Systematic Design of Trust Management Systems for

Wireless Sensor Networks : A Review

P. Raghu Vamsi and Krishna Kant
Department of Computer Science and Engineering
Jaypee Institute of Information Technology University, Noida, India.
prvonline@yahoo.co.in, k.kant@jiit.ac.in
AbstractConventional cryptography methods alone are not
adequate for secure routing in Wireless Sensor Networks (WSNs).
These networks are more vulnerable to security attacks due to
their diverse applications, lack of supervision and limitations
in view of resource, processing and storage. To mitigate these
problems, trust is widely used as a tool to provide better
security by aiding routing protocols. In recent years, numerous
researchers have proposed wide variety of solutions based on
trust. However, all these solutions carry their own design. In this
paper, we attempt to present steps for a systematic design of trust
management systems for WSNs. In addition, we address the tech-
niques followed by scholars in implementing trust frameworks.
Furthermore, we provide discussion on state-of-the-art research
in designing trust systems with summary and comparisons.
KeywordsTrust, models and design, secure routing, aggrega-
tion, intrusion detection.
I. INTRODUCTION
Wireless Sensor Networks (WSNs) are cost effective solu-
tions to various applications ranging from domestic appliances
to war elds [1]. These networks consist of autonomous sens-
ing and communication units called sensor nodes (or simply
nodes) with limited processing capacity, energy and resource.
WSNs are purely application specic and normally left unat-
tended in a geographical region. These limitations often lead
to exposed vulnerabilities and more prone to security attacks.
Historically, security issues in WSNs have been studied by
several researchers. However, it still remains a challenging
problem. Though traditional cryptography techniques and cross
layer encryption techniques are more powerful in providing
security, they can mitigate only insider attacks thereby not
suitable in all situations. In order to bypass the compromised
or malicious nodes, a multidisciplinary concept called Trust
Management has been studied by several researchers. Trust
has become a signicant aid in routing, data aggregation and
intrusion detection. However, there exist several reviews and
surveys which attempt to study common parameters among
different trust models [2].
In [3-8], surveys have been presented on trust management
and security attacks along with their classications. Several
authors have proposed trust management schemes which have
their own design considerations [35-41]. Lack of unity in de-
sign of existing schemes becomes cumbersome to understand
and implement trust systems. In this paper, we attempt to
present a systematic design of trust management so that a
system developer can implement system specications effec-
tively. In addition, we discuss state-of-the-art trust management
frameworks for secure routing, data aggregation and intrusion
detection.
In the proposed design, every node will maintain an agent,
which is responsible for application layer, communication
layer and trust management. This model sits between the
application and communication layer of protocol stack. This
model is designed to suit a wide variety of trust models
and applications. Broadly, our design (gure 1) is classied
into four major blocks: trust producer, trust manager, external
manager, and trust consumer. Trust producer produces trust
value based on the inputs received from the trust manager.
Trust manager will share the produced trust value with external
manager and trust consumer. External manager will take care
of the authentication schemes such as identity verication
and mobility related issues. Trust consumer consists of three
sub blocks: reputation manager, path manager and application
manager. These three sub blocks utilize the generated trust
value to support a wide variety of applications. We explain
these blocks in section V, after presenting the literature re-
view. This design is proposed only by considering references
provided in this article.
The rest of the paper is organized as follows: after dis-
cussing background and preliminaries in section 2, section 3
presents various trust models used in the literature. Section 4
presents review on state-of-the-art trust management applica-
tions and section 5 describe our proposed design in support of
presented literature. Finally, conclusions are drawn in section
6.
II. BACKGROUND AND PRELIMINARIES
In this section by providing background and preliminaries
we discuss the need for security in WSNs followed by termi-
nologies used in trust management.
There are two classes of wireless networks; Mobile Ad hoc
Networks (MANET) and Wireless Sensor Networks (WSNs).
MANETs are cost effective solutions to wireless networks,
having ad hoc deployment, rich in energy, processing and
communication while compared to WSNs. WSNs has simi-
lar characteristics and operating features like MANETs. For
example, sensor nodes are deployed in ad hoc fashion or
dropped from a helicopter in a war eld, thereby topology
is unknown. Each node needs to sense the environment,
identify their neighbors and forward data to the destination
(base station). Because of the similarities, trust management
frameworks developed for MANETS are used for WSNs with
little modications.
2014 Fourth International Conference on Advanced Computing & Communication Technologies
978-1-4799-4910-6/14 $31.00 2014 IEEE
DOI 10.1109/ACCT.2014.28
208
Basically, the communication can be guaranteed only with
positive cooperation among nodes. In general, nodes in WSNs
are application specic and designed with several constraints
related to energy, processing and computation and will work
with localized decisions. Due to application specic nature,
and design limitations, WSNs are more prone to security
attacks at various levels of protocol stack. Traditional cryp-
tography schemes have gained popularity in securing com-
munication; they have proved to be signicant in identifying
insider attacks. In addition, these algorithms carry extensive
computation and usually require thousands or millions of
multiplication and addition operations to execute a single se-
curity operation [9]. Hence, these are not suitable for resource
constrained WSNs. So, there is a need to improve security
while maintaining low resource consumption.
Research in the eld of MANETs has shown that quality
of service (QoS) is gradually affected when malicious nodes
present in the network. It turned the attention of researchers
to adopt a human behavior pattern called trust. Similarities of
MANETs with WSNs lead to inherit trust models to work with
WSNs. Basically; trust is an abstract concept, based on which
several denitions are available in the literature. The concept
of trust is used in many elds like psychology, sociology, an-
thropology, economics, political science, and computer science
related elds such as e-commerce, social networks etc [6].
