Article 3VSR: Three Valued Secure Routing for Vehicular Ad Hoc Networks using Sensing Logic in Adversarial Environment MuhammadSohail ID andLiangminWang* SchoolofComputerScienceandCommunicationEngineering,JiangsuUniversity,Zhenjiang212013,China; [email protected] * Correspondence:[email protected];Tel.:+86-511-8898-6871 Received:30November2017;Accepted:17February2018;Published:14March2018 Abstract: Today IoT integrate thousands of inter networks and sensing devices e.g., vehicular networks, which are considered to be challenging due to its high speed and network dynamics. Thegoaloffuturevehicularnetworksistoimproveroadsafety,promotecommercialorinfotainment products and to reduce the traffic accidents. All these applications are based on the information exchangeamongnodes,sonotonlyreliabledatadeliverybutalsotheauthenticityandcredibility of the data itself are prerequisite. To cope with the aforementioned problem, trust management comeupaspromisingcandidatetoconductnode’stransactionandinteractionmanagement,which requiresdistributedmobilenodescooperationforachievingdesigngoals. Inthispaper,wepropose atrust-basedroutingprotocoli.e.,3VSR(ThreeValuedSecureRouting),whichextendsthewidely usedAODV(AdhocOn-demandDistanceVector)routingprotocolandemploystheideaofSensing Logic-basedtrustmodeltoenhancethesecuritysolutionofVANET(VehicularAd-HocNetwork). Theexistingroutingprotocolaremostlybasedonkeyorsignature-basedschemes,whichoffcourse increasescomputationoverhead. Inourproposed3VSR,trustamongentitiesisupdatedfrequently by means of opinion derived from sensing logic due to vehicles random topologies. In 3VSR the theoretical capabilities are based on Dirichlet distribution by considering prior and posterior uncertaintyofthesaidevent. Alsobyusingtrustrecommendationmessageexchange,nodesareable toreducecomputationandroutingoverhead. Thesimulatedresultsshowsthattheproposedscheme issecureandpractical. Keywords: trustmodel;sensinglogic,dirichletdistribution,AODV,VehicularAd-HocNetworks 1. Introduction Recently,Vehicularadhocnetworks(VANets)areemergedaschallengingandadvancednetworks, havinglotsofsensorsandonboarddevicesforV-2-V(vehicletovehicle),V-2-I(vehicletoinfrastructure) andV-2-P(vehicletopedestrian)communication,inadditionwithhighspeedandrandomtopologies. AsVANETisoneoftheimportantpartsinimplementingintelligenttransportationsystems(ITS)in whichtrustmanagement[1–3]canplayavitalroletoimprovetrafficefficiency,humansafetyand reduceenergyconsumption. Atthesametime,withtheincreasingpopularityofsensingtechnologies andhandhelddevices,anewsensingparadigm,mobilecrowdsensing,attractsattentionfromboth academiaandindustry[4]. Thisnewsensingparadigmleveragesthepowerofcrowdsforlargescale sensingtasksandfuelstheevolutionoftheInternetofThings(IoT).Today,vehiclesonahighway can be a great opportunity for resource sharing, infotainment and commercial advertisement in anefficientmanner. ApossiblefuturescenarioofvehicularnetworkscanbeseeninFigure1,these distributednetworkswillrelyoneachotherforresourcesharing,whichdemandsecurecommunication to be disseminate. As VANET, due to its openness not only face security issues that described Sensors2018,18,856;doi:10.3390/s18030856 www.mdpi.com/journal/sensors Sensors2018,18,856 2of24 previously [5], but also come up with new challenges like high speed, large scale network that makes VANET a truly challenging network [6]. As a result, number of research efforts have been made to ensure the credibility of sensed data. [7]. Many authors tried to provide solutions using cryptographicandcertificateexchangemethodsforsecuringadhocnetworks[8,9]. Similarly,mostof theanonymousroutingprotocolslikeANODR[10],AASR[11],alsobasedoncryptographicandpublic keyinfrastructuremechanismforestablishingsecureconnection, thusincreasesroutingoverhead. Onepossiblesolutionistoestablishthetrustmanagementsystemforevaluatingthetrustworthiness