Beruflich Dokumente
Kultur Dokumente
CHAPTER 1
INTRODUCTION
1.1 OBJECTIVE
The aim of the project is to provide a secure platform for the interaction
between the nodes in a Mobile Ad Hoc Grid. This is achieved by means of
providing a reputation based trust model that evaluates the trust value of the service
requesting node every time a request is received. This value is calculated by taking
into account the history of transactions that have taken place involving the node.
This provides for a secure environment where the resources in the system are
protected from malicious nodes. In addition there is also an encryption mechanism
for the secure communication of messages in the system.
1.2 SCOPE
Mobile ad hoc Grid can be constructed at the places where people have a
routine life with mobile devices. Such an environment comprises of a
heterogeneous mixture of high capacity nodes and low capacity nodes. The low
capacity nodes may request high capacity nodes to provide service to them forming
a good platform for grid. Now in this grid environment, the services should be
provided only to the deserving nodes that are trustworthy and the malicious nodes
should be prevented access to these resources for the effective functioning of the
system. Here comes the necessity of reputation based trust model in the mobile ad
hoc grid environment.
2
CHAPTER 2
LITERATURE SURVEY
Elvis Papalilo et al [7] discuss about the direct experiences being established
every time a trustor collaborates with a trustee. The output of the collaboration is
called direct trust and is calculated entirely based on the behavior elements under
observation. Direct trust between the participants X as trustor and Y as trustee is
expressed as the product of the behavior trust elements under observation. Each of
the behavior trust elements is calculated as the average of the ratio of the “positive”
observed experiences and the total number of observations during the
collaboration.
Baolin Ma et al [2] discuss about the creation of a domain agent for every
domain to maintain domain transaction table that contains transaction records of all
the entities. Every record saves the request entity, the services provider (denoted as
“providee”) and the service evaluation provided by request entity. At the same
time, every entity in the domain maintains an evaluation table used to record the
4
reliability of other entities having direct transaction experiences with the entity.
Corresponding record items contain other entities’ name and reliability.
S. D. Kamvar [6] propose an Eigen trust model that collects the local trust
values of all peers to calculate the global trust value of a given peer. Eigen Trust
relies on good choice of some pre trusted peers, which are supposed to be trusted
by all peers. Additionally, Eigen Trust adopts a binary rating function, interpreted
as one (positive or satisfactory), or zero or negative one (unsatisfactory or
complaint).
As described above the existing models rely on good choice of only some
pre trusted peers and not all the nodes in the network. This assumption may be
over optimistic in a distributed computing environment and can lead to a situation
where the malicious entities start cheating cooperatively with the other peers and
lead to the degradation of the system.
Also the trust models adopt a binary rating function. This might lead to very
high rating for a node after few successful transactions or very low after a few
failure transactions. So even if a node genuinely requests for a service after some
time it is very difficult to get access to these resources. Hence binary rating is not a
solution for the determination of the trust values in a grid environment where
services hold the key.
5
Another key problem with the existing system is the unequal distribution of
weights to the calculated direct and indirect trust values. This leads to a
miscalculated trust value that acts detrimental to the performance of the system.
The proposed model plans to overcome all of the above said shortcomings in an
effective manner.
CHAPTER 3
BUILD RESOURCE
SYSTEM DESIGN LIST
ENCRYPTION
MODULE INITIALISE
CONSUMER
NODES
RESOURCE
GRID AVAILABILITY
SIMULATION
SERVICES FOR
GRID
BUILD
TRUST CALCULATE DIRECT
EVALUATION AND
MODEL TRUST VALUE
DOMAIN TABLE
found to possess necessary resources then the system may go on and continue with
the execution of services.
Once the resources available with the system are verified, then the Service
Provider Node starts to identify the type of request made by the system. Once the
type of request or service is identified then the system calls the corresponding
execution function to process the UNIX command, which is a request.
