Table Of ContentArticle
3VSR: Three Valued Secure Routing for Vehicular Ad
Hoc Networks using Sensing Logic in
Adversarial Environment
MuhammadSohail ID andLiangminWang*
SchoolofComputerScienceandCommunicationEngineering,JiangsuUniversity,Zhenjiang212013,China;
engrsohailaslam@gmail.com
* Correspondence:Wanglm@ujs.edu.cn;Tel.:+86-511-8898-6871
Received:30November2017;Accepted:17February2018;Published:14March2018
Abstract: Today IoT integrate thousands of inter networks and sensing devices e.g., vehicular
networks, which are considered to be challenging due to its high speed and network dynamics.
Thegoaloffuturevehicularnetworksistoimproveroadsafety,promotecommercialorinfotainment
products and to reduce the traffic accidents. All these applications are based on the information
exchangeamongnodes,sonotonlyreliabledatadeliverybutalsotheauthenticityandcredibility
of the data itself are prerequisite. To cope with the aforementioned problem, trust management
comeupaspromisingcandidatetoconductnode’stransactionandinteractionmanagement,which
requiresdistributedmobilenodescooperationforachievingdesigngoals. Inthispaper,wepropose
atrust-basedroutingprotocoli.e.,3VSR(ThreeValuedSecureRouting),whichextendsthewidely
usedAODV(AdhocOn-demandDistanceVector)routingprotocolandemploystheideaofSensing
Logic-basedtrustmodeltoenhancethesecuritysolutionofVANET(VehicularAd-HocNetwork).
Theexistingroutingprotocolaremostlybasedonkeyorsignature-basedschemes,whichoffcourse
increasescomputationoverhead. Inourproposed3VSR,trustamongentitiesisupdatedfrequently
by means of opinion derived from sensing logic due to vehicles random topologies. In 3VSR
the theoretical capabilities are based on Dirichlet distribution by considering prior and posterior
uncertaintyofthesaidevent. Alsobyusingtrustrecommendationmessageexchange,nodesareable
toreducecomputationandroutingoverhead. Thesimulatedresultsshowsthattheproposedscheme
issecureandpractical.
Keywords: trustmodel;sensinglogic,dirichletdistribution,AODV,VehicularAd-HocNetworks
1. Introduction
Recently,Vehicularadhocnetworks(VANets)areemergedaschallengingandadvancednetworks,
havinglotsofsensorsandonboarddevicesforV-2-V(vehicletovehicle),V-2-I(vehicletoinfrastructure)
andV-2-P(vehicletopedestrian)communication,inadditionwithhighspeedandrandomtopologies.
AsVANETisoneoftheimportantpartsinimplementingintelligenttransportationsystems(ITS)in
whichtrustmanagement[1–3]canplayavitalroletoimprovetrafficefficiency,humansafetyand
reduceenergyconsumption. Atthesametime,withtheincreasingpopularityofsensingtechnologies
andhandhelddevices,anewsensingparadigm,mobilecrowdsensing,attractsattentionfromboth
academiaandindustry[4]. Thisnewsensingparadigmleveragesthepowerofcrowdsforlargescale
sensingtasksandfuelstheevolutionoftheInternetofThings(IoT).Today,vehiclesonahighway
can be a great opportunity for resource sharing, infotainment and commercial advertisement in
anefficientmanner. ApossiblefuturescenarioofvehicularnetworkscanbeseeninFigure1,these
distributednetworkswillrelyoneachotherforresourcesharing,whichdemandsecurecommunication
to be disseminate. As VANET, due to its openness not only face security issues that described
Sensors2018,18,856;doi:10.3390/s18030856 www.mdpi.com/journal/sensors
Sensors2018,18,856 2of24
previously [5], but also come up with new challenges like high speed, large scale network that
makes VANET a truly challenging network [6]. As a result, number of research efforts have been
made to ensure the credibility of sensed data. [7]. Many authors tried to provide solutions using
cryptographicandcertificateexchangemethodsforsecuringadhocnetworks[8,9]. Similarly,mostof
theanonymousroutingprotocolslikeANODR[10],AASR[11],alsobasedoncryptographicandpublic
keyinfrastructuremechanismforestablishingsecureconnection, thusincreasesroutingoverhead.
Onepossiblesolutionistoestablishthetrustmanagementsystemforevaluatingthetrustworthiness
ofvolunteercontributionsinparticipatorysensingapplications[5].