This concept has signicantly gained attention in the eld of
communication to incorporate security. However, trust is used
to dene the degree of belief about the behavior of a particular
entity. The trust calculation and establishment is carried out in
association with routing protocols. While performing routing,
every node maintains a trust manager to make routing decisions
and to predict the behavior of neighboring nodes. This helps in
mitigating the potential risks such as dead or ambiguous paths
and security threats. The trust value can be useful to circulate a
warning or alarm message among friend nodes about malicious
nodes. In case if the trust value is completely low the node
will be isolated from the network.
Trust can be expressed as 7-tuple {a, b, l, s, c, k, t} [12].
Where, a and b are two agents. These two agents can have a
trust level l on a particular service s in a context c. This trust
level is formed based on the degree of knowledge k about
service offered at time t. The degree of knowledge can be
obtained from the sets D, R, and G. Where, D is set of direct
observations {d
1
, d
2
, .., d
n
}, R is a set of recommendations
{r
1
, r
2
, , r
n
} , and G is a set of gossip values {g
1
, g
2
, ., g
n
}.
Due to page limit, detailed discussion on trust denitions
and security attacks are not covered in this article. Interested
readers can nd them in [3-11][16][18][20,21].
A node can obtain subjective observations about its neigh-
bors [14][22]. In case, if a node calculates how much it trusts
another node in a subjective manner then it is said to be direct
trust. Whenever trust management is incorporated in routing,
each node needs to observe neighboring nodes and predict
the reputation by collecting evidences regarding behavior in
discharging duties such as cooperation and integrity maintained
in packet forwarding, energy depletion, distance measurement
etc. Trust of a node will be improved whenever it exhibits
positive behavior or other nodes have positive experiences
with it. However, these direct observations may become cum-
bersome whenever a malicious node responds to every query
with out performing the required operation. In this case, two
nodes may gossip trust information about third node so that
all three nodes indirectly come to know about each other trust
information. This is said to be indirect trust. In addition to
these two ways, nodes can obtain recommendations from the
trusted third parties such as base station or relay nodes or
cluster heads. Hence, a node can obtain trust information either
directly by rst hand, indirectly by second hand in distributed
fashion or by receiving recommendations from trusted third
parties in a centralized or hierarchical fashion.
In the literature, there exists several keywords which are
used interchangeably with trust. These are trustworthiness,
belief, reputation, condence etc. However, they have clear
differences. Belief is the probability of a node that decides
the level of trust. For example, 0 indicates complete distrust
and 1 indicates complete trust. In some cases, a node A may
or may not have belief probability to the actual trust level of
another node B. It means that trust of node A on node B is
not up to the trustworthiness of node B. Hence, the expected
probability of belief is trust and actual probability is said to
be trustworthiness. Miscalculation of trust and trustworthiness
difference will leave scope for poor risk estimation over
vulnerabilities. In some cases, trust management alone is not
sufcient in all operations, however, risk, quality of service and
trust need to be dealt separately before they are included in the
trust computation. For example, high priority transactions fail
to execute even though higher resources (such as bandwidth)
are allocated in a low trusted environment. So, higher the
trust lower is the risk and vice-versa. In other words, trust
management is a form of risk management [24][25].
Trust has several properties. First, trust is not static; it is
dynamic. Trust will be improved if any positive experiences
take place and decreases in opposite case. So, trust changes
over time and type of transaction experienced. Second, trust is
asymmetric which means two nodes may not have same trust
on each other. Third, trust is context dependent. The degree of
trust will be based on context and application involved. Fourth,
trust is subjective. It has a quantitative level or degree of belief
over other nodes. Finally, trust is not transitive which means
let is trust and A, B and C are three nodes, if A B,
B C then A C is not guaranteed [28][29].
During early stage of network (i.e. after node placement
and bootstrapping) each node exhibits positive behavior and
cooperation. Security threats, vulnerabilities and attacks can
be expected as the network operations progress. A major issue
to be considered in this context is how to bootstrap trust.
From the time of node bootstrapping, trust values can be
gathered by nodes self experiences, direct observations (one
hop neighbors), observations in coalition with neighbor nodes
(multi hop) and by authenticating identity or certicates for
every signicant transaction [42].
III. TRUST MODELS
In this section, we discuss various trust models used by
researchers to estimate trust and take action against malicious
nodes.
A. Arithmetic/Weighted mean trust model
A generic method to calculate trust by multiplying direct
and indirect trust is proposed in [13]. This method considers
209
Fig. 1. Block Diagram of Trust Management System Design
product of trust as reputation. Product of past actions and ob-
servations are considered as direct reputation. Let A and B are
two agents, A need to observe B for certain service s, at time
t then the direct reputation of B is calculated as DR
t
A(B|s) =
F
t
(t, t
k
)
k
. Where, F
t
(t, Tk) is a time dependent function and

k
is the number of successful observations. Each positive
observation is assigned value 1 and negative observation is
assigned value -1. F
t
gives higher relevance to the observed val-
ues of
k
. Indirect reputation will be calculated in similar way
by collecting information from friend nodes. Finally, total rep-
utation is calculated as TR =W
k
(DR
t
A(B|s
k
) +IR
t
A(B|s
k
)).
