Dynamic Trust Management for the Internet of Things Applications Fenye Bao and Ing-Ray Chen Department of Computer Science, Virginia Tech Self-IoT 2012 1 Sept. 17, 2012, San Jose, CA, USA
Contents Introduction System Model Dynamic Trust Management Protocol Protocol Description Convergence, Accuracy, and Resiliency Simulation Validation Trust Evaluation Trust-Based Service Composition Conclusion 2
Introduction Goals 1. Provide an accurate and resilient trust assessment on trust level of IoT entities. 2. Apply the proposed trust management to IoT applications in order to maximize the application performance. 3
Background The Internet of Things (IoT) integrates a large amount of everyday life devices from heterogeneous network environments, bringing a great challenge into security and reliability management. Smarts objects with heterogeneous characteristics need to cooperatively work together. Most smart objects are human-carried or human-related devices. Devices in IoT very often expose to public areas and communicate through wireless, hence vulnerable to malicious attacks. 4
Introduction The challenge Traditional approaches to protocol and network security, data and privacy management, identity management, trust and governance, and fault tolerance will not accommodate the requirements of IoT due to the scalability and the high variety of identity and relationship types. Little work on the trust management for IoT Chen, et al. [2011] proposed a trust management model based on fuzzy reputation for IoT. Considering a specific IoT with wireless sensors only Using QoS trust metrics only like packet forwarding/delivery ratio and energy consumption 5
Introduction Our Solution Propose dynamic trust management for a community-based social IoT environment by considering multiple social relationships among device owners. 6
Introduction Contributions We define a community-based social IoT environment. We propose and analyze a trust management protocol (1) considering social trust, and (2) using both direct observations and indirect recommendations to update trust. We provide a formal treatment of the convergence, accuracy, and resiliency properties. We validate these desirable properties through simulations and demonstrate the effectiveness in trust-based service composition. 7
System Model We consider a Social IoT [Atzori et al. 2011] environment with no centralized trusted authority. Social relationships: ownership, friendship, community Fig 1. Social Structures of the IoT. Malicious nodes aim to break the basic functionality of the IoT and perform trust related attacks: selfpromoting, bad-mouthing, and good-mouthing. Uncooperative nodes act for their own interests. 8
System Model Social relationships Owners m m 1 m ownership Devices m friendship... m community Communities 9
Trust Management Protocol Our trust management protocol for IoT is distributed. For scalability, a node may just keep its trust evaluation towards a limited set of nodes of its interest. The trust management protocol is encounter-based as well as activity-based. Two nodes encountering each other or involved in an interaction activity can directly observe each other and exchange trust evaluation toward others. 10
Trust Management Protocol The trust value is a real number in the range [0, 1]. When node i encounters or directly interacts with another node k at time t, node i will update its trust assessment as follows: is the elapsed time since the last trust update (not fixed). = 1 +,, == ; (1 ) +,,! = ; X = honesty, cooperativeness, or community-interest 11
Trust Management Protocol Node i updates trust toward node j. 12
Trust Management Protocol Direct trust observations 13, : This refers to the belief of node i that node j is honest based on node i s direct observations toward node j. Using a set of imperfect anomaly detection rules: false positives/negatives, : This provides the degree of cooperativeness of node j as evaluated by node i based on direct observations over 0,. Using social friendship to characterize: ( ) ( ) ( ) ( ) friendship centrality, : This provides the degree of the common interest or similar capability of node j as evaluated by node i based on direct observations over 0,. Considering community/group relationship: ( ) ( ) ( ) ( ) community centrality
Trust Management Protocol Indirect recommendations = 1 + 1. Assign weight 1 to current trust; 2. Assign weight to the new recommendation; 3. Normalization. The contribution of recommended trust increases proportionally as either or increases. is the trust value of node i toward the recommender node k. Design parameters [0, 1], higher weight of new direct info. vs. past info. [0, + ], higher weight of new recommendation vs. past info. 14
Trust Management Protocol Trust convergence Lemma 1: The trust evaluation in our dynamic trust management protocol converges as long as 0 < 1 or > 0. As long as we consider direction observations ( > 0) or recommendations ( > 0 > 0) in each iteration, the effect of initial trust value will eventually be eliminated. = 1 +,, == ; (1 ) +,,! = ; 15