(cid:47)(cid:374)(cid:410)(cid:286)(cid:396)(cid:374)(cid:286)(cid:410)(cid:3)
(cid:2)(cid:6)
(cid:4)(cid:6) (cid:24)(cid:35)(cid:28)(cid:29)(cid:42)(cid:57)(cid:27)(cid:33)(cid:25)(cid:48)
(cid:272)(cid:367)(cid:381)(cid:437)(cid:282) (cid:20)(cid:25)(cid:47)(cid:47)(cid:34)(cid:41)(cid:32)(cid:57)(cid:39)(cid:25)(cid:41)(cid:29)(cid:57)(cid:27)(cid:38)(cid:42)(cid:47)(cid:29)(cid:28)
(cid:57)
(cid:28)(cid:35)(cid:47)(cid:27)(cid:49)(cid:47)(cid:47)(cid:35)(cid:41)(cid:32)(cid:57)(cid:40)(cid:29)(cid:29)(cid:48)(cid:35)(cid:41)(cid:32)
(cid:25)(cid:32)(cid:29)(cid:41)(cid:28)(cid:25)
(cid:3)(cid:6)
(cid:3)(cid:17)(cid:57)(cid:25)(cid:40)(cid:57)(cid:35)(cid:41)(cid:57)(cid:52)(cid:42)(cid:49)(cid:44)(cid:57)(cid:26)(cid:38)(cid:34)(cid:41)(cid:28)(cid:57)(cid:47)(cid:43)(cid:42)(cid:48)(cid:2)(cid:4)(cid:13)
(cid:40)(cid:29)(cid:47)(cid:47)(cid:25)(cid:32)(cid:29)(cid:57)(cid:29)(cid:44)(cid:49)(cid:43)(cid:48)(cid:29)(cid:28)(cid:57)(cid:28)(cid:49)(cid:29)(cid:57)(cid:48)(cid:42)(cid:57)
(cid:28)(cid:29)(cid:29)(cid:43)(cid:57)(cid:30)(cid:25)(cid:28)(cid:29)
(cid:1)(cid:2)
(cid:24)(cid:29)(cid:33)(cid:34)(cid:27)(cid:38)(cid:29)(cid:57)(cid:27)(cid:42)(cid:42)(cid:43)(cid:29)(cid:46)(cid:25)(cid:48)(cid:34)(cid:42)(cid:41)
(cid:48)(cid:44)(cid:34)(cid:32)(cid:32)(cid:29)(cid:44)(cid:29)(cid:28)
(cid:1)(cid:2) (cid:5)(cid:6) (cid:9)(cid:57) (cid:15)(cid:44)(cid:49)(cid:34)(cid:47)(cid:34)(cid:41)(cid:32)(cid:57)(cid:28)(cid:34)(cid:44)(cid:29)(cid:27)(cid:48)(cid:34)(cid:42)(cid:41)
(cid:19)(cid:42)(cid:42)(cid:36)(cid:57)(cid:42)(cid:49)(cid:48)(cid:1)(cid:57)(cid:18)(cid:57)(cid:25)(cid:40)(cid:57)(cid:27)(cid:42)(cid:40)(cid:34)(cid:41)(cid:32)(cid:57)
(cid:14)(cid:28)(cid:50)(cid:29)(cid:57)(cid:44)(cid:48)(cid:34)(cid:47)(cid:29)(cid:40)(cid:29)(cid:41)(cid:48)(cid:12)
(cid:1)(cid:3)(cid:4)(cid:2)(cid:5) (cid:21)(cid:42)(cid:25)(cid:28)(cid:47)(cid:34)(cid:28)(cid:29)(cid:57)(cid:49)(cid:41)(cid:34)(cid:48)(cid:57)(cid:5)(cid:21)(cid:22)(cid:23)(cid:6)
(cid:47)(cid:29)(cid:45)(cid:50)(cid:35)(cid:27)(cid:29)(cid:57)(cid:27)(cid:29)(cid:41)(cid:48)(cid:29)(cid:46)(cid:57)(cid:25)(cid:33)(cid:29)(cid:25)(cid:28)(cid:57)(cid:1005)(cid:1004)(cid:1004)(cid:57)(cid:40)(cid:29)(cid:48)(cid:29)(cid:44) (cid:1)(cid:2)
(cid:1)(cid:2)
(cid:1)(cid:6)
(cid:16)(cid:29)(cid:48)(cid:29)(cid:27)(cid:48)(cid:34)(cid:42)(cid:41)(cid:57)(cid:42)(cid:30)(cid:57)(cid:50)(cid:29)(cid:33)(cid:34)(cid:27)(cid:38)(cid:29)(cid:57)(cid:27)(cid:44)(cid:25)(cid:47)(cid:33)(cid:10) (cid:15)(cid:42)(cid:40)(cid:40)(cid:49)(cid:41)(cid:35)(cid:27)(cid:25)(cid:48)(cid:34)(cid:42)(cid:41)(cid:57)(cid:38)(cid:34)(cid:41)(cid:37)
(cid:1)(cid:2)
(cid:8)(cid:57)
(cid:29)(cid:40)(cid:29)(cid:44)(cid:32)(cid:29)(cid:41)(cid:27)(cid:52)(cid:57)(cid:40)(cid:29)(cid:47)(cid:47)(cid:25)(cid:32)(cid:29)(cid:57) (cid:15)(cid:42)(cid:40)(cid:40)(cid:49)(cid:41)(cid:34)(cid:27)(cid:25)(cid:48)(cid:35)(cid:42)(cid:41)(cid:57)(cid:38)(cid:34)(cid:41)(cid:36)(cid:57)(cid:34)(cid:41)(cid:57)(cid:28)(cid:29)(cid:29)(cid:43)(cid:57)(cid:31)(cid:25)(cid:28)(cid:29)
(cid:26)(cid:44)(cid:42)(cid:25)(cid:28)(cid:27)(cid:25)(cid:47)(cid:48)(cid:57)(cid:48)(cid:42)(cid:57)(cid:50)(cid:29)(cid:33)(cid:35)(cid:27)(cid:38)(cid:29)(cid:47)(cid:57)(cid:34)(cid:41) (cid:55)(cid:56)(cid:57)
(cid:53)(cid:42)(cid:41)(cid:29)(cid:57)(cid:42)(cid:30)(cid:57)(cid:28)(cid:25)(cid:41)(cid:32)(cid:29)(cid:44)
(cid:54) (cid:24)(cid:29)(cid:33)(cid:35)(cid:27)(cid:38)(cid:29)
Figure1.Apossiblefuturescenarioinvehicularnetworks.
