Trust based routing mechanism for securing OSLR-based MANET

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 Ad Hoc Networks xxx (2015) xxx–xxx 1

Contents lists available at ScienceDirect

Ad Hoc Networks journal homepage: www.elsevier.com/locate/adhoc 5 6

4

Trust based routing mechanism for securing OSLR-based MANET

7

Shuaishuai Tan a, Xiaoping Li a, Qingkuan Dong b,⇑

3

8 9

10 1 2 2 3 13 14 15 16 17 18 19 20 21 22

a b

School of Aerospace Science and Technology, Xidian University, Xi’an 710126, China State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710071, China

a r t i c l e

i n f o

Article history: Received 2 August 2014 Received in revised form 8 December 2014 Accepted 7 March 2015 Available online xxxx Keywords: Ad hoc networks Trust model Trust based routing algorithm

a b s t r a c t A mobile ad hoc network (MANET) is a kind of infrastructure-less wireless network that is self-organized by mobile nodes communicating with each other freely and dynamically. MANET can be applied to many fields, such as emergency communications after disaster, intelligent transportation, and Internet of things. With the rapid development of wireless network applications, MANET will become dense and large because more and more mobile devices are required to be interconnected. The optimized link state routing (OLSR) protocol is an efficient proactive routing protocol which is very suitable for such dense and large-scale MANET. However, in both data plane and routing plane, OLSR-based MANET suffers from many serious security threats which are difficult to resist via traditional security mechanisms. In this paper, we propose a trust based routing mechanism to alleviate this issue. In this mechanism, a trust reasoning model based on fuzzy Petri net is presented to evaluate trust values of mobile nodes. In addition, to avoid malicious or compromised nodes, a trust based routing algorithm is proposed to select a path with the maximum path trust value among all possible paths. Then we extend OLSR by using the proposed trust model and trust based routing algorithm, called FPNT-OLSR. For the implementation of FPNT-OLSR, we design a trust factor collecting method and an efficient trust information propagating method, which do not generate extra control messages. Simulation results show that FPNT-OLSR is very effective in establishing secure routes. It also performs better than existing trust based OLSR protocols in terms of packet delivery ratio, average latency and overhead. Ó 2015 Elsevier B.V. All rights reserved.

24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

47 48

1. Introduction

49

A mobile ad hoc network (MANET) is a kind of wireless network that is self-organized by mobile nodes communicating with each other freely and dynamically, without a fixed network infrastructure. With the rapid development

50 51 52

⇑ Corresponding author at: Mailbox 119, 2 South Taibai Road, Xidian University, Xi’an 710071, Shaanxi Province, China. Tel.: +86 153 3902 1227. E-mail addresses: [email protected] (S. Tan), [email protected] (X. Li), [email protected] (Q. Dong).

of intelligent transportation, wearable technology, Internet of things (IoT) and ubiquitous computing, MANET becomes increasingly popular. According to Canalys’s forecast, worldwide mobile device shipments (notebook PCs, tablet PCs, smart phones, etc.) will reach 2.6 billion units by 2016, which implies a large-scale and dense tendency of mobile networks. OLSR protocol is a standardized optimized link state routing protocol for MANET [1]. The protocol provides an efficient multipoint relays (MPR) selecting mechanism to achieve flooding reduction. Compared with reactive routing protocols, OLSR keeps more stable links and offers promising

http://dx.doi.org/10.1016/j.adhoc.2015.03.004 1570-8705/Ó 2015 Elsevier B.V. All rights reserved.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

53 54 55 56 57 58 59 60 61 62 63 64

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 2 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

performance in bandwidth and traffic overhead [2]. Furthermore, it is particularly suitable for large and dense mobile networks [1]. In 2014, IETF released a new version, OLSRv2 [3], which is the first updated ad hoc routing protocol compared with the other three standardized protocols, AODV, TBRPF, and DSR. All the situations indicate that OLSR has great potential in future mobile ad hoc networks. Due to the openness of wireless links, frequent mobility of nodes and high dynamic of topology, nodes in MANET are more vulnerable to attacks in both data plane and routing plane.  Attacks in data plane: certain attacks preventing data traffic from being delivered to destinations at a given timescale, such as blackhole attack, jellyfish attack [4], and DoS attack [5].  Attacks in routing plane: certain attacks disturbing a node to establish correct routing table, such as node isolation attack [6], routing message dropping attack, and control message flooding attack [7,8].

85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

Cryptography based security mechanisms [9–12] are introduced into MANET to authenticate identities of network entities, and assure the confidentiality and integrity of messages. It seems that the security problems are solved because a malicious entity without a legitimate identity is prevented from participating in the network and launching attacks any more. However, legitimate entities could change to be ‘‘malicious’’ for the following reasons: an entity such as a computer system can be penetrated and controlled; an entity like a device can be physically captured and manipulated; the secret keys of a cryptography system may be attacked; and the one who has secret keys dom be exploited via social engineering skills. All these techniques will disable the authentication mechanism based on cryptography, and thus attackers are able to participate in the network again. In other words, networks still suffer from various threats even under the protection of identity based security frameworks. As is well known, an attack method must have its specific behavior mode, which can be used to recognize it. On this basis, trust based security mechanisms are proposed to collect trust factors, evaluate target via a trust model, and employ countermeasures to eliminate or avoid threats. Trust factor is the information that can reflect behaviors and purposes of an entity. For its advantages in efficiency and dynamic, trust mechanism has been introduced into MANET. Although it has become a popular research area, the existing trust based solutions for securing OLSR based MANET mainly concentrate on dealing with one or several kind of attacks, such as DoS [2], collusion [8], and packet dropping [5]. Some other solutions merely seek to ensure security of either data plane [13] or routing plane [14– 16]. Moreover, these solutions often generate excessive overhead in resource-constrained MANET in terms of extra detection messages and trust information propagation messages. In order to defend against attacks in both data plane and routing plane in OLSR-based MANET, we propose a novel trust based routing mechanism. In this mechanism,

a trust reasoning model based on fuzzy Petri net is presented to evaluate the trust value of a mobile node, and a trust based routing algorithm is proposed to avoid malicious or compromised nodes as much as possible. Note that the compromised nodes should also be avoided as they cannot provide normal services any more. Furthermore, we extend the OLSR protocol by integrating the proposed trust model and trust based routing algorithm, called the FPNT-OLSR protocol. Our main contributions are summarized as follows:

125

 A novel trust reasoning model based on fuzzy Petri net is proposed. This model evaluates trustworthiness of a node according to its behaviors in both data plane and routing plane. Compared with other trust reasoning models, our model makes the reasoning result as objective as possible by refining and layering fuzzy rules, and considers the incompleteness of the evidences.  A trust recommendation aggregating method which is able to detect and filter slandering recommendations for calculating a correct trust value is presented.  A trust based routing algorithm is proposed. The algorithm is capable of selecting a path with the maximum path trust value among all the possible paths between any pair of nodes. Furthermore, we prove the correctness of this algorithm.  Using the proposed trust model and trust based routing algorithm, we extend the OLSR protocol, called FPNTOLSR protocol. For the implementation of FPNT-OLSR, we design a feasible trust factor collecting method and an efficient trust information propagating method. The two methods do not introduce extra control messages. Simulations are also conducted to verify the effectiveness and efficiency of FPNT-OLSR.

135

126 127 128 129 130 131 132 133 134

136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158

The rest of this paper is organized as follows: Section 2 reviews the related work. Section 3 describes the fuzzy Petri net based trust reasoning model. Section 4 presents the trust based routing algorithm and its proof. Section 5 illustrates the FPNT-OLSR protocol. Simulation results are given in Section 6. Finally, Section 7 concludes the paper.

159

2. Related work

165

In this section, the OLSR protocol is briefly introduced first, followed by an outline of existing works on trust model and trust based routing algorithm for MANET, especially the OLSR based MANET.

