Simple Trust Metric in a Low-Power Sensor Network
aa r X i v : . [ c s . D C ] F e b Simple Trust Metric in a Low-Power SensorNetwork
Svea Wisy
Intelligent SystemsChristian-Albrechts-Universit¨at zu Kiel
Kiel, [email protected]
Abstract —Distributed systems become more and more impor-tant to our life. Especially in areas like Smart Home and theInternet of Things (IoT) reliable low-power sensor networksbecome increasingly important. For ensuring this there are alot of trust metrics. In this paper we compare a model of adistributed low-power sensor network including one root nodeand the corresponding Simple Trust Metric to the requirementsfrom “Representation of Trust and Reputation in Self-ManagedComputing Systems” [1], the Weighted Trust Metric and theWeighted Simple Exponential Smoothing Trust Metric.
Index Terms —End-to-End Trust, Trust, Metric, Trust Metric,Wireless Sensor Network
I. I
NTRODUCTION
Distributed systems have to handle a lot of changes duringtheir run-time. They especially have to deal with maliciousbehaviour and failures. For detecting those the authors Kantertet. al. established two requirements for trust metrics in [1] inthe following named “Reference Article”. They also introducethe Weighted Trust Metric (WTM) and the Weighted SimpleExponential Smoothing Trust Metric (WSES). The same groupof researchers gives a low-power sensor network and the Sim-ple Trust Metric in their research article [2], in the following as“End-to-End Trust”, where the Simple Trust Metric is adjustedto the network’s task.Resulting on reading both the articles we wondered if theSimple Trust Metric in End-to-End Trust fulfils the require-ments made in the Reference Article and how it differs fromthe Weighted Trust Metric and the Weighted ExponentialSmoothing Trust Metric.This paper is organised as follows: Section II introducesas well into the definitions of trust and reputation fromthe Reference Article as into the model of the low-powersensor network from End-to-End Trust. Afterwards, SectionIII defines the three used trust metrics from the literature.Based on Section II and III, Section IV discusses whether themetric from End-to-End Trust fulfils the requirements fromthe definition in Section II and how the Simple Trust Metricdiffers from WTM and WSES. Lastly, Section V concludesthe paper with the results.II. S
CENARIO
To compare the Simple Trust Metric to the requirementsfrom the Reference Article we need to know them as wellas we need to know the definition of reputation and trust in general. Second, we need to know the model from End-to-End Trust to have an even-handed comparison between thedifferent trust metrics.
A. Low-power Sensor Network
The model of End-to-End Trust is a Wireless Sensor Net-work where each sensor is modelled as one node. Becauseof the low-power and little memory of the sensors, there isa root node in the network which can store the sensed dataand is typically connected to the internet. As defined in the“IPv6 Routing Protocol for Low-Power and Lossy Networks”[3] (RPL) the sensed data is sent to the root node, which eitherstores the data or transmits it via the internet to another nodeoutside the network which can process the sensed data.The authors use the option of the RPL, to store the routesused for sending, to periodically send packets from the rootback to the nodes. The route is organised in a DestinationOriented Directed Acyclic Graph (DODAG) [4] which showsthe route a packet took from the node to the root. Followingthis DODAG the authors send packets containing a DODAGInformation Object (DIO) from the root back to the nodes.For improving reliability the authors of End-to-End Trustadded a header to the in the RPL defined DIO which containsthe Trust Round t ∈ N ≥ and the count of all in the roundreceived