WORKFLOW DIAGRAM
1: GRID SIMULATION
2 : DATA ENCRYPTION
This is an integral part of the encryption mechanism that has been employed
in the project. In this process a generator point is initially fixed and the plain text
that has to be encrypted is represented as a point on the ellipse generated from the
generator point. After this a random variable is generated and the public and
private keys are formulated. The plain text is then encrypted with the receiver’s
public key and sender’s private key. After this process of encryption the public key
of the sender and cipher text are sent to the receiver.
10
Having encrypted the plain text the next step is to convert this plain text into
cipher text at the receiver’s end. In order to decrypt the message the receiver must
have the sender’s public key. Then an evaluation is done to check if the encrypted
text lies within the permissible range. If so, decipher the text using the sender’s
public key and self’s private key.
The network activity is recorded periodically in a log file. The log file has a
list of all the transactions that have taken place in the network. The evaluation table
and the domain table that are constructed with the help of this log file as input form
an integral part of the trust calculation mechanism.
There is a single domain table for an entire domain and this includes the
information about all the transactions that have taken place in that particular
domain. However, the information that is of interest to the implementation is the
IDs of the nodes requesting and providing service and the status of that particular
transaction. The domain table plays an integral in indirect trust and credibility
factor calculation.
11
The direct trust value is calculated based on the information that is available
in the evaluation table. The direct trust value is the estimate how trustworthy the
service requesting node has been to this particular SPN. The number of occasions
when the past transactions have ended successful or failed is taken into account
after which a penalty factor is added to the node. The penalty factor is a measure of
number of successful transactions against those that have been unsuccessful. The
trust value pre calculated is now divided by this penalty factor to get the final direct
trust value.
Indirect forms an integral part of the trust model that has been implemented
and is the factor that sets this model apart from the traditional ones. The indirect
trust is the estimate of how much trustworthy the service requesting node is in the
opinion of the peers in the system. The first step in the calculation of this indirect
trust is the request to the domain table that has been constructed priorly. In this
process the direct trust between each of the peers and the service requesting node is
first calculated. After this the credibility factor between each of the peers and the
service providing node is calculated and the composite indirect trust value is
computed as the sum of product of the corresponding terms of each of the above
calculated values. The composite trust value is then divided by the number of such
peers in the network to determine the cumulative indirect trust value [2].
The above calculated direct and indirect trust values are deployed for the
determination of the cumulative trust value of a particular entity. The key to
appropriate evaluation of the trust value of a node is to balance the weights
awarded to the direct and the indirect trust values to determine the final value. An
important entity to determine the weight is the number of transactions that have
been taken into account to determine the indirect trust value. The cumulative value
[3] is hence determined by
where α + β=1
k – the number of transactions between the peers and the service requesting node.
CHAPTER 4
IMPLEMENTATION
4.2. PSEUDOCODES:
Void BuildResourceList()
malloc(sizeof(struct resource_table));
strcpy(spn.rt[0]->resource_name,Resource_name);
spn.rt[0]->tot_instances=spn.rt[0]->available=Initial_Resource_Count;
Void InitValConsumerNodes
if(consumers[jts.cpn_id-1]==1)
}
15
if(strcmp(res,spn.rt[i]->resource_name)==0)
spn.rt[i]->available-=res_cnt;
break;
else
f=0;
break;
}
16
for (i=0,j=0,s=0;i<strlen(jts.cmd);i++)
if(isspace(jts.cmd[i])){s++;j=0;continue;}
if(s==0)comd[j++]=jts.cmd[i],comd[j]='\0';
else if(s==1)file1[j++]=jts.cmd[i],file1[j]='\0';
else file2[j++]=jts.cmd[i],file2[j]='\0';
if(strcmp(comd,"ls")==0)
if(resource(res,2))
Generate a table of integral points that lie on the ellipse, using the equation given
above.
