Dishonest Recommendation Attacks in Wireless

Sensor Networks: A Survey

Farah Khedim Nabila Labraoui Mohamed Lehsaini
STIC Laboratory STIC Laboratory STIC Laboratory
University of Tlemcen University of Tlemcen University of Tlemcen
Algeria Algeria Algeria
[email protected] [email protected] [email protected]

Abstract— Trust and reputation models in wireless sensor [7], Black hole [8], Spoofing [9], Modification [9], No-
networks (WSN) have been recently proposed by many cooperation [9], etc. Third, the data in WSN is transferred over
researches as an innovative solution for guaranteeing an effective a number of nodes and any malicious node in the path
security mechanism. They play an important role in defending leads to a dangerous situation [2].
WSNs such as securing routing and data forwarding protocols,
To address this safety issue and to detect compromised
against insider attacks. However, despite of the advantages,
reputation models face with several security issues, especially in nodes, research on security in WSNs has advanced, showing
the case of dishonest recommendation attacks, i.e. slandering, cryptography mechanisms, intrusion detection systems, and
self-promoting and collusion where participants might give efficient routing protocols [10]. Unfortunately, these security
recommendations deviated from their real experience. In this models face with several security issues: computation-
paper we survey the current research related to dishonest intensive techniques like public-key cryptography are not
recommendation attacks in WSNs. We have classified the expected to be used in wireless sensor networks. The intruder
schemes studied in two main categories: avoiding dishonest detection system can detect the malicious node, however,
recommendations and dealing with dishonest recommendations. this latter is very expensive for WSNs and there is no
We provide an overview and a comparative study of these
guarantee in detecting a malicious node and the IDS package
schemes and highlight the future research directions to address
the drawbacks of existing protocols. generates additional overhead as well as more false alarms are
triggered. The Dynamic Source Protocol (DSP) does not have
Keywords— Trust and reputation systems; Security; WSN; bad any built-in functionality to calculate an alternate path if the
mouthing; ballot stuffing; attacks. path has a malicious node so cannot detect the malicious node
[2].
I. INTRODUCTION Trust and reputation monitoring (TRM) system has
recently been suggested as an effective security mechanism to
improve reliability and to mitigate attacks within networked
Recent advances in micro-electro-mechanical systems environments [11], it is an innovative solution for maintaining
(MEMS) technology, wireless communications, and digital a minimum security level that have been proposed for a
electronics have enabled the development of low-cost, low- variety of applications, among them are the selection of good
power, multifunctional sensor nodes [1] that cooperate to peers in a peer-to-peer network [12,13,14]. The choice of
achieve complicated application requirements in different transaction partners for online auctioning such as E-bay [15],
areas such as health monitoring (SHM), industrial and the detection of misbehaving nodes in mobile ad-hoc
automation (IA), civil structure monitoring (CSM), military networks [16, 12]; It has recently been suggested as an
surveillance (MS) and monitoring the biologically effective security mechanism to improve reliability and to
hazardous places (BHP) [2]. However, the unshielded nature mitigate attacks within WSNs [11,17,18]. While many secure
of wireless sensor networks (WSNs) and the hostile and schemes focus on preventing attackers from entering the
unattended environment in which they are deployed can network through secure key management, trust management
endanger the ability of a WSN to achieve its goals. takes a further step to guard the whole network even if
malicious nodes have gained access to it [5] and to identify
Security is one of the important topics in WSNs. First, malicious, selfish and compromised nodes which have been
because common security protocols cannot be applied authenticated.
directly to the sensor networks due to their limited hardware However, the performance of reputation models could be
resources—in terms of energy, memory, computing easily compromised by various dishonest recommendation
capabilities and communications range [3, 4]. Second, the attacks, in which the attacker gives untrustworthy feedback on
distributed deployment nature of WSNs poses a challenge to the victim in order to lower or destroy its reputation and can
the security of node cooperation and might be vulnerable to significantly deteriorate the performances of the network [19].
several types of attacks [5] such as Rushing [6], Worm hole