packets. The Trust Round is an event-based clockwhich increases if a DIO is triggered. Due to either non-existent or unsynchronised clocks, it is needed to determinewhether a packet was sent before or after the DIO wasgenerated by using this type of clock. So this is where theTrust Rounds come into account. Using the Trust Rounds andthe sequence number of a packet, the root node can decideif an arriving packet with a high sequence number indicatesa high loss of packets or if it is a packet belonging to theprevious Trust Round and is just delivered late. This decisioncan lead the root node to trigger a DIO if it detects that alot of packets are missing. Additionally, a DIO is triggeredperiodically. Triggering a DIO causes the DODAG to changebecause the nodes now recalculate their best fitting parent nodebased on their reputation. B. Reputation
For managing malicious behaviour or partially failures theauthors of the Reference Article define a reputation τ ∈ R or each node n, which is calculated based on a trust metric T ( R ) and the input R n . A good reputation would be a valuenear τ = 1 . . In this case, the respective node would behavedesirably. A reputation value of τ = − . would indicatemalicious behaviour or partial failures. C. Trust Metrics
For a trust metric T ( R n ) the authors of the ReferenceArticle use ratings r ∈ R where − ≤ r ≤ . In this case,a rating r is a good rating if r > , with r < it is a badrating, and otherwise it is a neutral rating. Ratings are storedin R n whose behaviour must be defined when defining a trustmetric. Typically R n is a FIFO-queue such that a trust metriccan implement some sort of forgiveness for bad but old ratings.For adding new ratings to R n trust metrics define a function U ( R n ) , r where the new rating r is added to R n . The resultwould be R n +1 because n increments when adding a newrating.In the Reference Article, the authors establish two require-ments for trust metrics. In the first requirement, they demandthat a newly calculated reputation value based on a goodrating, either r or r , is better if it bases on the better ratingof those unless the reputation already reaches its maximumvalue. R is defined as the interval the values of r can be in.In the Reference Article R is in most of their metrics definedas R := [ − , and accordingly R + := (0 , . ∀ r , r ∈ R + : T ( U ( R n , r )) > T ( U ( R n , r )) ∨ T ( U ( R n , r )) = 1 ,r > r ⇒ | R + | > (R1)In the second requirement, they claim for all positive ratings r that the new reputation is better than the old one as longas the old one didn’t reach the maximum value for reputationyet. r + is the set of all good ratings and accordingly r − wouldbe the set of all bad ratings. ∀ r ∈ r + : T ( U ( R n , r )) > T ( R n ) ∨ T ( R n ) = 1 (R2)III. E ND - TO -E ND T RUST A ND T RUST M ETRICS
In the End-to-End Trust, the reputation is used to determinewhether the current parent is the best one to choose to sendsensed data to the root node with less effort. For calculatingthe delivery rate the nodes use the information they getperiodically in the DIO. A parent can only be re-selected whena new Trust Round starts or the parent becomes unavailable.[5] When a new Trust Round starts the node resets its counterfor the sequence numbers and starts sending with the new TrustRound. They calculate the reputation of their parent nodes n p using the Simple Trust Metric T n,t . A. Simple Trust Metric
