Dynamic Trust Management for the Internet of Things Applications

Self-IoT 2012

1Sept. 17, 2012, San Jose, CA, USA

Fenye Bao and Ing-Ray Chen

Department of Computer Science, Virginia Tech

Contents

2

� Introduction

� System Model

� Dynamic Trust Management Protocol

� Protocol Description

� Convergence, Accuracy, and Resiliency

� Simulation Validation

� Trust Evaluation

� Trust-Based Service Composition

� Conclusion

Introduction

3

Goals

1. Provide an accurate and resilient trust assessment on trust level of IoT entities.

2. Apply the proposed trust management to IoTapplications in order to maximize the application

performance.

Background

4

� The Internet of Things (IoT) integrates a large amount of

everyday life devices from heterogeneous network

environments, bringing a great challenge into security and

reliability management.

� Smarts objects with heterogeneous characteristics need to

cooperatively work together.

� Most smart objects are human-carried or human-related

devices.

� Devices in IoT very often expose to public areas and

communicate through wireless, hence vulnerable to

malicious attacks.

Introduction

5

� The challenge

� Traditional approaches to protocol and network security, data and privacy management, identity management, trust and governance, and fault tolerance will not accommodate the requirements of IoT due to the scalability and the high variety of identity and relationship types.

� Little work on the trust management for IoT

� Chen, et al. [2011] proposed a trust management model based on fuzzy reputation for IoT.

� Considering a specific IoT with wireless sensors only

� Using QoS trust metrics only like packet forwarding/delivery ratio and energy consumption

Introduction

6

Our Solution

Propose dynamic trust management for a community-based social IoT environment by considering multiple social relationships among

device owners.

Introduction

7

� Contributions

� We define a community-based social IoT environment.

� We propose and analyze a trust management protocol (1)

considering social trust, and (2) using both direct observations

and indirect recommendations to update trust.

� We provide a formal treatment of the convergence, accuracy, and

resiliency properties.

� We validate these desirable properties through simulations and

demonstrate the effectiveness in trust-based service

composition.

System Model

8

� We consider a Social IoT [Atzori

et al. 2011] environment with no

centralized trusted authority.

� Social relationships: ownership,

friendship, community

� Malicious nodes aim to break the basic functionality of the IoT and perform trust related attacks: self-promoting, bad-mouthing, and good-mouthing.

� Uncooperative nodes act for their own interests.

Fig 1. Social Structures of the IoT.

System Model

9

� Social relationships

Communities

Owners Devices

friendship

ownership

community

m … m

1 … m

m

.

.

.

m

Trust Management Protocol

10

� Our trust management protocol for IoT is distributed.

� For scalability, a node may just keep its trust evaluation

towards a limited set of nodes of its interest.

� The trust management protocol is encounter-based as

well as activity-based.

� Two nodes encountering each other or involved in an

interaction activity can directly observe each other and

exchange trust evaluation toward others.

Trust Management Protocol

11

� The trust value ���� � is a real number in the range [0, 1].

� When node i encounters or directly interacts with another node k at time t, node i will update its trust assessment ���

� � as follows:

���� � =

1 − � ���� � − ∆� + ����

�,������� ,

��� == �;

(1 − )���� � − ∆� + ��

�,����� ,

���! = �;

X = honesty, cooperativeness, or community-interest

∆� is the elapsed time since the

last trust update (not fixed).

Trust Management Protocol

12

� Node i updates trust toward node j.

Trust Management Protocol

13

� Direct trust observations

� ���������,�����

� : This refers to the belief of node i that node j is honest based on node i’s direct observations toward node j.� Using a set of imperfect anomaly detection rules: false positives/negatives

� ������ �����������,�����

� : This provides the degree of cooperativeness of node j as evaluated by node i based on direct observations over 0, � .

� Using social friendship to characterize: �������(�)∩�������(�)

�������(�)∪�������(�)

� ��������������������,�����

� : This provides the degree of the common interest or similar capability of node j as evaluated by node i based on direct observations over 0, � .

� Considering community/group relationship: ����� �(�)∩����� �(�)

����� �(�)∪����� �(�)

friendship centrality

community centrality

Trust Management Protocol

14

� Indirect recommendations

� =����

� �

1 + ����

� �

� The contribution of recommended trust increases proportionally as either ���

� � or �increases.

� ���� � is the trust value of node i toward the recommender node k.

� Design parameters

� � ∈ [0, 1], ↑� higher weight of new direct info. vs. past info.

� � ∈ [0,+∞], ↑� higher weight of new recommendation vs. past info.

1. Assign weight 1 to current trust;

2. Assign weight ����� � to the new

recommendation;

3. Normalization.

Trust Management Protocol

15

� Trust convergence

� Lemma 1: The trust evaluation in our dynamic trust management

protocol converges as long as 0 < � ≤ 1 or � > 0.

� As long as we consider direction observations (� > 0) or

recommendations (� > 0 ⇒ � > 0) in each iteration, the effect

of initial trust value will eventually be eliminated.

���� � =

1 − � ���� � − ∆� + ����

�,������� ,

��� == �;

(1 − )���� � − ∆� + ��

�,����� ,

���! = �;

Trust Management Protocol

16

� Trust convergence speed

� Lemma 2: The trust convergence speed of our dynamic trust

management protocol increases as � or � increases (0 < � ≤ 1,

� > 0).

� The higher � or � is, the faster effect of initial trust value

approaches 0.

