Abstract
We start with role-based trust management (RBTM) and address some of the challenges associated with using RBTM in mobile ad hoc networks (MANETs). We then enhance RBTM with reputation systems (RSs), and propose a new hybrid trust management system (HTMS). In HTMS, the privilege level of an entity is determined not only by its role in the system, but also by its reputation score, which in turn is based on its behavior. If a privileged node becomes compromised and conducts several malicious or risky transactions, then its privilege level is quickly reduced to limit its access to resources and minimize the damage it can inflict further. The system uses a global, network-wide perspective to thwart global attacks. Such fine-grained variations of access control and dynamically assigning privilege levels would be very difficult to accomplish manually. We evaluated HTMS by comparing an implementation of it against an ideal response. We show that HTMS performs very close to the ideal if we can accurately estimate the proportion of malicious nodes in the network. We suggest using sampling to estimate this proportion. However, even if this estimate is not accurate, the results are still much better than using RBTM by itself.EDICS: SYS-ARCH; SYS-PROT; FOR-DETE; SYS-INTR.
Highlights
A typical organization may have many resources, and entities which want to access those resources
We focus on defending against insiders by combining role-based trust management (RBTM) and reputation systems (RSs)
We used an implementation of the Support Vector Machine (SVM)-based RS that we proposed in a previous study [22] because of the following reasons: (1) This RS has been shown to perform well with varying patterns of malicious behavior and varying proportions of malicious nodes
Summary
A typical organization may have many resources, and entities which want to access those resources. RBTM assigns “roles” to entities/ nodes and allows them to access resources based on their roles [26]. When Z needs to access X’s credentials and X is offline, Z can repeat the same procedure to determine which node to go to ask for X’s credentials The advantage of this approach is that it can distribute credentials in a pseudo-random fashion within the network and avoid possible “clustering,” where a small group of nodes end up storing most of the credentials. (4) If the required privilege level for the service is in between the minimum and the maximum privilege on the certificate, obtain the reputation score of the node and compute its privilege level at that point of time (explained below). A server will grant access to the requested service if PL ≥ MinPL for that service
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call