The node calculates the delivery rate Ξ for the parent node n p in the Trust Round t . It gets the amount of successfullydelivered packets via the DIO, where the last packets theroot received during this Trust Round is given as a value ofthe modified header. To identify the amount of sent packets the node utilises its current sequence number counter beforeresetting it. For calculating the delivery rate Ξ the node usesthe number of delivered packets and the amount of sentpackets.If the Trust Round is t = 0 the initial trust value of a node n is . . In case t > a new trust value T n,t is calculatedby the old trust value T n,t − , the delivery rate Ξ from the lastTrust Round and a weight α ∈ R with < α < . Usually,the representation of the ratings R t − is considered as a FIFO-queue, here it is only one floating-point number representingthe reputation of the previous round. The stored ratings r ∈ R are in the range between 0 and 1, such that R := [0 , . T ∈ [0 , (1) T n, := 0 . (2) Ξ := deliveredsent (3) T n,t := ( α · T n,t − + (1 − α ) · Ξ n = n p T n,t − o therwise (4) B. Weighted Trust Metric
In this metric a node gets a new rating r ∈ R in a rangebetween − and , such that R w := [ − , The positiveratings are stored in the FIFO-queue R w + , the negative ratingsare represented in the queue R w − , but there also is a FIFO-queue R wn that contains all ratings. Here n is an iterator thatincreases whenever a new rating is added. U ( R wn , r ) = R n +1 adds a new rating to the queue. If the maximum length k of R n is already reached, the authors just drop the oldest rating andadd the new rating. For a new reputation value τ w the authorsof the Reference Article sum up all the ratings and normalisethem by the sum of the strength of the ratings. Since they don’tdefine a model, we can not say where the ratings exactly comefrom. R w := [ − , , r w ∈ R w , R wn ∈ R w k (5) τ w := T w ( R wn ) := Σ r ∈ R wn ,r> r − Σ r ∈ R wn ,r< − r Σ r ∈ R wn ,r> r + Σ r ∈ R wn ,r< − r = Σ r ∈ R wn r Σ r ∈ R wn | r | (6) C. Weighted Simple Exponential Smoothing Trust Metric
Here the rating r ∈ R is in the range R s := [ − , . Forthis metric, the authors of the Reference Article used SimpleExponential Smoothing (SES) [6]. This can be thought of as anadvanced rolling average with a weight α ∈ R and < α < ,where a new value for the average can be weighted differentlythan the old values. In this way, one can implement some sortof forgiveness for partial failure or malicious behaviour. Asin the Weighted Trust Metric, the authors store the positiveratings separately from the negative ratings. Due to the rollingaverage of SES, both values are a floating-point number. In R sn the positive reputation value and the negative reputationvalue are represented as a tuple ( p , p ) with p , p ∈ R s . Theauthors also defined a function U ( R sn,r ) = R sn +1 ,r , where n s an iterator that increments if a new rating r is added. Thisfunction is for adding a new rating to the storage in the waythat a positive rating is calculated to the positive reputationvalue and a negative rating to the negative reputation value ofthe tuple ( p , p ) : R sn +1 := U s ( R sn , r ):= ( p · α + (1 − α ) · r, p · α ) r > , ( p , p ) ∈ R sn ( p · α, p · α − (1 − α ) · r ) r < , ( p , p ) ∈ R sn R sn o therwise (7)Unlike R wn in the Weighted Trust Metric, here is no maximumlength k of R sn , because it is no queue but already a tuple ofaverages.With this tuple we calculate the new reputation τ s bysubtracting the negative reputation value p from the positivereputation value p and normalise the result with the sum ofboth to get the reputation for the corresponding node. τ s := T s ( R sn ) := p − p p + p , ( p , p ) ∈ R sn (8)IV. D ISCUSSION
For the question of fulfilling the requirements we use therequirements from the Reference Article and adjust them tothe Simple Trust Metric from End-to-End Trust in the way,they are meant. For comparison, we use the criteria: Range ofthe ratings, storage of the ratings, the threshold between goodand bad ratings, calculation of the reputation value and if therequirements are fulfilled.