166

2.1. Introduction of OLSR protocol

170

The OLSR protocol [1] was proposed by the Internet Engineering Task Force (IETF) MANET Working Group in 2003. The new version, OLSRv2 [3], was published in 2014. Main operations of OLSR include neighborhood discovery, Multipoint Relay (MPR) selection, topology discovery and route calculation, etc. In OLSR-based MANET, nodes periodically broadcast HELLO messages to discover 1-hop and 2-hop neighborhoods. According to the 1-hop and 2-hop neighborhoods, a node selects its MPRs which

171

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

160 161 162 163 164

167 168 169

172 173 174 175 176 177 178 179

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

196

are neighbor nodes that will forward broadcasting messages of its selectors during the flooding process. In OLSRv1, the MPR set of a node is its 1-hop neighbor set’s minimal subset in which element nodes are able to reach all of its 2-hop neighbors. Similarly in OLSRv2, MPR set is also a subset of the 1-hop neighbors, but with the minimum link metrics. To advertise the links with its selectors, an MPR generates Topology Control (TC) messages that contain certain link information. These TC messages will be flooded to the entire network. As a result, a node will know the information of the entire network topology after receiving certain TC messages of MPRs within the network. Then, it calculates routes to any other nodes in the network. In OLSRv1, routes are selected according to the minimum hop counts, while in OLSRv2, according to the minimum link metrics.

197

2.2. Trust models for MANET

198

Trust is the degree of belief about the future behaviors of other entities. It is based on the past experience and the observation of actions [17].Trust model is the method to specify, evaluate, set up, and ensure trust relationships among entities [18]. Only entities behaving normally and properly are evaluated as trustworthy. Of course one is always willing to interact with trustworthy entities. We use the notion trust value as a measurement for quantifying the degree of trustworthiness. Various trust models for securing MANET have been presented, such as specification analysis and reasoning based model, detection messages based model, reputation model, and performance anomaly detection based model. Usually, a malicious node will disobey protocol rules, which provides a possibility to detect it via analyzing its behavior modes. That is what the specification analysis and reasoning based model does. Trust reasoning model in [14,15,19] monitors and compares the behavior modes of nodes with specification of OLSR. Based on the ‘‘Z’’ language, Verma and Gujral [20] proposed a formal specification of the Trusted Neighbor Information Base for OLSR. In [6], an MPR is suspected of launching an isolation attack if it does not send any TC messages for a long period. Because this behavior violates the OLSR specification that MPR should broadcast TC messages within a certain refreshing period. The detection message based trust model detects attacks by sending and receiving specific messages. The method proposed in [2] is capable of finding whether a node is malicious by using the new defined Node Exist Query (NEQ) and 2-hop detecting messages to verify the neighbor interface address fields of HELLO messages. Regarding the CAPOLSR protocol [8], a node sends the new defined Trust Request (TREQ) message to advertise its suspected MPRs. After receiving TREQ, its 1-hop and 2-hop neighbor nodes will cooperatively evaluate the trustworthiness of the suspected MPRs. Then the evaluation results are responded via the Trust Reply (TREP) message. Abdalla et al. [21] proposed a trust mechanism for detecting and locating malicious nodes in OLSR based MANET. In this mechanism,

180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195

199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237

3

the new defined PVM and PVMB messages are adopted to check whether there exist malicious nodes in a data forwarding path. If a malicious node is found, AFM and AFMB messages will be signaled to detect its address. Then the address of the malicious node is advertised by an AIM message such that it will be isolated from the entire network. Another popular model is called reputation model, where entities are inspired to behave positively and properly. In the RBC-OLSR protocol [13], nodes have to provide forwarding services for others to acquire a high reputation value that is used to pay for services provided by others. Consequently, selfish or lying nodes will be isolated for their low reputation values. Proto et al. [5] presented a hidden active probe method to measure a node’s forwarding rate which determines the reputation value. The authors of [22] expressed a distinct point of view that selfishness is regarded as necessary to prolong the lifetime of MANET operations. Boukerch et al. [17] proposed an agent-based trust and reputation management scheme to manage the trust and the reputation with minimal overhead in terms of extra messages and time delay. The trust model based on performance anomaly detection detects malicious entities according to performance parameters reflecting behaviors, such as forwarding rate and average delay. In trust management system, these parameters are called trust factors. A D-S evidence theory based trust model proposed in [23] considers multiple trust factors, including mobility, encounter time, and successful cooperation frequency. Trust factors used in [24] consist of packet-drop ratio, forwarding ratio, remaining ratio of battery, local memory, CPU cycle, and bandwidth. A similar model is also used in [25]. To evaluate nodes’ behaviors, Li et al. [26] built a simple but feasible trust model in which only one factor is considered, that is the packet-forwarding ratio. Despite the advantages, existing trust models still has various shortcomings. Models based on specification analysis and reasoning is merely effective in assuring the security of routing plane rather than data plane. Detection message based models are only suitable for some special attacks, such as the blackhole, and node isolation. Moreover, overhead is often increased because extra messages are introduced. The reputation model performs well in dealing with selfish behaviors, yet it has to be assisted by other security primitives to fulfill comprehensive security requirements. Selection of trust factors should concern necessity, comprehensiveness, and feasibility. However, most of current works only consider the necessity and the comprehensiveness [24,25]. One node’s parameters such as CPU cycle, remaining energy, and mobility, are very difficult to be obtained by other nodes. In this paper, we propose a trust reasoning model which evaluates the trustworthiness of a node according to its performance parameters in both data plane and routing plane. Compared with other trust reasoning models, our model concerns the incompleteness of evidences, refines and layers fuzzy rules for making the reasoning result as objective as possible. Moreover, a feasible trust factor collecting method is designed.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 4

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

298

2.3. Trust based routing algorithms for MANET

299

345

In existing trust based routing mechanisms for MANET, two countermeasures are usually adopted to deal with malicious or compromised nodes, one is isolating them via blacklist, the other is avoiding them when selecting paths. Nodes recorded in a blacklist will be isolated by deleting it from all protocol repositories and ignoring its messages. Generally, a malicious node can be isolated either locally or globally. In [8,23], a malicious node is only isolated by its neighbors, while in [14,16,20,21], isolated by all nodes in the network. Although the approach of blacklist can isolate malicious nodes completely, it also introduces a new problem. Since routing protocol is responsible for establishing a route between any pair of nodes no matter whether the source or destination is malicious, it should be the upper layer rather than routing layer to decide whether to interact with malicious nodes. On this basis, we claim that it is unreasonable to isolate a node completely through blacklist in the routing protocol. Another countermeasure to avoid malicious nodes when selecting paths depends on path trust values. In [23,24,26], trust value of a path is computed as continued product of trust values of nodes within. While [5] suggests that it is equal to the minimum of node trust values. Current trust-aware reactive routing protocols often utilize routing messages to carry path trust values. Regarding TDS-AODV [23], an intermediate node updates the contained path trust value field when receiving a RREP message. By aggregating information of multiple RREP messages, the source node that is searching routes will select a path with the maximum trust value. For Trust-based Source Routing protocol (TSR) [24], every intermediate node appends its own trust value to the route request message (FLOW-REQ). Based on that, the destination node can calculate path trust values and select a path with the maximum trust value. In [26], the trust value is also recorded in RREP and RREQ messages, and the shortest path is selected from the candidates meeting security requirements. Limitations of aforementioned approaches lie in the fact that the candidate set in which paths are selected does not include all possible paths. In this paper, we present a trust based routing algorithm that is able to select a path with the maximum path trust value among all possible paths. Moreover, a trust information propagating method that does not increase extra control messages is devised.

346

3. Fuzzy Petri net based trust reasoning model

347

Trust in social science is a process of human cognition for subjectively evaluating the characteristics and behaviors of others. For instance, if one aims to judge whether a candidate is dependable enough to fulfill a given task, he would consider empirical rules like ‘‘if the candidate has high intelligence quotient and works hard, then the candidate is able to complete the task’’. However, it is difficult to absolutely assert the accurate dependability of the

300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344

348 349 350 351 352 353 354

candidate. That is to say, fuzziness and uncertainty lie in the process of trust evaluation. Similarly, for ensuring security of networks, it is expected to enable nodes to evaluate trustworthiness of others. To meet the aforementioned requirements of trust evaluation, fuzzy rules are introduced. A typical fuzzy rule has the form of ‘‘IF x IS propertyx THEN y IS propertyy ’’, where both ‘‘x IS propertyx ’’ and ‘‘y IS propertyy ’’ are fuzzy propositions. Credibility of a fuzzy proposition is called the truth degree, which is a real number in the interval [0, 1]. Fuzzy Petri net is a combination of classical Petri net and fuzzy logic. Since it supports structural organization of information, provides visualization of rule-based reasoning, and facilitates design of efficient reasoning algorithm, fuzzy Petri net has been widely recognized as a promising modeling mechanism for formulating fuzzy rule-based reasoning [27,28]. Based on fuzzy Petri net, in this section, we propose a trust reasoning model. Compared with the foregoing trust reasoning models such as [14,15], our trust model takes more consideration for obtaining a reasoning result as objective as possible. In the proposed model, fuzzy rules are refined and layered, and incompleteness of evidences is concerned by evaluating trustworthiness and untrustworthiness respectively. Furthermore, matrix operations are adopted to accelerate and facilitate trust reasoning processes for computers. In the following, definitions of trust factors are given firstly, and then a fuzzy Petri net based trust evaluation algorithm is presented. Finally, a trust recommendation aggregating algorithm which is able to filter slandering recommendations is provided.

