698 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 Group-Based Trust Maagemet Scheme for Clustered Wireless Sesor Networks Riaz Ahmed Shaikh, Hassa Jameel, Bria J. d Auriol, Member, IEEE Computer Society, Heejo Lee, Member, IEEE, Sugyoug Lee, Member, IEEE, ad Youg-Jae Sog Abstract Traditioal trust maagemet schemes developed for wired ad wireless ad hoc etworks are ot well suited for sesor etworks due to their higher cosumptio of resources such as memory ad power. I this work, we propose a ew lightweight Groupbased Trust Maagemet Scheme (GTMS) for wireless sesor etworks, which employs clusterig. Our approach reduces the cost of trust evaluatio. Also, theoretical as well as simulatio results show that our scheme demads less memory, eergy, ad commuicatio overheads as compared to the curret state-of-the-art trust maagemet schemes ad it is more suitable for large-scale sesor etworks. Furthermore, GTMS also eables us to detect ad prevet malicious, selfish, ad faulty odes. Idex Terms Trust evaluatio, trust modelig, trust maagemet, security, sesor etworks. Ç INTRODUCTION TRUST i geeral is the level of cofidece i a perso or a thig. Various egieerig models such as security, usability, reliability, availability, safety, ad privacy models icorporate some limited aspects of trust with differet meaigs []. For example, i sesor etwork security, trust is a level of assurace about a key s autheticity that would be provided by some cetralized trusted body to the sesor ode (SN) [2], [3]. I wireless ad hoc ad sesor etwork reliability, trust is used as a measure of ode s competece i providig required service [4], [5], [6], [7]. I geeral, establishig trust i a etwork gives may beefits such as the followig. Trust solves the problem of providig correspodig access cotrol based o judgig the quality of SNs ad their services. This problem caot be solved through traditioal security mechaisms [8]. 2. Trust solves the problem of providig reliable routig paths that do ot cotai ay malicious, selfish, or faulty ode(s) [9], [0]. 3. Trust makes the traditioal security services more robust ad reliable by esurig that all the commuicatig odes are trusted durig autheticatio, authorizatio, or key maagemet []. For Wireless Sesor Networks (WSNs), we visualize that trust maagemet is a cooperative busiess rather tha a idividual task due to the use of clusterig schemes such as LEACH [2], EGASIS [3], TEEN [4], ad HEED [5] i. R.A. Shaikh, H. Jameel, B.J. d Auriol, S. Lee, ad Y.-J. Sog are with the Departmet of Computer Egieerig, Kyug Hee Uiversity, Global Campus, Seocheo-dog, Giheug-gu, Yogi-si, Gyeoggi-do, Suwo 449-70, Korea. E-mail {riaz, hassa, dauriol, sylee}@oslab.khu.ac.kr, yjsog@khu.ac.kr.. H. Lee is with the Divisio of Computer ad Commuicatio Egieerig, Korea Uiversity, Aam-dog, Seogbuk-gu, Seoul 36-73, Korea. E-mail heejo@korea.ac.kr. Mauscript received 9 Apr. 2008; revised 3 Aug. 2008; accepted 2 Dec. 2008; published olie Dec. 2008. Recommeded for acceptace by J.C.S. Lui. For iformatio o obtaiig reprits of this article, please sed e-mail to tpds@computer.org, ad referece IEEECS Log Number TDS-2008-04-033. Digital Object Idetifier o. 0.09/TDS.2008.258. real-world scearios. Moreover, SNs ca also be deployed i the form of groups [6], which are willig to collaborate with each other i order to process, aggregate, ad forward collected data [7]. This highlights the fact that these clusterig schemes ad group deploymets eable SNs to fulfill their resposibilities i a cooperative maer rather tha idividually. Therefore, establishig ad maagig trust i a cooperative maer i clusterig eviromet provides may advatages. Such as, withi the cluster, it helps i the selectio of trusted cluster head by the member odes. Similarly, the cluster head will be able to detect faulty or malicious ode(s). I case of multihop clusterig [5], [8], it helps to select trusted e route odes through which a ode ca sed data to the cluster head. Durig itercluster commuicatio, trust maagemet helps to select trusted e route gateway odes or other trusted cluster heads through which the seder ode will forward data to the base statio (BS). A umber of trust maagemet schemes have bee proposed for peer-to-peer etworks [9], [20], [2] ad ad hoc etworks [22], [5], [23]. To the best of our kowledge, very few comprehesive trust maagemet schemes (e.g., Reputatio-based Framework for Sesor Networks (RFSN) [24], Aget-based Trust ad Reputatio Maagemet (ATRM) [25], ad arameterized ad Localized trust maagemet Scheme (LUS) [26]) have bee proposed for sesor etworks. Although, there are some other works available i the literature, e.g., [6], [7], [27], [28], ad so forth, that discuss trust but ot i much detail. Withi such comprehesive works, oly ATRM [25] scheme is specifically developed for the clustered WSNs. However, this ad other schemes suffer from various limitatios such as these schemes do ot meet the resource costrait requiremets of the WSNs ad, more specifically, for the large-scale WSNs. Also, these schemes suffer from higher cost associated with trust evaluatio specially of distat odes. Furthermore, existig schemes have some other limitatios such as depedece o specific routig scheme, like LUS works o the top of the LUS_R routig scheme; depedece o specific platform, like the ATRM scheme requires 045-929/09/$25.00 ß 2009 IEEE ublished by the IEEE Computer Society Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 699 a aget-based platform; ad urealistic assumptios, like the ATRM assumes that agets are resiliet agaist ay security threats, ad so forth. Therefore, these works are ot well suited for realistic WSN applicatios. Thus, a lightweight secure trust maagemet scheme is eeded to address these issues. I this work, we propose a ew lightweight Group-based Trust Maagemet Scheme (GTMS) for clustered WSNs. The GTMS cosists of three uique features such as. GTMS evaluates the trust of a group of SNs i cotrast to traditioal trust maagemet schemes that always focus o trust values of idividual odes. This approach gives us the beefit of requirig less memory to store trust records at each SN i the etwork.. GTMS works o two topologies itragroup topology where distributed trust maagemet approach is used ad itergroup topology where cetralized trust maagemet approach is adopted. This methodology helps to drastically reduce the cost associated with trust evaluatio of distat odes.. GTMS ot oly provides a mechaism to detect malicious odes but also provides some degree of prevetio mechaism. These ad other specific features (e.g., idepedet of ay specific routig scheme ad platform ad so forth) collectively make the GTMS a ew, lightweight, flexible, ad robust solutio that ca be used i ay clustered WSNs. The rest of this paper is orgaized as follows Sectio 2 describes related work. Sectio 3 cotais defiitios, descriptio o represetatio of trust value, ad assumptios. Sectio 4 proposes trust modelig ad evaluatio mechaism of the GTMS. Sectios 5 ad 6 provide theoretical ad simulatio-based aalysis ad evaluatio of the GTMS, respectively. Sectio 7 cocludes this paper ad suggests some future directios. 2 RELATED WORK Research work o trust maagemet schemes for WSNs is i its ifacy. To our kowledge, very few trust maagemet schemes have bee proposed such as RFSN [24], ATRM [25], ad LUS [26]. Although, there are some other works available i the literature, e.g., [6], [7], [27], [28] ad so forth, that discuss trust but ot i much great detail. Gaeriwal ad Srivastava [24] proposed RFSN, where each SN maitais the reputatio for eighborig odes oly. Trust values are calculated o the basis of that reputatio ad they use Bayesia formulatio for represetig reputatio of a ode. RFSN assumes that the ode has eough iteractios with the eighbors so that the reputatio (beta distributio) ca reach a statioary state. However, if the rate of ode mobility is higher, reputatio iformatio will ot stabilize. I RFSN, o ode is allowed to dissemiate bad reputatio iformatio. If it is assumed that bad reputatio is implicitly icluded by ot givig out good reputatio, the i that case, the scheme will ot be able to cope with ucertai situatios [28]. Boukerche et al. [25] have proposed a ATRM scheme for WSNs. ATRM is based o a clustered WSN ad calculates trust i a fully distributed maer. ATRM works o specific aget-based platform. Also, it assumes that there is a sigle trusted authority, which is resposible for geeratig ad lauchig mobile agets, which makes it vulerable agaist a sigle poit of failure. ATRM also assumes that mobile agets are resiliet agaist malicious odes that try to steal or modify iformatio carried by the aget. I may applicatios, this assumptio may ot be realistic. Yao et al. [26] have proposed LUS for sesor etwork security. The authors adopt a localized distributed approach ad trust is calculated based o either direct or idirect observatios. This scheme works o top of their ow defied routig scheme called LUS_R. I this scheme, the authors assume that all the importat cotrol packets geerated by the BS must cotai a hashed sequece umber (HSN). Iclusio of HSN i cotrol packets ot oly icreases the size of packets resultig i higher cosumptio of trasmissio ad receptio power but also icreases the computatioal cost at the SNs. Also, wheever a judge ode receives a packet from aother ode i, it will always check the itegrity of the packet. If the itegrity check fails, the the trust value of ode i will be decreased irrespective of whether ode i was really ivolved i maliciously makig some modificatio i a packet or ot. So, ode i may get ufair pealty. Recetly, Liu et al. [27] have proposed a very simple trust maagemet scheme for Resiliet Geographic Routig (T-RGR). Their trust algorithm works i a fully distributed maer, i which each ode moitors the behavior of oehop eighbors. I the T-RGR scheme, authors have used may predefied threshold values that make their scheme oadaptive. Also, i their scheme, each ode oly relies o its direct moitorig for calculatig trust value, which makes it vulerable agaist collaborative attacks. 