A. Requirements on Simple Trust Metric
To see, if the Simple Trust Metric fulfils the requirementsfrom the Reference Article, we first need some assumptions.We use the definition from IIIA for the delivery rate Ξ .Additionally, n is a node and t is the current Trust Round. Ξ is a rating r t (9) T n,t calculates a value of reputation (10)From the definition of the delivery rate Ξ = r a rating must bepositive because there can’t be a negative amount of deliveredor sent packets. A packet can first be mapped to a new TrustRound after the sending node received the DIO. In that case,the node resets its counter for sequence numbers, but neitherthe delivered nor the sent amount of packets can becomenegative. By that, a bad rating can’t be a negative numberlike in the Reference Article. We define R t := (0 , .A better reference value than for deciding whether a ratingfor the node n is either good or bad is the last known reputationvalue T n,t − of the node n where t is the current Trust Round.This is caused by the task of the model, which is to deliverthe sensed date from the sensors to the node. If the packet losson a specific route increases in comparison the previous TrustRound, it is slightly a bad event, which should be punishedwith a bad rating. On contrary, if the packet loss decreases, it isa good occurrence that should be rewarded with a good rating. Because a node can’t choose to take part in the network thereis no disadvantage in giving a node, that reached the maximumreputation value of 1, a bad or neutral rating.If a node’s last reputation is lower than the new rating, thenew rating is good. In the case, the previous reputation valueis higher than the new rating, the rating is bad. In the othercase, where the last reputation value and the new rating areequal the rating is neutral.We also define U ( R tt − ) = R tt , where R tt = T n,t becausethere is only one value in the rolling average, such that wedon’t need any further calculations to get the reputation value. ∀ Ξ ∈ R : Ξ > (11) Ξ > T n,t − ⇐ r t is a good rating (12) Ξ < T n,t − ⇐ r t is a bad rating (13) Ξ = T n,t − ⇐ r t is a neutral rating (14)Since the case T n,t − = 1 has no good ratings, as a ratingcan’t be higher than 1, we omit this case in the requirementsas it is not useful in the Simple Trust Metric. We rebuilt thefirst requirement by inserting the assumptions: [ ∀ Ξ , Ξ > T n,t − : T n,t with Ξ > T n,t with Ξ , Ξ > Ξ ⇒ | R | > (15)In the following we also omit the second part of the firstrequirement Ξ > Ξ ⇒ | R | > because we already knowfrom the definition of R that it includes more than one value,such that this part always will be true. ∀ Ξ , Ξ > T n,t − : T n,t with Ξ > T n,t with Ξ (16) ⇔ α · T n,t − + (1 − α )Ξ > α · T n,t − + (1 − α )Ξ (17) ⇔ (1 − α )Ξ > (1 − α )Ξ (18) ⇔ Ξ > Ξ (19)According to Equation (18) it is possible to divide by (1 − α ) without flipping the comparison sign because < α < [6]and due to that always (1 − α ) > . As seen in Equation(16) to Equation (19), the Simple Trust Metric fulfils the firstrequirement from the Reference Article. Also, the metric fulfilsthe second requirement (20). We again omit the last part ofthe requirement: [ ∀ Ξ > T n,t − : T n,t > T n,t − ] (20) T n,t = α · T n,t − + (1 − α ) · Ξ (21) = α · T n,t − + (1 − α ) · ( T n,t − + x ) (22) = α · T n,t − + T n,t − + x − αT n,t − − αx (23) = T n,t − + x − αx (24) > T n,t − + 0 (25) = T n,t − (26)The element x ∈ R ≥ ensures that Ξ > T n,t − is always true.By that, the Simple Trust Metric from End-to-End Trust fulfilsboth requirements from the Reference Article, although therequirements didn’t fit without some adjusting to the model.his is caused by the differences in the models becausein the model of the Reference Article the node itself decideswhether to do or not to do a job in the network. In the model ofEnd-to-End Trust, the other nodes decide whether they routetheir packets using the corresponding node or not. This isdecided on the reputation value a node calculates for itselfthat is calculated by the Simple Trust Metric. So if a nodehas a bad reputation value calculated for itself, it will at somepoint decide to take another parent node. Which one the bestparent node is, is decided by the Objective Function [5]. B. Comparison to Weighted Trust Metric
