Trust Management Scheme Based on D-S Evidence Theory for Wireless Sensor Networks

Trust management scheme has been regarded as a powerful tool to defend against the wide set of security attacks and identify malicious nodes. In this paper, we propose a trust management scheme based on revised Dempster-Shafer (D-S) evidence theory. D-S theory is preponderant in tackling both random and subjective uncertainty in the trust mechanism. A trust propagation mechanism including conditional trust transitivity and dynamic recommendation aggregation is developed for obtaining the recommended trust values from third part nodes. We adopt a flexible synthesis method that uses recommended trust only when no direct trust exists to keep a good trust-energy consumption balance. We also consider on-off attack and bad mouthing attack in our simulation. The simulation results and analysis show that the proposed method has excellent ability to deal with typical network attacks, better security, and longer network lifetime.


Introduction
Wireless sensor networks (WSNs) consist of plentiful tiny, sensing capabilities, and resource-constrained sensor nodes, and are often deployed in unattended and hostile environments to perform various monitoring tasks [1,2]. However, due to the wireless and unattended deployment nature of WSNs, there is a risk of unique threats [3]. Hence, security plays a vital role in guaranteeing the normal running of the whole network. Although security requirements of WSNs are quite similar with those of conventional networks, the security strategies based on the traditional authentication and encryption mechanisms are unsuitable to apply to WSNs because of the nodes' resource constraints [4]. Therefore, the trust management scheme has attracted more and more research attentions as a complementary security mechanism [5]. The basic idea of the trust management scheme is to calculate trust values that are used to describe the trustworthiness, reliability, or competence of individual nodes, based on some monitoring schemes [6]. Then the trust information can be applied to higher layer decisions such as routing [7,8], data aggregation [9], and cluster head election [10,11]. To the best of our knowledge, a number of trust management schemes have been proposed for WSNs [12][13][14][15][16][17][18][19][20][21][22], but most of them failed to establish a reasonable trust management scheme to express the subjectivity, uncertainty, and transitivity of trust characteristics in WSNs.
To resolve the problems, this paper puts forward a trust management scheme (TMS) based on revised D-S evidence theory in WSNs and achieves main contributions as follows.
(1) A trust propagation mechanism including conditional trust transitivity and dynamic recommendation aggregation using the revised D-S evidence theory is proposed, which maintains the subjectivity, uncertainty, and transitivity of trust characteristics. (2) An adaptive time factor is adopted to dynamically weight history experience against current information, which enhances the accuracy of trust calculation.
(3) To keep a good trust-energy consumption balance, a synthesis method that uses recommended trust only when no direct trust exists is proposed. (4) We address the issue of TMS performance in terms of ability to defeat some attacks (on-off attack, bad mouthing attack), detection of malicious nodes, and energy consumption, comparing with NBBTE [15] and BRSN [16]. Simulation results demonstrate that TMS has excellent ability to deal with typical network attacks, better security, and longer network lifetime. The model proposed in this work extends our prior work [15] which integrated the approach of nodes behavioral strategies and modified evidence theory. In this paper, we improve the previous model with mechanisms for the propagation of nodes' recommendation and the synthesis of nodes' trust value. Moreover, we refine the algorithm of direct trust value, evaluate our scheme's ability to defeat on-off attack and bad-mouthing attack, and study the security and energy consumption of the model. The rest of this paper is organized as follows. Section 2 presents related work on trust establishment for WSNs. Section 3 describes the D-S evidence theory and the process of TMS, including computation of nodes' trust value. In Section 4, comparing with NBBTE and BRSN, the superiority of TMS is shown by simulations. Finally, the conclusions are presented in Section 5.