355

3.1. Definitions of trust factors

388

In trust management system, trust factor is certain information that can reflect entities’ behaviors and expose their purposes. Since our trust mechanism is designed for protecting the network layer where OLSR is present, trust factors should be collected in this layer. After analyzing the patterns and consequences of many attacks in the network layer, we find four trust factors. Three of them reflect the behaviors in data plane, and one in routing plane. The method to collect trust factors are described in Section 5.1.

389

Definition 1 (Load). Bytes of received traffic of a node at a time slot. Its unit is the bps (bits/s). An example is that DoS attack would cause high level of load. Load tolerance of nodes varies greatly for the different process capabilities, and thus it should be normalized, which is described in section 5.1.

398

Definition 2 (Packet forwarding rate ). Proportion of number of successfully forwarded packets to number of all packets that should be forwarded at a given timescale. Nodes dropping packets, such as blackhole attacker, will have a very low packet forwarding rate.

404

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387

390 391 392 393 394 395 396 397

399 400 401 402 403

405 406 407 408

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 5

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx 409 410 411 412 413 414

415 416 417 418 419 420 421

Definition 3 (Average forwarding delay). The average time taken from receiving to forwarding messages that should be retransmitted. Its unit is the second(s). Similar with load, the average forwarding delay needs to be normalized as well. Nodes conducting message delay and suppression attack will have a very high average forwarding delay. Definition 4 (Protocol deviation flag). A logical value indicating whether a node obeys protocol regulations. Any routing related abnormal behaviors will lead to the value of 1, otherwise 0. Determination of this flag is based on the security mechanism in [14], which allows a node to analyze and recognize routing related misbehaviors of others. More details are discussed in Section 5.1.

422

3.2. Trust evaluation algorithm

423

A fuzzy Petri net consists of transitions, places, tokens in the places, and arcs from places to transitions or from transitions to places. A fuzzy Petri net can be denoted by

424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453

454 456

a 6-tuple ðP; R; W; U; TH; S 0 Þ, where. P ¼ fp1 ; p2 ; . . . ; pn g denotes a finite nonempty set of places; R ¼ fr1 ; r2 ; . . . ; r m g denotes a finite nonempty set of transitions. Let A1 ¼ P  R denote the set of arcs from places to transitions, and A2 ¼ R  P denotes the set of arcs from transitions to places. W ¼ ðxij Þnm : A1 ! ½0; 1 is the input incidence matrix recording weights of directed arcs from places to transitions, i.e. from pi to r j , and if there is no arc from pi to rj ; xij ¼ 0; U ¼ ðuij Þnm : A2 ! ½0; 1 is the output incidence matrix recording weights of arcs from transitions to places, i.e. from rj to pi , and if there is no arc from r j to pi ; uij ¼ 0; TH ¼ ðs1 ; s2 ; . . . ; sm Þ is the threshold vector of transitions, for sj 2 ½0; 1; j ¼ 1; 2; . . . ; m; ð0Þ

ð0Þ ðs1 ;

ð0Þ s2 ;

ð0Þ T sn Þ

S ¼ ...; is the vector indicating initial tokens in places. For reasoning trustworthiness, we take place as proposition, transition as causal relationship of propositions, and number of tokens as truth degree of proposition. Different from classic fuzzy Petri net, the number of tokens in this paper is a continuous value between 0 and 1. Based on [29,30], two types of weighted fuzzy reasoning rules are defined as follows: Type 1: composite weighted fuzzy conjunctive reasoning rule, as is shown in Fig. 1a.

IF p1 AND p2 AND ; . . . ; AND pn THEN q

457

458 460 461 462 463 464 465 466

ðx1 ; x2 ; . . . ; xn ; s;

lÞ

where pi is the input place denoting an evidence proposition,q is the output place denoting the conclusion proposition. xi is the weight of the arc from pi to transition r, for xi 2 ½0; 1; x1 þ x2 þ    þ xn ¼ 1; i ¼ 1; 2; . . . ; n. s denotes the triggering threshold of r; s 2 ½0; 1. l is the weight of the arc from r to q; l 2 ½0; 1.

(a) type 1 of rule

(b) type 2 of rule

Fig. 1. Weighted fuzzy reasoning rules.

To apply fuzzy Petri net to trust evaluation, let s1 ; s2 ; . . . ; sn denote the truth degrees of evidence propositions, i.e., the numbers of tokens in p1 ; p2 ; . . . ; pn . Then the truth degree of the conclusion proposition, i.e. number of tokens in q can be computed as sq ¼ l  ðs1  x1 þ s2  x2 þ    þ sn  xn Þ if ðs1  x1 þ s2  x2 þ    þ sn  xn Þ P s, otherwise, sq ¼ 0. It can be explained that the transition r can only be triggered when equivalent input of r is greater than the threshold. In other words, all evidence propositions must be credible enough to reason the associated conclusion. In our trust model, number of tokens in a place can only be updated by triggered transitions. That is to say, only the conclusion proposition’s truth degree can be updated, contrarily the condition proposition’s cannot be updated. Type 2: composite weighted fuzzy conjunctive rule in competitive mode with multiple transitions to one place, as is shown in Fig. 1b.

IF p1 OR p2 OR ; . . . ; OR pn THEN q ðx1 ; x2 ; . . . ; xn ;

s1 ; s2 ; . . . ; sn ; l1 ; l2 ; . . . ; ln Þ

467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484

485 487 488 490

where pi is the same as in type 1, for i ¼ 1; 2; . . . ; n. xi is the weight of arc from pi to r i ; xi 2 ½0; 1; x1 þ x2 þ . . . þ xn ¼ 1. si denotes the triggering threshold of transition ri ; si 2 ½0; 1. li is the weight of arc from ri to q; li 2 ½0; 1. s1 ; s2 ; . . . ; sn and sq are defined as same as in type 1. Then sq ¼ maxfsk1  xk1  lk1 ; sk2  xk2  lk2 ; . . . ;

491

skl  xkl  lkl g, where skj  xkj P skj , for 1 6 kj 6 n; 1 6 j 6 l;

497

1 6 l 6 n. If there is no such pi that makes si  xi P si ; sq ¼ 0. It can be explained that number of tokens in q can be updated by any place which has enough tokens to trigger the corresponding transition. Regarding trust evaluation, it means that any credible evidence proposition can deduce that the conclusion proposition is true. Based on the two types of rules, and together with fuzzy Petri net, we build a model by taking evidences as condition propositions and trust evaluation results as conclusion propositions. According to the four defined trust factors in Section 3.1, we define 15 propositions and 7 rules. The propositions are:

498

p1 : p2 : p3 : p4 :

the the the the

load of the node is high; load of the node is low; packet forwarding rate of the node is high; packet forwarding rate of the node is low;

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

492 493 494 495 496

499 500 501 502 503 504 505 506 507 508 509 510 511 512 513

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 6 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

p5 : the average forwarding delay of the node is high; p6 : the average forwarding delay of the node is low; p7 : the node behaves anomalously in terms of routing operations; p8 : the node behaves normally in terms of routing operations; p9 : the node is compromised by serious attacks such as DoS, or it launches serious attacks such as blackhole attack; p10 : the node is a lightly malicious node disturbing normal network operations, but it does not intend to disrupt it completely, for example, the jellyfish attack [4]; p11 : the node attacks the network routing integrity; p12 : the node performs normally in data plane; p13 : the node performs normally in routing plane; p14 : the node cannot be trusted; p15 : the node can be trusted.