ofvolunteercontributionsinparticipatorysensingapplications[5]. (cid:47)(cid:374)(cid:410)(cid:286)(cid:396)(cid:374)(cid:286)(cid:410)(cid:3) (cid:2)(cid:6) (cid:4)(cid:6) (cid:24)(cid:35)(cid:28)(cid:29)(cid:42)(cid:57)(cid:27)(cid:33)(cid:25)(cid:48) (cid:272)(cid:367)(cid:381)(cid:437)(cid:282) (cid:20)(cid:25)(cid:47)(cid:47)(cid:34)(cid:41)(cid:32)(cid:57)(cid:39)(cid:25)(cid:41)(cid:29)(cid:57)(cid:27)(cid:38)(cid:42)(cid:47)(cid:29)(cid:28) (cid:57) (cid:28)(cid:35)(cid:47)(cid:27)(cid:49)(cid:47)(cid:47)(cid:35)(cid:41)(cid:32)(cid:57)(cid:40)(cid:29)(cid:29)(cid:48)(cid:35)(cid:41)(cid:32) (cid:25)(cid:32)(cid:29)(cid:41)(cid:28)(cid:25) (cid:3)(cid:6) (cid:3)(cid:17)(cid:57)(cid:25)(cid:40)(cid:57)(cid:35)(cid:41)(cid:57)(cid:52)(cid:42)(cid:49)(cid:44)(cid:57)(cid:26)(cid:38)(cid:34)(cid:41)(cid:28)(cid:57)(cid:47)(cid:43)(cid:42)(cid:48)(cid:2)(cid:4)(cid:13) (cid:40)(cid:29)(cid:47)(cid:47)(cid:25)(cid:32)(cid:29)(cid:57)(cid:29)(cid:44)(cid:49)(cid:43)(cid:48)(cid:29)(cid:28)(cid:57)(cid:28)(cid:49)(cid:29)(cid:57)(cid:48)(cid:42)(cid:57) (cid:28)(cid:29)(cid:29)(cid:43)(cid:57)(cid:30)(cid:25)(cid:28)(cid:29) (cid:1)(cid:2) (cid:24)(cid:29)(cid:33)(cid:34)(cid:27)(cid:38)(cid:29)(cid:57)(cid:27)(cid:42)(cid:42)(cid:43)(cid:29)(cid:46)(cid:25)(cid:48)(cid:34)(cid:42)(cid:41) (cid:48)(cid:44)(cid:34)(cid:32)(cid:32)(cid:29)(cid:44)(cid:29)(cid:28) (cid:1)(cid:2) (cid:5)(cid:6) (cid:9)(cid:57) (cid:15)(cid:44)(cid:49)(cid:34)(cid:47)(cid:34)(cid:41)(cid:32)(cid:57)(cid:28)(cid:34)(cid:44)(cid:29)(cid:27)(cid:48)(cid:34)(cid:42)(cid:41) (cid:19)(cid:42)(cid:42)(cid:36)(cid:57)(cid:42)(cid:49)(cid:48)(cid:1)(cid:57)(cid:18)(cid:57)(cid:25)(cid:40)(cid:57)(cid:27)(cid:42)(cid:40)(cid:34)(cid:41)(cid:32)(cid:57) (cid:14)(cid:28)(cid:50)(cid:29)(cid:57)(cid:44)(cid:48)(cid:34)(cid:47)(cid:29)(cid:40)(cid:29)(cid:41)(cid:48)(cid:12) (cid:1)(cid:3)(cid:4)(cid:2)(cid:5) (cid:21)(cid:42)(cid:25)(cid:28)(cid:47)(cid:34)(cid:28)(cid:29)(cid:57)(cid:49)(cid:41)(cid:34)(cid:48)(cid:57)(cid:5)(cid:21)(cid:22)(cid:23)(cid:6) (cid:47)(cid:29)(cid:45)(cid:50)(cid:35)(cid:27)(cid:29)(cid:57)(cid:27)(cid:29)(cid:41)(cid:48)(cid:29)(cid:46)(cid:57)(cid:25)(cid:33)(cid:29)(cid:25)(cid:28)(cid:57)(cid:1005)(cid:1004)(cid:1004)(cid:57)(cid:40)(cid:29)(cid:48)(cid:29)(cid:44) (cid:1)(cid:2) (cid:1)(cid:2) (cid:1)(cid:6) (cid:16)(cid:29)(cid:48)(cid:29)(cid:27)(cid:48)(cid:34)(cid:42)(cid:41)(cid:57)(cid:42)(cid:30)(cid:57)(cid:50)(cid:29)(cid:33)(cid:34)(cid:27)(cid:38)(cid:29)(cid:57)(cid:27)(cid:44)(cid:25)(cid:47)(cid:33)(cid:10) (cid:15)(cid:42)(cid:40)(cid:40)(cid:49)(cid:41)(cid:35)(cid:27)(cid:25)(cid:48)(cid:34)(cid:42)(cid:41)(cid:57)(cid:38)(cid:34)(cid:41)(cid:37) (cid:1)(cid:2) (cid:8)(cid:57) (cid:29)(cid:40)(cid:29)(cid:44)(cid:32)(cid:29)(cid:41)(cid:27)(cid:52)(cid:57)(cid:40)(cid:29)(cid:47)(cid:47)(cid:25)(cid:32)(cid:29)(cid:57) (cid:15)(cid:42)(cid:40)(cid:40)(cid:49)(cid:41)(cid:34)(cid:27)(cid:25)(cid:48)(cid:35)(cid:42)(cid:41)(cid:57)(cid:38)(cid:34)(cid:41)(cid:36)(cid:57)(cid:34)(cid:41)(cid:57)(cid:28)(cid:29)(cid:29)(cid:43)(cid:57)(cid:31)(cid:25)(cid:28)(cid:29) (cid:26)(cid:44)(cid:42)(cid:25)(cid:28)(cid:27)(cid:25)(cid:47)(cid:48)(cid:57)(cid:48)(cid:42)(cid:57)(cid:50)(cid:29)(cid:33)(cid:35)(cid:27)(cid:38)(cid:29)(cid:47)(cid:57)(cid:34)(cid:41) (cid:55)(cid:56)(cid:57) (cid:53)(cid:42)(cid:41)(cid:29)(cid:57)(cid:42)(cid:30)(cid:57)(cid:28)(cid:25)(cid:41)(cid:32)(cid:29)(cid:44) (cid:54) (cid:24)(cid:29)(cid:33)(cid:35)(cid:27)(cid:38)(cid:29) Figure1.Apossiblefuturescenarioinvehicularnetworks. Further,trustmanagementsucceededtohandlemanysecurityissueswithlightweightsolutions. Trust management enforcement in ad hoc networks enables system to derive collaboration, avoid untrusted and malicious nodes and improve network performance [12]. Jin et al. in [13] give a detail information about trust