Where, W
k
is weight associated with service s
k
. Trust concept
has been included with Greedy Perimeter Stateless Routing (T-
GPSR) in [44]. T-GPSR considers two service criteria: number
of packets forwarded (P
f
) and number of packets forwarded
without tampering (P
wt
). The trust of a node is calculated as
Trust(node
i
) = (W(P
f
)P
f
+W(P
wt
)P
wt
). Where, W(P
f
) and
W(P
wt
) are weights associated for two services. In [45], weight
is associated to packet and agent. An agent can forward the
packet only if it has trust value greater than trust associated
with packet. A Similar work can be found in [47].
B. Social Networks model
A trust model based on social networks is proposed in [34].
It has four components: monitoring system, reputation system,
trust manager and path manager. Monitoring component asses
the trust based on fairness in cooperation of nodes with
network dynamics. In this method incentive based technique is
introduced. Incentives will be provided to well behaving nodes.
Punishment will be given to bad behaving nodes ranging from
raising warning message to complete isolation of node. Node
behavior is assessed by monitoring surrounding nodes for
cooperation in routing and forwarding of packets. With the
observed trust, path manager announces a best path to bypass
malicious nodes. Each node enters the system with low trust
which increases based on its positive behavior.
C. Bayesian Theory
The behavior of nodes is unpredictable or uncertain in the
network dynamics. To predict the behavior, Bayesian theory
makes use of prior probability of events and is later updated
in the light of collected or available evidence. So, it is best
suitable where uncertainty is present in node behavior. In
[15], a beta reputation system is developed by using beta
probability density function (PDF). It models posterior rep-
utation value by taking binary ratings as input. For a positive
experience rating will be 1 and for a negative experience
rating will be 0. Reputation score is the expectation value of
beta PDF. A beta PDF denoted by beta(p|, ) and can be
expressed by using gamma function (). It is expressed as
beta (p|, ) = (( +)/()()) p
(1)
(1 p)
(1)
.
210
Where, p is probability variable and 0 p 1, , > 0.
The function is with restriction that the probability variable
p = 0 if < 1 and p = 1 if < 1. Expectation is given by
E(p) = /( +). And , are ratings of r positive and s
negative outcomes with =r +1 and =s+1. A quantitative
trust establishment framework proposed in [42] makes use of
this method.
D. Subjective Logic
Josang et.al [19] have proposed a trust model based on sub-
jective logic for electronic commerce applications. Subjective
logic opinion is denoted by opinion function w. An opinion is
a quadruple where the components respectively correspond to
bbelie f , d disbelie f , uuncertainty, arelativeatomicity.
The relative atomicity (a) is used for computing the expected
opinion as Beta distribution with subjective logic is used to
evaluate opinion. The expectation value is given by E(p) =
a/(a+b). Where, a = (2b/u+2a) and b = (2d/u+s(1a)).
Works based on this model can be found in [36][43].
E. Fuzzy Logic Model
A fuzzy rule based inference consists of three steps. First,
calculating degree to which the input and conditions of fuzzy
rules are matched. Second, calculating fuzzy rule based on its
matching degree. Third, combining the inferences in support
of all fuzzy rules into nal decision. A trust model based on
fuzzy logic is proposed in [26]. It consider trust (T) and distrust
(U) in the range of 0 and 1 (i.e 0 T 1 and 0 U 1).
This method separates healthy nodes from abnormal nodes.
The T and U values calculated between two nodes i and j are
as follows
Minimum (T) = Minimum (Ti, Tj)
Minimum (U) = Minimum (Ui, Uj)
Maximum (T) = Maximum (Ti, Tj)
Maximum (U) = Maximum (Ui, Uj)
Finally, T and U values are obtained as
T = avg(Ti, Tj) / (1-(avg(Ti, Uj)+avg(Tj, Ui)))
U = avg(Ui, Uj) / (1-(avg(Ti, Uj)+avg(Tj, Ui)))
With T and U values, evaluation level of a node i is calculated
as E(node
i
) = T/(T +U). There exists several works based
on fuzzy logic in [27].
F. Game Theory model
With Game Theory [39], ones individual success can be
assessed based on behavior of others in a strategic situation.
Two approaches are followed in this method: cooperative
and non-cooperative games. In cooperative game, personal
experiences and recommendations from trusted nodes are
the source for information. The information is veried and
nalized by conducting voting. The draw back of this scheme
is that information collection and its validation via voting
consumes network resources such as bandwidth. Where, in
non-cooperative game, only personal experiences based on
direct observation are considered as source of information by
not allowing recommendations. Every node enters the network
with an average trust and its trust value increases and decreases
Fig. 2. Applications of Trust Management in WSNs.
based on behavior. The Game theory works ne when game
is bidirectional. However, sensor nodes in WSNs process one
way transmission. Hence, this model cannot be aptly adapted
to WSNs.
G. Meta Heuristic Methods
In addition to existing methods, bio-inspired methods are
adopted by researchers to improve the security. Ant based
adaptive trust model, a bio-inspired model based on swarm
intelligence is proposed in [30]. It is a reactive evidence
distribution scheme. An attractive feature of swarm intelligence
is indirect communication through environment. Ants going
through a path deposit a chemical called pheromone. This
chemical expires over time. Any ant following the same
path deposit new concentration of pheromone in place of old
concentration. Ants attracts to the pheromone and follow high
concentration pheromone path. In [30], Swarm intelligence is
used to distribute trust certicates in distributed and mobile
environment.