3 DEFINITIONS, RERESENTATION, AND ASSUMTIONS 3. Defiitios Our proposed GTMS calculates the trust value based o direct or idirect observatios. Direct observatios represet the umber of successful ad usuccessful iteractios ad idirect observatios represet the recommedatios of trusted peers about a specific ode. Here, iteractio meas the cooperatio of two odes. For example, a seder will cosider a iteractio as successful if the seder receives a assurace that the packet is successfully received by the eighbor ode ad that ode has forwarded the packet toward the destiatio i a ualtered fashio. Thus. The first requiremet, i.e., successful receptio, is achieved o receptio of the lik layer ackowledgmet (ACK). IEEE 802. is a stadard lik layer protocol, which keeps packets i its cache util the seder receives a ACK. Wheever the receiver ode successfully received the packet, it will sed back a ACK to the seder. If the seder ode did ot receive the ACK durig a predefied threshold time, the it will retrasmit that packet.. The secod requiremet, i.e., forwardig of the packet, is achieved by usig ehaced passive Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
700 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 ackowledgmet (ACK) by overhearig the trasmissio of a ext hop o the route, sice they are withi the radio rage [0]. If the seder ode does ot overhear the retrasmissio of the packet withi a threshold time from its eighborig ode or the overheard packet is foud to be illegally fabricated (by comparig the payload that is attached to the packet), the the seder ode will cosider that iteractio as a usuccessful oe. If the umber of usuccessful iteractios icreases, the seder ode decreases the trust value of that eighborig ode ad may cosider it as a faulty or malicious ode. 3.2 Represetatio of Trust Value Geerally, a trust value is cosidered to be a umerical quatity lyig betwee 0 ad (iclusive) as suggested earlier i [5], [22], ad [29] or betwee ad (iclusive) as described i [4] o a real umber lie. I this paper, we use trust value as a iteger i the iterval betwee 0 ad 00 (iclusive). However, other rages, for example base 2 rages, could be used as well. Although presetig the trust values as a real umber or iteger may ot play a importat role i traditioal etworks, but for SNs this issue is of critical importace due to limited memory, ad trasmissio, receptio power. This chage will give us beefits such as Represetatio of trust value [0, 00] as a usiged iteger ( byte) saves 75 percet of memory space as compared to trust values represeted as a real umber (4 bytes). Less umber of bits eed to be trasmitted durig the exchage of trust values betwee SNs. This gives us the beefit of less cosumptio of trasmissio ad receptio power. 3.3 Assumptios We assume that the sesor etwork cosists of large umber of SNs that are deployed i a ope or hostile eviromet. We also assume that all SNs have uique idetities as it is also assumed i [24], [25], ad [30]. I some of the sesor etwork models, odes do ot have uique idetities like I i traditioal etworks. However, i order to uiquely idetify the SNs ad perform commuicatio i those eviromets, class-based addressig scheme [3], [32], [33] is used, i which a ode is idetified by a triplet <locatio, ode type, ode subtype>. We also, assume that SNs are orgaized ito clusters with the help of ay proposed clusterig scheme such as [2] ad [4]. We also assume that the BS is a cetral commad authority. It has o resource costrait problem, ad furthermore, it caot be compromised by a attacker. I order to provide protectio of trust values from traffic aalysis or fabricatio durig trasfer from oe ode to aother, we assume a secure commuicatio chael, which ca be established with the help of ay key maagemet scheme [34], [35], [36], [37]. 4 GROU-BASED TRUST MANAGEMENT SCHEME The proposed trust model works with two topologies. Oe is the itragroup topology where distributed trust maagemet is used. The other is itergroup topology where cetralized trust maagemet approach is employed. For the itragroup etwork, each sesor that is a member of the group calculates idividual trust values for all group members. Based o the trust values, a ode assigs oe of the three possible states ) trusted, 2) utrusted, or 3) ucertai to other member odes. This three-state solutio is chose for mathematical simplicity ad is foud to provide appropriate graularity to cover the situatio. After that, each ode forwards the trust state of all the group member odes to the CH. The, cetralized trust maagemet takes over. Based o the trust states of all group members, a CH detects the malicious ode(s) ad forwards a report to the BS. O request, each CH also seds trust values of other CHs to the BS. Oce this iformatio reaches the BS, it assigs oe of the three possible states to the whole group. O request, the BS will forward the curret state of a specific group to the CHs. Our group-based trust model works i three phases ) Trust calculatio at the ode level, 2) trust calculatio at the cluster-head level, ad 3) trust calculatio at the BS level. 4. Trust Calculatio at the Node Level At the ode level, a trust value is calculated usig either time-based past iteractio or peer recommedatios. Wheever a ode y wats to commuicate with ode x, it first checks whether y has ay past experiece of commuicatio with x durig a specific time iterval or ot. If yes, the ode x makes a decisio based o past iteractio experiece, ad if ot, the ode x moves for the peer recommedatio method. 4.. Time-Based ast Iteractio Evaluatio Trust calculatio at each ode measures the cofidece i ode reliability. Here, the etwork traffic coditios such as cogestio, delay, ad so forth should ot affect the trust attached to a ode; this meas that the trust calculatio should ot emphasize the timig iformatio of each iteractio too rigidly. Therefore, we itroduce a slidig time widow cocept, which takes relative time ito cosideratio ad reduces the effects of etwork coditios o overall trust calculatio. If real-time commuicatio is a requiremet, as is the case i most real-world applicatios, this timig widow cocept does ot provide ay hidrace whe it comes to real-time delivery of packets. The commuicatio protocol i such applicatios is always accompaied with time stamps, ad thus ay ode that delays the delivery of packets by takig advatage of the slidig timig widow will be detected straightforwardly. The timig widow ðtþ is used to measure the umber of successful ad usuccessful iteractios. It cosists of several time uits. The iteractios that occur i each time uit withi the timig widow are recorded. After a uit of time elapses, the widow slides oe time uit to the right, thereby droppig the iteractios doe durig the first uit. Thus, as time progresses, the widow forgets the experieces of oe uit but adds the experieces of the ewer time uit. The widow legth could be made shorter or loger based o etwork aalysis scearios. A sample sceario of the GTMS time widow scheme is illustrated i Fig.. The time widow t cosists of five uits. Durig the first uit of t, the umber of successful ad usuccessful iteractios is 4 ad 2, respectively, ad durig the whole t iterval, the umber of successful ad usuccessful iteractios is 29 ad 5, respectively. After the passage of the first uit, the ew time iterval t 2 drops the iteractio values that took place durig the very first uit of t ðs ¼ 4;U ¼ 2Þ ad oly cosider the values of the last four uits of t plus values of oe recet uit added o the right ðs ¼ 6;U ¼ 2Þ. With this time widow iformatio, the time-based past iteractio trust value ðt x;y Þ of ode y at ode x that lies betwee 0 ad 00 is defied as Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 70 Fig.. Slidig time widow scheme of GTMS. S x;y T x;y ¼ 00 S x;y þ U x;y S x;y þ " # 00ðS