10.1145/1362542.1362546
[4] Aivaloglou, E. and Gritzalis, S. (2010) Hybrid Trust and Reputation Management for Sensor Networks. Wireless Net-
works, 16, 1493-1510. http://dx.doi.org/10.1007/s11276-009-0216-8
[5] Bao, F., Chen, I.-R., Chang, M.J. and Cho, J.-H. (2012) Hierarchical Trust Management for Wireless Sensor Networks
and its Applications to Trust-Based Routing and Intrusion Detection.IEEE Transactions on Network and Service Man-
agement, 9, 169-183. http://dx.doi.org/10.1109/TCOMM.2012.031912.110179
[6] Lopez, J. , Roman, R., Agudo, I. and Fernandez-Gago, C. (2010) Trust Management Systems for Wireless Sensor Net-
works: Best Practices. Computer Communications, 33, 1086-1093. http://dx.doi.org/10.1016/j.comcom.2010.02.006
[7] Chen, X., Makki, K., Yen, K. and Pissinou, N. (2009) Sensor Network Security: A Survey. IEEE Communications
Surveys Tutorials, 11, 52-73. http://dx.doi.org/10.1109/SURV.2009.090205
[8] Cho, J.H., Swa mi, A. and Chen, I.R. (2011) A Survey on Trust Management for Mobile and Ad Hoc Networks.IEEE
Communications Surveys Tutorials, 13, 562-583. http://dx.doi.org/10.1109/SURV.2011.092110.00088
[9] Hu, W., Corke, P., Ship, W. C. and Overs, L. (2009) secFleck: A Public Key Technology Platform for Wireless Sensor
Networks. In: Roedig, U. and Sreenan, C.J., Eds., EWSN 2009, LNCS5432, 296-311.
[10] W. Hu, et al. (2010) Toward Trusted Wireless Sensor Networks.ACM Transactions on Sensor Networks, 7, 1-25.
http://dx.doi.org/10.1145/1806895.1806900
[11] Yissoff, Y.M. and Hashim, H. (2010) Trusted Wireless Sensor Node Platform. Proceedings of the World Congress on
Engineering 2010, London, 774-779.
[12] Velloso, P.B., et al. (2010) Trust Management in Mobile ad Hoc Networks Using a Scalable Maturity-Based Model.
IEEE Transactions on Network and Service Management, 7, 172-185.
http://dx.doi.org/10.1109/TNSM.2010.1009.I9P0339