H. Markov chain model
In a multicast MANET environment, to evaluate trust the
Markov chain analysis is used in [51]. This approach has two
steps: evaluating trust value and distributing trust certicates
for key management. Trust value is evaluated based on Markov
chain analysis in which each one hop neighbor trust value
is assessed based on their previous trust performance. The
estimated trust value is distributed among all nodes. Among
the trust values, highest trust value node will be selected as
certication authority for key management.
IV. TRUST MANAGEMENT APPLICATIONS
In this section, applications supported by trust management
are discussed. Trust concept is widely used in applications
such as access control, key management, secure routing, data
aggregation, and intrusion detection.
A. Secure Routing
1) TARF: Trust Aware Routing Framework [35]: This
framework is a universal and reusable platform used to develop
applications, products and solutions. A robust, energy aware
and trust aware routing framework for dynamic WSNs is
proposed in [35]. This framework effectively deals with energy
and trust. It works with loose time synchronization, geographic
information and effectively deals with harmful routing attacks
such as selective forwarding, wormhole, sink hole and sybil
attacks. Energy watcher and Trust manager are the two main
components in TARF. Energy watcher keeps track of one
hop delivery by a node along with energy cost (E) incurred.
Where, Trust manager checks for network loops and base
211
station broadcasts. In addition, each node maintains an energy
table which consists of node id of source node, a forwarded
sequence interval [a, b] with a signicant length, energy
cost and trust level (T) (a value varies between 0 and 1)
of its neighbor (N). Based on the threshold values, a node
selects next hop to forward information. Finally, energy cost
is reported to the selected hop for further decisions. A node
N selects next node through evaluating each neighbor b based
on trade off between TN
b
and EN
b
TN
b
. Node N will prefer
a signicantly higher trust value to choose next hop neighbor.
Energy watcher computes energy cost as EN
b
= EN
b
+E
b
.
Where, EN
b
is the average energy cost for delivering a data
packet from node N to its neighbor b with one hop. Selection
of neighboring node b is based on the trust value in two cases,
i.e, with routing loops and with delivery ratio. TARF is plugged
with Collection Tree Routing Protocol (CTP) [55] which is an
efcient, robust and reliable protocol for highly dynamic link
topology. TARF effectively deals with wormhole and sinkhole
attacks, however, it needs to be extended to deal with other
routing attacks such as attacks on energy.
2) A Trust Aware Geographic Routing Scheme (ATSR)
[41]: A reputation based trust scheme with location based
routing is proposed in ATSR [41]. ATSR is a scalable geo-
graphical routing approach with low complexity and is adopted
to cope with large network dimensions. It makes use of direct
and indirect trust to detect and avoid malicious node activity. In
addition, energy awareness is introduced by simple weighted
routing cost functions. Cost calculation is performed with
localized decisions, there by complex path calculations are
avoided and energy consumption requirements are considered
with topology maintenance. Let x and y are two nodes, node
x is condent of trust value it has calculated for node y only
if it has performed an adequate number of interactions with
node y. Each sensor node in the network maintains a trust
repository to store trust information per neighbor and trust
metrics. The trust metrics to be monitored in the direct trust
are packet forwarding, network layer acknowledgment, packet
precision, node authentication and condentiality, reputation
response, reputation validation and remaining energy. Indirect
trust value is calculated in case of newly initialized nodes
or newly appeared nodes (in case of mobility). To calculate
indirect trust, source node randomly selects on node per
quadrant so that only four unicast reputation requests and four
unicast reputation responses are generated. This overcomes the
drawback of broadcast messages. Reputation calculation takes
place in the indirect trust to assess the condence of newly
initialized nodes or newly arrived nodes. In ATSR, routing
decisions are based on localized information. The packets are
forwarded to a node with three factors: highly trusted, as
close to destination as possible and remaining energy. ATSR
is a protocol designed to efciently detect attacks like black-
hole, gray-hole, colluding, unexpected modication, selsh
behavior, bad-mouthing, conicting behavior, sybil and trafc
analysis attacks.
3) HATWA: Heuristic Approach based Trust Worthy Ar-
chitecture [37]: A Heuristic Approach based Trust Worthy
Architecture for WSN (HATWA) is proposed in [37]. HATWA
considers the challenges of the trust system and focuses on
collaborative mechanism for trust evaluation and maintenance.
This architecture is capable of fullling security, reliability,
mobility and performance requirements for reliable commu-
nication while being readily adaptable to different applica-
tions. Only few trust management schemes such as GTMS
[49] Group based Trust Management Scheme discuss about
mobility. HATWA works well in terms of communication
overhead, memory requirements and energy consumption than
GTMS. HATWA consists of three models: security, mobility
and reliability. The trust value of a node security model will
be high when it has secure routing protocol, access control and
encryption of the routed packets. In mobility model, localiza-
tion issue helps to locate the nodes in the terrain. Mobility
of the node can be estimated based on the destination and
source node location. The process of data fusion, negligible
packet loss, low delay and the optimum energy consumption
during transmission and reception of packets leads to reliable
communication. The trust value in the network is represented
as a continuous variable which runs over a specic range 1
to +1. HATWA works in four stages. In the rst stage trust
value is calculated based on the fault tolerant management
mechanism. In second stage, a secure routing protocol is
selected. In stage three, trust calculation is performed with
mobility concerns. Finally in fourth stage, energy / power
management included for power and energy requirements for
HATWA.
In [46], trust based cluster head selection is proposed
in hierarchical routing. Some other related works for secure
routing are [31][33][48][53][54].