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
 For the past few years, several papers focus on Different definitions of trust and reputation have been
developing new protocols using TRM in WSNs [5, 17, 41-59] given along several research works [23,26,31]. However, we
and numerous surveys have been conducted on the subject in have chosen just one definition for each one. In that way, the
different area [20-29]. In [20, 21], the authors discussed definition of trust given in [26] is:
different applications of trust in a general wireless “Trust can be described as a value based on the past behavior
communication environment. In [22], the authors analyzed the of participants. Trust is a subjective opinion in the reliability
main security threats that can be applied in most of trust and of other entities or functions, including veracity of data,
reputation schemes in various other domains (not specific to connectivity of path, processing capability of node and
WSN). In [23], a pre-standardization approach for trust and/or availability of services etc.”
reputation models in distributed systems is proposed. In [24], The main properties of a trust in distributed networks.
the survey allows to cite the advantages and disadvantages of First, the ability to evaluate trust offers an incentive for good
individual- and system-level trust models. In [25], the authors behavior. Creating an expectation that entities will
investigate the recent advances in TRMs and include a concise “remember” one’s behavior will cause network participants to
comparison of various TRMs. The authors in [26] investigated act more responsibly. Second, trust evaluation provides a
the various methods that apply trust and reputation as their prediction of one’s future behavior. This predication provides
security measure. In [27], the authors surveyed the current a means for good entities to avoid working with less
“state-of-the-art” work in this area. In [28], a classification is trustworthy parties. Third, the results of trust evaluation can be
made according to the best practices that they judged essential directly applied to detect selfish and malicious entities in the
for developing a good trust management system, whereas and network [32].
in [29] the authors presented a survey focusing of the Some trust management systems do not take reputation
applications of trust models in ordinary WSNs. into account, and directly obtain the trust values as a weighted
However, and to the best of our knowledge, there is no combination of direct trust and indirect trust. For example, in
survey that focused on the solutions and methods proposed by [33] the nodes collect information about other nodes by taking
the protocols for addressing dishonest recommendations into account the context and their experience records. Other
especially as find ways to avoid or reduce the influence of trust management systems [34] also consider other external
unfairly positive or unfairly negative ratings is a fundamental factors that may affect trust such as how trust gradually
problem in reputation systems where ratings from others are weakens between devices that no longer collaborate.
taken into account. This is because the relying party cannot Equally, the definition of reputation given in [26] is:
control the sincerity of the ratings when they are provided by “Reputation is the cumulative summation of the node’s
agents outside its control. Effective protection against unfair activity which determines its state of worthiness”.
ratings is a basic requirement to strengthen a reputation system The main properties of a reputation system are the
[30]. representation of reputation, how the reputation is built and
The main contributions of this work are as follows: updated, and for the latter, how the ratings of others are
 Survey some protocols that handle dishonest considered and integrated. The effect of reputation systems is
recommendations, by highlighting the methods used by to provide an incentive for honest behavior, and also to deter
them. dishonest parties from participating [30].
 Propose a new classification of these protocols based on Other authors use a new metric, called “trustworthiness,”
their defenses strategies. which combines the trust and reputation metrics used to
 Evaluating these protocols according to defined metrics. formulate the more general “opinion” metric in a manner that
This paper is organized as follows. Section 2 discusses the is tunable in terms of two parameters [54].
security concerns in reputation-based trust systems designed A trust and reputation model is generally composed of
for WSNs. In Section 3, we present a review of the main five components [23, 35]: (1) Gathering information, (2)
existing trust and/or reputation models to treat with unfair Scoring and ranking, (3) Selecting entities, (4) Having
recommendations. A classification of the studied models has transaction, and (5) Reward or punishment.
been done in Section 4. Finally, Section 5 exposes some
conclusions and future work. 1. Gathering information: responsible for collecting
behavioral information about other nodes, the information
collected might come from different sources. It could be:
II. SECURITY, TRUST AND REPUTATION First-hand (direct observation or own experience) which are
computed based on the node’s observations and experience
Trust and reputation have been recently suggested as an about neighboring nodes [27], or Second-hand (which are
effective security mechanism for open environments such as direct observations by the other nodes in the neighborhood).
Internet and considerable research has been done on modeling
and managing trust and reputation [31]. However, some 2. Scoring and ranking: a trust and/or reputation score
authors do not explicitly distinguish between these two should be computed once an entity's transaction history has
complex notions although they are quite different but closely been collected and properly weighted.
related issues.

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
Fig.1. Bad mouthing attack. Fig.2. Ballot stuffing attack.

3. Entity selection: Selecting the most trustworthy or nodes A and D have different reputation values –RC and RC,
reputable entity in the community providing a certain service respectively [27].
and effectively having an interaction with it, assessing a  Self-promoting (also known as ballot stuffing,
posteriori the satisfaction of the user with the received service unfairly positive recommendation), i.e., attackers manipulate
[22]. their own reputation by falsely increasing it. In this attack
4. Transaction: Having selected an entity to interact model, malicious nodes intentionally give higher
with, the transaction itself would be carried out between both recommendation for the other malicious nodes by solidarity
entities, giving a certain service or good as a result [23]. between them and for example to be advantaged in the
5. Reward and punish: after receiving the requested protocols choosing witnesses among those with the highest
service, the client entity should assess that transaction so it can reputations.
reward or punish the entity which provided that service. As we show in figure 2-A, nodes B and C are
compromised and their reputation values (or maybe one of
Trust and reputation monitoring (TRM) system deals with their reputation value) are low due to their previous
the problem of uncertainty in decision making and is an malicious behaviors. These compromised nodes colluded
effective approach in distributed environments in order to with each other and assigned higher reputation values to
improve security and promote node collaboration. They play each other as it is shown in Figure 2-B. By consequence, it
an important role in securing routing and data forwarding will affect the reputation calculation for nodes B and C at the
protocols, against insider attacks [23]. Nevertheless, As long tables of nodes A and D.
as recommendations are taken into consideration, malicious
parties can provide dishonest recommendations. TRM are  Collusion attack, i.e., engendered by more than one
vulnerable to deliberate false or unfair testimonies and could malicious node collaborating and giving false
be easily compromised by various dishonest recommendation recommendations about normal nodes. Collusion attacks are
attacks indentified by Dellarocas [36]: i.e., slandering, self- much more destructive than above mentioned attack because
promoting and collusion. it combines the slandering attack and the self-promoting
 Slandering (also known as badmouthing, unfairly attack and causes greater harm on reputation models than
negative recommendation), i.e., attackers manipulate other either of them.
node’s reputation of by reporting false data to lower or destroy
its reputation of the victim nodes. In this attack model, Since, in a WSN, the securing of each node is very
malicious nodes intentionally give dishonest recommendation important. A malicious overtaking of some node may
for neighbor nodes, even if the neighbor nodes are normal eventually prove catastrophic and lead to the collapse of the
ones. Thus, recommendations under bad mouthing attack whole network at worst, beside the disclosure of some vital
cannot reflect the real opinion of the recommender [29]. network information [25]. Consequently, the main goals of
Figure 1-A shows the normal reputation update where TRM in wireless communication networks [37], consist of
nodes A and D have the same reputation value RC for node C. providing information that allows nodes to distinguish
In figure 1-B, the adversary has succeeded in compromising between trustworthy and untrustworthy nodes, encouraging
node B. Later on, it assigned a negative reputation value –RC nodes to be trustworthy and discouraging participation of
for a well-behaved node C in order to mislead node A with its nodes that are untrustworthy to cope with any kind of
calculation of the reputation value of node C. Consequently, observable misbehavior and to minimize the damage caused
by insider attacks [23].

