Performance Analysis of the CONFIDANT Protocol Cooperation of Nodes

1
Performance Analysis of the CONFIDANT
ProtocolCooperation of Nodes Fairness In
Dynamic Ad-hoc NeTworks

• Sonja Buchegger (IBM ZRL-Switzerland),
• Jean-Yves Le Boudec (EPFL-Switzerland)
• _at_MobiHOC 2002
• Presented By Srinath Anantharaju

2
Introduction

• Security in routing is a major concern
• Difficult to setup a path free from malicious
  nodes
• On demand source-routing protocols are commonly
  used in MANET Eg DSR
• There is a need for cooperative network operation
• CONFIDANT an extension to on demand
  source-routing protocol such as DSR

3
Overview of DSR

• Route Discovery Phase
• Initiator broadcasts RREQ
• Each intermediate node appends its ID and
  rebroadcasts (source routing)
• Target sends RREP packet including the list
• Route Maintenance Phase
• Routes can break over time
• ROUTE_ERROR is sent on detecting a link failure
• Routes containing the broken link are purged from
  cache

4
Possible Attacks

• Lack of central authority, security policy,
  credentials, validation and infrastructure offer
  special opportunities to attackers
• Misbehavior could be in the form of
• No forwarding
• Unusual traffic attraction
• Lack of error messages
• High frequency of route updates
• Silent route change
• Route salvaging

5
Related Work

• Anderson Stajano device imprinting
• Zhou Haas threshold security and share
  refreshing for distributed key management
• Smith, Murthy Garcia-Luna-Aceves routing
  security of DV protocols
• Buttyan Hubaux incentives to cooperate
• Marti, Giuli Baker DSR with watchdog
  Pathrater
• Yi, Naldburg Kravets Secure-aware Ad-hoc
  Routing

6
The Story of a Selfish Gene
CONFIDANT is inspired by an ecological example
that explains the survival chances of birds
grooming parasites off each others head, which
they cannot clean themselves

• Dawkins divides birds into
• Helpers/Suckers birds that always help
• Cheats always take favor but do not return
• Grudgers starts out being helpful but bear a
  grudge against
• those that do not return favor (reciprocal
  altruism)

Grudgers win over time while others become
extinct!!
7
CONFIDANT Protocol Approach

• Reciprocal Altruism start with helping everyone
  but then bear a grudge against those who do not
  return favor
• Learn from observed behavior neighborhood watch
• Learn from reported behavior share information
  about malicious behavior
• The aim is to make misbehavior unattractive by
  selective altruism and utilitarianism

8
CONFIDANT Components

• The components of each node in CONFIDANT protocol
  are
• Monitor (for neighborhood watch)
• Reputation System (for node rating)
• Path Manager (path re-ranking, deletion, etc.,)
• Trust Manager (for distributed and adaptive trust
  management)

9
Monitor Component

• Detection of damaging behavior using neighborhood
  watch (locally look for deviating nodes) by
• Listening to the transmission of the next node
• Observing route protocol behavior
• Monitor registers deviations from normal behavior
• Triggers the Reputation system on detecting a bad
  behavior

10
Reputation System

• Manages a table of entries for nodes and their
  ratings
• Ratings are changed only when there is enough
  evidence of malicious behavior
• A rate function which assigns different weights
  to each type of behavior detection is usedwhy?
• Nodes trust their own experiences and
  observations more than those of other nodes!

11
Trust Manager Component

• Generates ALARM messages to warn friends about
  malicious nodes
• Filtering of incoming ALARM messages based on the
  trust level of the reporting node
• PGP style of key validation and certification

• C

• B

• A

Destination Node
Reporting
Node

• complete

• unknown

marginal

• Trust Levels

12
Trust Manager Component (cont..)

• A trust manager maintains
• An ALARM table stores received alarms
• A Trust table managing trust levels for nodes
• A Friends list
• Trust is important when making a decision
• Providing or accepting routing information
• Accepting a node as part of a route
• Taking part in a route originated by some other
  node

13
Path Manager Component

• If the rating of a node falls below a tolerable
  range, the Reputation system triggers the Path
  Manager
• Path Manager performs
• Path re-ranking
• Deletion of paths containing malicious nodes
• Action on receiving request from a malicious node
• Action on receiving request for a route
  containing a malicious node

14

• Trust Architecture FSM

15
Protocol Description

• Each node monitors the behavior of its next hop
  neighbors
• On a suspicious event trigger the Reputation
  system
• If it is a significant event (occurred more than
  a predefined threshold times), the Reputation
  system updates the rating of the node
• If the resulting rating is intolerable, trigger
  the Path manager which deletes all routes
  containing the intolerable node

16
Protocol Description (cont..)

• Trust manager sends out an ALARM message to
  convey the warning information
• ALARM Message TYPE, No. of occurrences
  observed, self-originated message or not, address
  of reporting observed node, destination
  address
• On the reception of an ALARM message, the
  reputation of the source is checked based on the
  no. of occurrences of the same alert and
  accumulated reputation of the source
• Sufficient evidence gt source of the ALARM is
  fully trusted or several partially trusted nodes
  have reported the same
• The table containing ALARMs is updated

17
Performance Analysis

• To test the impact of CONFIDANT routing protocol
  extensions using the regular DSR protocol as a
  reference
• Some metrics are proposed to analyze the behavior
  of a mobile ad-hoc network in the presence of
  malicious nodes
• Throughput, Goodput, Dropped packets
• Overhead
• Utility

18
Performance Analysis (cont..)

• Goodput of a network with n nodes
• (data forwarded to correct destination)

• Overhead of the CONFIDANT extensions
• relative to the regular DSR overhead

• Utility of a node (determines whether
• cooperation pays off for a node)
• br benefit of sending an own packet
• bf benefit of receiving a packet
• cf cost of forwarding a packet

• Total utility for a network of n nodes

19
Simulation Results
20
Simulation Results (cont..)
21
Future Work

• Extension to observable attacks other than
  forwarding defection, e.g., route diversion
• Methods to efficiently distribute reputation
  information to avoid malicious nodes
• CONFIDANT assumes that nodes are authenticated. A
  compromised node can send false ALARM messages
• How to win friends in a mobile ad-hoc network
  dynamically?

22
Conclusions

• This paper recognizes the special requirements of
  MANET in terms of co-operation, robustness and
  fairness
• It analyses the performance of a scheme that
  involves retaliation for malicious behavior and
  warning affiliated nodes to avoid bad experiences
• Observable attacks on forwarding and routing can
  be thwarted using CONFIDANT protocol

23
Further Reading

• Matt Blaze, Joan Feigenbaum, and Jack Lacy.
  Decentralized trust management. In Proceedings of
  IEEE Conference on Security and Privacy, Oakland,
  CA, 1996.
• Sonja Buchegger and Jean-Yves Le Boudec. Nodes
  Bearing Grudges Towards Routing Security,
  Fairness, and Robustness in Mobile Ad Hoc
  Networks, In Proceedings of the Tenth Euromicro
  Workshop on Parallel, Distributed and
  Network-based Processing, pages 403 410, Canary
  Islands, Spain, January 2002. IEEE Computer
  Society.

24
Thank you!