���� � =

1 − � ���� � − ∆� + ����

�,������� ,

��� == �;

(1 − )���� � − ∆� + ��

�,����� ,

���! = �;

Trust Management Protocol

17

� Trust fluctuation

� Lemma 3: The variance of the trust value after convergence in

our dynamic trust management protocol increases as � or �

increases (0 < � ≤ 1, � > 0).

� However, when � or � is higher, the protocol only takes into

account few recent observations / recommendations. It has the

similar effect with reducing the sample size, thus the variance

and trust fluctuation will be high.

� Lemmas 2 & 3 indicate that there is trade-off between

trust convergence speed and trust fluctuation.

Trust Management Protocol

18

� Trust accuracy and resiliency

� Lemma 4:The mean absolute error (MAE) of the trust evaluation

in our dynamic trust management protocol is less than �

���

���

�����

after trust convergence. The MAE decreases as � increases or �decreases. ( – percentage of malicious nodes, �� /��� – false

negative/positive probability for malicious detection)

� Higher � value means using more self-information.

� Lower � value means using less recommendations.

� Boundary conditions for �

���

���

�����.

The chance of being

attacked by false

recommendation is

lower.

Simulation Results

19

� IoT environment setting

� 50 smart objects, 20 owners, 10 communities

� 5 service providers needed in a request

� The average encountering frequency is about 0.25 per pair per hour.

� Anomaly detection with 5% false positives/negatives

Param Value Param Value Param Value

NT 50 NH 20 NG 10

NM 5 α [0, 1] β [0, 8]

PM [0, 90%] Pfp,Pfn 5% 1/λ 100 hrs

Simulation Results

20

� Effect of � on trust evaluation (static)

0 10 20 30 40 50 60 70 80 90 1000.5

0.6

0.7

0.8

0.9

1

Time (hours)

Trust value

Ground truth α=0.1 α=0.3 α=0.9

fast convergence

high fluctuation

Lemma 1: Trust converges.

Lemma 2: Trust converges faster when � is higher.

Lemma 3: Trust fluctuation is higher when � is higher.

Simulation Results

21

� Effect of � on trust evaluation (dynamic)

0 10 20 30 40 50 60 70 80 90 1000

0.2

0.4

0.6

0.8

1

Time (hours)

Trust value

Ground truth α=0.1 α=0.3 α=0.9

Simulation Results

22

� Effect of on trust evaluation (static)

0 10 20 30 40 50 60 70 80 90 1000.5

0.6

0.7

0.8

0.9

1

Time (hours)

Trust value

Ground truth β=0 β=0.1 β=1

fast convergencehigh fluctuation

Lemma 1: Trust converges.

Lemma 2: Trust converges faster when � is higher.

Lemma 3: Trust fluctuation is higher when � is higher.

Simulation Results

23

� Effect of on trust evaluation (dynamic)

0 10 20 30 40 50 60 70 80 90 1000

0.2

0.4

0.6

0.8

1

Time (hours)

Trust value

Ground truth β=0 β=0.1 β=1

Simulation Results

24

� Resiliency to trust attacks

Ground truth λ=10% λ=30% λ=50% λ=70% λ=90%

0 20 40 60 80 1000

0.5

Time (hours)

Honesty

1. MAE <10% when the percentage of malicious nodes (�) is < 50%.

2. MAE ~= 12% when � = 70% and MAE ~= 40% when � = 90%.

3. Theses validate Lemma 4.

Simulation Results

25

� Service composition

� A node requests services (or information) from NM= 5 service

providers.

� The objective is to select the most trustworthy service

providers such that the utility score representing the goodness

of the service composition is maximized.

� The returning utility score of the service provider is:

� 0, if the selected service provider is malicious;

� min (cooperativeness trust, community-interest trust), otherwise.

Simulation Results

26

� Performance comparison

� Trust-based service composition

� Selecting service providers based on the service requester’s trust

evaluation

� Ideal service composition (upper bound)

� Assuming the service requester knowing the ground truth

� Random service composition (lower bound)

Simulation Results

27

� Performance comparison

Trust−Based Service Composition (α=0.5, β=0.2)

Trust−Based Service Composition (α=0.5, β=0.0)Ideal Service CompositionRandom Service Composition

0 10 20 30 40 50 60 70 80 90 1000

0.2

0.4

0.6

Time (hours)

Utility score

crossover point:t = 12 hours

0 10 20 30 40 50 60 70 80 90 1000

0.2

0.4

0.6

Time (hours)

Utility score

crossover point:t = 26 hours

(a) � =10% (b) � = 50%

1. Trust-based service composition approaches the ideal performance.

2. When the percentage of malicious nodes is higher, the maximum

achievable utility score is lower.

3. Crossover point: faster trust convergence vs. lower accuracy.

4. Crossover point shifts: dynamic trust management by selecting best

parameters in response to IoT environment changing.

Conclusion

28

� We designed and analyzed a scalable and distributed trust

management protocol for IoT.

� The proposed protocol takes social relationships into account

and advocates the use of three trust properties, honesty,

cooperativeness, and community-interest to evaluate trust.

� We provided a formal treatment of the convergence, accuracy,

and resiliency properties.

� We analyzed the effect of trust parameters (� and �) on trust

evaluation and validated the protocol through simulations.

� We demonstrated the effectiveness of our trust management

protocol by a service composition application in IoT

environments.

Thank You!

Q & A

29

Dynamic Trust Managment

30