x;y Þ 2 ¼ ; ðs x;y þ U x;y ÞðS x;y þ Þ where ½Š is the earest iteger fuctio, S x;y is the total umber of successful iteractios of ode x with y durig time t, U x;y is the total umber of usuccessful iteractios of ode x with y durig time t. The expressio ð S Þ x;yþ i () approaches rapidly with a icrease i the umber of successful iteractios. We choose this fuctio istead of a liear fuctio sice such a fuctio would approach very slowly to with the icrease i successful iteractios; hece, it would take cosiderably loger time for a ode to icrease its trust value for aother ode. I order to balace this icrease i the trust value with the icreasig umber of usuccessful iteractios, we multiply the expressio with S the factor ð x;y S x;yþu x;y Þ, which idicates the percetage of successful iteractios amog the total iteractios. Thus, this equatio has a built-i capability of dimiishig the effects of a few wrog declaratios of iteractios that may be caused by ay etwork traffic problems. Fig. 2 shows the behavior of time-based past iteractios trust values agaist successful ad usuccessful iteractios. Whe we do ot get eve a sigle successful iteractio, the trust value remais 0. With a icrease i successful iteractios, the trust value icreases but stays humble if the umber of usuccessful iteractios is also cosiderably high. For example, with 60 usuccessful ad 50 successful iteractios, the trust value is 45. After calculatig the trust value, a ode will quatize trust ito three states as follows 8 9 < trusted 00 f T x;y 00 = MpðT x;y Þ¼ ucertai 50 g T x;y < 00 f ; ; ð2þ utrusted 0 T x;y < 50 g where f represets half of the average values of all trusted odes, ad g represets oe third of the average values of all utrusted odes. The usage of half ad oe third of average values i evaluatio directly affects the resiliecy of Fig. 2. Time-based past iteractio evaluatio. ðþ Fig. 3. Adaptive trust boudaries creatio. a ode, which is discussed i Sectio 5.. Both f ad g are calculated as follows 8 < i2rx Tx;i f jþ ¼ 2 jr xj 0 < jr x j ; ð3þ jr x j¼0; 8 < g jþ ¼ 3 f j i2mx Tx;i jm xj g j 0 < jm x j ; jm x j¼0; where ½Š is the earest iteger fuctio, R x represets the set of trustful odes for ode x, M x represets the set of utrustful odes for ode x, ad is the total umber of odes that cotais trustful, utrustful, ad ucertai odes. At start-up, the trust values of all odes are 50, which is a ucertai state. Iitially, f ad g are equal to 25 ad 7, respectively, although other values could also be used by keepig the followig costrait itact f i g i, which is ecessary for keepig the ucertai zoe betwee trusted ad utrusted zoes. The values of f ad g are adaptive. Durig the steady-state operatio, these values ca chage with every passig uit of time, which creates dyamic trust boudaries as show i Fig. 3. At ay stage, whe jr x j or jm x j becomes zero, the the value of f jþ or g jþ remais the same as the previous values (f j ad g j ). The odes whose values are above 00 f will be declared as trustful odes (2), ad odes whose values are lower tha 50 g will be cosidered as utrusted odes (2). After each passage of time, t, odes will recalculate the values of f ad g. This trust calculatio procedure will cotiue i this fashio. 4..2 eer Recommedatio Evaluatio Let a group be composed of uiquely idetified odes. Furthermore, each ode maitais a trust value for all other odes. Wheever a ode requires peer recommedatio, it will sed a request to all member odes except for the utrusted oes. Let us assume that j odes are trusted or ucertai i a group. The, ode x calculates the trust value of ode y as follows T x;y ¼ i2r x [C x T x;i T i;y 00 j ð4þ ; j ¼jR x [ C x j 2; ð5þ where ½Š is the earest iteger fuctio, T x;i is the trust value of the recommeder, ad T i;y is the trust value of ode y set by ode i. Here, T x;i is actig as a weighted value of the recommeder that is multiplied with the Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
702 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 trust value T i;y, set by the recommeder, such that the trust value of ode y should ot icrease beyod the trust value betwee ode x ad the recommeder ode i. 4.2 Trust Calculatio at the Cluster-Head Level Here, we assume that the CH is the SN that has higher computatioal power ad memory as compared to other SNs. 4.2. Trust State Calculatio of Ow Group I order to calculate the global trust value of odes i a group, CH asks the odes for their trust states of other members i the group. We use the trust states istead of the exact trust values due to two reasos. First, the commuicatio overhead would be less as oly a simple state is to be forwarded to the CH. Secod, the trust boudaries of a idividual ode vary from other odes. A particular trust value might be i a trusted zoe for oe ode, whereas it may oly correspod to the ucertai zoe for aother ode. Hece, the calculatio of the global trust state of odes i a group would be more feasible ad efficiet if we oly calculate it usig the trust states. Let us suppose there are þ odes i the group icludig the CH. The CH will periodically broadcast the request packet withi the group. I respose, all group member odes forward their trust states, s, of other member odes to the CH. The variable, s, ca take three possible states trusted, ucertai, ad utrusted. The CH will maitai these trust states i a matrix form, as show below 2 3 s ch; s ;ch s ; s ch;2 s ;2 s ;2 TM ch ¼ 6....... 7 4. 5 ; s ch; s ; s ; where TM ch represets the trust state matrix of cluster head ch, ad s ch; represets the state of ode at cluster head ch. The CH assigs a global trust state to a ode based o the relative differece i trust states for that ode. We emulate this relative differece through a stadard ormal distributio. Therefore, the CH will defie a radom variable X such that 8 < 2 whe s i;j ¼ trusted; Xðs i;j Þ¼ whe s i;j ¼ ucertai; ð6þ 0 whe s i;j ¼ utrusted Assumig this to be a uiform radom variable, we defie the sum of m such radom variables as S m. The behavior of S m will be that of a ormal variable due to the cetral limit theorem [38]. The expected valuep of ffiffiffiffiffiffiffiffiffi this radom variable is m ad the stadard deviatio is m=3. The CH defies the followig stadard ormal radom variable for a ode j pffiffiffi 3 Xðsch;j Þþ m i¼;i6¼j Xðs i;jþ m Z j ¼ p ffiffiffiffi ð7þ m If Z j 2½ ; Š, the ode j is termed as ucertai, else if Z j >, it is called trusted. If Z j <, it is labeled as utrusted. 4.2.2 Trust Calculatio of Other Groups Durig group-to-group commuicatio, the CH maitais the record of past iteractios of aother group i the same maer as idividual odes keep record of other odes. Trust values of a group are calculated o the basis of either past iteractio or iformatio passed o by the BS. Here, we are ot cosiderig peer recommedatios from other groups i order to save commuicatio cost. Let us suppose CH i wats to calculate the trust value ðt i;j ) of aother cluster j. The, it ca be calculated by usig either timebased past iteractio ði i;j Þ evaluatio or by gettig recommedatio from the BS ðbr i;j Þ as show below ( h i ) 00ðS i;j Þ 2 T i;j ¼ ðs i;jþu i;jþðs i;jþþ if I i;j 6¼ ð8þ BR i;j if I i;j ¼ If the cluster head does ot have ay record of past iteractios withi the time widow, i.e., I i;j ¼, it requests the BS for the trust value. 4.3 Trust Calculatio at Base Statio Level The BS also maitais the record of past iteractios with CHs i the same maer as idividual odes do, as show below " # 00 ðs BS;chi Þ 2 T BS;chi ¼ ; ð9þ S BS;chi þ U BS;chi SBS;chi þ where ½Š is the earest iteger fuctio, S BS;ch is the total umber of successful iteractios of BS with CH durig time t, ad U BS;ch is the total umber of usuccessful iteractios of BS with CH durig time t. Let us suppose there are jgj groups i the etwork. BS periodically multicasts request packets to the CHs. O request, the CHs forward their trust vectors, related to the recommedatios of other groups based upo past iteractios, to BS as give by! T ch ¼ðT ch; ;T ch;2 ;...;T ch;jgj Þ. O receptio of trust vectors from all the CHs, the BS will calculate the trust value of each group i a maer show below T BS;G T BS;Gm 2 3 jgj T BS;chi TGi ;G i¼ ¼ 6 7 4 jgj 5 ;...; 2 jgj i¼ ¼ 6 4 T BS;chi jgj TGi ;G jgj 3 7 5 ; ð0þ where T BS;ch is the trust value of the CH i at the BS, T Gi;G is the trust value of group G at group G i, ad jgj represets the total umber of groups i the etwork. 