Related Works
The research on establishing trusts can be classified into two categories, reputation-based [16][17][18][19] and trust establishment [20][21][22]. In the former category, trust is evaluated by direct observation and second-hand information distributed among a network. In the latter category, trust in neighbors is evaluated by direct observation and trust relations between two nodes.
Reputation-based framework for sensor networks (RFSN) [16] used watchdog mechanism to build trust rating. Within the framework of RFSN, a beta reputation system for sensor networks (BRSN) that used a Bayesian formulation was employed. Since then, many researches have been done based on the BRSN model such as MA&TP-BRSN, and RFM-WSN [17]. However, in RFSN, the stipulation that no node is allowed to disseminate bad reputation information makes it unable to cope with uncertain situations. Aivaloglou and Gritzalis [18] proposed a hybrid trust and reputation management protocol by exploiting the predeployment knowledge on the network topology and the information flows. But it is not easy to get the predeployment knowledge. In [19], the authors proposed a behavior reputation method which defined the similarity and the similarity matrix by using normal differences of the status estimate vectors. However, the initialization stage of the model is based on the authentication key which is prone to attacks.
Zarei et al. [20] presented a novel congestion control scheme based on fuzzy logic systems. The proposed scheme enabled the nodes to investigate the behavior of their neighbors and isolated them upon malfunctioning, decreasing congestion problem, and buffering capacity shortage. However, the use of fuzzy logic makes it easy to lose some information and may lead to an inaccurate result. In [21], the authors proposed a new lightweight group-based trust management scheme. In this model, each sensor node (SN) performed peer evaluation based on direct observations or recommendations, and each cluster head (CH) evaluated other CHs as well as SNs under its own cluster. However, trust in their case is assessed only based on past interaction experiences in message delivery. Lopez et al. [22] listed the best practices that were essential for developing a good trust management system and made an analysis of the state of the art related to these practices. The reference makes an excellent summary, proposes many profound viewpoints, and shows an additional insight on the trust evaluation field.

TMS Algorithm
Refer to [4], we define trust as the confidence that node (denoted as ) has on node (denoted as ) about how will perform as expected. A complete trustworthiness consists of subject entity's observation and recommendation from third party. The TMS algorithm firstly establishes various trust factors based on our previous work [15]. Next, direct trust is calculated on the base of trust factors. Then, the recommendations of several neighbor nodes are acquired in accordance with the revised D-S rule and the trust difference between pieces of evidence. Finally, the overall trust value is computed through a flexible synthesis method that guarantees a good trust-energy consumption balance. Figure 1 shows the structure of TMS algorithm.

D-S Evidence Theory.
Due to the subjectivity of trust evaluation, it is unsuitable to simply establish the recommended trust value by weighted average. D-S evidence theory can briefly express the important conceptions, such as "uncertainty, " and make right judgments by efficiently integrating many-sided uncertain information. Hence, in our proposed algorithm, we calculate trust value and the average weight of recommendations based on the D-S rule. The basic definitions of D-S theory are defined as follows [23].

Definition 1.
Let Ω be the identification frame, denoting a set of mutually exclusive and exhaustive hypotheses about problem domains. Correspondingly, 2 Ω is the power set of Ω.

Definition 2.
Mass stands for a belief mapping from 2 Ω to the interval between 0 and 1, represented as . : 2 Ω → [0, 1] is called the BPA (Basic Probability Assignment) and is defined as below: Definition 3. The belief of a hypothesis is the sum of the beliefs for those hypotheses that are its subsets. Its definition is given as where is named focal element and ( ) > 0 is the basic confidence level of , representing how much the evidence supports to happen.

Trust Factors.
To defeat various attacks, we had better take all kinds of factors that depend on the interactions between neighbor nodes into consideration. However, there is an obvious trade-off between the number of factors and the Opinion from third party · · · · · · Figure 1: The structure of TMS algorithm. energy consumption. We select four trust factors from our previous work [15]. Suppose evaluates the trust degree on ; the trust factors are Received Packets Rate , ( ), Successfully Sending Packets Rate , ( ), Packets Forwarding Rate , ( ), and Node Availability , ( ).

Direct Trust Evaluation
Approach. Subject monitors the behaviors of object in one cycle and acquires the current trust value , ( ) based on the following expression: The functions 1 and 2 are chosen in advance according to the specific assignments of network.
Furthermore, the direct trust value is recalculated in accordance with history records. The update of direct trust value is calculated as follows: where , is the direct trust value of subject on object in current cycle; , is the direct trust value of latest cycle; parameter is the adaptive time factor used to weight history experience against current information. To keep preferably dynamic, it is satisfied as follows: where 0 < < < 1. The parameter , ({ }) and , ({ }) represent the trust components of , and , , respectively. nodes' distribution and transmission radius. In order to avoid trust recycle recursion and decrease network communication payload, the recommendation values are confined to direct trust value of the common neighbors owned by both and . As shown in Figure 2, can only get the trust recommendation of from 1 , 2 , 3 . . . , .

Recommended Trust Evaluation
Assume that 1 , is the recommended trust value of on through recommendation path 1 = { 1}. The vector forms of 1 , , , 1 , 1 , are as follows: Using the symbol ⊗ to denote this operation, we can get To vividly show the process of trust transitivity, we resort to Figure 3. It is obvious to see that as long as one of , 1 and 1 , is distrust, 1 , is distrust. Extending the above transitivity to multihop, we can get recommended trust through complex recommendation paths with many middle nodes as follows: where the symbol • indicates anonymous nodes in recommendation paths.

Dynamic Aggregation of Recommended
Then, would aggregate these pieces of evidence to get a consensus on . Due to the existence of malicious nodes that may offer false recommendations, we introduce the revised D-S combination rule which adopts a consistent intensity to adjust weights of recommended trust values. The integration process is described in detail as follows.
Firstly, we compute the corresponding average weight denoted as . The consistent intensity between , and V , is defined as where , and ⃗ , . The difference between two recommended trust pieces of evidence increases with the reduction of consistent intensity. The lower the consistent intensity is, the more probably false trust recommendation may occur.
Furthermore, the matrix of consistent intensity which is composed of all the recommended trust values is defined as ] .
Through summation in row and normalization, the totally consistent intensity of recommended trust , , which is equal to the average weight , is computed by Then, the basic reliability function of every recommended trust evidence is amended by as follows:

Synthesis of Overall Trust Value.
The recommendation trust is useful to get a more accurate trust value, but calculating it will consume more energy. Thus there is a need for a good trust-energy consumption balance in the trust management system. To solve this problem, we calculate the overall trust by a flexible synthesis method which works as follows: only when does not have direct evidence on , the recommendation trust is taken into account. Hence, the overall trust value , is Then subject regards as "Trust, " and adds into its trustworthiness list. In like manner, can be marked "Uncertain" or "Distrust. "

Simulation Results
In this section, we use Matlab platform to show TMS has better performance than NBBTE and BRSN in terms of ability to defeat some attacks (on-off attack, bad mouthing attack), detection of malicious nodes, and energy consumption.

On-Off Attack.
Trust is a dynamic event. A good entity may be captured by attackers and turns into compromise node. On the other side, an incompetent entity can redeem the way that its neighbors regard it and become competent due to environmental changes. Because of the nodes' resource limitation, some trust schemes adopted trust compensation mechanism. However, a smart attacker can capitalize on this feature of the trust schemes and create on-off attacks in which malicious entities behave well and badly alternatively [6]. To address this issue, we adopt the adaptive time factor which is introduced in Section 3.2. depends on specific situations. Here, we can choose = 0.3, = 0.8. In order to prevent the malicious node registering as a new user, the pessimistic initialization strategy of trust value is accepted. Suppose that malicious nodes cooperate well with neighbor nodes to get good trust records at the beginning of the simulation but behave badly after 40 rounds. The simulation results are shown in Figures 4 and 5.
From Figure 4 we can see that ({ }) increases slowly and ({− }) decreases slowly in the trust compensation stage (0-40 rounds). Once the malicious nodes behave badly, ({ }) falls off sharply while ({− }) races up. In other words, the time for trust accumulation is much longer than that for trust collapse. It is because = 0.8 which means that history information affects the trust value heavily in the trust compensation stage and = 0.3 which means current information bulks large when attacks happen. Figure 5 compares the trust value calculated by different methods under on-off attack. The trust value calculated by BFSN increases the fastest in the trust compensation stage and the trust value calculated by NBBTE has the slowest decline in the attacking stage. Both BFSN and NBBTE fail to resist on-off attack. On the contrary, TMS defends against onoff attack effectively as the trust value calculated by TMS has the slowest increase in the trust compensation stage and falls off sharply once the malicious nodes behave badly. dishonest recommendations which aim at framing good parties or boosting trust values of malicious peers [6]. This attack, referred to as the bad mouthing attack, is the most straightforward attack. Because of our flexible synthesis method, bad mouthing attack happens only when has no direct evidence on . To defeat this attack, we introduce the revised D-S rule that includes the average weight to combine recommendation pieces of evidence.
Suppose receives twenty recommendation pieces of evidence of credible and 4 , 5 , 9 , 11 , 14 , 18 are false recommendation information. Refer to Table 1 for detailed information.
To further explain TMS's ability to defeat against bad mouthing attack, we compare it with NBBTE and BFSN under two conditions: framing good parties and boosting trust values of malicious peers. The results are shown in Figures 6 and 7.
When a malicious node launches the bad mouthing attack which aims at framing good parties, BFSN performs excellent as it only propagates good reputation information about other nodes. However, it cannot prevent malicious nodes from boosting trust values of malicious peer, as shown in Figure 7. No matter which condition it is, TMS performs better than NBBTE. Considering that BFSN is incapable of dealing with  the second condition, we can come to the conclusion that TMS defends against bad mouthing attack most effectively.  detected malicious nodes under different trust mechanisms are shown in Figure 8.

Analysis of Network
It is obvious to see that TMS does better at detecting malicious nodes than BRSN. This results from two aspects. First, by using D-S theory, TMS takes subject uncertainty into consideration and avoids considering prior distribution, and consequently the accuracy of trust evaluation is improved. Second, we adopt the corresponding average weight of recommended trust, which increases the robustness of trust mechanism. The proportions of detected malicious nodes of TMS are little lower than that of NBBTE, because TMS uses recommended trust conditionally while BRSN considers both direct and recommended trust.

Analysis of Energy Consumption.
To evaluate the performance of the flexible synthesis method proposed in Section 3.5, we make experiments on the energy consumption under different circumstances. The radio energy model proposed in [24] is used for our simulation. The simulation parameters are listed in Table 2 and the simulation results are shown in Table 3 and Figure 9.
Circumstance 1 is a special situation, where has no neighbor. Compare circumstance 2 and circumstance 3, we can see that the more neighbors has, the longer it will survive. It is because computing direct trust just needs one interaction while computing recommended trust needs two. Circumstance 3 and circumstance 4 tell us that the decreasing of average recommended pieces of evidence can increase 's lifetime. The reason is that decreasing one piece of average recommended evidence can reduce 2 × (100 − ) interactions. In a word, the simulation results demonstrate that the flexible synthesis method saves energy greatly, especially when the number of average recommended pieces of evidence is small.   To further show how long can survive by the flexible synthesis method of TMS comparing with NBBTE and BRSN, we count rounds that can survive under different number of average recommended pieces of evidence. In this experiment, we set the number of 's neighbor nodes 30 and the number   of average recommended pieces of evidence 10, 20, and 30, respectively. The results are shown in Figure 10. It is obvious to see that can survive the longest by using TMS.

Conclusions
In this paper, a trust management scheme (TMS) based on revised D-S evidence theory is proposed. It provides vector forms to express subjective trust opinions. On this basis, direct trust value on each neighbor node is calculated by considering trust factors which are defined according to node behaviors in order to detect malicious attacks. At the same time, recommended trust value from common neighbor nodes of subject and object nodes is obtained through conditional transitivity and the weight of each recommendation is obtained by revised D-S evidence theory. Afterwards, we use a flexible synthesis method to calculate the overall trust. Furthermore, the Matlab platform is used to test the performance of TMS, and simulation results show that the proposed algorithm can effectively resist vulnerabilities such as on-off attack and bad mouthing attack, reasonably evaluate trust levels of sensor nodes, and improve the network robustness and security. In addition, the flexible synthesis method saves energy greatly and, hence, prolongs the lifetime of WSNs.