Machine to Machine Trust in the IoT Era

Machine to machine communications are at the center stage of the Internet of things (IoT). Connecting the physical world with the digital world not only creates new opportunities for innovation and discovery, but also opens doors for misuse and abuse. This paper argues that reputation based trust can be an effective countermeasure for securing machine-to-machine communications. We propose to establish machine-to-machine trust by taking into account both transaction/interaction service behaviors and feedback rating behaviors in the presence of bogus transactions and dishonest feedbacks. Our machine-to-machine trust model, called M2MTrust, introduces two novel trust metrics: (1) pairwise similarity based feedback credibility and (2) threshold-controlled trust propagation. We compute the direct trust from machine A to machine B by utilizing their pairwise rating similarity as the weight to the normalized aggregate of ratings that A has given to B. Our direct trust computation model can effectively constrain malicious nodes to gain direct trusts from dishonest feedback ratings by leveraging feedback credibility. Furthermore, our threshold-controlled trust propagation mechanism can successfully block the trust propagation from good nodes to malicious nodes. We conduct extensive experiments using simulation and real datasets and the experimental results show that M2MTrust significantly outperforms other trust metrics in terms of both attack resilience and performance in the presence of dishonest feedbacks and sparse feedback ratings against four representative attack models.

[1]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[2]  M. Anwar Hasan,et al.  Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[3]  Qinyuan Feng,et al.  Vulnerabilities and countermeasures in context-aware social rating services , 2012, TOIT.

[4]  Ling Liu,et al.  RLM: A General Model for Trust Representation and Aggregation , 2012, IEEE Transactions on Services Computing.

[5]  Stefan Berger,et al.  TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[6]  Adam Rifkin,et al.  Weaving a Web of trust , 1997, World Wide Web J..

[7]  Kai Hwang,et al.  Trusted Cloud Computing with Secure Resources and Data Coloring , 2010, IEEE Internet Computing.

[8]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[9]  Vijay Varadharajan,et al.  Security as a Service Model for Cloud Environment , 2014, IEEE Transactions on Network and Service Management.

[10]  Shanshan Song,et al.  Trusted P2P transactions with fuzzy reputation aggregation , 2005, IEEE Internet Computing.

[11]  Mingchu Li,et al.  ServiceTrust: Trust Management in Service Provision Networks , 2013, 2013 IEEE International Conference on Services Computing.

[12]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[13]  Yufeng Wang,et al.  Poisonedwater: An improved approach for accurate reputation ranking in P2P networks , 2010, Future Gener. Comput. Syst..

[14]  Rajkumar Buyya,et al.  Heterogeneity in Mobile Cloud Computing: Taxonomy and Open Challenges , 2014, IEEE Communications Surveys & Tutorials.

[15]  Ting Yu,et al.  1 Supplemental Material: Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds , 2022 .

[16]  Junping Du,et al.  Adaptive and attribute-based trust model for service level agreement guarantee in cloud computing , 2013, IET Inf. Secur..

[17]  Azadeh Iranmehr,et al.  Trust Management for Semantic Web , 2009, 2009 Second International Conference on Computer and Electrical Engineering.