Further,trustmanagementsucceededtohandlemanysecurityissueswithlightweightsolutions.
Trust management enforcement in ad hoc networks enables system to derive collaboration, avoid
untrusted and malicious nodes and improve network performance [12]. Jin et al. in [13] give a
detail information about trust management in VANET and also highlight the challenges for its
deployment. Kannanandparasatin[14]feasiblydescribevarioustrustcomputingapproachesthatare
gearedtowardsVANET.However,manytrustmanagementsolutionsrarelyconsidereduncertaintyas
importantnotionintheseadhocnetworksandthatneedscarefultreatment. Tomanageuncertainty
between distributed nodes author in [15] proposed subjective logic for determining probabilistic
uncertainvaluesover[0,1]. Thissubjectivelogicsucceededtoreducecomputationoverheadwith
simplenetworktopology,whilecomesupasinformationlossbynetworkcanonizationincomplexand
randomnetworktopology[16]. Precisely,totacklewithabovesituationliuetal. in[17,18]proposed
Three Valued Subjective Logic to manage the uncertainty more significantly. Despite the existing
methods,vehicularnetworksstillneedacomprehensiveresearchandlightweightsolutions.
In this paper, we propose a secure extended routing protocol, which is called 3VSR, to credit
theuserbyestablishingatrustandreputationsystem. Inthissystem,agroupofvehiclesisableto
Sensors2018,18,856 3of24
authenticateeachotherandtodistinguishthewell-behavedandbadlybehavedvehiclesaccording
totheirtrustscores. Tomitigatethenegativeimpactsofthosemalicioususervehicle,wedesignan
vehicleauthenticationalgorithmforourproposedschemetoexcludetheirimpact. Thecontributions
ofthispapercanbesummarizedasfollows:
• First,wetakeadvantageoftheuniquefeaturesofVANET[19,20],e.g.,highdynamics,hybrid
architecture,andvehicle-to-infrastructure(V-2-I)andvehicle-to-vehicle(V-2-V)communications,
to propose our 3VSR scheme. Specifically, the high dynamics ensure the real-time update of
feedback. Thehybridarchitecture,i.e.,vehicles,roadsideunits(RSUs),server,andtrustauthority
(TA),enablesthestorageoffeedbackandthecomputationoftrustscores.
• AsecureroutingisproposedusingsensinglogicastrustmodeltoenhancesecurityofVANET,
asefficientmulti-hoptrustassessmenttechnique. Thistrustmodeliscapableofassessingtrust
betweenmultipath,arbitraryandbridgetopologies.
• Inour3VSR,nodesperformtrustedroutingbehaviormainlyaccordingtothetrustrelationship
between them, a node that will behave malicious eventually denied from the network. Also,
systemperformanceisimprovedbymeansof3VSRasanonymousrouting,thatavoidverifying
andrequestingcertificateexchangeateachstep. Thisalsohelpsinminimizingcomputationand
routingoverhead.
• In this article, we have proposed sensing logic-based trust model, that despite highlighting
posterioruncertaintyduringtrustpropagationalsocapableofcorrectlyassessarbitrarytopologies.
Therestofthepapersectionedasfollows: InSection2,wedefinetheproblembyformalizingthe
systemmodel,adversarymodelandgoals. InSection3,webrieflyhighlighttheAODVroutingand
Dirichletdistribution,whichhavebeenappliedintrustmodel. InSection4,wedefinetheframework
oftheproposedschemealsowithtrustassumptions. InSection5trustmodelbasedonSensinglogic
fundamentals are discussed in detail. In Section 6, trusted routing operation is revealed in detail.
ExperimentalsetupandresultsareexploredinSections7and8. Finally,relatedworkishighlightedin
Section9,withconclusionsinSection10.
2. ProblemStatement
Hereourproblemisdefinedbyinitiatingthesystemmodel,adversarymodel,anddesigngoal.