531 532 533 534

The 7 rules are listed below. As a matter of experience, an instance of parameters of the rules is also given. The fuzzy Petri net comprised of these rules is shown in Fig. 2.

the truth degrees of p15 and p14 as Etrust and E:trust respectively, called the trust evaluation values, where Etrust 2 ½0; 1; E:trust 2 ½0; 1. Since factors affecting trustworthiness are very complicated, it is impossible to define and collect all of them. That is to say, the completeness of evidence set cannot be assured, and thus undetermined possibilities would exist besides the determined possibilities of trust and distrust. To measure certain undetermined possibilities, we intro-

542

duce another value Euncertain , where Euncertain 2 ½0; 1. Notice that the final result of our trust model is one node’s trust value, which is different from trust evaluation value. The trust value is calculated based on the three trust evaluation values, together with recommendations and historic trustworthiness, as described in Section 3.3. In order to provide a simple and quick trust reasoning algorithm for ad hoc nodes, the trust reasoning process is formulated by using matrix operations. A fraction of operators needed are defined as follows: Assume A ¼ faij g; B ¼ fbij g and C ¼ fcij g are n  m matrices, where i ¼ 1; 2; . . . ; n; j ¼ 1; 2; . . . ; m.

551

543 544 545 546 547 548 549 550

552 553 554 555 556 557 558 559 560 561 562

535

Rule1 : Rule2 : Rule3 : Rule4 : Rule5 : 537 538 539 540 541

IF p1 OR p4 OR p5 THEN p9 IF p2 AND p5 THEN p10 IF p7 THEN p11 IF p3 AND p6 AND p2 THEN p12 IF p8 THEN p13

Rule6 : IF p9 OR p10 OR p11 THEN p14 Rule7 : IF p12 AND p13 THEN p15

ð1;1; 1;0:4;0:4; 0:5;0:9; 0:9; 0:6Þ; ð0:6; 0:4;0:5;0:8Þ; ð1;0:5; 0:9Þ; ð0:6; 0:3;0:1;0:7; 0:9Þ; ð1;0:8; 1Þ; ð1;1; 1;0:4;0:4; 0:4;0:9; 0:7; 0:9Þ; ð0:5; 0:5;0:6;0:9Þ:

According to the parameters and the operations of fuzzy Petri net, truth degrees of all propositions are computed. Yet, we only concentrate on p15 and p14 , because their truth degrees indicate the trustworthiness of one node. We label

Definition 5 (Operator otherwise, cij ¼ 0.

Ò

). C = A Ò B, cij ¼ aij if aij > bij ,

563 564

Definition 6. Operator ÓC = A Ó B, cij ¼ maxfaij ; bij g.

565 566

Assume A is a n  m matrix with aik , B is a m  s matrix with bkj , and C is a n  s matrix with cij , where i ¼ 1; 2; . . . ; n; j ¼ 1; 2; . . . ; s; k ¼ 1; 2; . . . ; m.Definition 7 Operator C = A  B, cij ¼ maxfaik  bkj g. We use the notion S

ðkÞ



ðkÞ s1 ;

ðkÞ ðkÞ s2 ; . . . ; sn



567 568 569 570 571

as truth

572

degrees of propositions after kth reasoning round, for

573

¼

ðkÞ

si 2 ½0; 1; i ¼ 1; 2; . . . ; n. Let n ¼ 14; m ¼ 11. The trust evaluation algorithm with matrix operations is described in Algorithm 1.

574

Algorithm 1. Fuzzy Petri net based trust evaluation algorithm

577

Input:

S ð0Þ ; W; U; TH

Output: Etrust ; E:trust ; Euncertain Let k ¼ 0 Step 1: Calculate equivalent input values of transitions: I ¼ W T  S ðkÞ

Step 2: Compare the equivalent input value with trigger threshold, and set those values that cannot trigger transitions to be zero: G ¼ I Ò TH

Step 3: Compute truth degrees of propositions for the current iteration: S ðkþ1Þ ¼ U  G Fig. 2. Fuzzy Petri net for trust reasoning.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

575 576

578

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 7

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

where S ðkþ1Þ is the truth degree vector after the kth iterations. Step 4: Compare S follows:

ðkþ1Þ

with S

ðkÞ

, and update S

ðkþ1Þ

as

trust evaluation has the same importance with direct trust evaluation. Hence, direct trust evaluation value can also be treated as a recommendation during aggregating. After receiving n recommendations, V i first computes each EV k ’s difference degree:

S ðkþ1Þ ¼ S ðkÞ Ó S ðkþ1Þ

Step 5: If S ðkþ1Þ ¼ S ðkÞ , jump to Step 6; otherwise, ðkÞ

replace S to Step 1. Step 6: ðkÞ

with S

ðkþ1Þ

and let k ¼ k þ 1, then jump

ðkÞ ¼ s15 ; uncertain

E ðkÞ s14 ;

E

:trust

E

¼1

ðkÞ s14

¼ 

ðkÞ

ðkÞ

E:trust ¼ 1  s15 ;

Euncertain ¼ 0:

truth

629 630

0; 0; 0; 0; 0; 0; 0ÞT , together with other input parameters set prior, we will get the output as Etrust ¼ 0:19;

degrees

S

¼ ð0:8; 0:2; 0:1; 0:9; 0:7; 0:3; 0:1; 0:9;

631

E:trust ¼ 0:73, and Euncertain ¼ 0:08.

632

3.3. Aggregating trust recommendations

633

The evaluated targets supported by the proposed trust evaluation algorithm are only 1-hop neighbors of one node, because trust factors of a node cannot be monitored by remote nodes, as is interpreted in Section 5.1. However, calculation of trust based routing table requires that one node should know the trustworthiness degrees of all nodes in the network. To achieve the goal, one node needs to obtain evaluating results of a remote target towards the target’s neighbors. These indirect trust evaluating results are called recommendations. After receiving multiple recommendations, together with its personal direct trust evaluation results, the node should aggregate them into the overall trustworthiness degree, called trust value.

634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662

Definition 8 (Trust value (T)). A numerical value between 0 and 1. T ¼ 1 means the entity is completely trusted, while T ¼ 0 means completely distrusted. One difficult-to-solve issue lies in aggregation is slandering. Recommendations received by a node may include maliciously slandering evaluations towards a victim. To alleviate this issue, we present an algorithm aiming at filtering certain slandering recommendations. Notice that filtering here does not mean removing, but assigning a very low weight. The algorithm is based on the assumption that the number of malicious nodes is less than the number of normal nodes. Denote the trust evaluation vector as EV ¼ ðEtrust ; E:trust ; Euncertain Þ. Assume node V i has received n recommended trust evaluation vectors of a target node V j ; EV 1 ; EV 2 ; . . . EV n . In our trust model, recommended

665 666 667

668

ð1Þ 670 671

Euncertain Þ, k

672

ð2Þ

where ak 2 ½0; 1. Aggregate all recommended trust evaluation vectors:

EV ¼

628

664

where type ¼ trust, :trust, uncertain, EV k ¼ ðEtrust ; E:trust ; k k

One instance of Algorithm 1 is that inputting initial ð0Þ

u

ak ¼ Pn

626 627

k

type u¼1

1=DIF k k¼1 ð1=DIF k Þ

ðkÞ s15 :

else Etrust ¼ s15 ; end if

 Etype  Etype 

for k ¼ 1; 2; . . . ; n. The larger the DIF k is, the more abnormal the EV k is considered to be. Then the weight of EV k is calculated:

ðkÞ

if s14 þ s15 < 1 trust

DIF k ¼

X

n  X

663

n X

ak  EV k

ð3Þ

k¼1

where EV ¼ ðEtrust ; E:trust ; Euncertain Þ. At last, the trust value is calculated according to EV:

T¼E

trust

uncertain

þbE

673 674

675 677 678 679

680

682 683 684

685

ð4Þ

687

where T denotes the trust value of the target, for T 2 ½0; 1.

688

uncertain

Since E consists of possibilities of both trust and distrust, it is reasonable to set an uncertainty factorb to estimate each proportion, for b 2 ½0; 1. A larger b indicates a more optimistic estimation about the trustworthiness of the target. Here, an instance is given to illustrate the filtering algorithm. Assume that V i received five recommended evaluation vectors of V j ; EV 1 ¼ ð0:75; 0:2; 0:05Þ; EV 2 ¼ ð0:71; 0:16; 0:13Þ; EV 3 ¼ ð0:2; 0:7; 0:1Þ; EV 4 ¼ ð0:8; 0:15; 0:05Þ; EV 5 ¼ ð0:69; 0:25; 0:06Þ, where EV 3 is the slandering recommendation. According to algorithm, we obtain that a1 ¼ 0:24; a2 ¼ 0:22; a3 ¼ 0:08; a4 ¼ 0:21; a5 ¼ 0:24. Obviously, due to the quite low weight assigned, the slandering agent cannot slander V j any more. Trustworthiness of an entity should be determined by not only the current information, but also historical records. History trust slowly deteriorates with time going by. On this basis, the final trust value T is calculated as:

T ¼ ð1  kÞ  T c þ k  T c1

ð5Þ

689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706

707 709

where T c is the current trust value, T c1 is the history trust value in the previous timescale, k is the fading factor, k 2 ½0; 1.