B. Data Aggregation
Larger the WSNs huge the redundancy in data. For ex-
ample, in a temperature monitoring application, sensor nodes
in a region will sense and report almost same readings to
base station even though one reading is sufcient. It leads to
energy depletion, lower network life time, and disconnection
of network. To overcome this, an aggregated data in terms of
average, count, maximum, minimum, median, most frequent
samples, most uniform samples etc., can be reported. This
procedure is said to be data aggregation. In [36], a framework
is proposed for data aggregation and fault tolerance to enhance
the correctness and trustworthiness of collected information
in wireless multimedia sensor networks. This is developed
by extracting statistical characteristics from different sources
and extending Josang [19] trust model (trust transfer and trust
combination). This framework can evaluate discrete and con-
tinuous data streams through uniform mechanisms. The entire
sensor networks system is classied into layers (level 1, 2,
3..n). Each level consists of sensor nodes grouped into clusters.
Each cluster consists of cluster head, which is responsible for
data aggregation and forwards data to the aggregation in the
higher level. This process is carried out recursively up to base
station. Each sensor node calculates self trust worthiness of
collected data by a procedure called Memory Depth, (it is
dened as the number of stored historical data which represents
the temporal correlation). If the memory depth is zero, the
node self data trustworthiness is one. Aggregation determines
the trustworthiness of aggregated result by spatial correlation
among sensor nodes in an aggregation set and aggregation
breadth. Aggregation breadth is the number of children taking
part in data aggregation. Sink node receives the aggregated
results from the lower level aggregation, fuses them to obtain
the nal report, and determines the resulting trustworthiness.
212
Some other works related to data aggregation can be found in
[32].
C. Intrusion Detection
An iterative algorithm for trust management and adversary
detection for delay-tolerant networks is proposed in ITRM
[38]. Delay-tolerant networking (DTN) is an approach to com-
puter network architecture that seeks to address the technical
issues in heterogeneous networks that may lack continuous
network connectivity. Examples of such networks are those
operating in mobile or extreme terrestrial environments, or
planned networks in space. Vehicular, planetary/interplanetary,
military/tactical, disaster response, underwater and satellite
networks are some examples of DTN. This work Proposes a
graph based iterative algorithm inspired by success of message
passing techniques for decoding low density parity check
codes over bipartite graphs. ITRM effectively deals with DTNs
with sparseness. ITRM effectively detects the malicious nodes
even in the presence of attacks on the trust and detection
mechanisms. ITRM proves more effective than the Bayesian
framework.
A statistical technique called sequential hypothesis testing
used to detect suspect regions is proposed in ZoneTrust [39]. In
statistics, sequential analysis or sequential hypothesis testing
is used for analysis where the sample size is not xed in
advance. Instead data are evaluated as they are collected, and
further sampling is stopped in accordance with a predened
stopping rule as soon as signicant results are observed. Thus
a conclusion may sometimes be reached at a much earlier stage
than would be possible with more classical hypothesis testing
or estimation, at consequently lower nancial and/or human
cost. ZoneTrust detects even substantial fraction of nodes while
reducing false positive and false negative rates. This detection
technique is modeled using game theoretic analysis. Optimal
strategies are dened for attacker and defender. ZoneTurst
proves that node compromise is greatly limited by defender
if attacker and defender follow optimal strategies.
A hierarchical dynamic trust management protocol for
clustered heterogeneous wireless sensor networks is proposed
in [40]. In this, a two layer trust management technique is
proposed to effectively deal with selsh or malicious nodes
and combined quality of service (Qos) metrics and social trust
derived from social networks to achieve optimal values. This
method is shown best in both detection and false positive prob-
ability than conventional anomaly based intrusion detection
techniques.
Related works on intrusion detection can be found in
[50][52]. Comparison of trust management frameworks with
respect to application type, topology, network type, security
attacks consideration, scalability and trust observations are
provided in table 1.
V. TRUST MANAGEMENT SYSTEM DESIGN
In this section, we explain systematic design of trust
management system (gure 1). It is clear that each node should
be social aware rather than transaction aware to estimate trust
value of neighboring nodes. Each sensor node consists of ve
layers in protocol stack. Layers above the networks layers
are responsible for processing security applications. So, in
this design it is assumed that every node maintains an agent
which is responsible for application layer and communication
middleware. This design sits between application and commu-
nication middle ware. To be aware of the services processed
by neighbor nodes, each node needs to be in promiscuous
mode. During this mode medium access of data link layer
will not respond to any requests it receives. However, a node
can receive all packets passing through its radio range.
Proposed trust management design consists of four sub
blocks: trust producer, trust manager, trust consumer and
external manager. Communication between all four blocks
is bidirectional. Trust manager is central authority of all
blocks and responsible for initiating trust composing. It is
observed from previous sections that based on requirements
of application, information collection is initiated. Information
is gathered based on the observation such as trafc ows,
packet forwarding, communication path, energy of node, node
cooperation and packet dropping. Depending on application
requirements weights can be assigned for the observations.
All observations collected by data collector are classied as
direct, indirect or recommendation. By using collected data,
trust models are applied to estimate the trust or reputation
value. Generated trust values are carefully recorded by record
keeper to create friend lists, trust and reputation records.
Generated records are stored along with time stamp so that
historical observations will help in judging suitable actions.