management in VANET and also highlight the challenges for its deployment. Kannanandparasatin[14]feasiblydescribevarioustrustcomputingapproachesthatare gearedtowardsVANET.However,manytrustmanagementsolutionsrarelyconsidereduncertaintyas importantnotionintheseadhocnetworksandthatneedscarefultreatment. Tomanageuncertainty between distributed nodes author in [15] proposed subjective logic for determining probabilistic uncertainvaluesover[0,1]. Thissubjectivelogicsucceededtoreducecomputationoverheadwith simplenetworktopology,whilecomesupasinformationlossbynetworkcanonizationincomplexand randomnetworktopology[16]. Precisely,totacklewithabovesituationliuetal. in[17,18]proposed Three Valued Subjective Logic to manage the uncertainty more significantly. Despite the existing methods,vehicularnetworksstillneedacomprehensiveresearchandlightweightsolutions. In this paper, we propose a secure extended routing protocol, which is called 3VSR, to credit theuserbyestablishingatrustandreputationsystem. Inthissystem,agroupofvehiclesisableto Sensors2018,18,856 3of24 authenticateeachotherandtodistinguishthewell-behavedandbadlybehavedvehiclesaccording totheirtrustscores. Tomitigatethenegativeimpactsofthosemalicioususervehicle,wedesignan vehicleauthenticationalgorithmforourproposedschemetoexcludetheirimpact. Thecontributions ofthispapercanbesummarizedasfollows: • First,wetakeadvantageoftheuniquefeaturesofVANET[19,20],e.g.,highdynamics,hybrid architecture,andvehicle-to-infrastructure(V-2-I)andvehicle-to-vehicle(V-2-V)communications, to propose our 3VSR scheme. Specifically, the high dynamics ensure the real-time update of feedback. Thehybridarchitecture,i.e.,vehicles,roadsideunits(RSUs),server,andtrustauthority (TA),enablesthestorageoffeedbackandthecomputationoftrustscores. • AsecureroutingisproposedusingsensinglogicastrustmodeltoenhancesecurityofVANET, asefficientmulti-hoptrustassessmenttechnique. Thistrustmodeliscapableofassessingtrust betweenmultipath,arbitraryandbridgetopologies. • Inour3VSR,nodesperformtrustedroutingbehaviormainlyaccordingtothetrustrelationship between them, a node that will behave malicious eventually denied from the network. Also, systemperformanceisimprovedbymeansof3VSRasanonymousrouting,thatavoidverifying andrequestingcertificateexchangeateachstep. Thisalsohelpsinminimizingcomputationand routingoverhead. • In this article, we have proposed sensing logic-based trust model, that despite highlighting posterioruncertaintyduringtrustpropagationalsocapableofcorrectlyassessarbitrarytopologies. Therestofthepapersectionedasfollows: InSection2,wedefinetheproblembyformalizingthe systemmodel,adversarymodelandgoals. InSection3,webrieflyhighlighttheAODVroutingand Dirichletdistribution,whichhavebeenappliedintrustmodel. InSection4,wedefinetheframework oftheproposedschemealsowithtrustassumptions. InSection5trustmodelbasedonSensinglogic fundamentals are discussed in detail. In Section 6, trusted routing operation is revealed in detail. ExperimentalsetupandresultsareexploredinSections7and8. Finally,relatedworkishighlightedin Section9,withconclusionsinSection10. 2. ProblemStatement Hereourproblemisdefinedbyinitiatingthesystemmodel,adversarymodel,anddesigngoal. 2.1. SystemModel We make use of the advantage of the already existing architectural model for VANET [2] i.e., trustedauthority,Server,RSUsandvehiclesequippedwithOBUs(On-BoardUnit)andothersensing devicesasshowninFigure2. DuetohighcostandcommercialaspectsofRSUhere,weconsiderthe limitednumberofRSUs. Theycanbeinstalledinthemainstreetswheremanyvehiclescanpassand get register to the server using V-2-I communication. Further, our proposed system model can be implementedinfuturevehicularnetworkse.g.,vehicularplatoon. CentralCloudLayerCCL:isagroupofservers,trustedauthority(TA)whichhavemassivestorage capacity and computational abilities. Central cloud can provides roadside services via