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
 III. CLASSIFICATION OF DISHONEST
RECOMMENDATIONS PROTOCOLS

Different trust and reputation model proposals have been

suggested recently for addressing dishonest recommendations,
one classification of these protocols has been proposed in [5]
it involves classifying into three categories: (a) Majority rule
based, that lists the protocols where the majority opinion is
calculated over all the recommendations and the
recommendations that are far away from the majority opinion
are treated as dishonest ones. (b) Personal experience based,
that lists the protocols where a deviation test is used to filter
out the recommendations that deviate much from the opinion
of the evaluating node and (c) Service reputation based. Figure.3. Classification of the protocols addressing dishonest recommendation
Another classification is proposed in [38] which classify the attacks.
trust protocols according to trust methodologies: Based on
Reputation Systems, Entropy Model, Game theory model and
on Fuzzy model system. not make sense in realistic WSN applications.
We propose in this paper a novel classification based on
the defenses strategies used by the protocols. According to b) Trust-aware Collaborative Sensing Framework for
figure 3, the proposed schemes for addressing the dishonest CRN [42]: In [42], the authors proposed a trust-aware hybrid
recommendation attacks can then be classified into two major spectrum sensing scheme which can detect misbehaving
categories: (A) Avoiding dishonest recommendations and (B) secondary users and filter out their reported spectrum sensing
Dealing with dishonest recommendations. results from the decision making process. A cognitive radio
network (CRN) can be deployed in several configurations
A. Avoiding dishonest recommendations such as centralized, distributed, ad-hoc or mesh networks. In
Recently, several schemes only allow avoiding bad this paper, only the centralized infrastructure based network is
recommendations attacks instead of proposing effective investigated using a beta reputation system. Since this is a
mechanisms to detect and remove the attacks from the centralized TRM model, there is not second-order trust issue
network. We distinguish two principals’ methods: (a) first which prevents dishonest recommendations attacks.
hand information and (2) Positive/negative information.
c) Reputation Based Trust Management (RBTM) [43]:
1. First hand information: Several schemes are based The proposed reputation-based trust management scheme uses
on using only first hand information (direct information) to trust vote to establish trust among nodes. Value of trust vote is
prevent the bad mouthing and the ballot-stuffing attacks, but increased with every successful message transmission from
using only first hand information have some serious one node to another. This trust value is compromised when a
drawbacks: the time required by the network nodes to build neighboring node enters a negative vote for a particular node.
reputation is high, and it takes longer for reputation to If the negative vote reaches a pre-determined threshold that
decrease, allowing malicious nodes to stay in the system node is declared as un-trusted node. In the RBTM protocol,
longer [39]. On the contrary using also second hand When a Node A sends a message to Node B first time it
information (indirect information) when computing trust is creates a trust table for Node A. When Node B transmits the
beneficial for several reasons [40]. One of them is the message to the next node, Node A listens and compares this
improvement on the convergence time as it could also help message with the one it has sent to Node B, thus
saving energy [28]. Among the protocols using this only direct establishing an original and an actual message. If the
information: message transmitted by Node B is the same as the original
then node A records one trust value for Node B and
a) Agent-based Trust Model in Wireless Sensor continues this process with every message transmission,
Networks (ATSN) [41]: In the ATSN protocol an agent node hence increasing the trust value for Node B; however, if
broadcasts the trust rating and the normal sensor nodes just there is a difference between the original and actual
receive them and make a decision. Therefore, there is no need messages forwarded by Node B, Node A enters a
to exchange second-hand information. The authors assumed negative trust value for Node B and continues updating
that the agents evaluating the reputation of the nodes are from the trust table. Once a negative trust vote value reaches a
the trusted third party and each sensor node has one trust predetermined threshold then Node A declares that Node B is
rating value for different tasks. However, their scheme is not untrusted. Node A then broadcasts that negative trust value
suitable for WSNs due to its constrained resource and the about Node B to other neighbors warning them not to
computation is too heavy for sensor nodes and the assumption rely on transmission from Node B.
that the agent nodes are resilient against any security threat is