710

4. Trust based routing algorithm

713

In this section, we present a trust based routing algorithm which aims to prevent malicious or compromised nodes from entering data forwarding paths. This is accomplished by selecting a path with the maximum path trust value among all the possible paths between any pair of nodes. Furthermore, correctness of the algorithm is proved by mathematical induction.

714

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

711 712

715 716 717 718 719 720

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 8

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

721

4.1. Algorithm illustration

722

Complied with ‘‘barrel effect’’, trustworthiness of a path is subject to the intermediate node with the minimum trust value.

723 724

end if Step 3 (Update TABPT and TABCAN Þ: if TABCAN ¼ ; Algorithm finishes. else

725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744

Definition 9 (Path trust value (PT i;j Þ). Assume the path between node V i and V j is V i ! V m1 ! V m2 !    ! V mn ! V j , then PT i;j ¼ minfT 1 ; T 2 ; . . . ; T n g, where Tk is the trust value of node V mk ; k ¼ 1; 2; . . . ; n; PT i;j 2 ½0; 1. When calculating a routing table, a node needs to maintain two tables: the trust based routing table TABPT and the candidate table TABCAN . TABPT records path entries with the maximum path trust value, and TABCAN caches all possible path entries. An entry is labeled as Entry ¼ ðDest; PT; NextHopÞ, where Dest is the address of destination node, PT is the path trust value, and NextHop is the address of next hop. Prior to describing the routing algorithm, we should keep in mind that OLSR enables a node to know the entire network topology information, and the routing table is cleared before being updated. Without loss of generality, we take the node V i as an example. HopCntðEntryÞ is a function for computing the hop distance of a path. Algorithm 2. Trust based routing algorithm Input: topology information and trust values of nodes inside the network Output: routing table of V i Step 1: Initially there is only one node in the routing table, and that is V i itself. V i creates a root entry fðV i ; 1; V i Þg to record the ‘‘path’’ to itself and moved it into TABPT . As a result, TABPT ¼ fðV i ; 1; V i Þg; TABCAN ¼ £. Step 2 (update TABCAN Þ: Find all neighbor nodes of V temp , where V temp is the destination node that is just moved into TABPT is step 1. For each found neighbor V w which is not already in TABPT , calculate PT i;w and create a Entryw in TABCAN to record the path between V i and V w whose previous hop is V temp . Note that there might already exist another path entry Entry0w between V i and V w in TABCAN . If so, label the path trust value of Entry0w as PT 0i;w , and

Find the Entryy with the maximum path trust value within TABCAN , and move that Entryy into TABPT , i.e., move the destination node recorded by Entryy to TABPT . Consequently, TABPT ¼ TABPT [ fEntryy g; TABCAN ¼ TABCAN  fEntryy g. Jump to step 2. end if 788

We demonstrate an example of the algorithm in Fig. 3 in which network topology is showed and node trust values are marked. Assume that node A is calculating routing table. Consider the moment that A has already moved three nodes into TABPT according to Algorithm 2. Fig. 4 illustrates subsequent steps to complete routing calculation. Current states of TABCAN and TABPT are shown in Fig. 4a. According to step 3 of Algorithm 2, any one of (E, 0.85, C) and (F, 0.85, C) should be moved into TABPT . Assume (E, 0.85, C) is moved into TABPT firstly, as shown in Fig. 4b. This means the path A ! C ! E is selected as the route between A and E. Then according to step 2, entries recoding paths between A and E’s neighbors, (D, 0.3, C), (I, 0.3, C) and (H, 0.3, C), are created. Because there is already an entry for D in TABCAN , and its path trust value is greater than that of the new found entry. Thus, entry (D, 0.3, C) is neglected, and (I, 0.3, C) and (H, 0.3, C) are added into TABCAN , as is shown in Fig. 4c. Repeat steps 2 and 3 until the algorithm finishes, and the final routing table is shown in Fig. 4d. The third column of routing table illustrates path details, yet it does not exist in real networks.

789

4.2. Proof

810

Proving the correctness of the proposed routing algorithm is equal to proving the following theorem.

811

Theorem. A path recorded in TABPT is the path with the maximum path trust value among all possible paths between the associated source node and destination node.

813

if 9Entry0w 2 TABCAN if PT i;w > PT 0i;w Entry0w ¼ Entryw end if if PT i;w ¼ PT 0i;w if HopCntðEntryw Þ < HopCntðEntry0w Þ Entry0w ¼ Entryw end if end if else TABCAN ¼ TABCAN [ fEntryw g

Fig. 3. Network topology map.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809

812

814 815

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 9

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848

849 851

Otherwise, PATH0 will be added into TABCAN . Later, PATH0 may be replaced by another PATH01 if PTðPATH01 Þ P PTðPATH0 Þ. PTðPATH01 Þ ¼ PTðPATH0 Þ indicates that hop distance of PATH01 is less than that of PATH0 . PATH01 may also be replaced by another PATH02 if PTðPATH02 Þ ¼ PTðPATH01 Þ. Because it is PATH that is about to be moved into TABPT , we get

Let PTðpathÞ denote the trust value of path. Without loss of generality, assume node V s is calculating trust based routing table. For the sake of simplicity, we use ‘‘the algorithm’’ to represent ‘‘the proposed trust based routing algorithm’’ in this section. Mathematical induction is employed to prove the theorem. (1) If there is only 1 destination node in TABPT , that is TABPT ¼ fðV s ; 1; V s Þg, the theorem is obviously true. (2) Assume the theorem is true when there are k destination nodes in TABPT . Denote Z as the set comprised of k destination nodes in TABPT , for k P 1. Without loss of generality, let t1 represent the moment that the path, PATH ¼ V s ! V x1 ! V x2 !    ! V xn ! V d , is about to be moved from TABCAN to TABPT , i.e., PATH is selected as the path between V s and V d, where V d R Z; 0 6 n 6 k. n¼0 indicates PATH ¼ V s ! V d . According to the step 2 of the algorithm, ‘‘find all neighbors of the node which is just moved into TABPT ’’, we will get fV x1 ; V x2 ; . . . ; V xn g  Z. Suppose that PATH0 ¼ V s ! V y1 ! V y2 !    ! V ym ! V d is another arbitrary path between V s and V d , for PATH0 – PATH; m P 0. m¼0 indicates that PATH0 ¼ V s ! V d . Y ¼ fV y1 ; V y2 ; . . . ; V ym g represents the set comprised of V y1 ; V y2 ; . . . ; V ym . There are two cases regarding the relationship between Y and Z; Y  Z, and Y å Z. Next we will prove that PTðPATHÞ P PTðPATH0 Þ is true under both cases. A. Case 1: Y  Z. For V ym 2 Z; V d R Z, there must exist a moment t 2 that PATH0 is about to be added into TABCAN according to step 2 of Algorithm 2. At t2 , if there is already a path PATH00 between V s and V d in TABCAN , and the algorithm does not replace PATH00 with PATH0 , then we get

0

PTðPATHÞ P PTðPATH Þ:

854 855 856 857 858

859 861 862

node not belonging to Z. Then PATH0 can be denoted as PATH0 ¼ V s ! V y1 !    ! V yg ! V ygþ1 !    ! V ym ! V d , where V yg 2 Z; V ygþ1 R Z; 0 6 g < m. g ¼ 0 indicates

865

between V s and V ygþ1 is represented as PATH0sub ¼ V s ! V y1 !    ! V yg ! V ygþ1 . According to the definition of path trust value, we get

PTðPATH0sub Þ

0

P PTðPATH Þ:

As V yg 2 Z and V ygþ1 R Z, there must exist a PATH0sub0 between V s and V ygþ1 in TABCAN at moment t1 . According to the step 2 of the algorithm, an old candidate path is replaced only when the new found path has a greater or equal trust value. We obtain that if PATH0sub0 – PATH0sub ; PTðPATH0sub0 Þ P PTðPATH0sub Þ, and thus

PTðPATH0sub0 Þ

0

P PTðPATH Þ:

Since it is PATH that is moved from TABCAN to TABPT at t1 ; PATH must have the maximum path trust value compared with other paths in TABCAN . Therefore,

PTðPATHÞ P

(a)

853

B. Case 2: Y å Z. Y å Z implies that there must exist one or more nodes not belonging to Z within PATH0 . Suppose V ygþ1 is the first

that PATH0 ¼ V s ! V ygþ1 !    ! V ym ! V d . The path

PTðPATH00 Þ P PTðPATH0 Þ:

852

maxfPTðPATH0sub0 Þ;

(b)

PTðPATH0sub Þg

863 864

866 867 868 869 870 871

872 874 875 876 877 878 879 880

881 883 884 885 886

887

0

P PTðPATH Þ:

(c)

(d) Fig. 4. Routing algorithm calculating example.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

889

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 10 890 891 892 893 894 895 896

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

According to the discussion of the two cases, we prove that PTðPATHÞ P PTðPATH0 Þ. In other words, the selected path has the maximum trust value than any other possible paths. After moving the PATH into TABPT , number of nodes in TABPT becomes k þ 1. On the above basis, the theorem is still true when there are k þ 1 destination nodes in TABPT . (3) According to (1) and (2), the theorem is true.