V-2-I and V-2-R (vehicle to remote side unit) communication. CCL is responsible for registration of server, RSUs,andvehiclesregardingbriefbehavioralhistoryandprofilealsowithdigitalcertificatethatis distributedsoonafterenteringthecoveragearea. RemoteCloudlayerRCL:isasetofremotesiteunitsRSUswhichgivesgeneralinformationand localservicestovehiclesonroad. Themainthemeofourproposedsystemmodelistoenablevehicles toauthenticateitsneighborwithoutthecentralsystemtoreduceextraoverhead. Afteracomplete roundtripavehicle’sgroupleadercanupdatethecorrespondentinformationtotheserverviaRSU. VehicleCloudLayerVCL:istreatedaslocalvehiclescloudontheroadwhichcanbebuiltasasetof cooperatingvehiclesindifferentgroups. VehiclescansharetheirresourcesviaV-2-Vcommunication usingonboardmodernsensorsandcomputers.Ifthetargetvehiclehastrustvalueabovetheminimum Sensors2018,18,856 4of24 definedthresholdthennoneedtoverifyitscredibilityusingfirstandsecond-handrecommendation. Iftargetvehiclehaslowertrustvaluei.e.,belowthethresholdthentherequestingvehiclecanaskfor certificateverificationandalsotakefirstandsecond-handrecommendationsfromneighborvehicles. Layer1: Central cloud layer Mainframe Trusted Cloud Services /Trusted Storage Group authority RSU Layer 2: Road side cloud LLooccaall sseerrvveerr VM Transfer between R2R RSU Layer 2: Road side cloud LLooccaall sseerrvveerr Layer 3: Vehicular Network cloud IEEE 802.11P Wired connection Figure2.ThreelevellayeredArchitecturalnetworkmodelforVehicularadhocnetworks. 2.2. AdversaryModel Theconnectedvehicles,ontheroadaregenerallymoresusceptibletovariousadversaries,and theycanbecompromisedatanytimeaftertheVANETisformed. Theadversarycanbeanoutsider located in the wireless range of the vehicles, or the adversary can first compromise one or more vehiclesandbehaveasaninsiderlater. Themaliciousentityisabletojam,eavesdrop,forge,modify thecommunicationbetweenanyvehiclesintherange. Themaingoalsoftheadversarymayinclude interceptingthenormaldatatransmission, modifyingorforgingdata, framingthebenigndevices bydeliberatelysubmittingfakerecommendations,etc. Here,weproposedthatonlyinsiderattacks maycausetochangenodesbehaviorandactmaliciously. Theinternalmalicioususerscanrandomly droppackets,aswehavesimulatedthiseffectbyconsideringhalfofthenodemalicious. Let,when Sensors2018,18,856 5of24 thereisimpersonationattackbythefakeroutingpackets,3VSRcancopewiththisscenariobyusing authentication algorithm. In contrast standard AODV suffer more by means of packet loss and minimizingthroughputduetolackofauthenticationinbetweenneighbornodes. • SimpleAttack(SA)Anattackermaymanipulatethecompromisednodesnottofollownormal network protocols and not to provide necessary services for other nodes, such as forwarding datapacketsorpropagatingroutediscoveryrequests. However,thecompromisednodewillnot provideanyfaketrustopinionswhenitisaskedaboutothernode’strustworthiness. • BlackHoleAttack(BH)Inthiscasemaliciousnodedoesn’tforwarddatapacket,stillremains activeasusingpathinitiatedbyothernodestosaveitsenergy. Intheseattackspacketscanbe forged, alteredandtendtobehaveasgoodnodes. BlackHoleattacksareknownasthebasic byzantineattacks. • ZigzagAttack(ZA):Sometimesslyattackerscanaltertheirmaliciousbehaviorpatternssothatit isevenharderforthetrustmanagementschemetodetectthem. Forinstance,theycanconduct maliciousbehaviorsforsometimeandthenstopforawhile(inthatcasethemaliciousbehaviors areconductedinanon-and-offmanner). Inaddition,theslyattackerscanalsoexhibitdifferent behaviorstodifferentaudiences,whichcanleadtoinconsistenttrustopinionstothesamenode amongdifferentaudiences. Duetotheinsufficientevidencetoaccusetheadversary,itisgenerally moredifficulttoidentifysuchslyattackers. 