2.1. SystemModel
We make use of the advantage of the already existing architectural model for VANET [2] i.e.,
trustedauthority,Server,RSUsandvehiclesequippedwithOBUs(On-BoardUnit)andothersensing
devicesasshowninFigure2. DuetohighcostandcommercialaspectsofRSUhere,weconsiderthe
limitednumberofRSUs. Theycanbeinstalledinthemainstreetswheremanyvehiclescanpassand
get register to the server using V-2-I communication. Further, our proposed system model can be
implementedinfuturevehicularnetworkse.g.,vehicularplatoon.
CentralCloudLayerCCL:isagroupofservers,trustedauthority(TA)whichhavemassivestorage
capacity and computational abilities. Central cloud can provides roadside services via V-2-I and
V-2-R (vehicle to remote side unit) communication. CCL is responsible for registration of server,
RSUs,andvehiclesregardingbriefbehavioralhistoryandprofilealsowithdigitalcertificatethatis
distributedsoonafterenteringthecoveragearea.
RemoteCloudlayerRCL:isasetofremotesiteunitsRSUswhichgivesgeneralinformationand
localservicestovehiclesonroad. Themainthemeofourproposedsystemmodelistoenablevehicles
toauthenticateitsneighborwithoutthecentralsystemtoreduceextraoverhead. Afteracomplete
roundtripavehicle’sgroupleadercanupdatethecorrespondentinformationtotheserverviaRSU.
VehicleCloudLayerVCL:istreatedaslocalvehiclescloudontheroadwhichcanbebuiltasasetof
cooperatingvehiclesindifferentgroups. VehiclescansharetheirresourcesviaV-2-Vcommunication
usingonboardmodernsensorsandcomputers.Ifthetargetvehiclehastrustvalueabovetheminimum
Sensors2018,18,856 4of24
definedthresholdthennoneedtoverifyitscredibilityusingfirstandsecond-handrecommendation.
Iftargetvehiclehaslowertrustvaluei.e.,belowthethresholdthentherequestingvehiclecanaskfor
certificateverificationandalsotakefirstandsecond-handrecommendationsfromneighborvehicles.
Layer1:
Central cloud
layer
Mainframe Trusted Cloud Services /Trusted Storage Group
authority
RSU
Layer 2:
Road side
cloud
LLooccaall sseerrvveerr
VM Transfer
between R2R
RSU
Layer 2:
Road side
cloud
LLooccaall sseerrvveerr
Layer 3:
Vehicular Network
cloud
IEEE 802.11P
Wired connection
Figure2.ThreelevellayeredArchitecturalnetworkmodelforVehicularadhocnetworks.
2.2. AdversaryModel
Theconnectedvehicles,ontheroadaregenerallymoresusceptibletovariousadversaries,and
theycanbecompromisedatanytimeaftertheVANETisformed. Theadversarycanbeanoutsider
located in the wireless range of the vehicles, or the adversary can first compromise one or more
vehiclesandbehaveasaninsiderlater. Themaliciousentityisabletojam,eavesdrop,forge,modify
thecommunicationbetweenanyvehiclesintherange. Themaingoalsoftheadversarymayinclude
interceptingthenormaldatatransmission, modifyingorforgingdata, framingthebenigndevices
bydeliberatelysubmittingfakerecommendations,etc. Here,weproposedthatonlyinsiderattacks
maycausetochangenodesbehaviorandactmaliciously. Theinternalmalicioususerscanrandomly
droppackets,aswehavesimulatedthiseffectbyconsideringhalfofthenodemalicious. Let,when
Sensors2018,18,856 5of24
thereisimpersonationattackbythefakeroutingpackets,3VSRcancopewiththisscenariobyusing
authentication algorithm. In contrast standard AODV suffer more by means of packet loss and
minimizingthroughputduetolackofauthenticationinbetweenneighbornodes.
• SimpleAttack(SA)Anattackermaymanipulatethecompromisednodesnottofollownormal
network protocols and not to provide necessary services for other nodes, such as forwarding
datapacketsorpropagatingroutediscoveryrequests. However,thecompromisednodewillnot
provideanyfaketrustopinionswhenitisaskedaboutothernode’strustworthiness.
• BlackHoleAttack(BH)Inthiscasemaliciousnodedoesn’tforwarddatapacket,stillremains
activeasusingpathinitiatedbyothernodestosaveitsenergy. Intheseattackspacketscanbe
forged, alteredandtendtobehaveasgoodnodes. BlackHoleattacksareknownasthebasic
byzantineattacks.
• ZigzagAttack(ZA):Sometimesslyattackerscanaltertheirmaliciousbehaviorpatternssothatit
isevenharderforthetrustmanagementschemetodetectthem. Forinstance,theycanconduct
maliciousbehaviorsforsometimeandthenstopforawhile(inthatcasethemaliciousbehaviors
areconductedinanon-and-offmanner). Inaddition,theslyattackerscanalsoexhibitdifferent
behaviorstodifferentaudiences,whichcanleadtoinconsistenttrustopinionstothesamenode
amongdifferentaudiences. Duetotheinsufficientevidencetoaccusetheadversary,itisgenerally
moredifficulttoidentifysuchslyattackers.
2.3. DesignGoals
Followinggoalsaresomefeaturedtargetsfortheproposedscheme.