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
 d) Reputation-based Secure Data Aggregation in likelihood of badmouth attack, the authors allow nodes to
Wireless Sensor Networks (RSDA) [44]: In [44], the authors share trust information only with the cluster head. Each node
propose a Reputation-based Secure Data Aggregation for maintains independent trust tables based on direct
wireless sensor networks that integrates the aggregation observation. Any false information good or bad is weighed
functionalities with the advantages that are provided by a against information obtained from the other nodes via the
reputation system. RSDA focuses on providing two main election process.
properties which are data accuracy and data availability, it
uses beta probability density function (PDF) to update the h) Integrated trust framework (iTrust) [48]: The
reputation value of each sensor node and it is based on the authors proposed in [48] a distributed trust model iTrust
assumption that sensors with low reputation are likely to give where the nodes are categorized in two types: (1) monitor
unfair information and vice versa. nodes and (2) sensor nodes. The monitor nodes accumulate
the trust information, store and compute the reputation of all
e) Agent-based trust and reputation management of the sensor nodes in the neighborhood. When a sensor
scheme (ATRM) [17]: The authors presented the ATRM node A needs to communicate with node B, node A requests
protocol where trust and reputation management is carried the monitor node for the repute of node B. Node A then
out locally with minimal overhead in terms of extra messages parses the repute of node B into a trust metric to obtain the
and time delay. It is based on a clustered WSN with final trust value and initiates communication with B only if
backbone, and its core is a mobile agent system. It requires a the trust value of B is above a certain threshold. First hand
node's trust and reputation information to be stored information is used if the monitor node becomes
respectively in the forms of t-instrument and r-certificate by compromised by some adversary and begins to act as a
the node itself. In addition, ATRM requires every node to malicious node and may perform the false repute reporting
locally hold a mobile agent that is in charge of administrating attacks, and then the reputation of the monitor node would
the trust and reputation of its hosting node. Therefore, the gradually decrease.
ATRM uses heavy assumptions (1) there is a trusted
authority that is responsible for generating and launching i) Connected Dominating Set (CDS) [46]: In [46],
mobile agents, and (2) mobile agents are resilient against the the authors assume two types of nodes: sensors which are
unauthorized analysis and modification of their computation mobile and monitors which are statics and cannot be
logic, which is not well suited for realistic WSNs. It is tampered and are always trusted. In the CDS protocol, the
believed that more attacks will threaten their system if the information is primarily firsthand; where each sensor
assumption is relaxed. maintains reputation values for all the nodes in its
neighborhood, which are provided by its manager, i.e., the
f) Task-based Trust framework for Sensor Networks monitor node they belong to. If the monitor node goes to
(TTSN) [45]: In the TTSN protocol, a node maintains the sleep a new monitor is adds to the CDS to collectively cover
task-based trust value of the neighboring nodes. For example, the jurisdiction of the sleeping node, and a secondhand
when node A communicates with node B, then node A may information is used for bootstrapping sensors when a sensor
perform well in some tasks (e.g., time synchronization with node has to move to a new location, the new manager of the
node B). However, node A may misbehave in other tasks node will ask the previous manager of node about its
(e.g., packet forwarding to node B). Therefore, node B may behavior. The previous manager then provides the node’s
only block the packet forwarding task for node A. TTSN accumulated reputation to the new manager who will then
builds trust through an entity called Task and Trust Manager disseminate it in its jurisdiction.
Module. The Task and Trust Manager Module involves three
main components: (1) monitoring module; (2) reputation 2. Positive/ Negative reputation: Some proposals
handling module and (3) task and trust handling module. believe that badmouthing is completely eliminated in a
Each sensor node in TTSN has several trust values. TTSN is reputation model where negative experience is not taken into
more suitable for trust computation in WSNs and can be used account, and some other proposals believe that self-
in large scale WSNs. promoting is completely eliminated if the reputation system
is built on negative experience. However, these beliefs do not
g) A Framework for Trust-based Cluster Head stand all the time. For instance, even in a reputation model
Election in Wireless Sensor Networks [47]: Unlike most of where the positive experience is only considered, slandering
the cluster based protocols and cluster formation algorithm can be carried out in a way that an attacker reports a
that have been proposed involving that the wireless senor relatively low positive recommendation for the victim [5]. So
nodes are trustworthy [47], the authors develop a trust-based the fact that using only positives or negatives
framework for cluster-based wireless sensor networks and, a recommendations is not a real solution to prevent against
mechanism that reduces the likelihood of compromised or badmouthing and ballot stuffing attacks. Therefore we can
malicious nodes being selected (or elected) as cluster heads, share the protocols using this method in two categories, those
this election is made on the basis of a majority vote among using only the positive recommendations and those using
the top pick from the list of trusted neighbors. To reduce the only negative recommendations:

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
 b) Location-aware trust-based protocol [52]: The
 Using only positive recommendations: In the authors employ a secure cluster formation algorithm to
protocols using this method, the system propagates only the facilitate the establishment of trusted clusters via pre-
positive reputation information about other nodes and by distributed keys where each node maintains independent trust
doing so, it eliminates the bad-mouthing attack, but at the tables based on direct observation, a trust metric that
same time it will affect the system’s efficiency, as nodes will quantifies the level of trust and a beta reputation function is
not be able to exchange their bad experience with malicious used in modeling reputation between two nodes. The scheme
nodes [5]. allows the sharing of only negative information. However,
their approach efficiently deals with the threat of
a) Reputation-based Framework for High Integrity badmouthing attacks thanks to the use of direct interaction in
Sensor Networks (RFSN) [49]: The authors propose the any trust-based decision making.
RFSN protocol where nodes maintain reputation for other
nodes and use it to evaluate their trustworthiness. B. Dealing with dishonest recommendations
Bayesian formulation, more specifically a beta reputation Finding effective ways to mitigate or even eliminate the
system is used for reputation representation, updates, influence of dishonest recommendation is an open and
integration, and trust evolution, both direct observation and challenging issue in the research of reputation models for
second-hand information are used, but it use only positive distributed networks. It has attracted many research efforts in
information and higher weight is assigned to second-hand recent years [5, 53-59]. Two main methods are distinguished
information from a well reputed node to prevent ballot particularly: (1) Deviation test, (2) Evaluation using trust
stuffing attack. RFSN is available as a middleware service on factors.
Motes. The memory and energy overhead of using this
service is negligible. 1. Deviation test: In some papers, authors use a
comparison between their own opinions about an entity and
b) Collaborative reputation mechanism (CORE) [50]: the recommendation that receive about the same entity
The scheme of the CORE protocol involves two types of following a defined threshold to detect recommendations that
entities, a requestor and one or more providers, that are deviate too and thus be able to isolate unfair negatives and
within the wireless transmission range of the requestor. The unfair positives recommendations. Among these protocols:
distributed nature of the protocol and the mechanisms on
which it relies including direct, indirect and functional trust a) Distributed Reputation-based Beacon trust System
information assure that if a provider refuses to cooperate, (DRBTS) [53]:It is a distributed security protocol designed to
then the CORE scheme will react by decreasing the provide a method in which beacon nodes can monitor each
reputation of the provider, leading to its exclusion if the non- other and provide information so that sensor nodes can
cooperative behavior persists. CORE assumes that ballot- choose to trust, using a majority voting approach. The
stuffing attacks are absent from the network and by allowing DRBTS models the network as an undirected graph to build
only positive reputation information to be disseminated, it trust and a deviation test is used between the first-hand
prevents the badmouthing attack. information (the listening location information transmitted by
another beacon node in its communication range) and
 Using only negatives recommendations: In the second-hand information when the beacon node publish their
protocols using this method, the system propagates only the gathered reputation information while responding to a
negatives reputation information about other nodes and by request for location information to check the consistency of
doing so it eliminates the ballot stuffing attack but without information and discourage nodes from publishing false
the use of effective method it will be difficult to resist the information.
bad mouthing attack. Among these protocols:
b) RecommVerifier [5]: In [5] a reputation
a) CONFIDANT [51]: In [51], the authors combine management scenario is modeled as a court and a trial is
several components as: The Monitor, the Reputation System, used to deal with dishonest recommendation against
the Path Manager, and the Trust Manager to cope with the reputation model constituted of: (1) Deviation test: where
malicious nodes in the network. In [51], each node monitors a smoothing factor is used to indicate how much the
the behavior of its next-hop neighbors. If a suspicious event dissimilarity can be reduced by removing a
is detected, the information is given to the reputation system, recommendation according to the principle that after seeing a
this protocol brings an improvement in the routing protocol series of similar data, an item disturbing the series is
DSR where both first hand and second hand information are considered an exception, (2) Time verifying: where the
used as well as a watchdog mechanism, in this scheme, the honesty of recommendation can be verified by
nodes are initialized with positive trust ratings and nodes checking whether it reflects the evaluated node’s future
with low reputation are excluded from routing path. reputation in the time domain and finally (3) proof verifying
that works at the side of evaluated node is proposed to
complement deviation detection and time verifying that

