Title: Performance Analysis of the CONFIDANT Protocol Cooperation of Nodes
1Performance Analysis of the CONFIDANT
ProtocolCooperation of Nodes Fairness In
Dynamic Ad-hoc NeTworks
- Sonja Buchegger (IBM ZRL-Switzerland),
- Jean-Yves Le Boudec (EPFL-Switzerland)
- _at_MobiHOC 2002
- Presented By Srinath Anantharaju
2Introduction
- Security in routing is a major concern
- Difficult to setup a path free from malicious
nodes - On demand source-routing protocols are commonly
used in MANET Eg DSR - There is a need for cooperative network operation
- CONFIDANT an extension to on demand
source-routing protocol such as DSR
3Overview of DSR
- Route Discovery Phase
- Initiator broadcasts RREQ
- Each intermediate node appends its ID and
rebroadcasts (source routing) - Target sends RREP packet including the list
- Route Maintenance Phase
- Routes can break over time
- ROUTE_ERROR is sent on detecting a link failure
- Routes containing the broken link are purged from
cache
4Possible Attacks
- Lack of central authority, security policy,
credentials, validation and infrastructure offer
special opportunities to attackers - Misbehavior could be in the form of
- No forwarding
- Unusual traffic attraction
- Lack of error messages
- High frequency of route updates
- Silent route change
- Route salvaging
5Related Work
- Anderson Stajano device imprinting
- Zhou Haas threshold security and share
refreshing for distributed key management - Smith, Murthy Garcia-Luna-Aceves routing
security of DV protocols - Buttyan Hubaux incentives to cooperate
- Marti, Giuli Baker DSR with watchdog
Pathrater - Yi, Naldburg Kravets Secure-aware Ad-hoc
Routing
6The Story of a Selfish Gene
CONFIDANT is inspired by an ecological example
that explains the survival chances of birds
grooming parasites off each others head, which
they cannot clean themselves
- Dawkins divides birds into
- Helpers/Suckers birds that always help
- Cheats always take favor but do not return
- Grudgers starts out being helpful but bear a
grudge against - those that do not return favor (reciprocal
altruism)
Grudgers win over time while others become
extinct!!
7CONFIDANT Protocol Approach
- Reciprocal Altruism start with helping everyone
but then bear a grudge against those who do not
return favor - Learn from observed behavior neighborhood watch
- Learn from reported behavior share information
about malicious behavior - The aim is to make misbehavior unattractive by
selective altruism and utilitarianism
8CONFIDANT Components
- The components of each node in CONFIDANT protocol
are - Monitor (for neighborhood watch)
- Reputation System (for node rating)
- Path Manager (path re-ranking, deletion, etc.,)
- Trust Manager (for distributed and adaptive trust
management)
9Monitor Component
- Detection of damaging behavior using neighborhood
watch (locally look for deviating nodes) by - Listening to the transmission of the next node
- Observing route protocol behavior
- Monitor registers deviations from normal behavior
- Triggers the Reputation system on detecting a bad
behavior
10Reputation System
- Manages a table of entries for nodes and their
ratings - Ratings are changed only when there is enough
evidence of malicious behavior - A rate function which assigns different weights
to each type of behavior detection is usedwhy? - Nodes trust their own experiences and
observations more than those of other nodes!
11Trust Manager Component
- Generates ALARM messages to warn friends about
malicious nodes - Filtering of incoming ALARM messages based on the
trust level of the reporting node - PGP style of key validation and certification
Destination Node
Reporting
Node
marginal
12Trust Manager Component (cont..)
- A trust manager maintains
- An ALARM table stores received alarms
- A Trust table managing trust levels for nodes
- A Friends list
- Trust is important when making a decision
- Providing or accepting routing information
- Accepting a node as part of a route
- Taking part in a route originated by some other
node
13Path Manager Component
- If the rating of a node falls below a tolerable
range, the Reputation system triggers the Path
Manager - Path Manager performs
- Path re-ranking
- Deletion of paths containing malicious nodes
- Action on receiving request from a malicious node
- Action on receiving request for a route
containing a malicious node
14 15Protocol Description
- Each node monitors the behavior of its next hop
neighbors - On a suspicious event trigger the Reputation
system - If it is a significant event (occurred more than
a predefined threshold times), the Reputation
system updates the rating of the node - If the resulting rating is intolerable, trigger
the Path manager which deletes all routes
containing the intolerable node
16Protocol Description (cont..)
- Trust manager sends out an ALARM message to
convey the warning information - ALARM Message TYPE, No. of occurrences
observed, self-originated message or not, address
of reporting observed node, destination
address - On the reception of an ALARM message, the
reputation of the source is checked based on the
no. of occurrences of the same alert and
accumulated reputation of the source - Sufficient evidence gt source of the ALARM is
fully trusted or several partially trusted nodes
have reported the same - The table containing ALARMs is updated
17Performance Analysis
- To test the impact of CONFIDANT routing protocol
extensions using the regular DSR protocol as a
reference - Some metrics are proposed to analyze the behavior
of a mobile ad-hoc network in the presence of
malicious nodes - Throughput, Goodput, Dropped packets
- Overhead
- Utility
18Performance Analysis (cont..)
- Goodput of a network with n nodes
- (data forwarded to correct destination)
- Overhead of the CONFIDANT extensions
- relative to the regular DSR overhead
- Utility of a node (determines whether
- cooperation pays off for a node)
- br benefit of sending an own packet
- bf benefit of receiving a packet
- cf cost of forwarding a packet
- Total utility for a network of n nodes
19Simulation Results
20Simulation Results (cont..)
21Future Work
- Extension to observable attacks other than
forwarding defection, e.g., route diversion - Methods to efficiently distribute reputation
information to avoid malicious nodes - CONFIDANT assumes that nodes are authenticated. A
compromised node can send false ALARM messages - How to win friends in a mobile ad-hoc network
dynamically?
22Conclusions
- This paper recognizes the special requirements of
MANET in terms of co-operation, robustness and
fairness - It analyses the performance of a scheme that
involves retaliation for malicious behavior and
warning affiliated nodes to avoid bad experiences - Observable attacks on forwarding and routing can
be thwarted using CONFIDANT protocol
23Further Reading
- Matt Blaze, Joan Feigenbaum, and Jack Lacy.
Decentralized trust management. In Proceedings of
IEEE Conference on Security and Privacy, Oakland,
CA, 1996. - Sonja Buchegger and Jean-Yves Le Boudec. Nodes
Bearing Grudges Towards Routing Security,
Fairness, and Robustness in Mobile Ad Hoc
Networks, In Proceedings of the Tenth Euromicro
Workshop on Parallel, Distributed and
Network-based Processing, pages 403 410, Canary
Islands, Spain, January 2002. IEEE Computer
Society.
24Thank you!