• Overhead: Toreducecomputationalandroutingoverheadbyusingsecureroutingprotocoland
havinglimitednumberofRSUs.
• Resilience: HowtotackleagainstadversaryattackModificationattacks,ForgeryattacksandBlack
HoleattacksduringV-2-Vauthentication.
• Efficiency: Thetrustmanagementschemeshouldbeefficientinprocessingandhavinglesstime
forconvergence.
• Scalability and consistency: The proposed scheme should work fine even with high density
ofvehicles.
3. Preliminaries
Tosupportmathematicaloperationsonstatespace,weareinterestedinknowingtheprobability
densityfunctionovermultinomialopinionspace. Incaseofbinaryopinionspaceitiswelldefinedby
BetadistributionbutformultinomialscenarioDirichletdistributionisasolution[21].
3.1. BetaDistribution
Beta distribution is a continuous probability distribution defined over [0, 1] parametrized by
twopositiveshapeparameters,αandβ[22]. Theseparametersappearasexponentsoftherandom
variable and control the shape of the distribution. The general expression for (PDF) of the beta
distribution,for0≤ x ≤1,havingα,β >0isapowerfunctionofthevariablexandofitsreflection
(1−x)asfollows:
f(P ,P | α,β) = Γ(α+β) ×Pα−1×Pβ−1 (1)
b d Γ +Γ b d
(α) (β)
TheprobabilitydensityoverbinomialeventspacesexpressedasbetaPDF’sanddenotedasBeta
(α,β). AlsotheprobabilityexpectationvalueofbetadistributionisgivenbyE(x) = α/(α+β). Ifr
and s denotes the past observations of positive and negative behavior and a is a constant formed
Sensors2018,18,856 6of24
fromanexistingimpressionwithoutsolidevidences,e.g.,prejudice,preferenceandgeneralopinion
obtainedfromhearsay.,thenwecomputeα,βas
α =r+2a, β = s+2(1−a)
Bijective mapping between opinion space and beta PDF parameters can be obtained using
followingequations.
r 2b
bx = (r+sn+2) ⇒r = 2udxx
d = ⇒ s = x (2)
uxx = ((rr++s2s++22)) ⇒ ux (cid:54)=u0x
3.2. DirichletDistribution
ADirichletdistributionprovidesasolidmathematicalfoundationformeasuringtheignorance
of recommendation based on initial belief of an unknown event according to prior distribution.
ComparedwithBetadistribution,whichismoreappropriateinabinarysatisfactionlevel. Dirichlet
distribution is more appropriate for multivalued satisfaction levels. In our case, the evaluation
trustworthiness of user vehicles is described by continuous trust values. Therefore, we will use
Dirichletdistributiontoestimateopinionspaceofuservehiclerecommendedinthefutureandthen
buildourtrustmodelaccordingly.
TheDirichletdistributionisacontinuoussequenceofobservationhavingkpossibleoutcomeswith
kpositiverealparametersα(x ),i =1,...,k,intheformofcompactvectornotation(cid:126)p = p(x |1≤i ≤ k)
i i
denotesthek-componentrandomprobabilityvariableandavector(cid:126)α = (α |1≤i ≤ k)denotesrandom
i
observationvariableofkcomponentssuchthat[α(x )]k. ThegeneralformofDirichletdistributionisas
i i
(cid:16) (cid:17)
f((cid:126)p |(cid:126)α) = Γ ∑ik=1α(xi) ∏k p(x )α(xi)−1 (3)
∏k Γα(x ) i
i=1 i i=1
In sensing logic as evidences in opinion space have three condition (trust distrust, neutral),
somodifyingthreevaluedevidencespacetoDirichletdistributionas
f(P ,P ,P ,P | α,β,γ ,γ ) = Γ(α+β+γn+γe) ×Pα−1×Pβ−1×Pγ−1×Pγ−1 (4)
b d n e n e Γ +Γ +Γ +Γ b d n e
(α) (β) (γn) (γe)
where (α,β,γ ,γ ) is the controlling vector and P(b,d,n,e) shows probability of belief, disbelief,
n e
posterior and prior uncertainty respectively. Let r,s and o denotes observed number of evidences
thatanodeistrustworthy,untrustworthyorneutral. AccordingtoDirichletdistribution,wehave
(α =r+1,β = s+1,γ = o+1)
Let us assume that the neighboring node had one prior evidence of each event (b,d,n).
This assumption works satisfactorily because Dirichlet distribution can still works even when no
eventisobservedi.e., (α = 1,β = 1,γ = 1)andprobabilityofeacheventwillbe1/3. Thesethree
eventsareprioruncertainties,thefourcomponentsinsensinglogicopinionvectorcanbeexpressas
followingafterhavingDirichletdistributionevidencespaces
r s
bA = , dA =
X r+s+o+3 X r+s+o+3
(5)
o 3
nA = , eA =
X r+s+o+3 X r+s+o+3
Sensors2018,18,856 7of24
Herepriorevidencesissetto3,itsratiotothenumberofobservedeventiseA. itisworthnoting
X
thatuncertainty u definedinsubjectlogicsisactuallythepriorevidenceinsensinglogic. Sincein
sensinglogicexpectedprobabilityofeacheventusingaboveequation.