897

5. The FPNT-OLSR protocol

898

919

In this section, the OLSR protocol is extended by integrating our proposed trust mechanism, called the FPNT-OLSR protocol. As is shown in Fig. 5, besides the basic operations of OLSR [1], we add four functional modules: trust factor collection module, trust evaluation module, recommendation aggregation module, and recommendation propagation module. The default routing algorithm of OLSR should also be replaced by our proposed trust based routing algorithm. The node supporting FPNT-OLSR firstly collects trust factors of a target node, and then evaluates the target by using the proposed trust reasoning model. Later, the node should propagate the evaluation result as recommendations. The node receiving recommendations should run aggregating process. Based on trust values of other nodes, each node in the network can calculate a trust based routing table. In addition, without introducing extra control messages, a feasible trust factor collecting method and an efficient trust information propagating method are devised for implementing FPNT-OLSR. Furthermore, MPR redundancy is considered in Section 5.3 to improve the effectiveness of FPNT-OLSR.

920

5.1. Collecting trust factors

921

In our scheme, trust factors are collected via monitoring. The monitoring node is configured in promiscuous mode to intercept and read every network packet arriving at the target. We claim that only MPRs are responsible for monitoring and evaluating their selectors. Since a node has at least one MPR, any node is ensured to be evaluated. Let t denote the trust update period for updating trust evaluation value. For collecting factors, several counters are set.

899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918

922 923 924 925 926 927 928

j Count load : number of bits of received packets by node V j during t;

Count rcj v : number of received messages that should be forwarded by V j ; j Count fwd : number of forwarded packets by V j ; j Count rcheat : number of routing related abnormal behaviors of V j . These counters are cleared every t. Moreover, two operators are defined as follows:

929 930 931 932 933 934 935 936 937

Definition 10 (Normalization operator (NORM)). NORMðxÞ ¼ x=X, where X is a preset constant, x P 0; X P 0; X P x. In our trust scheme, X can be the load capacity or delay tolerance of a node.

938 942 939

Definition 11 (Reverse operator (REVS)). REVSðxÞ ¼ 1  x, where x 2 ½0; 1. The formal language defined in [14] is employed to describe message exchanges. Denote ðDATAÞj as a retransmitted data packet by V j ; ðTCÞj as a retransmitted TC message by V j ; HELLOj and TCj as a HELLO message and TC message generated by V j respectively, ⁄ as one node in the network, message.field as the field of the message, timeðev entÞ as the time when event happens. Using these notions, events related to message exchange are described.

944

DATA or TC

! V j : V j receives a DATA packet (or TC message) that should be forwarded by V j ; packet

! V j :

V j receives any type of packet;

ðDATAÞj or ðTCÞj

V j ! : V j correctly retransmits a DATA packet (or TC message). Assume the monitoring MPR is V i , the monitored selector is V j . V i monitors and analyzes all of V j ’s traffic within its transmission radius, and then collects trust factors as follows. A. Load packet

j ! V j ; Countload

j Countload

If ¼ þ LENGTHðpacketÞ, where LENGTH is a function computing the data bits in j packet. Load of V j can be represented as Count load =t. The corresponding initial truth degree of proposition p1 , ‘‘the j load of the node is very high’’, is s1 ¼ NORMðCount load =tÞ. ð0Þ

Fig. 5. Framework of the FPNT-OLSR protocol.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

940 943 941

945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 11

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx 969 970 971

972 974

The truth degree of the proposition p2 , ‘‘the load of the j node is low’’, is s2 ¼ REVSðCount load =tÞ. B. Packet forwarding rate ð0Þ

DATA

If ! V j and DATA:dest – V j ; Countrcj v þ þ;

975 977

TC

If ! V j and V j is a MPR node; Countrcj v þ þ;

978 980

ðDATAÞj or ðTCÞj

If V j ! ;

j Countfwd þ þ:

are inserted into a TC message. Because only MPRs are configured to monitor and evaluate others, and the recommendations are piggybacked by TC messages, no extra messages will be introduced for propagating. In OLSR or FPNT-OLSR, a node usually selects multiple MRPs. This situation makes one node be evaluated by multiple nodes. And of course, the evaluation result will be more objective. After receiving TC messages generated by MRRs in the network, nodes extract the contained trust evaluation vectors, and aggregate them to calculate trust values of others.

1023

5.3. MPR redundancy consideration

1033

MPR redundancy deals with the situation that MPRs of a node are too little to establish effective trustworthy routes. One extreme case is that only one MPR is selected by a node, yet the MPR is malicious. Consequently, it is impossible to establish a secure route to this node, because this malicious MPR is always within the path. Furthermore, insufficient MPRs cannot produce enough recommendations to get objective trust evaluations. Since ‘‘one can’t make bricks without straw’’, the two situations will make it difficult to select secure paths. To solve the problem, redundant MPRs [1] can be selected, either randomly or in other ways. But, more TC messages containing more link information generated by redundant MPRs will also introduce extra overhead. The FPNT-OLSR protocol with redundant MPRs is called the FPNT-OLSR(R). In Section 6.4, a simulation scenario is tested to measure the performance of FPNT-OLSR(R).

1034

6. Simulation results

1051

In this section, simulations are conducted to verify the effectiveness and efficiency of the FPNT-OLSR protocol. Besides FPNT-OLSR, three other protocols are also tested: the OLSR protocol, the MNDI-OLSR protocol [21], and the FPNT-OSLR(R) protocol. MNDI-OLSR is a trust-based routing protocol which can detect and isolate malicious nodes, as described in Section 2. The simulation consists of three tests. Test 1 verifies the effectiveness of FPNT-OLSR in avoiding malicious and compromised nodes. Test 2 compares the performance of the protocols with a varying number of malicious nodes. Test 3 compares the performance of the protocols with a varying node moving speed.

1052

1024 1025 1026 1027 1028 1029 1030 1031 1032

981 982 983 984 985

986

j Packet forwarding rate of V j is Count fwd =Count rcj v , for

Count rcj v – 0.

Then

ð0Þ

and

ð0Þ

s4 ¼

ð0Þ

REVSðs3 Þ. C. Average forwarding delay ðDATAÞj

DATA

988

j s3 ¼ Count fwd =Countrcj v ,

If ! V j and V j ! ; dj     ðDATAÞj DATA ¼ dj þ time V j !  time ! V j ;

989 ðTCÞj

TC

991

If ! V j and V j ! ; dj     ðTCÞj TC ¼ dj þ time V j !  time ! V j

992

where dj is the total delay of V j . Average forwarding delay

993

j j is dj =Count fwd , where Count fwd – 0, and s5 ¼ NORM

994

j ðdj =Count fwd Þ; s6 ¼ REVSðs5 Þ.

995 996 997 998 999 1000 1001 1002 1003

ð0Þ

ð0Þ

ð0Þ

D. Protocol deviation flag Judging whether a node has misbehaviors towards routing operations is based on [14], which allows a node to analyze and recognize routing related misbehaviors of others. An example is given to illustrate the situation that V j is suspected of isolating V i by sending incorrect TC messages or keeping silent: If V j is selected as V i ’s MPR, and V j sends a TC message TCj . V i monitors the message and finds that its address is j Count rcheat

1006

not contained in TCj , then þ þ; If V j is selected as V i ’s MPR, and V i monitors that V j does not send any TC messages for a long time, then

1007

j Count rcheat

1004 1005

1010

þ þ. Due to the unreliable wireless links and complex environmental context, false detections might occur. To alleviate the issue, we set a threshold d. If

1011

j Count rcheat > d; s7 = 1, otherwise s7 ¼ 0. s8 ¼ REVSðs7 Þ.