A thread of trust producer associates continuously with trust
manager so that trust records are periodically accessed with
query processing sub system. In [17], Geographic Hash Table
(GHT) approach has been proposed to store trust values so that
data operations are carried out with simple put() and get()
functions. In [43], an efcient, robust and scalable method is
proposed to manage trust and decision making in unattended
WSNs. This method use GHT to store trust values. In [23], a
query processing system is proposed to extract required trust
values. In [34], an alarm system is proposed to raise caution
about malicious nodes. However, alarm is generally required
if the trust value gradually decreases for certain period. It
means that a node needs to have adequate interaction with the
neighbor nodes. Alarm cannot be raised for low trust value
with very few interactions. As the trust manager accesses the
record storage periodically, caution alarm can be raised if any
abnormalities are identied.
Frameworks [41][45] consider reputation manager in as-
sociation with trust manager. However, a certicate issued by
accumulating trust value from surrounding nodes. Hence, trust
is consumed by reputation. In case, trust value is decreased
continuously over time it reects reputation. So we assume
reputation as consumer of trust. Reputation value is shared
by path manager to make decision about route discovery or
rearranging the path. Application support block can directly
utilize the reputation without involvement of path manager.
However, application like secure routing, key management
need to work in coalition with path manager. Trust manager
also responsible for external manager to make decisions for
any external operations. External manager is responsible for
mobility related issues. For example, during mobility, a node
may discover new nodes or its previous neighbors can be
absconded. In addition, each node needs to ensure safety and
security before entering into the unknown regions. In some
cases, nodes may not participate in communication due to
213
TABLE I. COMPARISON OF KEY MANAGEMENT SCHEMES
Paper Application Topology Network Type Attacks Addressed Scalability Observations and model
[35] Routing Dynamic Homogeneous Selective forwarding, wormhole,
sinkhole and Sybil
Yes Direct observations with energy
awareness
[36] Data Aggregation Static Homogeneous Attacks related to data aggregation Yes Subjective logic and statistical
methods.
[37] Routing Dynamic Heterogeneous Attacks related to energy and mo-
bility
Yes Direct and indirect observations.
[38] Intrusion detection Dynamic Homogeneous Packet drop and packet injection,
Bad mouthing, Random attacks on
trust management
Limited Direct and indirect observations
with reputation model.
[39] Intrusion detection Static Homogeneous Physical tampering attacks, Repro-
gramming
Limited Direct and indirect observations
with statistical techniques.
[40] Routing and intrusion detection Static Heterogeneous Intrusion detection Yes Developed statistical models, So-
cial trust metrics derived from so-
cial networks, Stochastic Petrinet
technique to analyze protocol per-
formance.
[41] Routing Dynamic Homogeneous All attacks related to geographic
routing protocols
Yes Reputation model developed for
geographic routing.
energy depletion, node failure or propagation channel failure.
Hence, trust models should support mobility module to take
care of location, identity verication and channel failures.
Moreover, this design can be customized based on the appli-
cation requirement. It also helps system developer to explore
patterns which are reusable for broad array of applications.
VI. CONCLUSION
In this article, systematic design of trust management
system is presented with support of state-of-the-art trust sys-
tems design methods. It is an attempt to create a common
nomenclature of trust management systems design. This design
can be customized to use with application requirements. This
model aims at trust composing by keeping in view of limi-
tations of sensor nodes. In future, we attempt to differentiate
all the models quantitatively so that suitable designs can be
developed for ready made usage. Designing trust management
frameworks based on taxonomy of routing algorithms and
applications are also part of our future work.
REFERENCES
[1] I.F.Akyildiz, W.Su, Y Sankarasubramaniam, E. Cayirci, Wireless Sensor
Networks: A Survey, Computer Networks, Elsevier, Pages 393-422,
Volume 38, Issue 4, 15 March 2002.
[2] Marcela Mejia, Nestor Pena, Jose L Munoz, Oscar Espanza, A Review
of trust modeling in adhoc networks, Internet Research, Vol 19, issue
1, pp 88-104, 2010.
[3] Kannan Govindan, Prasant Mohapatra, Trust computations and Trust
Dynamics in Mobile Adhoc Networks: A Survey, IEEE Communica-
tions Surveys and Tutorials, vol 14, No 2, Second Quarter 2012.
[4] M. Carmen Fern andez-Gago, Rodrigo Rom an, Javier Lopez, A Survey
on the Appli-cability of Trust Management Systems for Wireless Sensor
Networks, proceedings of Third International Workshop on SecPerU
2007.
[5] Kannan Govindan, Prasant Mohapatra, Tarek F. Abdelzaher, Trust-
worthy Wireless Net-works: Issues and Applications (Invited Paper),
ised, pp.253-258, 2010 International Symposium on Electronic System
Design, 2010.
[6] Jin-Hee Cho ,Swami, A. ; Ing-Ray Chen, A Survey on Trust Management
for Mo-bile Adhoc Networks, IEEE Communications surveys and
tutorials, volume 3, No 4, Fourth quarter 2011.
[7] Jin-Hee Cho ,Swami, A. ; Ing-Ray Chen, A Survey on Trust Manage-
ment for Mo-bile Adhoc Networks, IEEE Communications surveys and
tutorials, volume 3, No 4, Fourth quarter 2011.
[8] Yanli Yu, Keqiu Li, Wanlei Zhou, Ping Li, Trust mechanism in wire-
less sensor networks: attack analysis and countermeasures, Journal of
Network and com-puter Applications 35 (2012) 867-880.