α r+1 1
E(P ) = = = bA+ eA
b α+β+γ r+s+o+3 X 3 X
β s+1 1
E(P ) = = = dA+ eA
d α+β+γ r+s+o+3 X 3 X
(6)
γ o+1 1
E(P ) = = = nA+ eA
n α+β+γ r+s+o+3 X 3 X
3
E(P) = = eA
e r+s+o+3 X
where the actual probability of each event is determined by baye’s rule using prior and
posteriorevidences.
3.3. SubjectiveLogic
To better understand sensing logic, we first briefly introduce the subjective logic. Subjective
logicusesopinion-basedprobabilisticlogicasinput,outputvariablesfirstproposedbyA.Josang[16].
Theseopinionexpressesuncertaintiesinprobabilityvaluesandidentifythedegreeofignoranceina
particularsubjectsuchastrust. LetωA showsnodeA’sopinionaboutvehiclextrustworthinessina
x
specificcontext.
EvidencespaceinSLrepresentedasω = (b,d,u,a)whereb,d,uandashowbelieve,disbeliefand
uncertaintyovertherangeb,d,u ∈ [0,1]andb+d+u =1.Thebaserateaisaconstantformedfroman
existingimpressionwithoutsolidevidences,e.g.,prejudice,preferenceandgeneralopinionobtained
fromhearsay. Forexample,ifAalwaysdistrusts/truststhepersonsfromacertaingroupwhereX
belongsto,thenaX willbesmaller/greaterthan0.5. BasedontheBetadistribution,thediscounting
A
andcombiningoperationinsubjectivelogicisasfollows.
Discountingoperation: LetA,BandCarethreevehiclesand ωA = bA+dA+uA showsA’s
B B B B
opinionaboutBtrustworthinessandωB = bB+dB+uB showsB’sopinionaboutCtrustworthiness.
C C C C
BasedonBetadistribution,ωA,B = bA,B+dA,B+uA,B showsAopinionaboutCusingB’sadvicetoA.
C C C C
bCA,B = bBAbCB
dA,B = bAdB (7)
C B C
uA,B = dA+uA+bAuB
C B B B C
Consensus operation: Let, we have three vehicles A, B and C ωA = bA +dA +uA and
C C C C
ωB = bB+dB+uB betheopinionsthatvehiclesAandBhaveaboutvehicleC’strustworthinesssuch
C C C C
thatbyequations.
bAuB+bBuA dAuB+dBuA uAuB
bA,B = B C C C , dA,B = C C C C , uA,B = C C (8)
C uA+uB−uAUB C uA+uB−uAUB C uA+uB−uAuB
C C C C C C C C C C C C
Finally,theexpectedbeliefofanopinionwA iscomputedbyE(ωA) = bA+aAuA
B B B X B
3.4. SensingLogicFundamental
Opinionspaceinsensinglogiciscombinedwiththesemultiplevalues.
(cid:16) (cid:17)
ωA = bA,dA,nA,eA | aA
B B B B B B
bA+dA+nA+eA | aA =1
B B B B B
Sensors2018,18,856 8of24
wherebA,dA,nA,eA | aA representsbelief,disbelief,posterioruncertaintyduringtrustpropagation
B B B B B
andprioruncertainvalues. Where aA showsbaserate, whichisminimalprobabilityvaluebefore
B
theoperationbetweenAandB.IthasthesamedefinitioninbothSLandsensinglogic,sowewill
ignorethisnotionunlessitisnecessary. ThecertaintyofanopinioncomesfrombA,dA,wherenA,eA
B B B B
gives posterior and prior uncertainty values. For example if A has no interaction with B, then its
opinionabouttrustworthinessofvehicleBisωA = (0,0,0,1). Lateron,aftersomeinteractionwiththe
B
neighborvehicleBitsopinionspacecanchangelikeωA = (0.4,0.3,0.2,0.1)dependingonsuccessful
B
andfailedcommunication.
Further,unlikesubjectivelogic,wedefineinterpersonaltrustasatrinaryevent(belief,distrust,
neutral) instead of a binary event (belief, distrust), hence extend Beta distribution to Dirichlet
distribution. Neutralstateexpressestheposterioriuncertaintygeneratedbytrustpropagation,which
is ignored in subjective logic. The introduction of neural state makes the operations in sensing
logicdifferentfromsubjectivelogic. Leveragingonthisnewdefinition,operations(discountingand
combining)ontrustareredesignedinsensinglogic
3.5. AdHocRoutingProtocols
Inadhocnetworks,wehavemainlyproactiveandreactiveroutingprotocols. Proactiverouting
requireshighbandwidthspaceas,itmaintainspathsbetweensourceanddestinationeveniftheyare
notinteracting. InAODVreactiveroutingpathsaremadeondemand,sohighlypopularwithadhoc
networks[23]. Trustmodelbasedondemandreactiveroutingissuitableforthedistributedandpure
adhocnetwork[24].