2.3. DesignGoals Followinggoalsaresomefeaturedtargetsfortheproposedscheme. • Overhead: Toreducecomputationalandroutingoverheadbyusingsecureroutingprotocoland havinglimitednumberofRSUs. • Resilience: HowtotackleagainstadversaryattackModificationattacks,ForgeryattacksandBlack HoleattacksduringV-2-Vauthentication. • Efficiency: Thetrustmanagementschemeshouldbeefficientinprocessingandhavinglesstime forconvergence. • Scalability and consistency: The proposed scheme should work fine even with high density ofvehicles. 3. Preliminaries Tosupportmathematicaloperationsonstatespace,weareinterestedinknowingtheprobability densityfunctionovermultinomialopinionspace. Incaseofbinaryopinionspaceitiswelldefinedby BetadistributionbutformultinomialscenarioDirichletdistributionisasolution[21]. 3.1. BetaDistribution Beta distribution is a continuous probability distribution defined over [0, 1] parametrized by twopositiveshapeparameters,αandβ[22]. Theseparametersappearasexponentsoftherandom variable and control the shape of the distribution. The general expression for (PDF) of the beta distribution,for0≤ x ≤1,havingα,β >0isapowerfunctionofthevariablexandofitsreflection (1−x)asfollows: f(P ,P | α,β) = Γ(α+β) ×Pα−1×Pβ−1 (1) b d Γ +Γ b d (α) (β) TheprobabilitydensityoverbinomialeventspacesexpressedasbetaPDF’sanddenotedasBeta (α,β). AlsotheprobabilityexpectationvalueofbetadistributionisgivenbyE(x) = α/(α+β). Ifr and s denotes the past observations of positive and negative behavior and a is a constant formed Sensors2018,18,856 6of24 fromanexistingimpressionwithoutsolidevidences,e.g.,prejudice,preferenceandgeneralopinion obtainedfromhearsay.,thenwecomputeα,βas α =r+2a, β = s+2(1−a) Bijective mapping between opinion space and beta PDF parameters can be obtained using followingequations. r 2b bx = (r+sn+2) ⇒r = 2udxx d = ⇒ s = x (2) uxx = ((rr++s2s++22)) ⇒ ux (cid:54)=u0x 3.2. DirichletDistribution ADirichletdistributionprovidesasolidmathematicalfoundationformeasuringtheignorance of recommendation based on initial belief of an unknown event according to prior distribution. ComparedwithBetadistribution,whichismoreappropriateinabinarysatisfactionlevel. Dirichlet distribution is more appropriate for multivalued satisfaction levels. In our case, the evaluation trustworthiness of user vehicles is described by continuous trust values. Therefore, we will use Dirichletdistributiontoestimateopinionspaceofuservehiclerecommendedinthefutureandthen buildourtrustmodelaccordingly. TheDirichletdistributionisacontinuoussequenceofobservationhavingkpossibleoutcomeswith kpositiverealparametersα(x ),i =1,...,k,intheformofcompactvectornotation(cid:126)p = p(x |1≤i ≤ k) i i denotesthek-componentrandomprobabilityvariableandavector(cid:126)α = (α |1≤i ≤ k)denotesrandom i observationvariableofkcomponentssuchthat[α(x )]k. ThegeneralformofDirichletdistributionisas i i (cid:16) (cid:17) f((cid:126)p |(cid:126)α) = Γ ∑ik=1α(xi) ∏k p(x )α(xi)−1 (3) ∏k Γα(x ) i i=1 i i=1 In sensing logic as evidences in opinion space have three condition (trust distrust, neutral), somodifyingthreevaluedevidencespacetoDirichletdistributionas f(P ,P ,P ,P | α,β,γ ,γ ) = Γ(α+β+γn+γe) ×Pα−1×Pβ−1×Pγ−1×Pγ−1 (4) b d n e n e Γ +Γ +Γ +Γ b d n e (α) (β) (γn) (γe) where (α,β,γ ,γ ) is the controlling vector and P(b,d,n,e) shows probability of belief, disbelief, n e posterior and prior uncertainty respectively. Let r,s and o denotes observed number of evidences thatanodeistrustworthy,untrustworthyorneutral. AccordingtoDirichletdistribution,wehave (α =r+1,β = s+1,γ = o+1) Let us assume that the neighboring node had one prior evidence of each event (b,d,n). This assumption works satisfactorily because Dirichlet distribution can still works even when no eventisobservedi.e., (α = 1,β = 1,γ = 1)andprobabilityofeacheventwillbe1/3. Thesethree eventsareprioruncertainties,thefourcomponentsinsensinglogicopinionvectorcanbeexpressas followingafterhavingDirichletdistributionevidencespaces r s bA = , dA = X r+s+o+3 X r+s+o+3 (5) o 3 nA = , eA = X r+s+o+3 X r+s+o+3 Sensors2018,18,856 7of24 Herepriorevidencesissetto3,itsratiotothenumberofobservedeventiseA. itisworthnoting X thatuncertainty u definedinsubjectlogicsisactuallythepriorevidenceinsensinglogic. Sincein sensinglogicexpectedprobabilityofeacheventusingaboveequation. α r+1 1 E(P ) = = = bA+ eA b α+β+γ r+s+o+3 X 3 X β s+1 1 E(P ) = = = dA+ eA d α+β+γ r+s+o+3 X 3 X (6) γ o+1 1 E(P ) = = = nA+ eA n α+β+γ r+s+o+3 X 3 X 3 E(P) = = eA e r+s+o+3 X where the actual probability of each event is determined by baye’s rule using prior and posteriorevidences. 