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
work at the side of evaluating node. The idea is that the obtained by combining network security degree and
recommendations received by evaluating node are correlation of time context. Secondly, it applies the fuzzy
forwarded to evaluated node, who verifies the set theory to measure how much the trust value of node
recommenders’ honesty by taking the history as proof. belongs to each trust degree. Finally, the integrated trust
value of evaluation considering the recommendation of
c) A Robust Reputation System (RRS)[54]: In [54], a several neighbor nodes is acquired in accordance with the
fully distributed reputation system that can cope with false trust difference between evidences and the revised Dempster
disseminated information is presented, in this scheme rule of combination.
everyone maintains a reputation rating and a trust rating
about everyone else that they care about. From time to time b) Trust Evaluation Model for Wireless Sensor
first-hand reputation information is exchanged with others, a Networks [58]: For helping the networks to operate normally
modified Bayesian approach is used to attribute a moving with high probability although some nodes or data would be
weighted average specific to each observation and a compromised. The authors proposed a protocol constituted of
deviation threshold will only allow second-hand reputation four steps: First divide sensing areas into some logical.
information that is not incompatible with the current Second, sensor nodes deployed in each grid verify location
reputation rating to be accepted. Even after passing the test, information of their neighbor nodes by ECHO protocol.
they only slightly modify the reputation rating of a node. The Third, each node evaluates trustworthiness of its neighbor
results of the deviation test are additionally used to update nodes by crosschecking the neighbor nodes’ redundant
the trust rating. sensing data with its own result. Inconsistent data from
malicious or compromised nodes can be detected using
d) Robust, cooperative trust establishment scheme several trust evaluation factors. Fourth, special nodes,
(E-HERMES) [55]: In [56] the authors extends their earlier aggregate sensing data from their grids and transmit the
work on Hermes [55] and proposed a scheme where each computed results to the sink.
node determines the trustworthiness of the other nodes with
respect to reliable packet forwarding by combining first-hand c) Ambient trust sensor routing [59]:The ATSR
trust information obtained independently of other nodes and framework presents a distributed trust management system
second-hand trust information obtained via recommendations for the secure routing of packets among sensor nodes, each
from other nodes. The E-Hermes protocol is more resistant to node combines both direct and indirect trust information and
the presence of bad nodes and bad recommenders thanks to computes a distance metric with one-hop neighbor nodes
the use of the recommender’s test which ensures that whose value is maximum for the closest neighbor. The
recommendations are accepted only when the recommended packet is forwarded for routing to the neighbor nodes having
trustworthiness value is sufficiently close to the first-hand the maximum value of combined trust and distance metric.
trustworthiness value computed by the node that asked for Each neighbor is evaluated based on a set of trust factors
the recommendations. like: (1) Packet forwarding: To detect nodes that deny to or
selectively forward packets , (2) Reputation Response: To
2. Evaluation using trust factors: To evaluate the check the sincere execution of the reputation exchange
trustworthiness of a node, few authors proposed new protocol, (3) Reputation Validation: To protect against
protocols, like [57-59] where some trust factors are used for wrong (either bad or good) reputations being spread
helping them to judge whether a node is trustworthy or not. around (called hereafter bad-mouthing attack) and conflicting
However, how to define such factors and exploiting what behavior attacks.
data is still a main challenge.

a) Node Behavioral Strategies Banding Belief

Theory of the Trust Evaluation Algorithm (NBBTE) [57]:The
NBBTE algorithm firstly establishes various trust factors
depending on the interactions between neighbor nodes,
which are observed by each other. Then the trust value is

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
 TABLE I. a summary of comparison between dishonest recommendation attacks schemes.

DEFENSES PROTOCOLS SOURCE TYPE METHODOLOG APPLICATIONS BAD BALLOT

STRATEGIES MOUTHING STUFFING
Y
ATSN [41] D +,- Weighting; Probability Routing ••• •••
AVOIDING DISHONNEST

theory; watchdog scheme

RECOMMENDATIONS

Trust-aware [42] D +,- Weighting; Beta reputation Aggregation ••• •••

system; Threshold based
RBTM [43] D +,- Weighting; Watchdog - ••• •••
mechanism is used
RSDA [44] D +,- Weighting; Beta Aggregation ••• •••
probability density
FIRST-HAND
ATRM [17] D +,- Weighting Aggregation ••• •••

TTSN [45] D +,- Weighting; Bayes Theorem - ••• •••

and Beta Distribution;
Trust is calculated by
monitoring neighbor
nodes’ behaviors.
[47] D +,- Weighting; watchdog Clustering ••• •••
allows it to monitor the
network events of other
nodes
iTrust [48] D +,- Weighting; Watchdog ••• •••
mechanism is used
CDS [46] D +,- Watchdog mechanism is Aggregation ••• •••
used
RFSN [49] D/I + Probability theory and - •• ••
Bayesian calculation;
POSITIVE Using Watchdog to
NEGATIVE monitor neighbor nodes’
REPUTATION actions.
CORE [50] D/I + Weighting; Watchdog to Routing •• •••
collect direct trust
CONFIDANT D/I - Weighting; Watchdog Routing • ••
[51] mechanism is used
Location- D/I - Weighting; Beta Localization ••• •••
aware [52] distribution;
DRBTS [53] D/I +,- Beta distribution Localization •• ••
DEALING WITH DISHONNEST REC