5 THEORETICAL ANALYSIS AND EVALUATION 5. Security Resiliece Aalysis I this sectio, we aalyze the resiliecy of the GTMS protocol agaist attacks o trust maagemet. We broadly categorize two types of odes good oes ad bad oes. Our assumptio is that good odes iteract successfully most of the time ad submit true recommedatios. O the other had, bad odes try to do as may usuccessful iteractios as possible ad Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 703 sed false recommedatios about good odes. Clearly, this cocept of good ad bad odes is relative. A ode might be a good ode i the view of oe ode, whereas it might be bad for aother. I the followig, we defie this cocept more rigorously, capture the behavior of bad odes, ad model how they might try to get ufair advatage i our trust model. The, we prove our protocol s resiliece agaist such bad behaviors. This aalysis ca be applied straightaway to higher level groups i a modular way. We begi with the otio of bad behavior ad ufair advatage. Both of these attributes defie a malicious ode. The goal of a malicious ode while iteractig with other odes is to do as may usuccessful iteractios as possible while keepig the followig objectives itact. obtai a higher trust value for itself tha the actual calculated trust value; more importatly, to get ito the trusted zoe whe its rightful place is i the ucertai or utrusted zoe,. decrease the trust value of a good ode if possible, ad. icrease the trust value of a collaboratig bad ode if possible. After defiig a malicious ode s objectives i this way, we ca prove that our trust maagemet scheme at the ode level is resiliet agaist malicious odes if it ca stop the malicious odes from fulfillig their objectives. Apparetly, it is hard to come up with a scheme that ca totally stop such behavior. However, if we ca quatify the limits of such odes, we ca have a certai amout of assurace for our system. This assurace esures that a smart ode, which tries to miimize the umber of successful iteractios with other odes while still beig i the trusted zoe, caot accomplish its goals but withi certai limits. More precisely, the smart ode has to maitai the umber of successful iteractios higher or equal to the umber of usuccessful iteractios, as will be explaied i the followig. 5.. Resiliece Aalysis at Node Level I this sectio, we test the resiliece of our trust model agaist malicious odes. I what follows, we describe the iteractio betwee odes withi a geeric group G i the sesor etwork. Let R i, C i, ad M i deote the set of trusted, ucertai, ad utrusted odes for a ode i. We begi with a defiitio of a malicious ode. Defiitio 5.. A SN m is said to be bad for a ode i if it has iteracted with i at least oce ad U j;m S j;m. Defiitio 5.2. A bad ode m for a ode i is said to have deceived i if s i;m ¼ trusted. Defiitio 5.3. A Trust Maagemet Scheme is said to be resiliet agaist deceptio by a bad ode at the ode level if o bad ode ca deceive aother ode. Claim. Our GTMS is resiliet agaist deceptio by a bad ode at the ode level. roof. Suppose to the cotrary that there exists a bad ode m for a ode i that successfully deceived i. The, accordig to the defiitio U i;m S i;m ad s i;m ¼ trusted. There are three cases. Case. S i;m. This meas that ode m has iteracted with ode i withi the time widow t. Let a deote the real umber U i;m =S i;m. So, a. Now, sice s i;m ¼ trusted, therefore at the time of the last iteractio, the trust calculatio was doe usig the past iteractio evaluatio. Assume first that R i 6¼. The, k2r 00 i T i;k <T i;m 2jR i j Sice i has previously iteracted with ode m withi the time widow i the past, we have S i;m T i;m ¼ 00 S i;m þ U i;m S i;m þ ¼ 00 a þ 00 ða þ ÞðS i;m þ Þ This implies that k2r 00 i T i;k < 00 2jR i j a þ 00 ða þ ÞðS i;m þ Þ ) 00 < k2r i T i;k 2jR i j a þ þ ða þ ÞðS i;m þ Þ 00jR ij 2jR i j The last iequality is true sice all the T i;k s are withi the trusted zoe. We obtai 2 < a þ ða þ ÞðS i;m þ Þ Sice a, this gives us ðs i;mþþ < 0, which is obviously impossible. If R i ¼, the we have 75 <T i;m ¼ 00 a þ 00 ða þ ÞðS i;m þ Þ ; which agai leads to the cotradictio ðs i;m þþ < 0. Case 2. S i;m ¼ 0. We ow cosider U i;m. Let t deote the first of these usuccessful iteractios withi the time widow t. For the secod iteractio request withi the time widow t, i must have calculated the trust value for m as S i;m T i;m ¼ 00 S i;m þ U i;m S i;m þ ¼ 00 0 0 þ 0 þ ¼ 0 However, this is a cotradictio, sice the lower boud for the trusted zoe is always higher tha 0. This proves the claim. Case 3. S i;m ¼ 0, U i;m ¼ 0. This meas that ode m has o iteractio with ode i at all withi the time widow t. I that case, ode m will rely o the recommedatio of trusted peers. tu Defiitio 5.4. A SN m is said to be really bad for a ode i if it has iteracted with i at least oce ad U i;m 2S i;m. Defiitio 5.5. A really bad ode m for a ode i is said to have deceived i if s j;m ¼ ucertai. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
704 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 Defiitio 5.6. A Trust Maagemet Scheme is said to be resiliet agaist deceptio by a really bad ode at the ode level if o really bad ode ca deceive aother ode. Claim 2. Our GTMS is resiliet agaist deceptio by a really bad ode at the ode level. roof. Suppose to the cotrary that there exists a really bad ode m for a ode i that deceived i. The, accordig to the defiitio U i;m 2S i;m ad s i;m ¼ ucertai. We cosider the three separate cases. Case. S i;m. This meas that ode m has iteracted with ode i withi the time widow t. Let a deote the real umber U i;m =2S i;m. So, a. Now, sice s i;m ¼ ucertai, therefore at the time of the last iteractio, the trust calculatio was doe usig the past iteractio evaluatio. First, assume that M i 6¼, the 50 k2m i T i;k <T i;m 3jM i j Sice i has previously iteracted with ode m withi the time widow i the past, we have S i;m T i;m ¼ 00 S i;m þ U i;m S i;m þ ¼ 00 2a þ 00 ð2a þ ÞðS i;m þ Þ This implies that k2m 50 i T i;k < 00 3jM i j 2a þ 00 ð2a þ ÞðS i;m þ Þ ) 50 2 < 2a þ þ 2 ð2a þ ÞðS i;m þ Þ k2m i T i;k 50jM ij 3jM i j 3jM i j The last iequality is true sice all the T i;k s are withi the utrusted zoe. We obtai 3 < 2a þ ð2a þ ÞðS i;m þ Þ Sice a, this gives us ðs i;m þþ < 0, which is agai impossible. If M i ¼, the we have 00 3 <T i;m ¼ 00 a þ 00 ða þ ÞðS i;m þ Þ ; which agai leads to the cotradictio ðs i;m þþ < 0. Case 2. S i;m ¼ 0. We ow cosider U i;m. Let t deote the first of these usuccessful iteractios withi the time widow t. For the secod iteractio request withi the time widow, i must have calculated the trust value for m as S i;m T i;m ¼ 00 S i;m þ U i;m S i;m þ ¼ 00 0 0 þ 0 þ ¼ 0 However, this is a cotradictio, sice the lower boud for the ucertai zoe is always higher tha 0. This proves the claim. Case 3 S i;m ¼ 0, U i;m ¼ 0. The same as Case 3 of Claim. tu The above two claims are proved uder the costraits that the trust value lies betwee 0 ad 00. For a variable upper limit of trust value, the claims still hold. Let T u be the variable deotig the upper limit of trust value. Notice that the formula for time-based past iteractio will chage accordigly with the umeric value 00 replaced by T u i (). Let us also give geeric limits for the iitial value of the fuctio f as f u, which i the above was fixed at 25, ad for the iitial value of ucertai zoe as R u, which was previously fixed at 50. Assig a value of g u to the iitial value of g, which is ow fixed at 7. I both Claims ad 2, Cases 2 ad 3 obviously still hold. For Case, it is ot hard to see that the claims hold with certai restrictios o T u, f u, R u, ad g u. Let us first look at Case of Claim For R i 6¼, there are o costraits as T u would cacel o both sides whe replaced by the quatity 00 o both sides. For R i ¼, we obtai T u f u <T u a þ ða þ ÞðS i;m þ Þ ) f u T u < a þ ða þ ÞðS i;m þ Þ Carryig with the same argumet as i the claim, we get that for the cotradictio S i;m þ < 0 to hold we should have that fu T u < 2, i.e., f u < Tu 2. I other words, f u should be fixed at less tha half the value of T u. Movig o to Case of Claim 2, first suppose that M i 6¼. We have that R u T u 2a þ < R u ð2a þ ÞðS i;m þ Þ 3 Now, for the cotradictio S i;mþ < 0 to hold with a, after some algebraic maipulatio we reach that R u Tu 2.I other words, R u should be at least half the value of T u. For M i ¼, we have that R u g u <T u 2a þ ð2a þ ÞðS i;m þ Þ Oce agai, sice a, we get after solvig the iequalities that S i;mþ < 0 will hold if the followig coditio is met g u R u T u 3. I other words, the upper limit of the utrusted zoe should always be greater or equal to oe third the value of T u. By dishoest behavior, we mea a ode providig false iformatio about aother ode. Notice that this iformatio might be a higher trust value or a lower trust value tha the actual trust value. We assume that all good odes for a particular ode will always remai hoest, whereas bad odes for a ode might show dishoest behavior. A trust calculatio method is said to be resiliet agaist dishoest behavior if by simulatig the bad ad dishoest odes i the algorithm by bad but hoest odes we get the same trust value. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 705 Defiitio 5.7. A set of bad odes B i for a ode i is said to have successfully cheated i, if for a ode j, the trust calculatio algorithm A for j o o A Tx;j 0 jx 2 B i ; Ty;j 0 jy 2 B0 i 6¼ A ft x;j jx 2 C i g; T y;j jy 2 B 0 i ; where C i is a set i which every bad ode i B i is replaced by a hoest but bad ode. Claim 3. Our GTMS is resiliet agaist cheatig at the ode level. roof. The proof is straightforward. The oly poit i our protocol where we eed the trust values from the other odes while calculatig the trust value of a ode is durig peer recommedatio. However, sice we do ot ask the recommedatio from the bad odes or the really bad odes, therefore o o A Ti;y 0 jy 2 B0 i ¼ A Ti;y 0 jy 2 B0 i ; as we assumed that the good odes would always behave hoestly. tu I the aforemetioed text, we have attributed dishoest behavior (sedig false recommedatio values) to bad or really bad odes for a particular ode, say i. There might be odes that are good odes for i yet at the same time bad or really bad odes for a ode j. Wheever i wishes to fid recommedatios for j, this set of odes might sed false recommedatios to i. Goig further, we ca eve associate dishoest behavior to good odes as well. If the umber of such dishoest odes is far less as compared to the hoest oes, the effect of these false recommedatios o the overall trust value as calculated by (5) would be miimum. However, a collaboratio of a greater umber of odes will affect the trust value to a greater degree. This is true sice (5) has the form of a weighted average measure. Thus, (5) has a slight built-i capability of dimiishig the effect of abormal recommedatios. As we will see i the ext sectios, similar is true for trust calculatio at the BS level. There is aother iterestig way i which a collaboratio of odes might work together i achievig a malicious goal. Suppose we have odes i, j, ad k. Node j is withi i s radio rage, while ode k is ot. k, however, is i the radio rage of j. i seds a data packet to j, which i tur seds the data packet to k. Ifk drops the packet, j should cout that as a usuccessful iteractio. However, if j ad k are collaboratig, whereby j does ot cout it as a usuccessful iteractio, the there is o way that i would be able to detect it. Thus, i might cotiue to sed packets to j, which i tur would sed them to k, oly to be dropped by it. This, however, ca be resolved if i seds its packets uiformly at radom to all its trusted eighborig odes tur by tur. This way, i will ot sed every packet to the two collaboratig odes ad much of its packets will be forwarded successfully provided there is ot a high percetage of collaboratig odes amog its eighbors. This will prohibit the above-metioed sceario from reoccurrig every time. 5..2 Resiliece Aalysis at Cluster Head Level At the CH, the trust value is calculated by gettig the trust states of all odes. At this stage of the protocol, we check the behavior of a collaboratio of really bad odes. We assume that i a group with þ odes icludig the cluster head, the umber of really bad odes are less tha or equal to b=2c. These really bad odes are really bad for all other odes i the group. Defiitio 5.8. A set of really bad odes ðmalþ are said to be collaboratig with each other if they provide false trust states of a particular ode to the cluster head. Defiitio 5.9. A collaboratio of really bad odes is successful agaist a ode j 62 mal, if the followig coditios hold. 8i 62 mal, s i;j ¼ trusted, 2. Z j <. Defiitio 5.0. A collaboratio of really bad odes is successful iterally for a ode m 2 mal, if the followig coditios hold. 8i 62 mal, s i;m ¼ utrusted, 2. Z m >. Claim 4. A set of really bad odes caot collaborate successfully agaist a ode j 62 mal ad iterally for a ode m 2 mal. roof. We have pffiffi 3 Xðsch;j Þþ i¼;i6¼j Xðs i;jþ Z j ¼ p ffiffiffi Now, i62mal X i;j 2b=2c. Therefore, pffiffiffi 3 ð Þ Z j pffiffiffi 0 This shows that the cluster head will ot label this ode as a utrusted ode. For part 2, otice that i2mal;i6¼m X i;m 2ðb=2c Þ 2. Sice 8i 62 mal; s i;m ¼ utrusted, therefore pffiffiffi pffiffiffi 3 ð 2 Þ 2 3 Z m pffiffiffi p ffiffiffi < 0 This implies that bad odes would ever make it to the trusted zoe at the cluster head. tu Defiitio 5.. A group is said to be malicious if durig its course of iteractios with the other group the majority of iteractios are usuccessful. We will deote a malicious group by G m. Let G deote the set of odes i a geeric group iside the sesor etwork. Defiitio 5.2. A malicious group G m is said to have successfully deceived a group G j, if for all groups G i 2 G G m, s Gi;G m ¼ trusted ad there exists at least oe G j 2 G G m, such that U Gi;G m S Gi;G m ad at least oe of U Gi ;G m ad S Gi ;G m is ozero. Defiitio 5.3. A Trust Maagemet Scheme is said to be resiliet agaist deceptio at group level if o group ca successfully deceive aother group. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
706 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 Claim 5. Our GTMS is resiliet agaist deceptio at group level. roof. Similar to Claim. tu Defiitio 5.4. A malicious group G m is said to have partially deceived a group G j, if for all groups G i 2 G G m, s Gi;G m ¼ ucertai ad there exists at least oe G j 2 G G m, such that U Gi;G m 2S Gi;G m ad at least oe of U Gi;G m ad S Gi;G m is ozero. Defiitio 5.5. A Trust Maagemet Scheme is said to be resiliet agaist partial deceptio at group level if o group ca partially deceive aother group. Claim 6. Our GTMS is resiliet agaist partial deceptio at group level. roof. Similar to Claim 2. tu 5..3 Resiliece Aalysis at Base Statio Level At the BS, the trust values of various groups are calculated. There ca be three possible ways i which a particular group could cheat or try to get a ufair advatage. First, it might try to icrease its ow trust value eve though it has ot behaved well i the past. This caot be doe, as the BS asks other groups for their recommedatios ad its ow past iteractio records. Hece, the group whose trust value is beig calculated has o say i this computatio. The secod sceario deals with oe or more group odes collaboratig to harm the trust calculatio of a particular group by submittig low but false recommedatios for that group. Fially, these collaboratig odes might try to ehace each other s trust values at BS by givig high but false recommedatios to the BS. We assume that the oly group that will show dishoest behavior is this set of really bad groups. Defiitio 5.6. A set of bad groups B i for the BS is said to have successfully cheated, if for a group j, the trust calculatio algorithm A for j has the followig property o o A Tx;j 0 jx 2 B i ; Ty;j 0 jy 2 B0 i 6¼ A ft x;j jx 2 C i g; T y;j jy 2 B 0 i ; where C i is the set obtaied by replacig every bad ad dishoest group i B i with a bad but hoest group. Claim 7. Our GTMS is resiliet agaist cheatig at the BS. roof. The proof is straightforward. The oly place i our protocol where we eed the trust values from the other odes while calculatig the trust value of a ode is durig peer recommedatio. However, sice the BS does ot ask the recommedatio from the bad groups, therefore o o A Ti;y 0 jy 2 B0 i ¼ A Ti;y 0 jy 2 B0 i ut 5.2 Commuicatio Overhead We assume a worst case sceario, i which every member ode wats to commuicate with every other ode i the group ad every group wats to commuicate with the rest TABLE Commuicatio Overhead i Worst Case of the groups i the etwork. Let us assume that the etwork cosists of jgj groups ad the average size of groups is. I the itragroup commuicatio case, whe ode i wats to iteract with ode j, ode i will sed maximum 2 peer recommedatio requests. I respose, ode i will receive 2 resposes. If ode i wats to iteract with all the odes i the group, the maximum commuicatio overhead will be 2ð Þð 2Þ. If all odes wat to commuicate with each other, the maximum itragroup commuicatio overhead ðc itra Þ of the GTMS is 2ð Þð 2Þ. I the itergroup commuicatio case, whe group i wats to iteract with group j, it will sed oe peer recommedatio request to the BS, at the maximum. So, the commuicatio overhead is two packets. If group i wats to commuicate with all the groups, the the maximum commuicatio overhead will be 2jGj packets. If all the groups wat to commuicate with each other, the maximum itergroup commuicatio overhead ðc iter Þ of the GTMS is 2jGjðjGj Þ. Therefore, the maximum commuicatio overhead ðcþ itroduced by the GTMS i the etwork is C ¼jGjC itra þ C iter C ¼jGj½2ð Þð 2ÞŠþ2jGjðjGj Þ C ¼ 2jGj½ð Þð 2ÞþðjGj ÞŠ ðþ I geeral, commuicatio overhead itroduced by the GTMS i the whole etwork is C ¼ 2jGj½ð Þ þðjgj ÞŠ; ð2þ where represets the average umber of recommeder odes i the group. Commuicatio overhead of other schemes is show i Table. More details about the RFSN scheme, ATRM scheme, ad LUS are give i Appedix A.. 5.2. Compariso Fig. 4 shows the commuicatio overhead of various trust maagemet schemes for a large-scale WSN (0,000 odes) havig equal size of clusters. It shows that as the umber of cluster icreases i the etwork the GTMS itroduces less commuicatio overhead as compared to the other schemes. Also, it idicates that GTMS is suitable for largescale WSNs havig small size of clusters. The importat thig that we eed to ote here about the ATRM scheme is that it shows the result of just oe trasactio of each ode. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 707 TABLE 3 Group Trust Database at Cluster Head Fig. 4. Commuicatio overhead Number of odes ¼ 0; 000. For example, whe ode i wats to commuicate with ode j they first exchage four packets. Oce the trasactio is completed ad ode i wats to iitiate aother trasactio with j, the the trust will be computed agai. So, the commuicatio overhead of the ATRM scheme will icrease with the factor of four with every trasactio. Whereas for the case of the GTMS, after completio of the first trasactio, whe ode i wats to start aother trasactio with j, o extra commuicatio overhead will occur because ode i will calculate the trust based o the history of past trasactio(s). 5.3 Memory Cosumptio Aalysis Oe of the critical costraits of SNs is less availability of memory. For example, MICA2 SN has 28-Kbyte program flash memory, 52-Kbyte measuremet flash, ad 4-Kbyte EEROM [39]. Our GTMS does coform to this lowmemory demad as discussed below. 5.3. Memory Requiremet of GTMS at Node Level Each ode maitais a small trust database as show i Table 2. The size of each record is 4 þ 4t bytes, where t represets the size of the time widow. Therefore, memory requiremet for GTMS at each SN is ð Þð4 þ 4tÞ bytes, where represets the umber of odes i a group. The size of the trust table depeds upo the size of the cluster ad the legth of time widow. 5.3.2 Memory Requiremet of GTMS at Cluster Head Level Each CH maitais two tables; oe is similar to a idividual SN s trust table, ad i the secod, CH maitais the trust values of other groups as show i Table 3. The size of each record is 4 þ 4t bytes. Therefore, the total size of Table 3 is ðjgj Þð4 þ 4tÞ bytes, where jgj represets the umber of groups i the etwork. The total memory space required at the CH for both tables is ðjgjþ 2Þð4 þ 4tÞ bytes. Here, represets the average umber of odes i the group. 5.3.3 Compariso I the simulatio, we assumed that all clusters are of equal size. We set the time widow t equal to 5. So, the size of trust record is 24 bytes. We have compared our scheme with the RFSN scheme [24], ATRM scheme [25], ad LUS [26] for the same clusterig topology. Memory requiremet of these schemes is give i Table 4, i which represets the umber of odes i the group, N represets the total umber of odes i the etwork, ad k represets the umber of cotext. Details about how the memory requiremets of the RFSN scheme, ATRM scheme, ad LUS are calculated are give i Appedix A.2. Results i Fig. 5 are for 00 SNs. This graph shows that GTMS at SNs ad CHs cosumes less memory as compared to the ATRM scheme, LUS, ad RFSN scheme. Memory cosumptio of GTMS at the CH depeds upo the umber of clusters i the etwork. As the umber of clusters icreases, the memory cosumptio requiremet also icreases liearly at the CH. For example, if the etwork cosists of 00 clusters with a average size of 20 odes, the at the CH, GTMS cosumes 2,832 bytes of memory. This shows that GTMS ca be used for large-scale sesor etworks. 6 SIMULATION-BASED ANALYSIS AND EVALUATION 6. Simulatio Eviromet We have performed simulatio usig Sesor Network Simulator ad Emulator (SENSE) [40]. We have deployed three differet sized sesor etworks cosistig of 44, 225, ad 324 SNs. More details about these etworks are available i Table 5. Nodes are static ad are orgaized i a grid fashio. The first, secod, ad third etworks are comprised of 6, 25, ad 36 clusters, respectively. These TABLE 2 Trust Database at SN TABLE 4 Memory Requiremet of Trust Maagemet Schemes Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
708 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 Fig. 6. SN architecture. The objective of the TEx protocol is to exchage the trust values betwee commuicatig odes i a efficiet maer. SN architecture based o SENSE [40] is show i Fig. 6, which shows the iteractios betwee GTMS, TEx, ad other compoets. The rest of the specificatios of a SN is defied i Table 6. Fig. 5. Memory requiremet N ¼ 00 ad t ¼ 5 uits. (a) At SN. (b) At cluster head. umbers are chose to make all clusters i equal size of ie odes. Each etwork comprises of oe BS that is located at the middle of the correspodig terrai. I all three etworks, we used free space wireless chael, IEEE 802. MAC protocol, ad a simplified versio of DSR routig protocol (without route repairig). At the applicatio layer, we have developed our ow geeric ad simple Trust Exchage rotocol (TEx) that cosists of six fields. SourceID cotais the idetity of the source ode. 2. DestID cotais the idetity of the destiatio ode. 3. rotocol ID represets the idetity of the trust maagemet protocol, e.g., GTMS, RFSN, ad so forth. 4. Type is used to idetify the type of the packet such as request packet, respose packet, ackowledgmet packet, ad so forth. 5. ayload field is of variable size cotaiig the data specific to the type ad protocol, such as trust value, idetity of evaluatig ode, ad so forth. 6. SedT cotais the sedig time of the packet. 6.2 Compariso For the purpose of compariso, we have implemeted a peer recommedatio sceario. Durig simulatio, i each cluster, radom umber of source odes are selected, which perform peer recommedatio with the other odes. Also, each cluster head will perform peer recommedatio with eighborig cluster heads oly. I the simulatio, we have oly compared our proposed GTMS with the RFSN scheme because both are idepedet of ay specific routig scheme ad platform. We did ot implemet the ATRM scheme because it requires some specific aget-based platform. Also, we did ot implemet LUS because it works o the top of its ow defied routig protocol. Commuicatio overhead for the three differet etworks is show i Fig. 7, which cofirms our coclusios from the theoretical aalysis. Fig. 7a shows that the GTMS itroduces less commuicatio overhead as compared to the RFSN scheme, ad this patter (overhead differece) approximately remais the same for all 00 simulatio rus. Therefore, we coclude that the 00 simulatio rus ca give us reliable results. Fig. 7b shows that, as the etwork size icreases, the commuicatio overhead differece betwee the GTMS ad RFSN scheme also icreases. It shows that the GTMS would itroduce 4.6 percet, 5.7 percet, ad 7. percet less commuicatio overhead TABLE 6 SN s Specificatios TABLE 5 Sesor Network s Specificatios Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 709 Fig. 8. Average eergy cosumptio at each ode (00 simulatios). Fig. 7. Average commuicatio overhead aalysis (00 simulatios). (a) Commuicatio overhead. (b) Average commuicatio overhead. as compared to the RFSN scheme for the etwork of 44, 225, ad 324 odes, respectively. Commuicatio overhead also affects the eergy cosumptio of the SNs. That effect is visible i Fig. 8, which shows that GTMS also cosume less eergy as compared to the RFSN scheme. 7 CONCLUSION AND FUTURE DIRECTIONS With the emergece of widespread use of WSNs, the eed of a proper trust maagemet scheme is strogly felt. I this work, we have proposed a robust lightweight GTMS for clustered WSNs. GTMS uses a hybrid trust maagemet approach, which reduces the cost of trust evaluatio. We showed that our scheme is memory efficiet ad cosumes less commuicatio overhead. We also proved that the GTMS is itrusio tolerat ad provides protectio agaist malicious, selfish, ad faulty odes. I may applicatio scearios [4], [42], SN idetities should remai hidde for achievig idetity aoymity. So, the challegig problem is how to establish ad maitai trust betwee commuicatig odes i a idetity aoymous eviromet. This motivates future work. AENDIX A A. Commuicatio Overhead A.. RFSN Whe ode i wats to iteract with ode j, it will sed 2 peer recommedatio requests at the maximum. I respose, ode i will receive 2 resposes. If ode i wat to iteract with all the odes i the group, the the maximum commuicatio overhead will be 2ð Þð 2Þ. If all the odes wat to commuicate with each other, the maximum itragroup commuicatio overhead ðc itra Þ will be 2ð Þð 2Þ. Whe the CH of group i wats to iteract with the CH of group j, it will sed jgj 2 peer recommedatio requests at the most. So, the commuicatio overhead will be 2ðjGj 2Þ. If group i wats to commuicate with all the groups, the the maximum commuicatio overhead will be 2ðjGj ÞðjGj 2Þ. If all the groups wat to commuicate with each other, the the maximum itergroup commuicatio overhead ðc iter Þ will be 2jGjðjGj ÞðjGj 2Þ. Therefore, i the worst case, the maximum commuicatio overhead ðcþ itroduced by the RFSN scheme i the whole etwork is C ¼jGjC itra þ C iter C ¼jGj½2ð Þð 2ÞŠþ 2jGjðjGj ÞðjGj 2Þ C ¼ 2jGj½ð Þð 2ÞþðjGj ÞðjGj 2ÞŠ; where represets the average umber of odes i the group, ad jgj represets the total umber of groups i the etwork. A..2 LUS If ode i wats to iteract with aother ode j, the it will broadcast a request packet. I respose, i will get 2 resposes. So, the commuicatio overhead will be þð 2Þ. If ode i wats to commuicate with all the odes i the group, the commuicatio overhead will be ð Þþð Þð 2Þ. If all the odes wat to commuicate with each other, the the total itragroup commuicatio overhead ðc itra Þ will be ð Þþð Þð 2Þ ¼ð Þ 2. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
70 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 Each ode i the group ca also exchage atiactive protocol, whose commuicatio cost is the same as gettig recommedatio from other odes. So, i the worst case, the total itragroup commuicatio overhead ðc itra Þ will be 2ð Þ 2. If group i wats to iteract with aother group j, the group i will broadcast a request packet. I respose, it will get o more tha jgj 2 resposes. So, the commuicatio overhead will be þðjgj 2Þ. If group i wats to commuicate with all the groups, the maximum commuicatio overhead will be ðjgj ÞþðjGj ÞðjGj 2Þ. If all the groups wat to commuicate with each other, the total itergroup commuicatio overhead ðc iter Þ will be C iter ¼jGjðjGj ÞþjGjðjGj ÞðjGj 2Þ C iter ¼jGjðjGj Þ½þðjGj 2ÞŠ ¼jGjðjGj Þ 2 If we add the commuicatio overhead of atiactive protocol, the the maximum commuicatio overhead for itergroup ðc iter Þ will be 2jGjðjGj Þ 2. Therefore, i the worst case, the maximum commuicatio overhead ðcþ itroduced by LUS i the whole etwork is C ¼jGjC itra þ C iter ¼jGj2ð Þ 2 þ 2jGjðjGj Þ 2 h i C ¼ 2jGj ð Þ 2 þðjgj Þ 2 A..3 ATRM Each ode eeds to exchage four packets i order to compute the trust. If a ode i wats to commuicate with all the odes i the group, the the commuicatio overhead will be 4ð Þ. If all the odes wat to commuicate with each other, the the total commuicatio overhead ðc itra Þ will be 4ð Þ. Similarly, if all groups wat to commuicate with each other, the itergroup commuicatio ðc iter Þ will be 4jGjðjGj Þ. Therefore, i the worst case, the maximum commuicatio overhead ðcþ itroduced by the ATRM scheme i the whole etwork is C ¼jGjC itra þ C iter ¼jGj4ð Þþ4jGjðjGj Þ C ¼ 4jGj½ð ÞþðjGj ÞŠ A.2 Memory Cosumptio A.2. RFSN Each SN also eeds to store two tables Reputatio Module Matrix (RMM) ad RFSN moitor. RMM cosist of eight parameters Cotext (4 bytes), Agig period (4 bytes), Agig weight (4 bytes), Itegratio weight (4 bytes), Size ( byte), Alpha (4 bytes), Beta (4 bytes), ad Node ID (2 bytes). So, the size of oe record i RMM is 27 bytes. RFSN moitor maitais two parameters Node ID (2 bytes) ad Data readigs (4 bytes). So, the size of oe record of RFSN moitor is 6 bytes. Thus, the total memory required by the RFSN scheme at SN is M SN ¼ sizeðrmmþþsizeðmoitorþ M SN ¼ 27ð Þþ6ð Þ ¼33ð Þ Here, represets the umber of odes i the eighborhood. Let us assume that every CH also maitais the trust value of other CHs i the same maer as odes maitai trust value of other member odes. The, memory requiremet at the CH i the RFSN scheme is M CH ¼ 33ðjGj Þþ33ð Þ ¼33ðjGjþ 2Þ A.2.2 ATRM Each SN stores two tables Trust evaluatio table ðtab eval Þ ad t_istrumet table ðtab istr Þ. The Tab eval table cosists of four parameters Node ID (2 bytes), Trust Cotext (4 bytes), Evaluatio (4 bytes), ad Time stamp (4 bytes). So, the size of each record is 4 bytes. The Tab istr table cosists of five parameters Node ID (2 bytes), Trust cotext (4 bytes), INSTR (4 bytes), Time stamp (4 bytes), ad ACK (2 bytes). So, the size of each record for Tab istr table is 6 bytes. Each SN also stores the r_certificate ðr cert Þ i a memory. The size of certificate varies with respect to the umber of available cotexts. The r_certificate is defied as RC ¼ E AK ðr; HðRÞÞ, where R ¼ ID i, T, ððr ;C Þ; ðr 2 ;C 2 Þ;...; ðr k ;C k ÞÞ. Here, ID represets the idetity of the ode (2 bytes), T represets the time stamp (4 bytes), ad r (4 bytes) represets the reputatio of ode i uder cotext c (4 bytes). So, the size of R is 6 þ 8k. If we assume the MD5 hash fuctio (6 bytes), the the total size of r cert is 22 þ 8k. Thus, the total memory required at the SN is M SN ¼ sizeðtab eval ÞþsizeðTab istr Þþsizeðr certþ M SN ¼ 4ð Þþ6ð Þþð22 þ 8kÞ M SN ¼ 30ð Þþ22 þ 8k ¼ 30 þ 8ðk Þ Let us assume that every CH also maitais the trust value of other CHs i the same maer as odes maitai the trust value of other member odes. CH maitais a sigle r cert that is used for iter- ad itracommuicatios. That is why the size of certificate will be added oce. Thus, i this case, memory requiremet at the CH is M CH ¼ 30ðjGj Þþ30ð Þþ22 þ 8k M CH ¼ 30ðjGjþ 2Þþ22 þ 8k ¼ 30ðjGjþÞþ2ð4k 9Þ A.2.3 LUS I the case of LUS, each SN eeds to store two tables ad seve costat cotext parameters. The first table cosists of ode ID (2 bytes), persoal referece parameters (T or ( bit), T ai ( bit), T ce ( bit), T po (4 bytes), T re (4 bytes), T co (4 bytes)), peer recommedatio value T i (4 bytes), ad fial calculated trust value (4 bytes). So, the size of oe record of the first table is 22.375 bytes. I the secod table, a ode eeds to store iformatio about ode ID (2 bytes), umber of requests set (2 bytes), umber of reply received (2 bytes), umber of packets actually forwarded (2 bytes), ad umber of packets supposed to be forwarded (2 bytes). So, the size of oe record for the secod table is 0 bytes. Each of the cotext parameters ðw cp ;W po ;W re ;W oo ;W av ;W pr ;W r Þ is represeted by 4 bytes. So, the total size required to store cotext parameters is 28 bytes. Thus, the total memory required at the SN is Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
SHAIKH ET AL. GROU-BASED TRUST MANAGEMENT SCHEME FOR CLUSTERED WIRELESS SENSOR NETWORKS 7 M SN ¼ sizeðtableþþsizeðtable2þþcotextarameters M SN ¼ 22375ð Þþ0ð Þþ28 ¼ 32375ð Þþ28 Let us assume that every CH also maitais the trust value of other CHs i the same maer as odes maitai trust values of other member odes. The, i this case, memory requiremet at the CH is M CH ¼ 32375ðjGj Þþ32375ð Þþ28 M CH ¼ 32375ðjGjþ 2Þþ28 ACKNOWLEDGMENTS This research was supported by the MKE (Miistry of Kowledge Ecoomy), Korea, uder the ITRC (Iformatio Techology Research Ceter) support program supervised by the IITA (Istitute of Iformatio Techology Advacemet) (IITA-2009-(C090-0902-0002)) ad was supported by the IT R&D program of MKE/KEIT [003205, Developmet of Realistic Multiverse Game Egie Techology]. This work also was supported by the Brai Korea 2 projects ad Korea Sciece & Egieerig Foudatio (KOSEF) grat fuded by the Korea govermet (MOST) (No. 2008-342). The correspodig author is Sugyoug Lee. REFERENCES [] L.J. Hoffma, K. Lawso-Jekis, ad J. Blum, Trust beyod Security A Expaded Trust Model, Comm. ACM, vol. 49, o. 7, pp. 95-0, July 2006. [2] E. Shi ad A. errig, Desigig Secure Sesor Networks, IEEE Wireless Comm., vol., o. 6, pp. 38-43, 2004. [3] H.S. Ng, M.L. Sim, ad C.M. Ta, Security Issues of Wireless Sesor Networks i Healthcare Applicatios, BT Techology J., vol. 24, o. 2, pp. 38-44, Apr. 2006. [4] A.A. irzada ad C. McDoald, Establishig Trust i ure Ad-Hoc Networks, roc. 27th Australasia Computer Sciece Cof. (ACSC 04), pp. 47-54, Ja. 2004. [5] Y.L. Su, W. Yu, Z. Ha, ad K.J.R. Liu, Iformatio Theoretic Framework of Trust Modelig ad Evaluatio for Ad Hoc Networks, IEEE J. Selected Areas i Comm., vol. 24, o. 2, pp. 305-37, Feb. 2006. [6] R.A. Shaikh, H. Jameel, S. Lee, S. Rajput, ad Y.J. Sog, Trust Maagemet roblem i Distributed Wireless Sesor Networks, roc. 2th IEEE It l Cof. Embedded Real-Time Computig Systems ad Applicatios (RTCSA 06), pp. 4-44, Aug. 2006. [7] M. Momai, S. Challa, ad K. Aboura, Modellig Trust i Wireless Sesor Networks from the Sesor Reliability rospective, Iovative Algorithms ad Techiques i Automatio, Idustrial Electroics ad Telecomm., T.S. et al., ed., pp. 37-32, Spriger, 2007. [8] J.. Walters, Z. Liag, W. Shi, ad V. Chaudhary, Chapter 6 Wireless Sesor Network Security A Survey, Security i Distributed, Grid, ad ervasive Computig, Y. Xiao, ed., pp. 367-40, CRC ress, 2006. [9] Z. Liu, A.W. Joy, ad R.A. Thompso, A Dyamic Trust Model for Mobile Ad Hoc Networks, roc. 0th IEEE It l Workshop Future Treds of Distributed Computig Systems (FTDCS 04), pp. 80-85, May 2004. [0] S. Buchegger ad J.-Y.L. Boudec, Self-olicig Mobile Ad Hoc Networks by Reputatio Systems, IEEE Comm. Magazie, vol. 43, o. 7, pp. 0-07, July 2005. [] T. Gradiso ad M. Sloma, A Survey of Trust i Iteret Applicatios, IEEE Comm. Surveys ad Tutorials, vol. 3, o. 4, 2000. [2] W.B. Heizelma, A.. Chadrakasa, ad H. Balakrisha, A Applicatio-Specific rotocol Architecture for Wireless Microsesor Networks, IEEE Tras. Wireless Comm., vol., o. 4, pp. 660-670, Oct. 2002. [3] S. Lidsey, C. Raghavedra, ad S. Raghavedra, EGASIS ower-efficiet Gatherig i Sesor Iformatio Systems, roc. IEEE Aerospace Cof., vol. 3, pp. 25-30, 2002. [4] A. Majeshwar ad D.. Agrawal, TEEN A Routig rotocol for Ehaced Efficiecy i Wireless Sesor Networks, roc. 5th It l arallel ad Distributed rocessig Symp. (IDS 0), pp. 2009-205, Apr. 200. [5] O. Youis ad S. Fahmy, HEED A Hybrid, Eergy-Efficiet, Distributed Clusterig Approach for Ad-Hoc Sesor Networks, IEEE Tras. Mobile Computig, vol. 3, o. 4, pp. 366-379, Oct. 2004. [6] W. Du, J. Deg, Y.S. Ha, ad.k. Varshey, A Key redistributio Scheme for Sesor Networks Usig Deploymet Kowledge, IEEE Tras. Depedable ad Secure Computig, vol. 3, o., pp. 62-77, Ja.-Mar. 2006. [7] M. Shehab, E. Bertio, ad A. Ghafoor, Efficiet Hierarchical Key Geeratio ad Key Diffusio for Sesor Networks, roc. Secod A. IEEE Cof. Sesor ad Ad Hoc Comm. ad Networks (SECON 05), pp. 97-23, Sept. 2005. [8] S. Badyopadhyay ad E.J. Coyle, Miimizig Commuicatio Costs i Hierarchically-Clustered Networks of Wireless Sesors, Computer Networks, vol. 44, o., pp. -6, 2004. [9] M. Gupta,. Judge, ad M. Ammar, A Reputatio System for eer-to-eer Networks, roc. 3th It l Workshop Network ad Operatig Systems Support for Digital Audio ad Video (NOSSDAV 03), pp. 44-52, Jue 2003. [20] D. Igram, A Evidece Based Architecture for Efficiet, Attack- Resistat Computatioal Trust Dissemiatio i eer-to-eer Networks, roc. Third It l Cof. Trust Maagemet, pp. 273-288, May 2005. [2] L. Xiog ad L. Liu, eer Trust Supportig Reputatio-Based Trust for eer-to-eer Electroic Commuities, IEEE Tras. Kowledge ad Data Eg., vol. 6, o. 7, pp. 843-857, July 2004. [22] G. Theodorakopoulos ad J.S. Baras, O Trust Models ad Trust Evaluatio Metrics for Ad Hoc Networks, IEEE J. Selected Areas i Comm., vol. 24, o. 2, pp. 38-328, Feb. 2006. [23] S. Buchegger ad J.-Y.L. Boudec, A Robust Reputatio System for eer-to-eer ad Mobile Ad-Hoc Networks, roc. Secod Workshop Ecoomics of eer-to-eer Systems (2Eco 04), Jue 2004. [24] S. Gaeriwal ad M.B. Srivastava, Reputatio-Based Framework for High Itegrity Sesor Networks, roc. ACM Workshop Security of Ad Hoc ad Sesor Networks (SASN 04), pp. 66-67, Oct. 2004. [25] A. Boukerche, X. Li, ad K. EL-Khatib, Trust-Based Security for Wireless Ad Hoc ad Sesor Networks, Computer Comm., vol. 30, pp. 243-2427, Sept. 2007. [26] Z. Yao, D. Kim, ad Y. Doh, LUS arameterized ad Localized Trust Maagemet Scheme for Sesor Networks Security, roc. Third IEEE It l Cof. Mobile Ad-Hoc ad Sesor Systems (MASS 06), pp. 437-446, Oct. 2006. [27] K. Liu, N. Abu-Ghazaleh, ad K.-D. Kag, Locatio Verificatio ad Trust Maagemet for Resiliet Geographic Routig, J. arallel ad Distributed Computig, vol. 67, o. 2, pp. 25-228, 2007. [28] H. Che, H. Wu, X. Zhou, ad C. Gao, Reputatio-Based Trust i Wireless Sesor Networks, roc. It l Cof. Multimedia ad Ubiquitous Eg. (MUE 07), pp. 603-607, Apr. 2007. [29] H. Jameel, L.X. Hug, U. Kalim, A. Sajjad, S. Lee, ad Y.-K. Lee, A Trust Model for Ubiquitous Systems Based o Vectors of Trust Values, roc. Third IEEE It l Security i Storage Workshop (SISW 05), pp. 674-679, Dec. 2005. [30] R.A. Shaikh, S. Lee, M.A.U. Kha, ad Y.J. Sog, LSec Lightweight Security rotocol for Distributed Wireless Sesor Network, roc. th IFI It l Cof. ersoal Wireless Comm. (WC 06), pp. 367-377, Sept. 2006. [3] A. Hac, Wireless Sesor Network Desigs. Joh Wiley & Sos, 2003. [32] R. Shah ad J. Rabaey, Eergy Aware Routig for Low Eergy Ad Hoc Sesor Networks, roc. IEEE Wireless Comm. ad Networkig Cof. (WCNC 02), pp. 350-355, 2002. [33] S. Murugaatha, D. Ma, R. Bhasi, ad A. Fapojuwo, A Cetralized Eergy-Efficiet Routig rotocol for Wireless Sesor Networks, IEEE Comm. Magazie, vol. 43, o. 3, pp. 8-3, 2005. [34] A. errig, R. Szewczyk, J.D. Tygar, V. We, ad D.E. Culler, SINS Security rotocols for Sesor Networks, Wireless Networks, vol. 8, o. 5, pp. 52-534, 2002. [35] S. Zhu, S. Setia, ad S. Jajodia, LEA Efficiet Security Mechaisms for Large-Scale Distributed Sesor Networks, roc. 0th ACM Cof. Computer ad Comm. Security (CCS 03), pp. 62-72, 2003. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.
72 IEEE TRANSACTIONS ON ARALLEL AND DISTRIBUTED SYSTEMS, VOL. 20, NO., NOVEMBER 2009 [36] H. Cha, A. errig, ad D. Sog, Radom Key redistributio Schemes for Sesor Networks, roc. IEEE Symp. Security ad rivacy, pp. 97-23, May 2003. [37] C. Karlof, N. Sastry, ad D. Wager, TiySec A Lik Layer Security Architecture for Wireless Sesor Networks, roc. Secod It l Cof. Embedded Networked Sesor Systems (SeSys 04), pp. 62-75, Nov. 2004. [38] H. Tijms, Uderstadig robability Chace Rules i Everyday Life. Cambridge Uiv. ress, 2004. [39] Xbow, mica2 series, http//www.xbow.com, 2008. [40] B.K. Szymaski, SENSE Sesor Network Simulator ad Emulator, http//www.ita.cs.rpi.edu/sese/idex.html, 2008. [4] S. Olariu, Q. Xu, M. Eltoweissy, A. Wadaa, ad A.Y. Zomaya, rotectig the Commuicatio Structure i Sesor Networks, It l J. Distributed Sesor Networks, vol., pp. 87-203, 2005. [42] S. Misra ad G. Xue, Efficiet Aoymity Schemes for Clustered Wireless Sesor Networks, It l J. Sesor Networks, vol., os. / 2, pp. 50-63, 2006. Riaz Ahmed Shaikh received the BS degree i computer egieerig from Sir Syed Uiversity of Egieerig ad Techology (SSUET), Karachi, akista, i 2003 ad the MS degree i iformatio techology from the Natioal Uiversity of Scieces ad Techology (NUST), Rawalpidi, akista, i 2005. He is curretly a hd cadidate i the Departmet of Computer Egieerig, Kyug Hee Uiversity, Suwo, Korea. His research iterests iclude privacy ad security ad trust maagemet. He is a professioal member of the ACM. More iformatio about him is available at http//member.acm.org/riaz289. Hassa Jameel received the BE degree i computer software egieerig from the Natioal Uiversity of Scieces ad Techology (NUST), Rawalpidi, akista, i 2003 ad the MS degree i computer egieerig from Kyug Hee Uiversity, Suwo, Korea, i 2005. He is curretly a hd cadidate i the Departmet of Computer Egieerig, Kyug Hee Uiversity. His research iterests iclude cryptography ad trust maagemet. Bria J. d Auriol received the BSc(CS) ad hd degrees from the Uiversity of New Bruswick i 988 ad 995, respectively. He is curretly with the Departmet of Computer Egieerig, Kyug Hee Uiversity, Suwo, Korea. reviously, he had bee a researcher at the Ohio Supercomputer Ceter, Columbus ad a assistat professor at the Uiversity of Texas, El aso, the Uiversity of Akro, Wright State Uiversity, ad the Uiversity of Maitoba. He has orgaized ad chaired the Iteratioal Coferece o Commuicatios i Computig (CIC) from 2000 to 2008 ad the th Aual Iteratioal Symposium o High erformace Computig Systems (HCS) i 997. His research icludes iformatio ad data visualizatio with specializatio i software, bioiformatics, ad healthcare visualizatios; optical bus parallel computig models, ad recetly, ubiquitous sesor etworks. He is a member of the ACM ad the IEEE Computer Society. Heejo Lee received the BS, MS, ad hd degrees i computer sciece ad egieerig from ohag Uiversity of Sciece ad Techology (OSTECH), ohag, Korea. He is a associate professor i the Divisio of Computer ad Commuicatio Egieerig, Korea Uiversity, Seoul. Before joiig Korea Uiversity, he was a CTO at AhLab from 200 to 2003. From 2000 to 200, he was a postdoctoral fellow i the Departmet of Computer Scieces ad the Ceter for Educatio ad Research i Iformatio Assurace ad Security (CERIAS), urdue Uiversity. He has bee servig as a editor of the Joural of Commuicatios ad Networks sice 2007. He has bee a advisory member of the Korea Iformatio Security Agecy ad Korea Supreme rosecutor s Office. With the support of the Korea govermet, he was workig for costructig the Natioal CERT i the hilippies (2006) ad the cosultatio of Cyber Security i Uzbekista (2007). More iformatio is available at http//ccs.korea.ac.kr. He is a member of the IEEE. Sugyoug Lee received the BS degree from Korea Uiversity, Seoul ad the MS ad hd degrees i computer sciece from Illiois Istitute of Techology (IIT), Chicago, i 987 ad 99, respectively. He has bee a professor i the Departmet of Computer Egieerig, Kyug Hee Uiversity, Suwo, Korea, sice 993. He is a foudig director of the Ubiquitous Computig Laboratory ad has bee a director of the Neo Medical Ubiquitous-Life Care Iformatio Techology Research Ceter, Kyug Hee Uiversity sice 2006. Before joiig Kyug Hee Uiversity, he was a assistat professor i the Departmet of Computer Sciece, Goverors State Uiversity, Uiversity ark, Illiois, from 992 to 993. His curret research focuses o ubiquitous computig ad applicatios, cotext-aware middleware, sesor operatig systems, real-time systems, ad embedded systems. He is a member of the ACM ad the IEEE. Youg-Jae Sog received the BE degree from Iha Uiversity, Icheo, Korea, i 969, the MS degree i computer sciece from Keio Uiversity, Tokyo, i 976, ad the hd degree from Myogji Uiversity, Seoul, i 980. He has bee a professor i the Departmet of Computer Egieerig, Kyug Hee Uiversity, Suwo, Korea, sice 976. His curret research focuses o software egieerig, reverse egieerig, compoet-based software developmet, ad object-based modelig.. For more iformatio o this or ay other computig topic, please visit our Digital Library at www.computer.org/publicatios/dlib. Authorized licesed use limited to KYUNGHEE UNIVERSITY. Dowloaded o November 3, 2009 at 256 from IEEE Xplore. Restrictios apply.