3.3. SubjectiveLogic To better understand sensing logic, we first briefly introduce the subjective logic. Subjective logicusesopinion-basedprobabilisticlogicasinput,outputvariablesfirstproposedbyA.Josang[16]. Theseopinionexpressesuncertaintiesinprobabilityvaluesandidentifythedegreeofignoranceina particularsubjectsuchastrust. LetωA showsnodeA’sopinionaboutvehiclextrustworthinessina x specificcontext. EvidencespaceinSLrepresentedasω = (b,d,u,a)whereb,d,uandashowbelieve,disbeliefand uncertaintyovertherangeb,d,u ∈ [0,1]andb+d+u =1.Thebaserateaisaconstantformedfroman existingimpressionwithoutsolidevidences,e.g.,prejudice,preferenceandgeneralopinionobtained fromhearsay. Forexample,ifAalwaysdistrusts/truststhepersonsfromacertaingroupwhereX belongsto,thenaX willbesmaller/greaterthan0.5. BasedontheBetadistribution,thediscounting A andcombiningoperationinsubjectivelogicisasfollows. Discountingoperation: LetA,BandCarethreevehiclesand ωA = bA+dA+uA showsA’s B B B B opinionaboutBtrustworthinessandωB = bB+dB+uB showsB’sopinionaboutCtrustworthiness. C C C C BasedonBetadistribution,ωA,B = bA,B+dA,B+uA,B showsAopinionaboutCusingB’sadvicetoA. C C C C bCA,B = bBAbCB dA,B = bAdB (7) C B C uA,B = dA+uA+bAuB C B B B C Consensus operation: Let, we have three vehicles A, B and C ωA = bA +dA +uA and C C C C ωB = bB+dB+uB betheopinionsthatvehiclesAandBhaveaboutvehicleC’strustworthinesssuch C C C C thatbyequations. bAuB+bBuA dAuB+dBuA uAuB bA,B = B C C C , dA,B = C C C C , uA,B = C C (8) C uA+uB−uAUB C uA+uB−uAUB C uA+uB−uAuB C C C C C C C C C C C C Finally,theexpectedbeliefofanopinionwA iscomputedbyE(ωA) = bA+aAuA B B B X B 3.4. SensingLogicFundamental Opinionspaceinsensinglogiciscombinedwiththesemultiplevalues. (cid:16) (cid:17) ωA = bA,dA,nA,eA | aA B B B B B B bA+dA+nA+eA | aA =1 B B B B B Sensors2018,18,856 8of24 wherebA,dA,nA,eA | aA representsbelief,disbelief,posterioruncertaintyduringtrustpropagation B B B B B andprioruncertainvalues. Where aA showsbaserate, whichisminimalprobabilityvaluebefore B theoperationbetweenAandB.IthasthesamedefinitioninbothSLandsensinglogic,sowewill ignorethisnotionunlessitisnecessary. ThecertaintyofanopinioncomesfrombA,dA,wherenA,eA B B B B gives posterior and prior uncertainty values. For example if A has no interaction with B, then its opinionabouttrustworthinessofvehicleBisωA = (0,0,0,1). Lateron,aftersomeinteractionwiththe B neighborvehicleBitsopinionspacecanchangelikeωA = (0.4,0.3,0.2,0.1)dependingonsuccessful B andfailedcommunication. Further,unlikesubjectivelogic,wedefineinterpersonaltrustasatrinaryevent(belief,distrust, neutral) instead of a binary event (belief, distrust), hence extend Beta distribution to Dirichlet distribution. Neutralstateexpressestheposterioriuncertaintygeneratedbytrustpropagation,which is ignored in subjective logic. The introduction of neural state makes the operations in sensing logicdifferentfromsubjectivelogic. Leveragingonthisnewdefinition,operations(discountingand combining)ontrustareredesignedinsensinglogic 3.5. AdHocRoutingProtocols Inadhocnetworks,wehavemainlyproactiveandreactiveroutingprotocols. Proactiverouting requireshighbandwidthspaceas,itmaintainspathsbetweensourceanddestinationeveniftheyare notinteracting. InAODVreactiveroutingpathsaremadeondemand,sohighlypopularwithadhoc networks[23]. Trustmodelbasedondemandreactiveroutingissuitableforthedistributedandpure