Recomm D/I +,- Weighting; Beta - ••• •••

Verifier [5] distribution based
Bayesian inference is
DEVIATION employed; adaptive fading
TEST factor
RRS [54] D/I +,- Moving weighted; modified - •• ••
Bayesian approach
E-HERMES D/I +,- Weighting; Bayesian Routing •• ••
[56] approach
NBBTE [57] D/I +,- Weighting; Fuzzy theory - ••• •••
and D–S Evidence Theory;
Trust is calculated by
observing the neighbor
nodes’ packet forwarding
TRUST
behavior.
FACTORS
Trust- D/I +,- - - ••• •••
Evaluation [58]
ATSR [59] D/I +,- Weighting Routing ••• •••

IV. PERFORMANCE COMPARISON considered especially when working on dishonest

recommendation attacks.
This section, attempts to compare the dishonest
recommendation schemes that were reviewed in the last The first classification could be done according to the
section by giving some recommendations to classify them. approach previously seen in (Section III. Figure 3), which is
First of all we need to extract the main characteristics that based on the defenses strategies used by the protocols. For
most of them share. We do not expect to give an exhaustive instance, we have analyzed trust and/or reputation models
and complete classification, but just an approach to be according to whether the protocols prevent dishonest

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
recommendations attacks or if they allow the detection soon have been done in the subject, the security questions related to
they are in the network. dishonest recommendation attacks in WSN remain largely
The next level of classification is the scope which open and constitute an interesting area for further research.
includes the source of the information (D: Direct, First hand),
(I: Indirect, Second hand) and the type of the used
recommendations (Positives vs. Negatives recommendations) References
Another categorization could depend on what technique or [1] F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “Wireless
methodology has been used in order to develop the model, sensor networks: a survey,”Computer Networks, vol. 38, no. 4, pp. 393–
like: Fuzzy Logic, Bayesian Networks, weighting; watchdog 422, 2002.
mechanism. Other authors just give some analytic expressions [2] Y. B. Reddy and R. R. Selmic, “Secure Packet Transfer in Wireless
Sensor Networks – A trust-based Approach,” Proc. the Tenth
in order to model trust and/or reputation concepts [23]. International Conference on Networks, ICN 2011, 2011.
A final classification allows specifying applications of trust [3] F.Khedim, N.Labraoui, “The MCD Protocol for Securing Wireless
and reputation models in WSNs. Sensor Networks against Nodes Replication Attacks”, 2014 International
Taxonomy of the most popular trust and reputation Conference on Advanced Networking Distributed Systems and
protocols regarding dishonest recommendations attacks is Application, 58 – 63, 2014.
given in the Table.I. [4] M.conti, R.Di pietro, A.spongnardi, “Clone wars: Distributed detection
of clone attacks in mobile WSNs”, Journal of Computer and System
We notice that using only first hand information make the Sciences(Elsevier Publications), July, 2013.
schemes robust against both bad mouthing and ballot stuffing [5] S.Chen, Y.Zhang, Q. Liu, J.Feng, “Dealing with dishonest
attacks because these protocols don’t take the recommendation: The trials in reputation management court”, Ad Hoc
recommendations of the other nodes into account, however, Networks 10 (8) , 1603-1618, 2012.
using only first hand information have some serious [6] Y.C. Hu, A. Perrig, D.B. Johnson, “Rushing attacks and defense in
drawbacks like: time to build reputation is high, and it takes wireless ad hoc network routing protocols”,In Proc of the 2003 ACM
Workshop on Wireless Security, pp. 30–40, 2003.
longer for reputation to decrease, allowing malicious nodes to
[7] Y.C. Hu, A. Perrig, D.B. Johnson, "Ariadne: a secure on-demand routing
stay in the system longer. Contrariwise, the use of only protocol for ad hoc networks, Wireless Networks 11 (2005) 21–38.
positives or only negatives recommendations as well as using [8] M. Carvalho. “Security in mobile ad hoc networks”, IEEE Security &
deviation test, is not sufficient to prevent these attacks, Privacy 6,72–75, 2008.
because the attacker may control a number of vulnerable [9] D. Djenouri, L. Khelladi, A.N. Badache. “A survey of security issues in
participants or the collective attackers may collude with one mobile ad hoc and sensor networks”, IEEE Communications Surveys &
Tutorials 7, 2–28, 2005.
another, which results in the evaluating node receiving
[10] Y.Yu, K.Li,W.Zhou, P.Li. “Trust mechanisms in wireless sensor
overwhelming dishonest recommendations. The attackers can networks:Attack analysis and countermeasures”. Journal of Network and
also introduce a relatively small bias in dishonest Computer Applications, 2011.
recommendations to bypass the detection mechanisms. [11] B.Zhang, Z.Huang, Y.Xiang, “A novel multiple-level trust management
Whereas, the effectiveness of the protocols using trust framework for wireless sensor networks”, Computer Networks 72, 45–
factors will depend on the choice of these factors as well as 61, 2014.
the method used to filter dishonest recommendations. [12] Y. Ben Saied, A. Olivereau, D. Zeghlache, M. Laurent, “Trust
management system design for the Internet of Things: A context-aware
and multi-service approach”, Computers & Security, 2013.
V. CONCLUSION [13] R.Zhou, K.Hwang. “PowerTrust: A Robust and Scalable Reputation
System for Trusted Peer-to-Peer Computing”.IEEE Transactions On
Dishonest recommendation attacks are among the most Parallel And Distributed Systems, VOL. 18, NO. 4, 2007.
dangerous internal attacks because they can go unnoticed in a [14] L.Xiong,L.Liu. “PeerTrust: Supporting Reputation-Based Trust for Peer-
to-Peer Electronic Communities”. IEEETransactions On Knowledge
trust and reputation mechanism while causing extensive And Data Engineering, VOL. 16, NO. 7, 2004.
damage. Securing against these attacks is a critical issue [15] L.Xiong, L.Liu, “A Reputation-Based Trust Model for Peer-to-Peer
that has been addressed through many proposed schemes. eCommerce Communities”.Proc IEEE International Conference on E-
These proposals are classified into two categories: avoiding Commerce (CEC’03), 2003.
and dealing with dishonest recommendations, while the first [16] S.Buchegger, JY.Le Boudec. “Performance Analysis of the
class is used to prevent these attacks, the second is used to CONFIDANT Protocol: Cooperation of Nodes — Fairness In Dynamic
Ad-hoc NeTworks”. In Proceedings of IEEE/ACM Symposium on
detect them soon as they are in the network. Mobile Ad Hoc Networking and Computing (MobiHOC), Lausanne,
This paper provides an overview of these techniques, CH, 2002.
each of which offers different advantages and [17] A. Boukerch, Li Xu, Khalil El-Khatib. “Trust-based security for wireless
disadvantages. We notice that no scheme is ideal; however, ad hoc and sensor networks”. Comput. Commun. 30 (11), 2413–2427,
using a class of protocols instead of another will depend on the 2007.
context and application requirements. [18] J-W.Ho, M.Wright, S-K.Das. “ Zonetrust: fast zone-based node
compromise detection and revocation in wireless sensor networks using
Despite the significant damage that can cause dishonest sequential hypothesis testing, IEEE Trans. Depend. Secure Comput. 9
recommendation attacks, the topic of securing the WSN (4), 494–511, 2012.
against bad mouthing and ballot stuffing attacks have [19] K.Vijaya, Dr.M.Selvam. “Improving resilience and revocation by
received much less attention than the other internal attacks like mitigating bad mouthing attacks in Wireless Sensor Networks”.
International Journal of Scientific & Engineering Research, Volume 4,
DoS or node replication. Therefore, despite the efforts those Issue 4, 2013.

