Redeemable Trust Based Secure Routing Protocol for Wireless Sensor Networks

View Research Poster

The Problem

In Wireless Sensor Network routing, there exist many ways in which an attacker can affect the delivery of messages from data sources to the base station collecting and analyzing sensor data. There has been much research towards defending against these attacks. Most, but not all, secure routing protocols are based on a notion of trust, which involves observing neighboring nodes’ behaviors and choosing a route with the most trustworthy nodes. In some of these trust schemes, it is necessary to allow a node to redeem itself in the eyes of its neighbors, because sometimes a bad behavior is anomalous, or due to less than perfect wireless channels. However, a smart attacker can capitalize on this feature of the secure routing protocol and create an “on-off” attack in which a node is only bad every once in a while. If such and attack is successful, the trust mechanism will continue to allow this node to participate in the network because it allows the trust to be redeemed.


We have developed a special type of trust, predictability trust, that we use to allow the speed of trust redemption to be controlled based on a node’s previous behavior. If a node behaves as we expect it to behave, the redemption will be quick. If the node behaves unpredictably, the redemption speed is slowed. As part of this trust mechanism, we have utilized a notion of dynamic sliding windows to keep track of behaviors of each node. If a node has a behaved badly recently, we use the sliding window to remember more bad behaviors for the computation of trust. If the node has behaved mostly well, the size of the window is smaller, and thus we use fewer behaviors to compute the trust value.


We have implemented this predictability trust with sliding windows in a simulated WSN environment using TinyOS and TOSSIM. In our simulations we have found that our protocol performs just as well as existing trust-based redemption algorithms in situations where an attacker is always bad. Further, in a more sophisticated attack, where the node intermixes good behaviors with bad behaviors, our protocol performs significantly better than the existing algorithms. Our protocol is able to detect an on/off attack as obvious as 1 good 1 bad, and as subtle as 9 good 1 bad, while the other protocols cannot detect and respond to these attacks at all.