adhocnetwork[24]. Ad-HoconDemandDistanceVectorRouting(AODV) AODVisthemostefficientreactiveroutingprotocolfortheadhocnetworksaspathsaremade onflythatiswhycalledadhocondemanddistancevector. On-demandisakeyfeatureinAODV routingwhichmeansthatpathsaremadeonflyandmaintainedtilltheyrequireeachotherservices. InAODVeachrouterequestpacketcontainsbroadcastid,sourcesequencenumber,destinationIp address, hop counts and control flags. The sequence number identify the freshness of the routing packetandhopcountcontainsthedistancebetweenthesourcenodeandthecurrentnode. WhensourcenodeSbroadcastRREQpacketinsearchofdestinationnode,eachrecipientofthe RREQpacketlooksupinitsroutingtable. Ifreceivingnodedoesn’tcontainanyinformationabout thedestination. ItwillcreateabackwardpathtowardsRREQpacketinitiatorandrebroadcastthe routingrequest. IntermediatenodereceivingthisRREQandwillgenerateaRREPmessageeitherifit hasfreshrouterequestinformationtosatisfyoritselfadestination. Afterthat,thisintermediatenode willgenerateRREPpacketandwillforwardittothenexthoptowardsRREQinitiatorintermediary node,asindicatedbysourcenoderoutingtableentry. whenanodereceivesRREPpacket,itupdate some fields in the routing table of RREP packet, and then forward it to the next hop and towards theoriginator(sourcenode). Afterthatabidirectionalpathissetupandmaintainedaslongasthey requiredeachotherservices[25]. Routemaintenanceisperformedbyeithersendinghellomessageswhichacknowledgedabout thepositiveconnectivityaboutthenodesandsendercanlistenthesehellomessages. Anotherway istomaintainlocalconnectivitybysomelinkornetworklayerintrusiondetectionmechanism[26]. Routemaintenancecanalsobeachievedusingpacketacknowledgeinwhichnodesareinpromiscuous modeandcanoverhearthepackettransmissionandeasilydetectmaliciousattacks[27]. 4. OverviewofTrustedAODV 4.1. TrustedAssumptions Here,wemadesomeassumptionsforspecificrolesofentities,furtherwearguethatwearemainly focusesonsecuritysolutiontotheroutingbehaviorofnetworklayer. Sensors2018,18,856 9of24 • Server: Theserverincentralcloudlayeriscapableofhavinghighstoragecapacityregardingbrief historyandprofilealsowithvehicleIdanddigitalcertificatethatisdistributedsoonafterentering thecoverageareaviaRSU.Further, itisproposedthatcentralserverisunderstrongphysical protectionandnotaffectedbyadversaries. • RemoteSiteUnitRSU:Here,weproposedthatRSUsactaslocaltrustmanagerforvehicleson road,buthavelimitedstoragecapabilitiesascomparedwithserverinCCL.HereRSUisused tomanagethevehicleinformatione.g.,IPaddress,publicorprivatekeyetcforshorttimeand updateserverafteronecompletetripviaV-2-Rcommunication. • Vehicle: Avehiclecanaccessallitsneighborvehiclesandbroadcastinitialinformationaboutitself usingV-2-Vcommunication. Auservehicleafterinteractingprovidetheirfeedbackaboutother vehicle.Whenanewvehiclejointhegroup,theuncertaintytowardsitisnormallyhigh,soitstrust valueisevaluatedafterobservingitsbehavioralsotakingadvisefromneighborvehicles. Atstart, thenewincomingvehiclealsoproveitscredibilityviaexchangeofdigitalcertificate,whichhelps othervehiclestoreduceuncertainopinionaboutit. Oncethetrustrelationshipestablishvehicles canuseoursecureroutingprotocoltoreduceextracommunicationoverhead. 4.2. Frameworkfor3VSR There are mainly three parts in the 3VSR framework i.e., standard AODV routing protocol, trustmodelandsecurerouting. Usingourtrustmodel,the3VSRcompletestheprocedureastrust recommendation,trustcombination,trustjudging,trustedroutingbehaviors,advancecryptographic routingbehaviorsandtrustupdating. FromFigure3,wecanseethattherelationshipandstructure betweentheseentities. Thegeneralprocedureforestablishingtrustrelationshipsamongnodesandfor performingroutingdiscoveryisdescribedasfollows. Cryptographic Technology Trust Trust Trust combination Trust judgement Trust updating Recommendation Authentication Three Valued Authenticated Routing 3VSR Standard AODV Routing Protocol Sensing logic based Trust Model