[9] Yong wang, Garhan Attebury, Byrav Rammurthy, A Survey of Security
Issues in Wire-less Sensor Networks,IEEE Communication Surveys and
Tutorials, 2nd Quarter, No 2, Vol 8, 2006.
[10] Chris Karlof, David Wagner, Secure Routing in Wireless Sensor Net-
works: Attacks and Counter Measures, Ad hoc Networks, Special Issue
on Sensor Networks protocols and applications, Elsevier Publication,
Volume 1, Issues 2-3, Pages 211-350, September 2003.
[11] Yan (Lindsay) Sun, Zhu Han, K. J. Ray Liu, Defense of Trust Manage-
ment Vulnerabili-ties in Distributed Networks, IEEE Communications
Magazine, February 2008.
[12] Licia Capra,Engineering Human Trust in Mobile System Collabora-
tions, proceedings of SIGSOFT 04, Oct 31-Nov 6, 2004.
[13] Michiardi, P. and Molva, R, CORE: A collaborative reputation mech-
anism to enforce node cooperation, proceeding of IFIP, 2002.
[14] Mohit Virendra, Murtuza Jadliwala, Madhusudhanan Chandrasekaran,
Shambhu Upadhyaya, Quantifying trust in mobile adhoc networks,
proceedings of KIMAS 2005, April 18-21, 2005, Waltham, MA, USA.
[15] Audun Jsang, Roslan Ismail, The Beta Reputation System, proceed-
ings of 15th Bled Electronic Commerce Conference, Bled, Slovenia, June
17 - 19, 2002.
[16] Aurlien Francillon, Claude Castelluccia, Code Injection Attacks on
Harvard-Architecture Devices, proceedings of CCS08, October 2731,
2008.
[17] Sylvia Ratnasamy, Brad Karp, LiYin, Fang Yu, Deborah Estrin, Ramesh
Govindan, Scott Shenker, GHT: A Geographic Hash Table for Data-
Centric Storage, Proceedings of First ACM WSNA, 2002.
[18] Alexander Becher, Zinaida Benenson, Maximillian Dornseif, Tam-
pering with Motes: Real-World Physical Attacks on Wireless Sensor
Networks, proceedings of Third Interna-tional Conference, SPC, April
18-21, 2006.
[19] Audun Josang, An Algebra for Assessing Trust in Certication Chain
Proceedings of the Network and Distributed Systems Security Sympo-
sium (NDSS99).
[20] Anthony D. Wood John A. Stankovic, Denial of Service in Sensor
Networks, IEEE computer magazine, pp 48-56, October 2002.
[21] Sergio Marti, T.J. Giuli, Kevin Lai, and Mary Baker, Mitigating
Routing Misbehavior in Mobile Ad Hoc Networks, proceedings of
MOBICOM 2000, Boston MA, USA.
[22] Matthew J. Probst and Sneha Kumar Kasera, Statistical Trust Establish-
ment in Wireless Sensor Networks, proceedings of Parallel and ICDS,
2007.
[23] Vladimir Oleshchuk, Vladimir Zadorozhny, Trust-Aware Query Pro-
cessing in Data In-tensive Sensor Networks, proceedings of ICSTA,
2007.
[24] Asad Amir Pirzada and Chris McDonald, Establishing Trust In Pure
Ad-hoc Networks, proceedings of 7th Australasian Computer Science
Conference, 2004.
[25] Kuan Lun Huang, Salil S. Kanhere, Wen Hu, Are You Contributing
Trustworthy Data? The Case for a Reputation System in Participatory
Sensing, proceedings of MSWiM10, October 1721, 2010.
214
[26] Tae Kyung Kim, and Hee Suk Seo, A Trust Model using Fuzzy Logic
in Wireless Sensor Network, World Academy of Science, Engineering
and Technology 18 2008.
[27] H. Xia, Z. Jia, L. Ju, Y. Zhu, Trust management model for mobile ad
hoc network based on analytic hierarchy process and fuzzy theory, IET
wireless sensor systems, Vol. 1, Iss. 4, pp. 248266, 2011.
[28] Mawloud Omar, Yacine Challal, and Abdelmadjid Bouabdallah, Fully
Distributed Trust Model based on Trust Graph for Mobile Ad hoc
Networks, Computers and Security 28 (2009) 199 214.
[29] Saurabh Ganeriwal and Mani B. Srivastava, Reputation-based Frame-
work for High Integ-rity Sensor Networks, proceedings of SASN04,
October 25, 2004.
[30] Tao Jiang, John S. Baras, Ant-based Adaptive Trust Evidence Distri-
bution in MANET, Proceedings of the 24th ICDCSW, 2004.
[31] Huaizhi Li, Mukesh Singhal, A Secure Routing Protocol for Wire-
less Ad Hoc Networks, Proceedings of the 39th Hawaii International
Conference on System Sciences 2006.
[32] Suat Ozdemir, Functional reputation based reliable data aggregation
and transmission for wireless sensor networks, Computer Communica-
tions 31 (2008) 39413953.
[33] K.D. Kang, K. Liu, and N. Abu-Ghazaleh, Securing Geographic
Routing in Wireless Sen-sor Networks, Proceedings of the 9th Annual
NYS, 2006.
[34] Sonja Buchegger, Jean-Yves Le Boudec, Performance Analysis of the
CONFIDANT Pro-tocol, proceedings of MOBIHOC02,June 9-11, 2002.