After they set up their requirements, the Weighted TrustMetric is the authors first approach in the Reference Article.Its ratings r w ∈ R w are in the range between -1 and 1 andthe threshold whether a rating is good or bad is the absolutenumber . In the Simple Trust Metric from End-to-End Trust,the ratings are in the interval (0,1], because Ξ can’t becomenegative due to its definition and the model. The thresholdvalue, on which to decide whether a rating is either good, bador neutral, isn’t fixed but the floating value T n,t − , which isthe last reputation value.Another difference is the different representation R n of theratings. WTM is the author’s last approach with a FIFO-queueof length k ∈ N and the iterator n that increases each timewhen adding a new rating. The Simple Trust Metric has onlyone floating-point value for the last reputation value where T n,t = R tt for a specific node n . One could say, that theSimple Trust Metric also has a FIFO-queue but with k = 1 .In this case adding a new rating U ( R tt − , r t ) would calculatea new reputation value τ t , kicks out the previous value andstores the new value.Due to the different representations of R n and the differ-ent R , they differ in the calculation of the reputation. TheWeighted Trust Metric calculates the reputation value by thesum of all ratings, normalised by the total amount of all ratings r w ∈ R wn . This way all ratings are weighted the same. A newerrating in this metric affects the reputation in the same way asthe old ones do. The Simple Trust Metric uses a value α with < α < to give a new rating another weight than an old onehas. The old value is multiplied by α and the new value by (1 − α ) . For a large value of α one can easily see that the effectof the new value is less than that of the old ones. Reverselya small value of α gives the new value a high significance.Both of the metrics fulfil the first requirement from theReference Article, but the Weighted Trust Metric doesn’tfulfil the second requirement in all cases as the authors of theReference Article show. The Simple Trust Metric fulfils thesecond requirement as shown in (11) to (26). C. Comparison to WSES Trust Metric
Versus the Weighted Trust Metric the Weighted SimpleExponential Smoothing Trust Metric (WSES Trust Metric) is
Simple Trust Metric Weighted Trust Metric r t ∈ (0 , r w ∈ [ − , T n,t − is float R wn is FIFO-queuegood rating higher than Ξ good rating higher than 0bad rating lower than Ξ bad rating lower than 0 τ t = T n,t τ w T w ( R wn ) weighted with < α < normalised by Σ r ∈ R wn | r | fulfils requirement (R1) fulfils requirement (R1)fulfils requirememnt (R2) doesn’t fulfil requirement (R2) TABLE IC
OMPARISON OF S IMPLE T RUST M ETRIC AND W EIGHTED T RUST M ETRIC a better metric for comparison. Here we have some differencesbut also many similarities.Beginning with the ratings it is evident, that they differ thesame way as they do in comparison to the Weighted TrustMetric. In the first case, we have a range from 0 to 1 in theother case we have a range from -1 to 1. This is caused by thecalculation for the delivery rate from End-to-End Trust. Theycan not reach a value lower than 0, because it is impossible tosend or deliver a negative amount of packets. While the effectof a rating in the WSES Trust Metric is related to the fixedvalue of 0, the effect of a rating in the Simple Trust Metric isrelated to the floating value of T n,t − , which is the reputationvalue of the last Trust Round.This is where it gives us the next difference. In contrastto the WSES Trust Metric, the Simple Trust Metric alwaysgets its new ratings with a new Trust Round. The differenceis caused by the model the authors used in End-to-End Trust.They need those Trust Rounds for knowing whether a packetwas sent before or after a new DIO was generated, which isrelevant for the exact calculation of the new rating Ξ .For calculating the new reputation value both the SimpleTrust Metric and WSES Trust Metric need the previousreputation value. In both cases, this can be seen as a FIFO-queue with k = 1 but does not need to be one. While theSimple Trust Metric uses only one floating-point number, theWSES Trust Metric needs a pair of them with the first elementfor the positive reputation values and the second element forthe negative reputation values. That the Simple Trust Metriconly needs one value is caused by the fact, that the SimpleTrust Metric has no negative ratings and due to that doesn’tneed to have a storage for them.When looking at the calculations for the