Hindawi Publishing Corporation

International Journal of Distributed Sensor Networks

Volume 2014, Article ID 209436, 14 pages
http://dx.doi.org/10.1155/2014/209436

Research Article
TSRF: A Trust-Aware Secure Routing Framework in
Wireless Sensor Networks

Junqi Duan, Dong Yang, Haoqing Zhu, Sidong Zhang, and Jing Zhao
National Engineering Laboratory for Next Generation Internet Interconnection Devices,
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China

Correspondence should be addressed to Dong Yang; dyang@bjtu.edu.cn

Received 5 August 2013; Accepted 28 November 2013; Published 8 January 2014

Academic Editor: Yuan He

Copyright © 2014 Junqi Duan et al. This is an open access article distributed under the Creative Commons Attribution License,
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

In recent years, trust-aware routing protocol plays a vital role in security of wireless sensor networks (WSNs), which is one of the
most popular network technologies for smart city. However, several key issues in conventional trust-aware routing protocols still
remain to be solved, such as the compatibility of trust metric with QoS metrics and the control of overhead produced by trust
evaluation procedure. This paper proposes a trust-aware secure routing framework (TSRF) with the characteristics of lightweight
and high ability to resist various attacks. To meet the security requirements of routing protocols in WSNs, we first analyze features
of common attacks on trust-aware routing schemes. Then, specific trust computation and trust derivation schemes are proposed
based on analysis results. Finally, our design uses the combination of trust metric and QoS metrics as routing metrics to present
an optimized routing algorithm. We show with the help of simulations that TSRF can achieve both intended security and high
efficiency suitable for WSN-based networks.

1. Introduction that determines the data forwarding and transmission path

With the rapid advancements in Internet of Things (IoT),
cloud computing, and social networks, smart city has
attracted more and more attention in modern society. Smart
city that relies on the different kinds of distributed smart
devices can offer a wide range of applications for urban
residents, such as environmental monitoring, traffic manage-
ment, and social entertainments. These applications cannot
only improve the living quality of city inhabitants, but also
promote the realization of the low-carbon society.
Due to the characteristics of low cost, rapid deployment,
and self-organized, wireless sensor networks (WSNs) play a
crucial role in constructing the network and facilitate various
services for smart city. The ubiquitous sensor nodes can
both collect physical information of urban environments and
control the public or private facilities in the context of smart
city environments. Consequently, many studies of smart city
have been made on the basis of WSNs technologies [1, 2].
With a limited radio communication range, wireless
sensor nodes typically communicate with each other via a
multihop path. In this case, the design of routing protocol
is a key process to consider as it will directly affect the
performance of WSNs, such as the network lifetime, packet
delivery rates and end-to-end packet delay [3–6]. In this
paper, we focus on security aspects of routing protocols in
WSNs. Due to the open, distributed, and dynamic nature
of WSNs, the routing protocols are highly vulnerable to
various attacks [7, 8]. These attacks can be divided into two
types: internal and external. The internal attacks are launched
by compromised or malicious nodes in the network. The
external attacks are launched by malicious nodes that have
not access to the network [9, 10].
In order to protect WSNs against malicious and selfish
behavior, different secure routing protocols have been devel-
oped over the years [11–13]. However, these routing protocols
mainly rely on cryptographic primitives and authentication
mechanisms which are not suitable for WSNs. The specific
reasons can be summarized as follows: firstly, most cryp-
tographic algorithms, especially the asymmetric encryption
process, require high computational capabilities and power
consumption [14, 15]. However, the low-cost sensor nodes are
usually resource constrained in memory size, energy capacity,
2 International Journal of Distributed Sensor Networks

and computational capabilities. Secondly, many encryption
and authentication mechanisms in routing protocols require
a central authority or centralized administration to operate
[16, 17], which is usually impractical in WSNs. Finally,
the sensor nodes deployed in a unattended area may be
compromised by adversaries through physical means. Once
the keys are leaked, all the security mechanisms may become
ineffective. In other words, conventional secure routing
protocols based on cryptographic primitives can resist some
types of external attacks, but they cannot provide protection
against malicious behavior of internal nodes.
Trust management is an effective solution to the above
issues and could be a suitable component for the security
architecture of WSNs [7, 18]. The notion of trust derives from
social sciences, which is defined as the degree of beliefs about
the behavior of other ones. As the trust management schemes
have strong capabilities to identify the malicious entities and
offer a prediction of one’s future behavior, they can be used as
a measure of security for securing routing. In order to find a
secure route, the results of trust evaluation help to select the
trustworthy next-hop node through which the source node
will forward data to the sink node. As a result, a number of
trust-based routing protocols have been proposed [19–22].
However, the traditional trust-based routing protocols
still exist several key problems, which can be summarized
as follows. Firstly, although the trust-based schemes can deal
with the inherent attacks in wireless networks, they will also
induce some new risks to which special consideration shall
be given. Secondly, trust metric is significantly different from
normal routing metrics such as the number of hops, delay, or
other QoS requirements [7], but most trust models do not
consider the particularity of trust metrics when designing
routing protocols. Thirdly, the existing trust-based routing
protocols have some limitations such as dependence on
specific routing scheme or platform. In other words, security
mechanisms may be invalid if the routing protocol of the
network is changed. In addition, trust evaluation can be
divided into two parts: trust computation and trust derivation
[23]. Previous trust models mainly focus on the process of
trust computation. In fact, the trust information is frequently
exchanged in trust derivation to ensure the accuracy of
trust evaluation, which dominates the overhead of routing
procedure. Therefore, designing an efficient trust derivation
scheme is a critical issue in the development of WSN-based
networks.
In this paper, we propose a trust-aware secure routing
framework (TSRF) in WSNs that aims to address the chal-
lenges mentioned above. We first analyze the attacks on
trust-aware routing protocols especially the common ones to
trust management systems. According to the analysis results,
we propose specific trust computation and trust derivation
schemes to deal with these attacks, which will be used in our
routing framework design. Furthermore, an optimized rout-
ing algorithm is designed by utilizing mathematical methods.
In our scheme, the routing algorithm consider not only the
features of trust metric, but also other QoS requirements
in path selection. Finally, we introduce the details of our
routing strategies which are not confined to specific routing
protocols. By conducting extensive simulations, we show that
TSRF cannot only maintain the desirable security of the
network, but also significantly reduce the routing overhead.
The rest of this paper is organized as follows. Section 2
provides a brief overview of related work. The common
attacks on trust-based routing protocols in WSNs and their
solutions are discussed in Section 3. Section 4 proposes a
lightweight trust computation method and also designs
an optimized routing algorithm by utilizing the theory of
semirings. We provide detailed operation of our proposed
routing strategies in Section 5, with simulation results and
performance evaluation given in Section 6. Finally, important
conclusions and potential future works are given in Section 7.
2. Related Work
2.1. Secure Routing Protocols Based on Cryptographic Primi-
tives. With the growing trend in the field of security, there has
been an increased effort in the research on routing protocols
in recent years [24–26]. SAODV [24] is a security extension
of the AODV protocol to resist against some routing attacks.
In order to guarantee the data integrity and authenticity, all
the routing messages in SAODV are digitally signed. In this
case, intermediate nodes cannot send RREP as the RREP
message must be signed by the destination node. Although a
mechanism called double signature is introduced in SAODV
to solve this issue, it will definitely increase the load of
intermediate nodes. Cerri and Ghioni developed A-SAODV
protocol [25] to mitigate the negative effects of SAODV.
In A-SAODV, intermediate nodes reply to RREQs only if
they are not overloaded and the source node can determine
whether to use single signature or double signature according
to the threshold of the current load state. However, the above
proposals are security extensions of existing ad hoc routing
protocols which are not suitable for resource constrained
WSNs.
SAR is a secure routing protocol in WSNs that can
discover the shortest path with desired security attributes
[26]. The source node sets the desired security level for
the route. Only the nodes with the same security level,
which share encryption keys, can decrypt routing packets.
Although SAR can ensure the data confidentiality to a certain
extent, cryptographic primitives on which it mainly based
will involve significant encryption overhead and limit its
attractiveness for WSN applications [27, 28]. In addition,
as the solution mainly utilizes encryption mechanisms, it is
unable to prevent an internal attack launched by a compro-
mised sensor node.
2.2. Secure Routing Protocols Based on Trust Evaluation.
Driven by the demand for security and efficiency consider-
ations, the trust-based routing protocols have been proposed
for WSNs [11, 29, 30]. Paris et al. designed a new cross-
layer metric called expected forwarding counter (EFW) for
reliable routing in wireless networks. The EFW can motivate
the cooperation between nodes and cope with the problem
of selfish behavior. In [31], a bayesian game approach for
preventing DoS attacks is presented in WSNs. Then, a secure
routing protocol is also proposed by combining the bayesian
International Journal of Distributed Sensor Networks 3

approach with LEACH protocol. These routing protocols also resist some common attacks. However, this trust-aware
only aim at dealing with a particular attack, which is not scheme depends on the specific routing scheme, which
sufficient to ensure the network security. Karlof and Wagner restricts the scope of applications.
described the attacks against sensor networks and suggest
countermeasures for secure routing [32], but they did not
2.3. Trust Derivation. The trust evaluation systems normally
consider the effect of attacks on trust management systems.
include two parts: trust computation and trust derivation.
In other words, some new attacks against trust evaluation
Most previous trust-based schemes only focused on the trust
such as selfish and colluding attacks and their solutions were
computation process by adopting mathematical analysis and
not included in the discussion. Yu et al. analyzed various
modeling tools. In fact, the trust derivation that collects trust
attacks and countermeasures related to trust schemes in
information for evaluation dominates the overhead of routing
WSNs [33]. However, they simply categorized the different
establishment. Consequently, the trust derivation is a major
types of existing attacks and did not design secure routing
subject of study for trust-aware routing protocols. In [36],
protocols according to the analysis results.
a trust-aware routing protocol (TARP) was proposed. Two
The fundamental purpose of trust-based routing protocol
steps are used to find a trusted neighbor node. The first step is
is to establish a trustworthy and efficient route between two
called the “One Hop Check” and will only be initiated by the
nodes that can send data from the source to the destina-
source node that has some data to send. The source node will
tion. Routing algorithms determine the results of routing
send a Neighbor Request to all its neighbors asking them for
selection, which will directly affect the performance of trust-
their trust attributes. Once it receives the trust attributes, the
based routing, such as network security, routing delay, and
source node will choose the most trusted node. In step two,
computational overhead. Consequently, routing algorithm is
the source node will make a credit check on the preselection
one of the most important components in trust-aware routing
node by communicating directly with its neighbors. For this
protocols. Theodorakopoulos and Baras analyzed the effect of
purpose, the source node will use a different channel and a
trust metric from the perspective of mathematical methods
temporarily higher energy than the one used in step one. The
[18]. By utilizing the theory of semirings, they proved that
source node will send a far neighbor request to nodes. In this
the indirect trust relation can be set up without previous
case, more neighbor nodes of preselection node will receive
direct interaction. To further study the features of trust metric
the request and response with a far neighbor reply. However,
in routing algorithms, a formal study of trust-based routing
to implement this approach, frequency-hopping and time
was proposed in [7]. In this paper, four unique features
synchronization technologies are needed. These complex
of trust metric are identified compared with QoS-based
MAC scheduling mechanisms may limit the applications
routing metrics. The authors also analyzed the compatibility
making it unattractive to WSNs.
of trust metrics and routing protocols. However, they did
Reputation broadcast (also called flooding mechanism)
not consider the situation that both trust metric and QoS-
is another common method for receiving recommendations
based metrics are required for designing routing algorithms
from neighbors [37]. The source or the evaluating node
in practical applications. The applications in WSNs may
broadcast the trust request that carries the identification of
have different QoS requirements in terms of end-to-end
the evaluated node. If a receiving node is a neighbor of the
packet delay, packet delivery rates, and network lifetime.
evaluated node, it will reply the corresponding trust infor-
Generally speaking, the QoS-based routing metrics should be
mation. Otherwise, it only forwards the trust request packets.
optimized under the premise of security assurance.
Since flooding is involved in the process, this approach may
In order to build well-established trust relationships
produce a high overhead and incur lengthy latency. It is
without relying on any predefined assumption, Ren et al.
obvious that a robust trust derivation procedure relies on
proposed a probabilistic solution based on distributed trust
adequate collection of trust information from the network
model [34]. In the proposal, a secret dealer was introduced
for computation. To overcome drawbacks of flooding, the
in the system bootstrapping phase and provides the sensor
common method is the use of a certain control mechanism
nodes with sufficient trust evidences. Although these designs
in flooding (e.g., setting a small value to the hop limit of
can simplify the process of trust initialization, the need for
broadcast packets). But the performance of these methods is
a centralized secret dealer limits its application to WSNs.
still easily affected by many factors such as network size and
Because WSNs inherit the properties of a wireless ad hoc
node density.
network, where fixed infrastructure is not a necessary com-
ponent. A novel on-demand unicast routing protocol (TSR)
was presented in [23]. TSR help the network build a simple 3. The Analysis of Attacks and
trust prediction model based on evaluated node’s historical Countermeasures
behavior. According to assessment results, the nodes can
select the shortest trusted route to transmit required packets. 3.1. Network Model. In this paper, we consider a WSN
But indirect trust is not considered in TSR, which may affect consisting of a few sink nodes and a number of sensor
the accuracy of trust computation. Zahariadis et al. proposed nodes that are randomly distributed in a designated area.
a distributed trust model that relies on both direct and Each sensor node is in charge of both detecting events and
indirect trust observations to evaluate the trust of nodes [35]. acting as a router in order to forward packets. All the sensor
By applying the trust model to geographical routing scheme, nodes are resource constrained and have the same limited
the proposal cannot only reduce the routing overhead but radio coverage. Consequently, end-to-end communication in
4 International Journal of Distributed Sensor Networks

Table 1: Attacks on routing protocols in WSNs.

Effectiveness of
Effectiveness of
Attacks Internal External Active Passive cryptography and
trust-based Aggressive behavior
authentication
mechanisms
mechanisms
Blackhole ✓ × ✓ × × ✓ Discard all the routing packets
Greyhole ✓ × ✓ × × ✓ Drop part of routing packets
✓ × ✓ × Spoof or replay an extremely high quality route
Sinkhole × ✓
advertisement to attract the nearby traffic
Distort the network topology by making two
Wormhole ✓ × ✓ × × ✓ distant nodes convince that they are only one
or two hops away
✓ × ✓ × Manipulate route discovery and route
Sybil ✓ ×
maintenance by creating several fake IDs
✓ ✓ ✓ × Flood the network with a huge amount of
DoS ✓ ✓
routing packets
Sniffing × ✓ × ✓ ✓ × Eavesdrop routing information
Tampering ✓ × ✓ × × ✓ Tamper routing packets
Replay ✓ ✓ ✓ × × ✓ Replay the received routing packets

a WSN is normally achieved via multihop relaying where a
communication path is established in a distributed manner.
We also assume that all the sensor nodes are compromisable
if there are no security mechanisms protecting them. In
addition, WSNs may consist of sensor nodes from different
manufacturers or service providers. In this case, the selfish
nodes may not completely cooperate with each other.
3.2. The Analysis of Attacks on Routing Protocols. Routing
protocols are the most critical component of the network
as they address the problem of how to realize data trans-
mission services. However, many classic routing protocols
assume that the operating environment is trustworthy and
do not consider security issues. However, this assumption
is not realistic in many cases. With the open and remote
deployment environment, WSNs are generally susceptible to
various attacks, including blackhole attack, wormhole attack,
sybil attack, and so on [33, 38]. Consequently, secure routing
is very important to guarantee the network functionality in
the face of malicious or selfish attacks. In this paper, we first
analyze attacks on routing protocols in WSNs. The common
attacks can be illustrated as follows.
(i) Blackhole attack: a malicious node discards all the
packets it should forward.
(ii) Greyhole attack: an attacker drops certain type of
packets (routing packets, data packets from a desig-
nated node, etc.) and only forwards part of them.
(iii) Sinkhole attack: a compromised node attracts nearly
all the traffic from a particular area and disguises itself
as a sink node.
(iv) Wormhole attack: a pair of adversaries tunnel packets
that received in one part of the network and replay
them in another part through a low-latency link.
(v) Sybil attack: a single node illegitimately presents
multiple identities to other nodes in the network.
(vi) DoS attack: a DoS attacker can disrupt legitimate
communication of other nodes by flooding the net-
work with redundant or false traffic.
(vii) Sniffing attack: an attacker can intercept and eaves-
drop the data of interest.
(viii) Message Tampering: a malicious node tampers the
receiving message before forwarding it to other nodes.
(ix) Replay Attack: an attacker may not acquire the data
information but can simply replay earlier packets
received from other nodes.
As described in Section 1, the attacks can be divided into
two types according to their origin: internal and external. In
addition, the various attacks can also be categorized into two
classes on the basis of their nature [10]: passive and active.
In passive attacks, malicious nodes may gather sensitive
information or behave selfishly in collaborative operations,
such as routing, to passively affect the proper operation of
WSNs. In active attacks, malicious nodes may actively request
sensitive information, influence the behavior of surrounding
nodes, or affect the normal operation of WSNs using attacks
such as Denial of Service (DoS).
Table 1 summarizes the different types of attacks, effec-
tiveness of countermeasures, and instances of attack behavior.
We can find that trust-based mechanisms can resist the
majority of various attacks, while cryptography and authen-
tication mechanisms cannot provide protection against most
of the attacks launched by internal malicious nodes. The
reason is that the internal sensor nodes in WSNs may have
a probability to be compromised by external attackers due to
the lack of physical protection. Then the attacker can easily
use compromised nodes to obtain the key, which may cause
encryption schemes invalid. On the contrary, the security
features of trust-based schemes are mainly implemented
via distributed intrusion detection mechanisms such as
watchdog and pathrater [39]. In this case, the malicious or
International Journal of Distributed Sensor Networks
selfish behavior can be seized no matter where the attacks
come from (inside or outside of the network). Consequently,
trust management can provide a better resistance capability
for the internal attacks on routing protocols. In addition,
sybil attack and sniffing attack are difficult to detect by
trust-based mechanisms, they can be avoided by adopting
location verification [35] and frequency-hopping techniques,
respectively, which is not in the scope of this paper.
3.3. The Analysis of Attacks on Trust Models. Although trust
management systems can deal with most of the existing
attacks on routing protocol and help improve the security
of the network, they may become a new attractive target for
attacks [38, 40]. For example, due to the cost and resources
constraints, the intrusion detection system is difficult to
guarantee 100% accuracy of detecting. Consequently, it is pos-
sible that some malicious or misbehaved nodes are wrongly
included in the trusted set of nodes that provide recommen-
dations at some point. In this case, the misbehaved nodes
may launch passive or active attacks on routing protocols and
impair the performance of the network.
In this subsection, we identify some possible attacks on
trust models for WSNs and discuss their countermeasures.
Some of the most common attacks to a trust management
system are summarized as follows.
(i) On-off attack: a malicious entity behaves well and
badly alternatively in order to remain in the trusted
set of nodes.
(ii) Conflicting behavior attack: a malicious node behaves
differently to nodes in different groups.
(iii) Selfish attack: a selfish attacker does not reply to
recommendation information when receiving a trust
request.
(iv) Bad mouthing attack: a misbehaved node provides
dishonest recommendations and propagates neg-
ative/positive recommendation information about
well-behaved/malicious nodes, which might affect the
accuracy of trust evaluation.
(v) Collusion attack: more than one malicious node
colludes with one another to disrupt the network
operation (e.g., providing dishonest recommenda-
tions about other nodes).
In order to design a secure framework for trust-aware
routing protocols in WSNs, it is necessary to develop
corresponding countermeasures against the above attacks,
which do not require complex calculation process and much
additional overhead. We first introduce an adaptive decay
time factor into our trust computation model, which can
solve the problems caused by on-off attacks. In our trust
evaluation system, the behavior of sensor nodes should be
monitored by their neighbors. Both the direct trust and
the recommendations provided by other nodes should be
considered. In this case, if a conflicting behavior attacker
behaves differently to different nodes, it can be quickly
detected and expelled from the network. Furthermore, we
propose a lightweight trust derivation scheme to resist selfish
5
attacks. By introducing the inconsistency check mechanism,
our trust evaluation scheme can also reduce or even eliminate
the effects of bad mouth attacks and collusion attacks. The
specifications of these countermeasures will be described in
Sections 4 and 5.
4. Routing Algorithm
4.1. System Model. We utilize graph model to analyze routing
issues in WSNs. For a weighted directed graph 𝐺(𝑉, 𝐸, 𝜔), the
set of vertices 𝑉 stands for the sensor nodes in the network.
𝐸 ⊆ 𝑉 × 𝑉 is the edge set which represents the relations
of nodes. The weighted label 𝜔 stands for metrics used for
measuring links or paths. For each 𝑒(𝑖, 𝑗) ∈ 𝐸, we consider
that node 𝑖 is the issuer and node 𝑗 represents the target. A
path 𝑝 from V1 to V𝑛 is denoted by 𝑝(V1 , V𝑛 ) ≜ (V1 , V2 , . . . , V𝑛 ).
Trust model essentially performs trust derivation, com-
putation, and application [20]. In this paper, we adopt watch-
dog [39] as the foundation of detection mechanisms. Each
sensor node is responsible for monitoring the behavior of its
neighbors and evaluating their trust level. More specifically,
the detection results are utilized for the evidence of trust
computation. 𝑡(𝑖, 𝑗) represents the trust value of node 𝑗 for
node 𝑖. In our model, node 𝑖 is the evaluating device and
node 𝑗 is the evaluated one. The trust 𝑡 of an arbitrary node
includes direct trust 𝑑𝑡 and indirect trust 𝑖𝑡. Direct trust is
based on direct observations of each node that participates in
data communication, while indirect trust, which is also called
recommendation trust, stands for the trust relations between
distributed nodes without direct interactions.
In order to further construct the routing model and study
the optimality of routing protcols, we view 𝐺𝐻(𝑉, 𝐸𝐻, ℎ) as
the physical graph where 𝐸𝐻 stands for the set of directed
wireless physical links. Similarly, 𝐺𝑅 (𝑉, 𝐸𝑅 , 𝑟) denotes the
routing graph on which path selection and packet forwarding
are performed. Consequently, the routing problems can be
considered as the selection of the optimal path on a weighted
physical graph 𝐺𝐻(𝑉, 𝐸𝐻, ℎ) by utilizing the routing metric
𝑟. In our model, the routing metric 𝑟 is the combination
of the trust metric and other QoS metrics such as delay
and packet loss rate, which is constrained by trust graph
𝐺𝑇 (𝑉, 𝐸𝑇 , 𝑡) and corresponding QoS Graph 𝐺𝑄(𝑉, 𝐸𝑄, 𝑞). All
the optimal paths 𝑝∗ can ultimately form the optimal routing
graph 𝐺𝑅∗ (𝑉, 𝐸𝑅 , 𝑟). In this paper, we define the optimal route
as the maximizing of the desired service quality under the
premise of security assurance.
4.2. Trust Computation of Nodes. Normally, the sensor nodes
are highly constrained in terms of computational power,
energy, memory, and bandwidth, so the design of security
mechanisms for WSNs is significantly challenging. We first
propose a lightweight computation method to evaluate the
trust value of sensor nodes in WSNs, which is an extension
to our previous work [41]:
∑𝑛(𝑘𝜖𝐶 ,𝑘 ≠ 𝑖) 𝑖𝑡(𝑘, 𝑗)𝑙
𝑙 𝑙 𝑗 (1)
𝑡(𝑖, 𝑗) = 𝛼 × 𝑑𝑡(𝑖, 𝑗) + 𝛽 × .
𝑛−1
6 International Journal of Distributed Sensor Networks

Including 𝛼 + 𝛽 = 1, 𝛼 > 0, 𝛽 > 0. 𝑡(𝑖, 𝑗) represents the trust
value of node 𝑗 for node 𝑖. 𝑑𝑡(𝑖, 𝑗) is the direct trust value.
𝑖𝑡(𝑘, 𝑗) stands for the recommendations provided by node 𝑘
which belongs to the neighbor set 𝐶𝑗 of node 𝑗. 𝑛 denotes the
number of neighbors and 𝑙 represents the sequence number
of the evaluation records. 𝛼 and 𝛽 are weighed factors which
are associated with the security policies. A larger value for 𝛼
indicates that the sensor node in WSNs is more convinced
about its own judgement. Similarly, a larger value for 𝛽 means
that the recommendations provided by other nodes are more
trustworthy in trust evaluation process. In addition, the trust
value is subject to 0 ≤ 𝑡 ≤ 1. Generally, we believe that the
higher trust value the sensor node is, the more trustworthy it
has. The effect of conflicting behavior attacks can be reduced
by setting adequate values of 𝛼 and 𝛽. Because the behavior
of nodes is monitored by its neighbors in the network, if a
malicious node behaves differently to different nodes, it can
be detected by considering the combination of direct trust
and indirect trust.
The computation of direct trust is given by
𝑙
𝑑𝑡(𝑖, 𝑗) = 𝛾1 × 𝑑𝑡𝑃(𝑗) (𝑖, 𝑗)
𝑙−1 𝑙−1
+ 𝛾2 × 𝑑𝑡𝑁(𝑗) (𝑖, 𝑗)
𝑙
+ 𝑖𝑑𝑠(𝑖, 𝑗) ,
(2)
value of 𝛾 for well-behaved records of nodes and set a high
value for malicious records. This mechanism implies that the
malicious behavior will be remembered for a longer time than
the well-behaved behavior. As a result, the on-off attacker is
difficult to build a good reputation which requires a long-time
interaction and consistent well-behaved behavior of nodes.
Then the following represents the indirect trust evalua-
tion process:
𝑛 𝑛
𝑙 𝑙
∑ 𝑖𝑡(𝑘, 𝑗) = ∑ 𝑑𝑡(𝑖, 𝑘)𝑙 × 𝑑𝑡(𝑘, 𝑗) . (5)
(𝑘∈𝐶𝑗 ,𝑘 ≠ 𝑖) (𝑘∈𝐶𝑗 ,𝑘 ≠ 𝑖)
In this model, we employ the trust chain to evaluate
the indirect trust of sensor nodes. 𝑑𝑡(𝑖, 𝑘) stands for the
direct trust value of node 𝑘 for node 𝑖. 𝑑𝑡(𝑘, 𝑗) represents
the direct trust value of node 𝑗 for node 𝑘 that provides
the recommendation data. To deal with the bad mouthing
attack and collusion attack, we propose an inconsistency
check scheme, which is given by
𝑙 𝑙
𝑙
∑𝑛(𝑘∈𝐶 ,𝑘 ≠ 𝑖) 𝑑𝑡(𝑖, 𝑘)𝑙 × 𝑑𝑡(𝑘, 𝑗) + 𝑑𝑡(𝑖, 𝑗)
𝑗
𝑖𝑐(𝑖, 𝑗) = . (6)
∑𝑛(𝑘∈𝐶 ,𝑘 ≠ 𝑖) 𝑑𝑡(𝑖, 𝑘)𝑙 + 1
𝑗

where 𝑑𝑡𝑃(𝑗) (𝑖, 𝑗)𝑙−1 represents the direct trust value of node
𝑗 for node 𝑖 based on node 𝑗’s past well-behaved behavior,
while 𝑑𝑡𝑁(𝑗) (𝑖, 𝑗)𝑙−1 is the direct trust value of node 𝑗 for
node 𝑖 based on node 𝑗’s past malicious behavior. 𝛾1 and
𝛾2 correspond to the exponential decay time factor of the
positive and negative assessment, respectively. The 𝑖𝑑𝑠(𝑖, 𝑗)𝑙
denotes the assessment for current behavior of device 𝑗 by
utilizing intrusion detection systems. The 𝑖𝑑𝑠(𝑖, 𝑗) is given by
{ 𝑃 (𝑗) , for 0 < 𝑃 (𝑗) < 1
{
𝑖𝑑𝑠 (𝑖, 𝑗) = {0, for uncertain
{
{𝑁 (𝑗) , for − 1 < 𝑁 (𝑗) < 0,
where 𝑃(𝑗) and 𝑁(𝑗) represent the positive and negative
assessment for device 𝑗’s behavior, respectively. These param-
eters should follow the rule that good reputation is more
difficult to gain than the bad one. The value of 𝑖𝑑𝑠(∗) should
be set to zero if the judgment for nodes’ behavior is not
absolutely sure.
In order to deal with on-off attacks, we introduce an
adaptive exponential decay time factor 𝛾, which can be shown
as below:
𝛾1 = 𝑒−𝜌1 ×(𝑡𝑐 −𝑡𝑐−1 ) , for 𝑑𝑡𝑃(∗)
𝛾={
𝛾2 = 𝑒−𝜌2 ×(𝑡𝑐 −𝑡𝑐−1 ) , for 𝑑𝑡𝑁(∗) ,
where 𝑡𝑐 stands for the current time and 𝑡𝑐−1 represents the
time when the last interaction happens. According to the
above equations, the trust value will decrease with the elapse
of the time. When 𝛾 → 0, it means that the results of recent
interactions are much more important than those of older
ones. The weight factors should depend on the context. An
on-off attacker can behave well and badly alternatively to gain
a relatively high reputation. In this case, we can set a low
As previously mentioned, the collected recommendations
may include false data provided by bad mouthing attackers
and collusion attackers. For each recommendation, our trust
computation model uses a threshold 𝜀 to determine whether
the data is suspicious. If |𝑑𝑡(𝑘, 𝑗)𝑙 − 𝑖𝑐(𝑖, 𝑗)𝑙 | > 𝜀, the
recommendation data will be discarded. In this case, if a
malicious node that is incorrectly included in the trusted set
of devices provides false data, it can be quickly detected as
its false recommendation may have a significant difference
(higher or lower) from true ones.
(3)
4.3. Trust Computation of Paths. When a source node pre-
pares to transmit packets to a destination node via multihop
communication, it must evaluate the trust value of the
route. Different methods based on the results of nodes’
trust assessment can be applied to the process of path trust
computation. Generally, the design of trust computation of
paths should comply with the following rules. Firstly, the
trust information cannot be increased via propagation [42].
In other words, the trust value of a path should not be greater
than the trust value of any intermediate node in the path.
Secondly, the destination node is considered to be a trusted
entity in trust management systems and its trust value for any
other node in the path should be set to 1.
(4)
If we choose the most trusted path determined by the
highest product of all trust values along the path, the trust
of a path 𝑝 can be computed by
𝑡 (𝑝) = ∏ ({𝑡 (𝑖, 𝑗) | 𝑖, 𝑗 ∈ 𝑝, 𝑖 󳨀→ 𝑗}) , (7)
where node 𝑖 and node 𝑗 are neighbors. node 𝑗 is the next hop
of node 𝑖. As shown in Figure 1, V0 is the source node and V5
is the destination node. There are three paths from the source
to the destination. Among them, (V0 , V3 , V4 , V5 ) is the most
International Journal of Distributed Sensor Networks
0.8
1 2
1
0.8
0 0.9
5
0.7 3 4 1
1 Definition 2. A semiring of trust is an algebraic structure
Figure 1: Path trust computation.
trusted path (𝑡(V0 , V3 , V4 , V5 ) = 0.7, 𝑡(V0 , V1 , V2 , V5 ) = 0.64,
𝑡(V0 , V3 , V2 , V5 ) = 0.63).
We can also choose the most trusted path determined by
the highest minimum trust values of intermediate nodes in
the path. The trust of a path 𝑝 can be represented as follows:
𝑡 (𝑝) = min ({𝑡 (𝑖, 𝑗) | 𝑖, 𝑗 ∈ 𝑝, 𝑖 󳨀→ 𝑗}) .
The function min(∗) returns the minimum value from
the input set. In this case, (V0 , V1 , V2 , V5 ) is the most
trusted path (𝑡(V0 , V1 , V2 , V5 ) = 0.8, 𝑡(V0 , V3 , V2 , V5 ) = 0.7,
𝑡(V0 , V3 , V4 , V5 ) = 0.7).
4.4. Routing Metrics. In practical applications, routing met-
rics may include both trust metric that can ensure the security
of the network and QoS metrics which are used for improving
the service quality. So the routing metrics of a path 𝑝 can
be denoted by 𝑟(𝑝) ≜ (𝑡(𝑝), 𝑞1 (𝑝), 𝑞2 (𝑝) ⋅ ⋅ ⋅ 𝑞𝑛 (𝑝)), where
𝑞1 (𝑝), 𝑞2 (𝑝) ⋅ ⋅ ⋅ 𝑞𝑛 (𝑝) are different QoS metrics of the path
𝑝. As described above, the different calculation method of
routing metrics, such as trust metrics, may effect the results
of routing selection. In order to avoid interfering with the
design of routing algorithms, we introduce a mathematical
theory called semiring in this paper. The rigorous mathe-
matical proof and mathematical properties of semiring were
proposed in [7, 18].
Definition 1. A semiring is an algebraic structure
(𝑆, ⊕, ⊗, 0, 1, ⪯), where 𝑆 is a set. ⊕, ⊗, and ⪯ are operators
with the following properties.
(i) ⊕ is commutative and associative. For ⊕, 0 is a neutral
element:
𝑎 ⊕ 𝑏 = 𝑏 ⊕ 𝑎,
(𝑎 ⊕ 𝑏) ⊕ 𝑐 = 𝑎 ⊕ (𝑏 ⊕ 𝑐) ,
𝑎 ⊕ 0 = 𝑎.
(ii) ⊗ is associative. For ⊗, 1 is a neutral element and 0 is
an absorbing element:
(𝑎 ⊗ 𝑏) ⊗ 𝑐 = 𝑎 ⊗ (𝑏 ⊗ 𝑐) ,
𝑎 ⊗ 0 = 0,
𝑎 ⊗ 1 = 𝑎.
7
(iii) ⪯ is an order relation with respect to the operators:
∀𝑎, 𝑏 ∈ 𝑆 : 𝑎 ⪯ 𝑏, 𝑐 ⪯ 𝑑 󳨐⇒ 𝑎 ⊕ 𝑐 ⪯ 𝑏 ⊕ 𝑑, 𝑎⊗𝑐⪯𝑏⊗𝑑
∀𝑎, 𝑏 ∈ 𝑆 : 𝑎 ⪯ 𝑏 ⇐⇒ ∃𝑐 ∈ 𝑆 : 𝑎 ⊕ 𝑐 = 𝑏.
(11)
(𝑇, ⊕𝑇 , ⊗𝑇 , 0𝑇 , 1𝑇 , ⪯), where 𝑇 is the set of trust metric
which defines the process of operators. ⊗𝑇 and ⊕𝑇 represent
an operator to concatenate trust metric along a path and
aggregate trust metric across paths, respectively.
Definition 3. A semiring of QoS is an algebraic structure
(𝑄, ⊕𝑄, ⊗𝑄, 0𝑄, 1𝑄, ⪯), where 𝑄 is the set of QoS metric. ⊗𝑄
and ⊕𝑄 represent an operator to concatenate QoS metric
along a path and aggregate QoS metric across paths, respec-
tively.
(8)
4.5. Routing Selection. By utilizing the theory of semirings,
we can conveniently describe the selection of the optimal
route. For example, if we want to choose the most trusted path
𝑝(V1 , V𝑛 ) in the network, the optimal route is given by
𝑝∗ (V1 , V𝑛 ) = ⊕𝑇 [𝑡 (𝑝 (V1 , V𝑘 )) ⊗𝑇 𝑡 (𝑝 (V𝑘 , V𝑛 ))] , (12)
where 𝑘 ∈ 𝑝(V1 , V𝑛 ). We assume that the trust of the path is
computed by (7). Therefore, the operator ⊗𝑇 stands for “×”
and the operator ⊕𝑇 represents “max(∗)”. Similarly, if we want
to find the path with minimum delay, the optimal route can
be described as below:
𝑝∗ (V1 , V𝑛 ) = ⊕𝐷 [𝑑 (𝑝 (V1 , V𝑘 )) ⊗𝐷𝑑 (𝑝 (V𝑘 , V𝑛 ))] , (13)
where 𝑘 ∈ 𝑝(V1 , V𝑛 ). 𝑑 is the delay time of a path. ⊗𝐷 and ⊕𝐷
represent “+” and “min(∗)”, respectively.
Then, we can propose the routing algorithm which
considers diverse routing metrics. We assume that 𝑉 is the set
of all the nodes in the network and 𝑉∗ is the set of nodes that
have optimal routes to the destination node. When a source
node V𝑖 ∈ 𝑉 − 𝑉∗ wants to find its optimal route to the
destination node V𝑛 , it should first sort the routing metrics
based on their priorities. We define the priority assignment
of routing metrics as 𝑟(𝑝(V ⃗ 𝑖 , V𝑛 )) ≜ (𝑞0 , 𝑞1 , . . . , 𝑞𝑚 ). 𝑞0 has
the highest priority (𝑞0 ⪰ 𝑞1 ⪰ ⋅ ⋅ ⋅ 𝑞𝑚 ). In our model, we
think that the QoS of networks should be improved under the
premise of security assurance. Consequently, we set 𝑞0 = 𝑡(𝑝).
Then the source node V𝑖 traverses its forwarding set Γ(V𝑖 )
(9) which is the set of candidate nodes chosen to forward packets
in order to evaluate the trust of path 𝑝(V𝑖 , V𝑛 ). We define
a threshold of path trust as 𝑡(𝑝(V𝑖 , V𝑛 ))th . If any path trust
value (V𝑖 , 𝑝(V𝑘 , V𝑛 ), V𝑘 ∈ Γ(V𝑖 )) is greater than the threshold,
it will be added into the candidate set of the optimal paths
𝑃𝑄∗0 (V𝑖 , V𝑛 ). If no one can satisfy the security requirements
of paths, node V𝑖 cannot find the optimal route to node V𝑛
and will be disconnected from the network. Similarly, node
V𝑖 should traverse the route selection process measured by
(10) other QoS metrics. Finally, the optimal route from node V𝑖 to
node V𝑛 can be selected, which is denoted by 𝑝𝑅∗ (V𝑖 , V𝑛 ). The
specifics of our routing algorithm are shown in Algorithm 1.
8 International Journal of Distributed Sensor Networks

(1) Process Initialization

(2) 𝐺𝑅∗ (𝑉, 𝐸𝑅 , 𝑟) = V𝑛 , V𝑛 is the destination node
(3) Add V𝑛 to 𝑉∗ , 𝑉∗ represents the set of nodes that have optimal routes to V𝑛
(4) while 𝑉 ≠ 𝑉∗ do
(5) for all node V𝑖 ∈ 𝑉 − 𝑉∗ do
(6) Sort 𝑟(𝑝(V𝑖 , V𝑛 ))
(7) Obtain 𝑟(𝑝(V⃗ 𝑖 , V𝑛 )) ≜ (𝑞0 , 𝑞1 , . . . , 𝑞𝑚 )
(8) where 𝑞0 = 𝑡(𝑝(V𝑖 , V𝑛 ))
(9) for all V𝑘 ∈ Γ(V𝑖 ) do
(10) if 𝑡 (V𝑖 , V𝑘 ) ⊗𝑇 𝑡 (𝑝 (V𝑘 , V𝑛 )) ⪰ 𝑡(𝑝(V𝑖 , V𝑛 ))th then
(11) Add (V𝑖 , 𝑝(V𝑘 , V𝑛 )) to 𝑃𝑄∗0 (V𝑖 , V𝑛 )
(12) end if
(13) end for
(14) if 𝑃𝑄∗0 (V𝑖 , V𝑛 ) = 0 then
(15) V𝑖 is disconnected from the network
(16) Continue;
(17) end if
(18) for 𝑗 = 1; 𝑗 < 𝑚; 𝑗 + + do
(19) 𝑃𝑄∗𝑗 (V𝑖 , V𝑛 ) = ⊕𝑄𝑗 𝑝𝑄∗ 𝑗−1 (V𝑖 , V𝑛 )
(20) where 𝑝𝑄∗ 𝑗−1 (V𝑖 , V𝑛 ) ⊆ 𝑃𝑄∗𝑗−1 (V𝑖 , V𝑛 )
(21) end for
(22) if 𝑃𝑄∗𝑚 (V𝑖 , V𝑛 ) = 0 then
(23) V𝑖 is disconnected from the network
(24) Continue;
(25) else
(26) Add V𝑖 to 𝑉∗
(27) Add 𝑃𝑄∗𝑚 (V𝑖 , V𝑛 ) to 𝐺𝑅∗ (𝑉, 𝐸𝑅 , 𝑟)
(28) return 𝑝𝑅∗ (V𝑖 , V𝑛 ), 𝑝𝑅∗ (V𝑖 , V𝑛 ) ⊆ 𝑃𝑄∗𝑚 (V𝑖 , V𝑛 )
(29) end if
(30) end for
(31) end while
(32) END Process

Algorithm 1: Routing algorithm.

5. The Scheme of TSRF
5.1. Routing Strategy. Generally, the routing protocols in
WSNs have to meet strict energy saving and security require-
ments. In this section, we propose a lightweight and secure
routing scheme which does not rely on specific routing
protocols. Figure 2 shows an example on how a source node
(V0 ) finds the optimal route to the destination node (V11 ). The
detailed procedure of our trust-ware routing protocol works
as follows.
Step 1. When the source node V0 prepares to send packets
to the destination node V11 , node V0 initializes the trust
derivation process and sends a trust request packet to its
neighbor nodes (e.g., node V2 ). The trust request is a 6-
ary tuple, and is denoted as TR = ⟨𝑠𝑖𝑑 , 𝑡𝑖𝑑 , 𝑡(𝑝)th , 𝑡𝑠, 𝑠, ℎ𝑙⟩,
where 𝑠𝑖𝑑 is the evaluating node’s ID and 𝑡𝑖𝑑 is the evaluated
nodes’ ID. 𝑡(𝑝)th represents the threshold of path trust. 𝑡𝑠
is the timestamp and 𝑠 stands for the sequence number of
trust request packet. hl denotes the hop limit of trust request
packet. To reduce the overhead of trust derivation procedure,
the hop limit value of the trust request packet should be set
to one. This value should be decremented by one every time
the trust request packet is forwarded if it is not zero. In this
example, 𝑠𝑖𝑑 is equal to node V0 ’s ID and 𝑡𝑖𝑑 is equal to node
V2 ’s ID. Node V2 that receives the trust request packet should
first check if it has already received the same request. If it has,
the request should be immediately discarded. If not, the node
should broadcast this trust request to all its neighbors.
Step 2. When receiving the trust request packet, the nodes
except the evaluating one should check whether the evaluated
node is its neighbor (node V0 will simply discard this request
as it is the source of the trust request). If not, it remains
silent. Otherwise, the nodes (V1 , V3 and V6 ) may unicast a trust
reply to the evaluating node (V0 ) through the existing reverse
routes. Then, these nodes will drop the broadcast trust request
packets if the hop limit value is equal to zero.
Step 3. After obtaining the recommendations provided by
the neighbors of the evaluated node, the evaluating node
V0 computes the trust value by combining direct trust with
indirect trust. Then, node V0 can determine whether the
evaluated node V2 should be trusted according to the required
path trust constraint. The method of trust computation is
described in Section 4. Similarly, node V0 can find a trusted
International Journal of Distributed Sensor Networks 9