Fix a point on the ellipse as the generator point.
if(table_filled == false)
compute_table;
send(cipher_text,Pa);
//Decryption routine
b-> private key of Receiver
18
{
Evaluation table cn id= domaintable requester id
Evaluation table status=DomainTableStatus
Procedure request_service
for(i=0;evaltable[i].cn_id!=0;i++)
{
if(evaltable[i].cn_id==cn_id )
{
if( evaltable[i].status is FAILURE)
{
failure++
final_failure++
}
20
success++;
final_success++;
}
if(!((success==0)&&(failure==0)))
local_trust[spn_id][cn_id] = (1.0*success)/(success+failure );
mu[spn_id][cn_id] = (1.0*failure)/success;
penalty[spn_id][cn_id] = 1 + mu[spn_id][cn_id];
return local_trust[spn_id][cn_id]/penalty[spn_id][cn_id];
21
Procedure request_domaintable
if(domaintable[i].requester_id==cn_id)
{
if((domaintable[i].status is SUCCESS)
success[domaintable[i].provider_id]++;
else
failure[domaintable[i].provider_id]++;
}
if((!((success[i]==0)&&(failure[i])==0))&&(!(i==cn_id)))
if(success[i]!=0)
23
{
mu[i][cn_id] = (1.0*failure[i])/success[i];
}
else
{
mu[i][cn_id]= (1.0 * failure[i]);
}
penalty[i][cn_id] = 1 + mu[i][cn_id];
indirect_trust[i][cn_id] = local_trust[i][cn_id]/penalty[i][cn_id];
}
24
Procedure calculate_trust
{
Calculate direct trust value between the service requesting node and
service providing node
cumulative_indirect_trust_value=indirect_trust_value/count;
25
val=sqrt(opinion);
if(val!=0)
weight=1-(1/val);
else
weight=0;
alpha=1-weight;
beta=(weight);
cumulative_total_trust_value=alpha*direct_trust[spn_id][cn_id]+beta
*cumulative_indirect_trust_value;
{
Malicious node detected :Prevent transaction
}
}
26
CHAPTER 5
RESULTS
The performance of the direct trust model and the implemented trust model
is evaluated against the rate of malicious activity. Rate of malicious activity is
chosen as the parameter here because it is an effective measure of the number of
successful transactions against those that are unsuccessful. This in turn is a clear
indication of the trustworthiness of the nodes.
As it can be seen from Table 5.1 the direct trust model has no false
evaluations when there are no malicious nodes in the network and hence the
accuracy of evaluation of the trust model is 100% as can be seen from the Fig 5.1.
But with the increase in the rate of malicious activity the accuracy of
evaluations drop down significantly as is observed in the Fig 5.1. The reason for
this is because the system takes into account only the direct experiences with the
node under study. So there is a good chance that the transactions that have taken
place with this SPN in the past have resulted in success but the service requesting
node has produced failed transactions with other nodes in the network. But the
SPN does not have any knowledge of these since it does not take into account the
indirect trust value of the service requesting node.
28
Fig 5.1 Rate of Malicious Activity Vs Accuracy of evaluation of Direct Trust Model
29
It can be seen from Table 5.2 that the system is infallible when the rate of
malicious activity is 0 as there are no false evaluations made and the hence the
accuracy of evaluation is 100% as can be seen from the Fig 5.2. The accuracy of
evaluation initially drops when the rate of malicious activity increases. This is
because the system does not have enough of failed transactions in the network to
identify the node to be malicious. But, as the rate of malicious activity increases the
accuracy of evaluation also increases and the system identifies all the malicious
nodes appropriately.
The next chapter will discuss about the conclusions and the future work that
could be augmented to the existing system.
35
CHAPTER 6
FUTURE WORK
The security system that has been implemented concentrates more on the
application layer attacks that result in improper resource utilization in the network.
While this forms the major problem in grids, there might also be attacks at the
network layer which might also have a detrimental influence on the system
performance. So the further work can be directed towards identifying and
eliminating such attacks in mobile ad-hoc grids. The system can also be extended
in such a manner that these security features are incorporated and implemented for
web services also.
36
REFERENCES