Trust establishment for reliable data packet delivery in mobile ad hoc networks

In mobile ad hoc networks (MANETs), the nodes act both as traffic sources and as relays that forward packets from other nodes along multi-hop routes to the destination. Such networks are suited to situations in which a wireless infrastructure is unavailable, infeasible, or prohibitively expensive. However, the lack of a secure, trusted infrastructure in such networks, make secure and reliable packet delivery very challenging, given that a source node must rely on other nodes to forward its packets along multi-hop routes to the destination node. A given node acting as a relay may exhibit malicious behavior with respect to packet forwarding, which disrupts packet transmission in the network. For example, a malicious node may arbitrarily choose to drop or misroute a certain percentage of the packets that are passed to it for forwarding to the next hop. We propose a trust establishment framework for MANETs, called Hermes, which aims to improve the reliability of packet forwarding over multi-hop routes in the presence of potentially malicious nodes. Using a Bayesian framework, each node determines the trustworthiness of the other nodes with respect to reliable packet forwarding by combining first-hand trust information obtained independently of other nodes and second-hand trust information obtained via recommendations from other nodes. More generally, each node forms an "opinion" about each of the other nodes in the network, based on both first and second-hand observation data collected from the network. First-hand trust information for neighbor nodes is obtained via direct observations at the MAC layer, whereas first-hand information for non-neighbor nodes is obtained via feedback from acknowledgements sent in response to data packets. The proposed scheme exploits information sharing among nodes to accelerate the convergence of trust establishment procedures, yet is robust against the propagation of false trust information by malicious nodes. We also propose mechanisms to make Hermes robust to Byzantine behavior, i.e., arbitrary, deviant behavior and introduce a punishment policy that discourages selfish node behavior. We develop an authentication scheme for both data packets and control packets used for trust establishment. We present a security and performance evaluation of our scheme. We introduce a probabilistic attacker model to characterize the security properties of the trust establishment procedures and we discuss the overhead incurred by our scheme, its accuracy, and convergence. An application of the opinion metric to realize "trust-aware" ad hoc routing is also discussed. Finally, our simulation results demonstrate the effectiveness and the performance properties of the proposed scheme in a variety of scenarios involving nodes that are malicious both with respect to packet forwarding and trust propagation.