1012

5.2. Propagating trust evaluations

1013

A MPR is required to propagate the trust evaluation vectors that it has on its selectors. Since current MANET is resource restricted, the propagation should not introduce much overhead. To achieve the goal, an efficient method is employed. As is known, TC messages are flooded globally. Similarly, any recommendation is required to be transmitted to every node in the network. With this consideration, a good idea that let TC piggyback recommendations is come up with. As is shown in Fig. 6, evaluation vectors

1008 1009

1014 1015 1016 1017 1018 1019 1020 1021 1022

ð0Þ

ð0Þ

ð0Þ

ð0Þ

Fig. 6. TC message format.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050

1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 12

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

Table 1 Simulation parameters. Parameter

Value

Topology area Number of node Node moving speed Bandwidth Data rate Number of data traffic flow Simulation time Transmission radius Number of malicious nodes

1000 m  1000 m 45 0–10 m/s 2 Mbps 300 kbps 3 100 s 250 m 0–10

1065

6.1. Simulation environment

1066

We developed an open source event-driven OLSR simulation program under MATLAB environment, called MoSim (Matlab OLSR Simulation). The motivation for developing MoSim is to utilize Matlab’s powerful capabilities for data analysis and graphic processing, and make it easy and time-saving for integrating new functional modules into OLSR. Simulation parameters are listed in Table 1. 45 mobile nodes are randomly placed in a 1000 m  1000 m rectangular area. The nodes move randomly at the speed up to 10 m/s. We set three end-to-end data traffic flows at the rate of 300 kbps. Four types of attacks are deployed: DoS, jellyfish, blackhole, and link spoofing. A victim of DoS attack receives huge number of useless packets in a short time interval. A jellyfish attacking node delays all data packets for a fixed long time slot. A link spoofing node advertises incorrect HELLO messages containing false links with a non-neighbor remote node, which leads to the redirection of victim node’s traffic. The intervals of HELLO message and TC message, and the hold time of information repositories are consistent with OLSR [1]. Three metrics are adopted to evaluate the performance of the protocols.

1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088

(1) Packet delivery ratio: ratio of the number of received packets to the total number of sent packets. (2) Average end-to-end latency: average time taken by transmitting data packets from source to destination. Note that only successfully delivered packets are counted. (3) Routing packet overhead: average number of routing control packets generated by a single node per second.

1089 1090 1091 1092 1093 1094 1095 1096 1097

6.2. Test 1: route selection

1098

In this test, routing tables calculated by FPNT-OLSR are compared with OLSR. Six malicious or compromised nodes are placed. Node5 is a blackhole attacker. Node9 and Node32 are jellyfish attackers. Node4 is a link spoofing attacker aiming at attacking Node23. Node25 and Node45 are victims of DoS attacks. For convenience, both nodes launching attacks and nodes suffering attacks are noted as malicious nodes. After finishing routing table calculation, we extract details of routes consisting of more than two hops from node1’s routing table, as is shown in Fig. 7. Fig. 7a illustrates that five malicious nodes out of six are selected as intermediate nodes within the routes by OLSR. On the contrary, Fig. 7b demonstrates that FPNT-OLSR prevents all malicious nodes from acting as the intermediate nodes. Fig. 8 shows node31’s routes whose distances are more than one hop. Obviously, five malicious nodes are included in routes in OLSR. Whereas FPNT-OLSR avoids selecting all malicious nodes, as shown in Fig. 8b. Figs. 7 and 8 show the routing table of single node. To observe the effectiveness from a global perspective, we extract routing tables of all nodes in the network, and count the appearing frequencies of malicious nodes in routes. The results are depicted in Fig. 9. It is obvious that FPNT-OSLR is able to avoid malicious nodes effectively.

1099

Fig. 7. Routing table of node1.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 13

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

Fig. 8. Routing table of node31.

1126

Frequencies of Node9, Node32 and Node45 are not zero, because they are selected as the only MPRs by some nodes in the topology, as described in Section 5.3.

1127

6.3. Test 2: varying number of malicious nodes

1128

1151

This test compares the performance of OLSR, MNDIOLSR and FPNT-OLSR with varying number of malicious nodes. Configuration of malicious nodes is listed in Table 2. Three data traffic flows at the rate of 300 kbps are set. Nodes move at the speed of 0.5 m/s randomly. Fig. 10a shows that FPNT-OSLR performs better than OLSR and MNDI-OLSR in terms of packet delivery ratio. The packet deliver ratio of FPNT-OLSR is not 100%, which can be explained by the fact that malicious nodes act as forwarders until trustworthy routes are established. Fig. 10b illustrates that the average latency of OLSR and MNDI-OLSR increases sharply with the number of malicious nodes increasing, while FPNT-OLSR keeps in a low level. The reason is that OLSR and MNDI-OLSR are unable to detect and resist jellyfish attacks. In order to avoid malicious nodes, FPNT-OLSR may establish longer paths, which leads to a slightly increase of its average latency. Fig. 10c demonstrates that the overlapped routing packet overheads of OLSR and FPNT-OSLR are less than MNDI-OLSR’s. This is because FPNT-OLSR does not generate any extra message for collecting trust factors and propagating recommendations, while MNDI-OLSR has to depend on extra messages to detect and locate the malicious nodes.

1152

6.4. Test 3: varying node speed

1153

This test compares the performance of OLSR, MNDIOLSR, FPNT-OLSR and FPNT-OLSR(R) with varying node speed. FPNT-OLSR(R) randomly selects 20 percent more MPRs than FPNT-OLSR. Six malicious nodes are set: two

1124 1125

1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150

1154 1155 1156

Fig. 9. Occurrence frequencies of malicious nodes.

blackhole attackers, two jellyfish attackers, one link spoofing attacker, and one victim of DoS attack. Moving speeds of nodes varies from 0 to 10 m/s with step length of 2 m/s. As shown in Fig. 11a, FPNT-OLSR and FPNT-OLSR(R) perform better than OLSR and MNDI-OLSR, because MNDI-OLSR is unable to detect the link spoofing attacks redirecting traffic. FPNT-OLSR(R) performs slightly better than FPNT-OLSR, because redundant MPRs provide more choices for selecting routes. We notice that curves of OLSR and MNDI-OLSR wave ups and downs. This is because malicious nodes enter and leave certain paths in a random manner. Due to false detections, many normal nodes are Table 2 Configuration of malicious nodes. Number of malicious nodes

Jellyfish

Blackhole

DoS

Link spoofing

2 4 6 8 10

1 1 2 3 4

0 1 1 2 3

0 1 2 2 2

1 1 1 1 1

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 14

S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx

(a) Packet delivery ratio

(b) Average latency

(c) Routing packet overhead

Fig. 10. Performance comparison with varying number of malicious nodes.

(a) Packet delivery ratio

( b) Average latency

(c) Routing packet overhead

Fig. 11. Performance comparison with varying node speed.

1191

isolated by MDNI-OLSR at the speed of 4 m/s, which prevent establishing routes to deliver data traffic timely. Thus, the packet delivery ratio of MDNI-OLSR at speed of 4 m/s is low. As illustrated in Fig. 11b, FPNT-OLSR and FPNT-OSLR(R) perform well in terms of average latency. We also find that the average latency of OLSR is low. This can be explained from two aspects: the first is that OLSR only successfully delivers few data packets along a short route, and the second is that jellyfish nodes happen not to be in the routes carrying data traffic. Since MNDI-OLSR cannot detect and resist jellyfish attacks, its average latency is higher. Moreover, the average latencies of OLSR and MNDI-OLSR are very low at speed of 0 m/s because OLSR and MNDIOLSR only successfully deliver certain data traffic flows along short paths, while FPNT-OLSR and FPNT-OSLR(R) delivers all data traffic flows no matter how long the path is. Similar situation also occurs at the speed greater than 6 m/s. As shown in Fig. 11c, the overhead of FPNT-OLSR(R) is slightly higher than OLSR’s and FPNT-OLSR’s, but still lower than MNDI-OSLR’s. This is because FPNT-OLSR(R) generates more TC messages.