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.
[20] J.Esch. “A Survey of trust and reputation management systems in [40] S. Ganeriwal, L. Balzano, K. Srivastava, B. Mani, “Reputation-based
wireless communications”. Proceedings of the IEEE; 98(10):1755 – Framework for High Integrity Sensor Networks”. ACM Trans. Sen.
1772, 2010. Netw., 4(3):1–37, 2004.
[21] H.Yu, Z.Shen . “A survey of trust and reputation management systems [41] H.Chen, X.Zhou,C. Gao. “Agent-based trust model in wireless sensor
in wireless communications”. Proceedings of the IEEE, School of networks”. 8th ACIS International Conference on Software Engineering,
Computer Engineering, Nanyang Technology University, Singapore, Arti fi cial Intelligence, Networking, and Parallel/Distributed
98(10):1755 – 1772, 2010. Computing, 119 – 124, 2007.
[22] F.G. Mármol, G. M. Pérez, “Security threats scenarios in trust and [42] T. Qin, H. Yu, C. Leung, Z. Shen, C. Miao, “Towards a trust aware
reputation models for distributed systems”, Elsevier Computers & cognitive radio architecture”, ACM Sigmobile Mobile Comput.
Security 28(7), 545-556, 2009. Commun. Rev., vol. 13, no. 2, pp. 86–95, 2009.
[23] F.G. Mármol, G. M. Pérez, “Towards pre-standardization of trust and [43] T.A Zia, “Reputation-based Trust Management in Wireless Sensor
reputation models for distributed and heterogeneous systems”, Computer Networks”, In Proceedings of ISSNIP 2008, 2008.
Standards & Interfaces 32, 185–196, 2010. [44] H.Alzaid,E. Foo, J-G.Nieto. “RSDA: Reputation-Based Secure Data
[24] H.Yu, Z.Shen, C.Miao, C.Leung, D.Niyato,” Survey of Trust and Reputa Aggregation in Wireless Sensor Networks”, In: Proceedings of the 9th
tion Management Systems in Wireless Communications”, Proceedings International Conference on Parallel and Distributed Computing,
of the IEEE, 2010. Applications and Technologies, PDCAT 2008, Dunedin, New Zealand,
[25] O. Khalid, S. U. Khan, S. A. Madani, K. Hayat, M. I. Khan, N. Min- pp. 419–424, 2008.
Allah, J. Kolodziej, L. Wang, S. Zeadally, and D. Chen, "Comparative [45] H.Chen. “Task-based trust management for wireless sensor networks.
Study of Trust and Reputation Systems for Wireless Sensor International Journal of Security and its Applications, 3(2):21 – 26, 2009
Networks," Security and Communication Networks, 2012. [46] A. Srinivasan, F.Li, J. Wu, “A Novel CDS-Based Reputation
[26] G.Edwin Prem Kumar, Titus. I, Sony. I,Thekkekara, “ A Comprehensive Monitoring System for Wireless Sensor Networks”, In Proceedings of
overview on Application of Trust and Reputation in wireless Sensor the 28th IEEE International Conference on Distributed Computing
network”, In International conference on modeling optimization and Systems Workshops, ICDCS 2008, Beijing,China, pp. 364–369, 2008.
Computing in Procedia Engineering Vol no.38,pp.2903-2912, 2012. [47] G. V. Crosby, N. Pissinou,J. Gadze, "A Framework for Trust-based
[27] H. Alzaid, M. Alfaraj, R. Sebastian, A. Jøsang, M. Albabtain, A. Cluster Head Election in Wireless Sensor Networks", in The Second
Abuhaimed, “Reputation-based Trust Systems for Wireless Sensor IEEE Workshop on Dependability and Security in Sensor Networks and
Networks: A Comprehensive Review”, In proceedings of the 7th Systems (DSSNS '06), Columbia, Maryland, 2006.
International Conference on Trust Management-IFIPTM'13, 2013. [48] K.Yadav, A.Srinivasan, “ iTrust: an integrated trust framework for
[28] J.Lopez, R.Roman, I.Agudo, C.Fernandez-Gago, ”Trust Management wireless sensor networks”, 25th ACM Symposium on Applied
Systems for Wireless Sensor Networks: Best Practices”, Computer Computing (SAC ’ 10), Switzerland, 2010.
Communications Volume 33, Issue 9, Pages 1086–1093, 2010. [49] S.Ganeriwal, M.Srivastava, “Reputation-based framework for high
[29] G.Han, J. Jiang, L.Shu, J.Niu, H-C.Chao, “Management and integrity sensor networks”, In Proceedings of the 2nd ACM Workshop
applications of trust in Wireless Sensor Networks: A survey”, Journal of on Security of Ad Hoc and Sensor Networks (SASN ’ 04),66 – 77, 2004.
Computer and System Sciences 80, 602–617, 2014. [50] P.Michiardi, R.Molva, “CORE: a collaborative reputation mechanism to