Ad-HoconDemandDistanceVectorRouting(AODV)
AODVisthemostefficientreactiveroutingprotocolfortheadhocnetworksaspathsaremade
onflythatiswhycalledadhocondemanddistancevector. On-demandisakeyfeatureinAODV
routingwhichmeansthatpathsaremadeonflyandmaintainedtilltheyrequireeachotherservices.
InAODVeachrouterequestpacketcontainsbroadcastid,sourcesequencenumber,destinationIp
address, hop counts and control flags. The sequence number identify the freshness of the routing
packetandhopcountcontainsthedistancebetweenthesourcenodeandthecurrentnode.
WhensourcenodeSbroadcastRREQpacketinsearchofdestinationnode,eachrecipientofthe
RREQpacketlooksupinitsroutingtable. Ifreceivingnodedoesn’tcontainanyinformationabout
thedestination. ItwillcreateabackwardpathtowardsRREQpacketinitiatorandrebroadcastthe
routingrequest. IntermediatenodereceivingthisRREQandwillgenerateaRREPmessageeitherifit
hasfreshrouterequestinformationtosatisfyoritselfadestination. Afterthat,thisintermediatenode
willgenerateRREPpacketandwillforwardittothenexthoptowardsRREQinitiatorintermediary
node,asindicatedbysourcenoderoutingtableentry. whenanodereceivesRREPpacket,itupdate
some fields in the routing table of RREP packet, and then forward it to the next hop and towards
theoriginator(sourcenode). Afterthatabidirectionalpathissetupandmaintainedaslongasthey
requiredeachotherservices[25].
Routemaintenanceisperformedbyeithersendinghellomessageswhichacknowledgedabout
thepositiveconnectivityaboutthenodesandsendercanlistenthesehellomessages. Anotherway
istomaintainlocalconnectivitybysomelinkornetworklayerintrusiondetectionmechanism[26].
Routemaintenancecanalsobeachievedusingpacketacknowledgeinwhichnodesareinpromiscuous
modeandcanoverhearthepackettransmissionandeasilydetectmaliciousattacks[27].
4. OverviewofTrustedAODV
4.1. TrustedAssumptions
Here,wemadesomeassumptionsforspecificrolesofentities,furtherwearguethatwearemainly
focusesonsecuritysolutiontotheroutingbehaviorofnetworklayer.
Sensors2018,18,856 9of24
• Server: Theserverincentralcloudlayeriscapableofhavinghighstoragecapacityregardingbrief
historyandprofilealsowithvehicleIdanddigitalcertificatethatisdistributedsoonafterentering
thecoverageareaviaRSU.Further, itisproposedthatcentralserverisunderstrongphysical
protectionandnotaffectedbyadversaries.
• RemoteSiteUnitRSU:Here,weproposedthatRSUsactaslocaltrustmanagerforvehicleson
road,buthavelimitedstoragecapabilitiesascomparedwithserverinCCL.HereRSUisused
tomanagethevehicleinformatione.g.,IPaddress,publicorprivatekeyetcforshorttimeand
updateserverafteronecompletetripviaV-2-Rcommunication.
• Vehicle: Avehiclecanaccessallitsneighborvehiclesandbroadcastinitialinformationaboutitself
usingV-2-Vcommunication. Auservehicleafterinteractingprovidetheirfeedbackaboutother
vehicle.Whenanewvehiclejointhegroup,theuncertaintytowardsitisnormallyhigh,soitstrust
valueisevaluatedafterobservingitsbehavioralsotakingadvisefromneighborvehicles. Atstart,
thenewincomingvehiclealsoproveitscredibilityviaexchangeofdigitalcertificate,whichhelps
othervehiclestoreduceuncertainopinionaboutit. Oncethetrustrelationshipestablishvehicles
canuseoursecureroutingprotocoltoreduceextracommunicationoverhead.
4.2. Frameworkfor3VSR
There are mainly three parts in the 3VSR framework i.e., standard AODV routing protocol,
trustmodelandsecurerouting. Usingourtrustmodel,the3VSRcompletestheprocedureastrust
recommendation,trustcombination,trustjudging,trustedroutingbehaviors,advancecryptographic
routingbehaviorsandtrustupdating. FromFigure3,wecanseethattherelationshipandstructure
betweentheseentities. Thegeneralprocedureforestablishingtrustrelationshipsamongnodesandfor
performingroutingdiscoveryisdescribedasfollows.
Cryptographic Technology
Trust Trust
Trust combination Trust judgement Trust updating
Recommendation Authentication
Three Valued Authenticated Routing 3VSR
Standard AODV Routing Protocol Sensing logic based Trust Model
Figure3.Frameworkfortheproposedscheme,thestandardAODVisappliedatsecondstagewith
enablingsensinglogic-basedtrustmodel,whilecryptographictechnologyisconsideredtotakeeffect
beforethisoperation.
Letusconsiderthebeginningstagewhennewnodesinitiatescommunicationwiththenetwork
buttheyareuncertainabouteachotheratbeginning. IndistributedVANETanodeisfreetomove
and join different network, their recent partners will evaluate their trust levels. In most previous
work,thenewcomersarenotawareoftheirforwardingbehaviorandthussetthetrustleveltonull.