1192

7. Conclusions

1193

In this paper, a fuzzy Petri net based trust reasoning model is presented to evaluate trustworthiness. A trust based routing algorithm is proposed to select a path with

1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190

1194 1195

the maximum path trust value among all possible paths between any two nodes in networks. Furthermore, its correctness is proved. OLSR is extended to be PFNT-OLSR by applying the proposed trust model and trust based routing algorithm. For the implementation of PFNT-OLSR, a feasible trust factor collection method and an efficient trust information propagation method are designed. Moreover, the MoSim program is developed to test the OLSR based protocols under Matlab environment. In future work, we will research adaptive trust models, and try to apply the trust models to other scenarios, such as vehicular ad hoc networks, and cloud computing.

1196

Acknowledgements

1208

This work is supported by National Natural Science Foundation of China (Nos. 61373172 and 61303216), National Basic Research Program of China (No. 2014CB340205), China Postdoctoral Science Foundation funded project (No. 2013M542328), and Xidian-Ningbo Information Technology Institute Seed Foundation funded project.

1209

References

1216

[1] T. Clausen, P. Jacquet, Optimized Link State Routing Protocol (OLSR), in: IETF RFC3626, 2003, pp. 1–75. [2] M. Marimuthu, I. Krishnamurthi, Enhanced OLSR for defense against DOS attack in ad hoc networks, J. Commun. Networks 15 (2013) 31– 37.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207

1210 1211 1212 1213 1214 1215

1217 1218 1219 1220 1221

ADHOC 1206

No. of Pages 15, Model 3G

28 March 2015 S. Tan et al. / Ad Hoc Networks xxx (2015) xxx–xxx 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286

[3] T. Clausen, C. Dearlove, P. Jacquet, The Optimized Link State Routing Protocol Version 2, IETF RFC7181, 2014, pp. 1–115. [4] I. Aad, J.P. Hubaux, E.W. Knightly, Impact of denial of service attacks on ad hoc networks, IEEE/ACM Trans. Networking 16 (2008) 791– 802. [5] Francesco Saverio Proto, Andrea Detti, et al., A framework for packetdroppers mitigation in OLSR wireless community networks, IEEE Int. Conf. Commun. (ICC) (2011) 1–6. [6] Bounpadith Kannhavong, Hidehisa Nakayama, et al., Analysis of the node isolation attack against OLSR-based mobile ad hoc networks, Int. Symp. Comput. Networks (2006) 30–35. [7] A.K. Abdelaziz, M. Nafaa, G. Salim, Survey of routing attacks and countermeasures in mobile ad hoc networks, in: 15th International Conference on Computer Modelling and Simulation (UKSim), 2013, pp. 693–698. [8] M.N.K. Babu, A.A. Franklin, C. Siva Ram Murthy, On the prevention of collusion attack in OLSR-based Mobile Ad hoc Networks, in: 16th IEEE International Conference on Networks (ICON), 2008, pp. 1–6. [9] Y. Yang, Broadcast encryption based non-interactive key distribution in MANETs, J Comput Syst Sci (2014) 80; 533–545. [10] S. Obaidat M, I. Woungang, S.K. Dhurandher, et al., A cryptographybased protocol against packet dropping and message tampering attacks on mobile ad hoc networks, Secur. Commun. Networks 7 (2014) 376–384. [11] A. Hafslund, A. Tønnesen, et al., Secure Extension to the OLSR protocol, in: Proceedings of the OLSR Interop and Workshop, 2004. [12] Sanjeev Rana, Anil Kapil, Defending against Node misbehavior to discover secure route in OLSR, Commun. Comput. Inf. Sci. 70 (2010) 430–436. [13] J.M. Robert, H. Otrok, A. Chriqi, RBC-OLSR: reputation-based clustering OLSR protocol for wireless ad hoc networks, Comput. Commun. 35 (2012) 487–499. [14] Asma Adnane, Christophe Bidan, et al., Trust-based security for the OLSR routing protocol, Comput. Commun. 36 (2013) 1159–1171. [15] Asmaa Adnane, et al. Autonomic trust reasoning enables misbehavior detection in OLSR, in: Proceedings of the 2008 ACM Symposium on Applied Computing, 2008, pp. 2006–2013. [16] Asmaa Adnane, Christophe Bidan, R.T. de Sousa, Trust-based countermeasures for securing OLSR protocol, Int. Conf. Comput. Sci. Eng. 2 (2009) 745–752. [17] A. Boukerch, L. Xu, K. El-Khatib, Trust-based security for wireless ad hoc and sensor networks, Comput. Commun. 11 (2007) 2413–2427. [18] Z. Yan, P. Christian, Autonomic trust management for a componentbased software system, IEEE Trans. Dependable Secure Comput. 8 (2011) 810–823. [19] Asmaa Adnane, R. de Sousa Jr., C. Bidan, et al., Integrating trust reasonings into node behavior in olsr, in: Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, 2007, pp. 152–155. [20] A. Verma, S. Gujral M, Formal specification of trusted neighbor information base of OLSR routing protocol of adhoc network using Z language, Global Trends Comput. Commun. Syst. (2012) 560–570. [21] A.M. Abdalla, I.A. Saroit, et al., Misbehavior nodes detection and isolation for MANETs OLSR protocol, Procedia Comput. Sci. 3 (2011) 115–121. [22] J.H. Cho, I.R. Chen, On the tradeoff between altruism and selfishness in MANET trust management, Ad Hoc Netw. 11 (2013) 2217–2234. [23] R. Feng, S. Che, et al., A credible routing based on a novel trust mechanism in ad hoc networks, Int. J. Distrib. Sens. Netw. (2013), http://dx.doi.org/10.1155/2013/652051. [24] Hui Xia, Z. Jia, et al., Trust prediction and trust-based source routing in mobile ad hoc networks, Ad Hoc Netw. 11 (2013) 2096–2114. [25] Hui Xia, Zhiping Jia, et al., Impact of trust model on on-demand multi-path routing in mobile ad hoc networks, Comput. Commun. 36 (2013) 1078–1093.

15

[26] X. Li, Z. Jia, P. Zhang, et al., Trust-based on-demand multipath routing in mobile ad hoc networks, IET Inf. Secur. 4 (2010) 212–232. [27] J. Lee, R. Liu K F, W. Chiang, A fuzzy Petri net-based expert system and its application to damage assessment of bridges, IEEE Trans. Syst. Man Cybern.–Part B: Cybern. 29 (1999) 350–370. [28] L.X. Jia, J.Y. Xun, F. Ru, Fuzzy Petri net based formalized reasoning algorithm with applications, J. Xian Jiaotong Univ. 37 (2003) 1263– 1266. [29] H.C. Liu, L. Liu, et al., Knowledge acquisition and representation using fuzzy evidential reasoning and dynamic adaptive fuzzy Petri nets, IEEE Trans. Cybern. 43 (2013) 1059–1072. [30] M. Huang, X. Lin, Z.W. Hou, Modeling method of fuzzy fault Petri nets and its application, J. Central South Univ. (Sci. Technol.) 44 (2013) 208–215.

1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301

Shuaishuai Tan received his B.S. degree in electronic information science and technology from Shandong University in 2011. He is currently working hard towards the Ph.D. degree at Xidian University. His research interests are in the area of trust management, trust models, network security, wireless network routing protocol.

1304 1305 1306 1307 1308 1309 1310 1311 1312

1303 Xiaoping Li is a professor and Ph.D. supervisor of School of Aerospace Science and Technology, Xidian University. She received her B.S. degree and M.S. degree from Xidian University in 1982 and 1988 respectively. She received her Ph.D. degree in circuit and system from Xidian University in 2004. Her research interests include network security, intelligent signal and information processing, data mining, knowledge discovery and aerospace science.

1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326

1314 Qingkuan Dong received the B.S. in communications engineering from Xidian University in 1998. Since August 1998, he studied for the M.S. in cryptology in Xidian University. In February 2000, he began to work for the Ph.D. in cryptology in Xidian University in advance and received the Ph.D. degree in 2004. From 2004 to 2005, he worked in the post-doctoral research center of institute of software, Chinese academy of sciences. He currently is an associate Professor with the state key laboratory of integrated services networks, Xidian University. His research interests include cryptology, information security and trusted networks.

Please cite this article in press as: S. Tan et al., Trust based routing mechanism for securing OSLR-based MANET, Ad Hoc Netw. (2015), http://dx.doi.org/10.1016/j.adhoc.2015.03.004

1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1328 1343