[30] A. Whitby, A. Josang, J. Indulska, “Filtering out unfair ratings in enforce node cooperation in mobile ad hoc networks”, Communication
bayesian reputation systems”, In Proceedings of the Third International and Multimedia Security, 2002.
Joint Conference on Autonomous Agenst and Multi Agent Systems, pp. [51] S.Buchegger, L.Boudec, “Performance analysis of the CONFIDANT
106–117, 2004. protocol (cooperation of nodes fairness in dynamic ad-hoc networks)”,
[31] A. Boukerch, L. Xu, K. EL-Khatib, “Trust-based security for wireless ad 3rd ACM International Symposium on MobiHoc, 2002.
hoc and sensor networks”, Computer Communications 30, 2413–2427, [52] G.V.Crosby, L.Hester, N.Pissinou, “Location-aware, Trust-based
2007. Detection and Isolation of Compromised Nodes in Wireless Sensor
[32] Y.L.Sun, Z.Han, W.Yu, J. R.Liu, “Attacks on Trust Evaluation in Networks”, International Journal on Network Security 12(2), 107–117
Distributed Networks”, In Proceedings of 40 th Annual Conference of 2011.
Information Sciences and Systems, March 22-24, pp 1461-1466, 2006. [53] A. Srinivasan, J. Teitelbaum and J. Wu, "DRBTS: Distributed
[33] M. J. Probst, S.K. Kasera. “Statistical Trust Establishment in Wireless Reputation-based Beacon Trust System", in The 2nd IEEE
Sensor Networks”. In ICPADS ’07: Proceedings of the 13 th International International Symposium on Dependable, Autonomic and Secure
Conference on Parallel and Distributed Systems, pages 1–8, Computing (DASC '06), 2006.
Washington, DC, USA, 2007. [54] S. Buchegger, JY.Le Boudec, “A Robust Reputation System for P2P
[34] C. Deokjai H. Guangjie , L. Wontaek. “A Reliable Approach of and Mobile Ad-hoc Networks”,In Proceedings of the Second Work
Establishing Trust for Wireless Sensor Networks”. In IFIP International shopon the Economicsof Peer-to-Peer Systems (P2PEcon 2004),
Conference on Network and Parallel Computing Workshops (NPC Harvard University, Cambridge MA,USA, pp. 2004.
2007), Dalian, China, September 2007. [55] C. Zouridaki, B. Mark, M. Hejmo, R. Thomas, “Hermes: a quantitative
[35] H.Marzi , M.Li, “An Enhanced Bio-Inspired Trust and Reputation trust establishment framework for reliable data packet delivery in
Model for Wireless Sensor Network”, Procedia Computer Science 19, MANETs”, Journal of Computer Security 15, 3–38, 2007.
1159 – 1166, 2013. [56] C. Zouridaki, B.L. Mark, M. Hejmo, R.K. Thomas, “E-Hermes: a robust
[36] C. Dellarocas, “Immunizing online reputation reporting systems against cooperative trust establishment scheme for mobile ad hoc networks”, Ad
unfair ratings and discriminatory behavior”, In Proceedings of the 2nd Hoc Networks 7, 1156–1168, 2009.
ACM Conference on Electronic Commerce, pp. 150– 157, 2000. [57] R.Feng, X.Xu, X.Zhou,J.Wan, “A Trust Evaluation Algorithm for
[37] A. Srinivasan, J. Teitelbaum, H. Liang, J. Wu, M. Cardei, “On Trust Wireless Sensor Networks Based on Node Behaviors and D-S Evidence
Establishment in Mobile Ad-Hoc Networks, Reputation and Trust-based Theory”, Sensors 2011,11, pp.1345-1360, 2011.
Systems for Ad Hoc and Sensor Networks”, Wiley & Sons, 2007. [58] J. Hurt, Y.Leet, H.Yoont , D.Choit, S.Jin, “Trust Evaluation Model for
[38] C.Raj M R, E.Prem Kumar G, K.Kusampudi, “A Survey on Detecting Wireless Sensor Networks”, In Proceedings of the 7th International
Selfish Nodes in Wireless Sensor Networks Using Different Trust Conference on Advanced Communication Technology, ICACT 2005,
Methodologies”, International Journal of Engineering and Advanced 491 – 496, 2005.
Technology 2 (3), 197-200, 2013. [59] T.Zahariadis, H.Leligou, P.Karkazis, P. Trakadas, I. Papaefstathiou, C.
[39] T.Zahariadis, H.Leligou,P.Trakadas, S.Voliotis, “Trust management in Vangelatos, L. Besson, “Design and implementation of a trust-aware
Wireless sensor Networks”, European Transaction on Routing protocol for large WSNs”, International Journal of Network
Telecommunicatiοns, Vol. 21, Issue 4, pp: 386-395, 2010. Security and Its Applications (IJNSA); 2(3):5 2 – 68, 2010.

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on September 20,2023 at 21:09:10 UTC from IEEE Xplore. Restrictions apply.