[35] Guoxing Zhan, Weisong Shi, Julia Deng, Design and Implementation
of TARF: Trust Aware Routing Framework for WSNs, IEEE Transac-
tions on Dependable and Secure Computing, pp 184-197, Vol 9, No 2,
March/April 2012.
[36] Sun, Y, Luo, H, Das. S. A Trust-Based Framework for Fault-Tolerant
Data Aggregation in Wireless Multimedia Sensor Networks, IEEE
Transaction on Dependable and Secure Computing, Issue 99, 2012.
[37] V. R. Sarma Dhulipala, N. Karthik, RM. Chandrasekaran A Novel
Heuristic Approach Based Trust Worthy Architecture for Wireless Sensor
Networks, Wireless Personal Communications, DOI 10.1007/s11277-
012-0688-1, 2012.
[38] Erman Ayday, Faramarz Fekri, An Iterative Algorithm for Trust
Management and Adver-sary Detection for Delay-Tolerant Networks,
IEEE Transactions on Mobile Computing, Vol 11, No 9, PP 1514-1531,
September 2012.
[39] Jun-Won, Matthew Wright, Sajal K. Das, ZoneTrust: Fast Zone-Based
Node Compro-mise Detection and Revocation in Wireless Sensor Net-
works Using Sequential Hypothesis Testing, IEEE Transaction on De-
pendable and Secure Computing, Vol 9, No 4, pp 494-510, July/August
2012.
[40] Fenye Bao, Ing-Ray Chen, MoonJeong Chang, and Jin-Hee Cho,
Hierarchical Trust Man-agement for Wireless Sensor Networks and Its
Applications to Trust Based Routing and Intrusion Detection, IEEE
Transactions on Network and Service Management, Vol 9, No 2, pp169-
183, June 2012.
[41] Theodore Zahariadis, Panagiotis Trakadas, Helen C, Leligou, Sotiris
Maniatis, Panagiotis Kar, A Novel Trust-Aware Geographical Routing
Scheme for Wireless Sensor Net-works, Wireless Pers Commun DOI
10.1007/s11277-012-0613-7, Springer, Published Online 15 April 2012.
[42] C. Zouridaki B.L. Mark M.Hejmo, R.K. Thomas, A Quantitative
Trust Establishment Framework for Reliable Data Packet Delivery in
MANETs, proc of SANS, Nov 5, 2007.
[43] Yi Ren, Vladimir I, Zadorozhny, Vladimir A Oleshchuk, Frank Y Li,
A Novel Approach to Trust Management in Unattended Wireless Sensor
Networks , IEEE Transactions on Mobile Computing 2013 ( To Appear).
[44] AA Pirzada, C McDonald , Trusted Greedy Perimeter Stateless Rout-
ing, proceedings of ICON 2007.
[45] Nael Abu Gazaleh, Kyoung Don Kang and Ke Liu, Towards Resilient
Geographic Rout-ing in WSNs, Proceedings of Q2Winter, Oct 13, 2005.
[46] Garth V. Crosby, Niki Pissinou, James Gadze, A Framework for Trust-
based Cluster Head Election in Wireless Sensor Networks, Proceedings
of DSSNS, 2006.
[47] Ka-Shun Hung, King-Shan Lui, and Yu-Kwong Kwok, A Trust Based
Geographical Routing Scheme in Sensor Networks, proceedings of
IEEE WCNC, March 2007.
[48] Marie E. G. Moe, Bjarne E. Helvik, Svein J. Knapskog, TSR:
Trust-based Secure MANET Routing using HMMs, proceedings of
Q2SWinet08, October 2728, 2008.
[49] Riaz Ahmed Shaikh, Hassan Jameel, Sungyoung Lee, Saeed Rajput and
Young Jae Song, Trust Management Problem in Distributed Wireless
Sensor Networks, Proceedings of the 12th IEEE RTCSA, 2006.
[50] Idris M. Atakli, Hongbing Hu, Yu Chen, Wei-Shinn Ku, Zhou Su, Ma-
licious Node Detec-tion in Wireless Sensor Networks using Weighted
Trust Evaluation, proceedings of SpringSim, 2008.
[51] Ben-Jye Chang ,Szu-Liang Kuo, Ying-Hsin Liang and De-Yu Wang,
Markov Chain-based Trust Model for Analyzing Trust Value in Dis-
tributed Multicasting Mobile Ad Hoc Networks, proceedings of IEEE
Asia-Pacic Services Computing Conference, 2008.
[52] Daojing He, Chun Chen, Sammy Chan, Jiajun Bu, and Athanasios V.
Vasilakos, ReTrust: Attack-Resistant and Lightweight Trust Manage-
ment for Medical Sensor Networks, IEEE Transactions on Information
Technology in Biomedicine, Vol 16, No 4, July 2012.
[53] Laura Gheorghe, Rzvan Rughini, Nicolae pu, Trust and Energy-
aware Routing Pro-tocol for Wireless Sensor Networks, proceedings
of ICWMC 2012.
[54] Pedro B. Velloso, Rafael P. Laufer, Daniel de O. Cunha, Otto Carlos
M. B. Duarte, and Guy Pujolle, Trust Management in Mobile Ad Hoc
Networks Using a Scalable Maturity-ased Model, IEEE Transactions on
network and service management, vol 7, No 3, Sep-tember, 2010.
[55] Omprakash Gnawali, Rodrigo Fonseca, Kyle Jamieson, David Moss,
Philip Levis, Collection Tree Protocol, proceedings of SenSys09,
November 46, 2009.
215