Trust Management Protocol Trust convergence speed Lemma 2: The trust convergence speed of our dynamic trust management protocol increases as or increases (0 < 1, > 0). The higher or is, the faster effect of initial trust value approaches 0. = 1 +,, == ; (1 ) +,,! = ; 16
Trust Management Protocol Trust fluctuation Lemma 3: The variance of the trust value after convergence in our dynamic trust management protocol increases as or increases (0 < 1, > 0). However, when or is higher, the protocol only takes into account few recent observations / recommendations. It has the similar effect with reducing the sample size, thus the variance and trust fluctuation will be high. Lemmas 2 & 3 indicate that there is trade-off between trust convergence speed and trust fluctuation. 17
Trust Management Protocol Trust accuracy and resiliency Lemma 4: The mean absolute error (MAE) of the trust evaluation in our dynamic trust management protocol is less than after trust convergence. The MAE decreases as increases or decreases. ( percentage of malicious nodes, / false negative/positive probability for malicious detection) Higher value means using more self-information. Lower value means using less recommendations. Boundary conditions for. The chance of being attacked by false recommendation is lower. 18
Simulation Results IoT environment setting Param Value Param Value Param Value N T 50 N H 20 N G 10 N M 5 α [0, 1] β [0, 8] P M [0, 90%] P fp,p fn 5% 1/λ 100 hrs 50 smart objects, 20 owners, 10 communities 5 service providers needed in a request The average encountering frequency is about 0.25 per pair per hour. Anomaly detection with 5% false positives/negatives 19
Simulation Results Effect of on trust evaluation (static) 1 Ground truth α=0.1 α=0.3 α=0.9 Trust value 0.9 0.8 0.7 high fluctuation 0.6 fast convergence 0.5 0 10 20 30 40 50 60 70 80 90 100 Time (hours) Lemma 1: Trust converges. Lemma 2: Trust converges faster when is higher. Lemma 3: Trust fluctuation is higher when is higher. 20
Simulation Results Effect of on trust evaluation (dynamic) 1 Ground truth α=0.1 α=0.3 α=0.9 Trust value 0.8 0.6 0.4 0.2 0 0 10 20 30 40 50 60 70 80 90 100 Time (hours) 21
Simulation Results Effect of on trust evaluation (static) Trust value 1 0.9 0.8 0.7 0.6 Ground truth β=0 β=0.1 β=1 fast convergence high fluctuation 0.5 0 10 20 30 40 50 60 70 80 90 100 Time (hours) Lemma 1: Trust converges. Lemma 2: Trust converges faster when is higher. Lemma 3: Trust fluctuation is higher when is higher. 22
Simulation Results Effect of on trust evaluation (dynamic) 1 Ground truth β=0 β=0.1 β=1 Trust value 0.8 0.6 0.4 0.2 0 0 10 20 30 40 50 60 70 80 90 100 Time (hours) 23
Simulation Results Resiliency to trust attacks Ground truth λ=10% λ=30% λ=50% λ=70% λ=90% 0.5 Honesty 0 0 20 40 60 80 100 Time (hours) 24 1. MAE <10% when the percentage of malicious nodes ( ) is < 50%. 2. MAE ~= 12% when = 70% and MAE ~= 40% when = 90%. 3. Theses validate Lemma 4.
Simulation Results Service composition A node requests services (or information) from N M = 5 service providers. The objective is to select the most trustworthy service providers such that the utility score representing the goodness of the service composition is maximized. The returning utility score of the service provider is: 0, if the selected service provider is malicious; min (cooperativeness trust, community-interest trust), otherwise. 25
Simulation Results Performance comparison Trust-based service composition Selecting service providers based on the service requester s trust evaluation Ideal service composition (upper bound) Assuming the service requester knowing the ground truth Random service composition (lower bound) 26
Utility score Simulation Results Performance comparison 0.6 0.4 0.2 27 crossover point: t = 12 hours Trust Based Service Composition (α=0.5, β=0.2) Trust Based Service Composition (α=0.5, β=0.0) Ideal Service Composition Random Service Composition 0 0 10 20 30 40 50 60 70 80 90 100 Time (hours) Utility score 0.6 0.4 0.2 crossover point: t = 26 hours 0 0 10 20 30 40 50 60 70 80 90 100 Time (hours) (a) =10% (b) = 50% 1. Trust-based service composition approaches the ideal performance. 2. When the percentage of malicious nodes is higher, the maximum achievable utility score is lower. 3. Crossover point: faster trust convergence vs. lower accuracy. 4. Crossover point shifts: dynamic trust management by selecting best parameters in response to IoT environment changing.
Conclusion We designed and analyzed a scalable and distributed trust management protocol for IoT. The proposed protocol takes social relationships into account and advocates the use of three trust properties, honesty, cooperativeness, and community-interest to evaluate trust. We provided a formal treatment of the convergence, accuracy, and resiliency properties. We analyzed the effect of trust parameters ( and ) on trust evaluation and validated the protocol through simulations. We demonstrated the effectiveness of our trust management protocol by a service composition application in IoT environments. 28
Thank You! Q & A 29
Dynamic Trust Managment 30