reputation values,one easily sees some similarities as well as some differences.The first similarity is the value α , which in both cases is in therange [0,1]. We also see that the first case and the last case ofthe WSES Trust Metric are nearly the same as in the SimpleTrust Metric. The second case of the WSES Trust Metric is notlisted for the Simple Trust Metric because it is not relevant.Thinking of the differences in the ratings, we see that theSimple Trust Metric doesn’t need to represent negative ratingsbecause there are none. Caused by the same fact, the SimpleTrust Metric doesn’t need to calculate the second element of tuple as it also doesn’t store it. Caused by this, the SimpleTrust Metric requires less memory on each node. This is anice benefit for the Simple Trust Metric, which is especiallyuseful for its model of a low-power sensor network.Another difference in the calculation is that the Simple TrustMetric’s function U ( R tt ) equals its metric T n,t where t is theTrust Round and, n is the corresponding node. Again this iscaused by not having any negative ratings because for thismetric only one reputation value is calculated. There is noneed for normalising the reputation value into one. Other onthe WSES Trust Metric, here we need the function U ( R sn ) ,where n is an iterator, to normalise the pair into one reputationvalue.Also, the authors of the Reference Article show, that theWSES Trust Metric fulfils their requirements of a TrustMetric. We showed this in Equation (11) to Equation (26) forthe Simple Trust Metric. Simple Trust Metric WSES Trust Metric r t ∈ (0 , r s ∈ [ − , T n,t − is float R sn is a tuple of floatsgood rating higher than Ξ good rating higher than 0bad rating lower than Ξ bad rating lower than 0 τ t = T n,t τ s T s ( R sn ) weighted weightedfulfils requirement (R1) fulfils requirement (R1)fulfils requirememnt (R2) fulfils requirement (R2) TABLE IIC
OMPARISON OF S IMPLE T RUST M ETRIC AND W EIGHTED S IMPLE E XPONENTIAL S MOOTHING T RUST M ETRIC
V. C
ONCLUSION
In the first part of the discussion, we showed, that the SimpleTrust Metric from End-to-End Trust fulfils the requirementsthat were defined in the Reference Article. We omitted the lastpart of the requirements because they can’t become true withthe conditions. In the second part, we showed the differencesbetween a metric with Simple Exponential Smoothing and ametric with a standard normalisation. In the third part, weexperienced how drastic the effect of changing the range inthe ratings can be. Especially the difference in the memory isfascinating. Finally, we can say that the authors of End-to-EndTrust fulfil all the requirements made in the Reference Articlewith their Simple Trust Metric. Additionally, their metrichas many similarities to the Weighted Simple ExponentialSmoothing Trust Metric.For future work, we think of evaluating more trust metricson fulfilling the requirements from the Reference Article.Furthermore, we are looking forward to implementing theSimple Trust Metric in a very small network using Mininet. R
EFERENCES[1] J.Kantert, S. Edenhofe, S. Tomforde and C. M¨uller-Schloer “Represen-tation of Trust and Reputation in Self-Managed Computing Systems”in
IEEE, 2015, pp.1827-1834.[2] J. Kantert, S. Wildemann, D. von Zengen, S. Edenhofer, S. Tomforde,L. Wolf, J. H¨ahner and C. M¨uller-Schloer, “Improving Reliability andEndurance Using End-to-End Trust in Distributed Low-Power SensorNetworks”,
Architecture of Computing Systems - ARCS 2015 - 28thInternational Conference , vol. 9017, pp. 135-145, 2015.[3] T. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, K.Pister, R. Struik, JP. Vasseur and R. Alexander.
RPL: IPv6 RoutingProtocol for Low-Power and Lossy Networks . [Online]. Available:https://tools.ietf.org/html/rfc6550[4] E. Baccelli, M. Philipp and M. Goyal “The P2P-RPL routing protocolfor IPv6 sensor networks: Testbed experiments” in
Proceedings ofSOFTCOM , 2011[5] P. Thubert.
Objective Function Zero for the Routing Protocolfor Low-Power and Lossy Networks (RPL) , Las Vegas, NV,2017, pp. 1-6, doi: 10.1109/CCWC.2017.7868374.[8] Ganeriwal, S., Balzano, L. and Srivastava, M., “Reputation-basedframework for high integrity sensor networks,”
ACM Transac-tions on Sensor Networks , vol. 4, no.3, pp.1-37, May, 2008,doi:10.1145/1362542.1362546.[9] G. Zhan, W. Shi and J. Deng, “Design and Implementation of TARF:A Trust-Aware Routing Framework for WSNs,”