Figure3.Frameworkfortheproposedscheme,thestandardAODVisappliedatsecondstagewith enablingsensinglogic-basedtrustmodel,whilecryptographictechnologyisconsideredtotakeeffect beforethisoperation. Letusconsiderthebeginningstagewhennewnodesinitiatescommunicationwiththenetwork buttheyareuncertainabouteachotheratbeginning. IndistributedVANETanodeisfreetomove and join different network, their recent partners will evaluate their trust levels. In most previous work,thenewcomersarenotawareoftheirforwardingbehaviorandthussetthetrustleveltonull. Thisraisesthealarmthatthenodewillpossiblybeexcludedfromfuturerouting. Thisapproachisnot feasiblewithahighlydynamicnetwork. Inourscheme,wedidnotconsideredtheextremevaluesfor newcomersi.e.,(honest,dishonest)tillthenetworkinitialization. However,theuncertainopinion towardnewjoiningnodeissetasu = (0,0,0,1),soatleastithasachancetoproveitscredibilityby verifyingdigitalcertificateandminimizeuncertainty. Sensors2018,18,856 10of24 Afterthisinitialactivity,havingsomesuccessfulorfailed,thecommunicationnode Acanchange itsopinionaboutnodeB’sbehaviorusingatrustupdatealgorithm. Afterestablishingbidirectional communicatingpathnodescanuseoursecureroutingprotocolforoperation. Astrustisasymmetric, mobilenodesusessecondhandobservationgivenbyitsneighbors,andfinallycombinesintoasingle trustvalue. NoticethatanodecanjointheexistingVANETthroughmanywaysandseveralsecurity algorithmscanbeusedtorunthisoperation. Inthisframeworktrustestablishmentandtheroute discoveryarealltreatedbynode’scooperationwithoutanythirdorcentralparty. 5. TrustModel We have used advanced sensing logic framework defined in preliminary section as our trust model. Followingarethemajordefinitionsinsensinglogic. Definition1. “Trustrepresentation” AnopinionmetricinsensinglogiccanberepresentedasT = [B,D,N,E],where(B,D,N,E) ∈ [0,1] andB+D+N+E =1alsoB,DshowingprobabilityofbeliefanddisbeliefandN,Ecorrespondposteriorand prioruncertaintyofsaidevent. AnopinionmetricT = [0.7,0.2,0,0.1]andT = [0.4,0.5,0,0.1],showshigh 1 2 andlowtrustvaluesrespectively. Definition2. “Mapping” Let’sTX = [B,D,N,E]bevehicleY’sopinionaboutvehicleX’strustworthinessinaVANET,andletr,s Y andodenotetheobservedpieceofevidencethatavehicleisreliable,fakeorneutral. UsingEquation(5),givenin preliminarysection,wecanmapevidencespacetoopinionspaces. Definition3. “TrustCombination” Inourtrustmodel,Avehiclewillmakearelativejudgmentabouttheneighborvehiclebymeansoffirstand secondhandobservation.Firsthandobservationcomesfromdirectorselfexperienceandsecondhandobservation comes as advise by other neighbors or friends. These two observation are combined through consensus and discountingoperations,andafinalopinioniscomputedtowardstargetvehicle. Consensuscombination: LetS ,S andS bethreevehicles. ThenTX = [BX,DX,NX,EX]and X Y Z Y Y Y Y Y TX = [BX,DX,NX,EX],showsopinionsofvehicleS andS abouttruthfulnessofvehicleS . Their Z Z Z Z Z Y Z X consensusopinionspaceisdefinedas EXBX+EXBX EXDX+EXDX BX = Z Y Y Z , DX = Z Y Y Z Y,Z EX+EX−EXEX Y,Z EX+EX−EXEX Y Z Y Z Y Z Y Z (9) EXNX+EXNX EXEX NX = Z Y Y Z , EX = Y Z Y,Z EX+EX−EXEX Y,Z EX+EX−EXEX Y Z Y Z Y Z Y Z Thetrustvalueusingsubjectiveopinionswithconsensuscombiningprovidemoreflexibletrust modeloftherealworld. ByreferringtoEquation(9),theconsensusoftrustopinionsgeneratedby vehiclessinj intimeintervaltaboutvehicles is i=1 j Tj,t⊕...⊕Tj,t⊕....⊕Tj,t = Tj,t 1 i nj 1,...,i,...,nj Discounting combination: Let S , S , and S be three vehicles. Then, we can present X Y Z algebraically as TY = [BY,DY,NY,EY] and TZ = [BZ,DZ,NZ,EZ] shows opinions of S about X X X X X Y Y Y Y Y X S trustworthinessandS abouttruthfulnessofvehicleS . Theirdiscountingopinionisdefinedas Y Y Z TZ = TY⊗TZ = [BZ ,DZ ,NZ ,EZ ],showsS opiniononvehicleS asadvisedbyvehicleS . X,Y X Y X,Y X,Y X,Y X,Y X Z Y BZ = BYBZ, DZ = BYDZ X,Y X Y X,Y X Y (10) NZ =1−BZ −DZ −EZ, EZ = EZ X,Y X,Y X,Y Y X,Y Y
Description: