Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

7.8.4 Core >  Protocol execution when misbehavior is detected - Pg. 178

178 CHAPTER 7 Security for Mobile Ad Hoc Networks reputation to detect selfish nodes and enforce cooperation among them. CORE can be said to have two components, the monitoring system and the reputation system as in CONFIDANT. For the reputation system, it maintains several reputation tables for each node, one table for each function such as routing discovery or for- warding packets performed by the node, and also a table for accumulated values for each node. Negative rating is given to a node only from direct observation when the node does not coop- erate, which eventually results in decreased rep- utation of the node. However, positive rating is given from both direct observation and pos- itive reports from other nodes, which results in increased reputation. The CORE scheme involves two types of protocol entities, a requester and one or more providers, that are within the wireless transmis- sion range of the requester. The nature of the protocol and the mechanisms on which it relies assure that if a provider refuses to cooperate (i.e., the request is not satisfied), then the CORE scheme will react by decreasing the reputation of the provider, leading to its exclusion if the non- cooperative behavior persists. · Protocol execution when no misbehavior is detected. First, the requester asks for the exe- cution of a function f to the provider. It then activate the monitoring system or the Watchdog (WD) related to the provider for the required f and waits for the outcome of the WD within a predefined timeout. Since the two parties cor- rectly behave, the outcome of the WD assures that the requested function was correctly exe- cuted and the requester disarms the WD. · Protocol execution when misbehavior is detected. The requester asks for the execution of a function f and arms the related WD, wait- ing for the outcome. Since the provider does not cooperate, the outcome of the Watchdog will be negative. The requester will then update the entry in the reputation table (RT) corresponding to the misbehaving entity with a negative factor and will enter in an idle mode. · Request made by a misbehaving entity. Upon receiving the request for the execution of a neighborhood, and an even smaller weight to reported experience. If the rating of a node in the table has deteriorated so much as to fall out of a tolerable range, the path manager is called for action. · The Path Manager performs the following functions: (a) path re-ranking according to security metric; (b) deletion of paths contain- ing malicious nodes; and (c) action on receiv- ing a request for a route from a malicious node. Each node monitors the behavior of its next hop neighbors. If a suspicious event is detected, the information is given to the reputation sys- tem. If the event is significant for the node, it is checked whether the event has occurred more often than a predefined threshold that is high enough to distinguish deliberate malicious behav- ior from simple coincidences such as collisions. If that occurrence threshold is exceeded, the rep- utation system updates the rating of the node that caused that event. If the rating turns out to be intolerable, the information is relayed to the path manager, which proceeds to delete all routes containing the intolerable node from the path cache. The node continues to monitor the neighborhood, and an ALARM message is sent by the trust manager component to convey warn- ing information to nodes which are considered as its friends. When the monitor component of a node receives such an ALARM message, it passes it on to the trust manager, where the source of the message is evaluated. If the source is at least par- tially trusted, the table containing the ALARMs is updated. If there is sufficient evidence that the node reported in the ALARM is malicious, the information is sent to the reputation system where it is again evaluated for significance, num- ber of occurrences, and accumulated reputation of the node. 7.8.4. Core The CORE (A Collaborative Reputation mech- anism to enforce node cooperation in Mobile Ad Hoc Networks) protocol [51] is based on