Thisraisesthealarmthatthenodewillpossiblybeexcludedfromfuturerouting. Thisapproachisnot
feasiblewithahighlydynamicnetwork. Inourscheme,wedidnotconsideredtheextremevaluesfor
newcomersi.e.,(honest,dishonest)tillthenetworkinitialization. However,theuncertainopinion
towardnewjoiningnodeissetasu = (0,0,0,1),soatleastithasachancetoproveitscredibilityby
verifyingdigitalcertificateandminimizeuncertainty.
Sensors2018,18,856 10of24
Afterthisinitialactivity,havingsomesuccessfulorfailed,thecommunicationnode Acanchange
itsopinionaboutnodeB’sbehaviorusingatrustupdatealgorithm. Afterestablishingbidirectional
communicatingpathnodescanuseoursecureroutingprotocolforoperation. Astrustisasymmetric,
mobilenodesusessecondhandobservationgivenbyitsneighbors,andfinallycombinesintoasingle
trustvalue. NoticethatanodecanjointheexistingVANETthroughmanywaysandseveralsecurity
algorithmscanbeusedtorunthisoperation. Inthisframeworktrustestablishmentandtheroute
discoveryarealltreatedbynode’scooperationwithoutanythirdorcentralparty.
5. TrustModel
We have used advanced sensing logic framework defined in preliminary section as our trust
model. Followingarethemajordefinitionsinsensinglogic.
Definition1. “Trustrepresentation”
AnopinionmetricinsensinglogiccanberepresentedasT = [B,D,N,E],where(B,D,N,E) ∈ [0,1]
andB+D+N+E =1alsoB,DshowingprobabilityofbeliefanddisbeliefandN,Ecorrespondposteriorand
prioruncertaintyofsaidevent. AnopinionmetricT = [0.7,0.2,0,0.1]andT = [0.4,0.5,0,0.1],showshigh
1 2
andlowtrustvaluesrespectively.
Definition2. “Mapping”
Let’sTX = [B,D,N,E]bevehicleY’sopinionaboutvehicleX’strustworthinessinaVANET,andletr,s
Y
andodenotetheobservedpieceofevidencethatavehicleisreliable,fakeorneutral. UsingEquation(5),givenin
preliminarysection,wecanmapevidencespacetoopinionspaces.
Definition3. “TrustCombination”
Inourtrustmodel,Avehiclewillmakearelativejudgmentabouttheneighborvehiclebymeansoffirstand
secondhandobservation.Firsthandobservationcomesfromdirectorselfexperienceandsecondhandobservation
comes as advise by other neighbors or friends. These two observation are combined through consensus and
discountingoperations,andafinalopinioniscomputedtowardstargetvehicle.
Consensuscombination: LetS ,S andS bethreevehicles. ThenTX = [BX,DX,NX,EX]and
X Y Z Y Y Y Y Y
TX = [BX,DX,NX,EX],showsopinionsofvehicleS andS abouttruthfulnessofvehicleS . Their
Z Z Z Z Z Y Z X
consensusopinionspaceisdefinedas
EXBX+EXBX EXDX+EXDX
BX = Z Y Y Z , DX = Z Y Y Z
Y,Z EX+EX−EXEX Y,Z EX+EX−EXEX
Y Z Y Z Y Z Y Z (9)
EXNX+EXNX EXEX
NX = Z Y Y Z , EX = Y Z
Y,Z EX+EX−EXEX Y,Z EX+EX−EXEX
Y Z Y Z Y Z Y Z
Thetrustvalueusingsubjectiveopinionswithconsensuscombiningprovidemoreflexibletrust
modeloftherealworld. ByreferringtoEquation(9),theconsensusoftrustopinionsgeneratedby
vehiclessinj intimeintervaltaboutvehicles is
i=1 j
Tj,t⊕...⊕Tj,t⊕....⊕Tj,t = Tj,t
1 i nj 1,...,i,...,nj
Discounting combination: Let S , S , and S be three vehicles. Then, we can present
X Y Z
algebraically as TY = [BY,DY,NY,EY] and TZ = [BZ,DZ,NZ,EZ] shows opinions of S about
X X X X X Y Y Y Y Y X
S trustworthinessandS abouttruthfulnessofvehicleS . Theirdiscountingopinionisdefinedas
Y Y Z
TZ = TY⊗TZ = [BZ ,DZ ,NZ ,EZ ],showsS opiniononvehicleS asadvisedbyvehicleS .
X,Y X Y X,Y X,Y X,Y X,Y X Z Y
BZ = BYBZ, DZ = BYDZ
X,Y X Y X,Y X Y
(10)
NZ =1−BZ −DZ −EZ, EZ = EZ
X,Y X,Y X,Y Y X,Y Y
Description:used AODV (Ad hoc On-demand Distance Vector) routing protocol and employs the idea of However, many trust management solutions rarely considered uncertainty as Central cloud can provides roadside services via V-2-I and.