3 8 3 8 0 3 8
0 0

7 7 7
2 2 2
1 1 1
10 10 10
6 6 6

4 5 4 5 4 5
11 11 11
9 9 9

Wireless link Tust request Wireless link Tust reply Wireless link Route request
Step 1 Step 2 Step 3

3 3 8 0 3 8
0 8 0

7 7 7
2 2 2
1 1 1
10 10 10
6 6 6

4 5 4 5 4 5
11 11 11
9 9 9

Wireless link Route request Wireless link Route reply Wireless link Data packet
Step 4 Step 5 Step 6

Untrusted nodes
Trusted nodes

Figure 2: Routing procedure.

forwarding set (V2 , V3 ) and send the route request to these
nodes in the forwarding set.
Step 4. If an intermediate trusted node that receives the route
request has the optimal route to the destination node, it will
send a route reply to the source node. Then, the source node
V0 can find the optimal route to the destination node V11 . Go
to Step 6. If not, the intermediate trusted node will repeat
Steps 1–3 to find the next trusted one.
Step 5. Once the route request hits the destination, the
destination node V11 will send a route reply to the source
node V0 via the selected reverse route. The routing algorithm
is described in Algorithm 1.
much communication cost, because it mainly relies on its
own detection system. By contrast, the recommendation
mechanism is closely related to the communication overhead
due to the packet interactions. In this paper, we only choose
the recommendations provided by the neighbor nodes of
the evaluated one. Because most malicious behaviors can be
detected by the neighbors and this mechanism can obviously
reduce the overhead of trust derivation. In addition, the
whole trust derivation procedure can be monitored by the
evaluating node in our scheme. In this case, if a selfish node
does not participate in recommendation mechanism for its
battery saving, its trust value will be degraded in our trust
model and finally be evicted from the network.

Step 6. Finally, node V0 can send data packets to node V11
through the optimal route.
From the previously mentioned descriptions, we can see
that the direct trust derivation process which is based on
the direct observations of evaluating node will not produce
5.2. Route Maintenance. When a newly node joins the net-
work, its behavior will be evaluated by its neighbors. As
shown in Figure 2, the established route is (V0 , V2 , V6 , V11 ). In
our model, only the upstream node can launch the route
maintenance procedure of the downstream node (e.g., V2 is
the upstream node of V6 ). Each time a transaction takes place,
10 International Journal of Distributed Sensor Networks

Table 2: Simulation parameters. 1

Parameters Values 0.95

Simulation time 500 s

Average packet delivery ratio

Monitoring area 200 × 200 m2 0.9
Number of nodes 100
0.85
Communication Range 40 m
Packet Interval 5s 0.8
Length of data packet 100 bytes
Routing protocol GPSR [43] & BAR [30] 0.75
MAC layer protocol IEEE 802.15.4
0.7
Initial trust value 0.5
Distrust interval [0, 0.4) 0.65
Error probability of detection 0.1
The proportion of malicious nodes 20% 0.6
0 10 20 30 40 50 60 70 80 90
𝑃(𝑎) 0.01 Simulation time
𝑁(𝑎) −0.1
𝛾1, 𝛾2 0.90, 0.99 No Attacks Greyhole + TSRF (t(p)th = 0.4)
Greyhole Greyhole + TSRF (t(p)th = 0.3)
𝛼, 𝜀 0.7, 0.15
𝑡(𝑝), 𝑡(𝑝)th min(∗), 0.4 Figure 3: The effect of greyhole attacks.

the direct trust of node V6 for node V2 will be immediately

updated. If the variation of direct trust value of node V6
for node V2 is greater than the trust update threshold 𝜏
(Δ𝑑𝑡(V2 , V6 ) > 𝜏), node V2 will launch the trust evaluation
process for node V6 . The trust evaluation process is similar to
the procedure of our trust-ware routing scheme (from Step 1
to Step 3). If the trust value of node V6 for node V2 cannot
meet the required path trust constraint, node V2 will send a
routing update packet to the source node V0 via the reverse
route. When receiving this routing update packet, node V0
starts the process of finding the new optimal route.
6. Simulation Results and
Performance Evaluation
In this section, the NS-2 simulator [44] is used to evaluate
the performance of TSRF. Our simulations model a network
consisting of 100 sensor nodes placed randomly within a
200 m × 200 m area. We define two types of sensor nodes
in the simulations: well-behaved nodes and malicious nodes.
The malicious nodes can launch greyhole, tampering, on-
off, and bad mouth attacks in the simulated scenarios. We
first consider the impact on the network caused by each
attack; then the case that all the four attacks are launched
simultaneously is also be analyzed. All the default simulation
parameters that we have chosen are summarized in Table 2.
The simulations can be divided into two parts. First, we
analyze the effect of attacks on our scheme by introducing
several common attacks into the network. Then, we further
discuss the effectiveness and security of our proposed scheme
by comparing the performance of TSRF with other trust-
based mechanisms in routing protocols.
6.1. The Effect of Attacks on TSRF. We first assume that the
malicious nodes launch greyhole attacks (drop 50% packets)
and then analyze their impact on the average packet delivery
ratio of the network. As shown in Figure 3, the average
packet delivery ratio is close to 100% when there are no
attacks in the network. However, if there are some malicious
nodes launching greyhole attacks (from 10 s), the average
packet delivery ratio will suffer a degradation. By introducing
TSRF into the classic routing protocol in WSNs (GPSR),
the average packet delivery ratio significantly increases as
the elapse of simulation time. Because our scheme can help
source nodes find trusted routes that exclude the influence
of greyhole attackers to the destination node. Furthermore,
the threshold of path trust is a critical factor for the trust
evaluation process in our design. The higher threshold of
path trust (0.4) will lead to a higher packet delivery ratio
as it can promote the trust evaluation systems to detect the
malicious nodes more quickly. If the network can seize all
the behavior of the node correctly, the higher the threshold
of path trust we choose, the higher packet delivery ratio
can be obtained. However, it is almost impossible to realize
it in actual conditions as an error probability of detection
may exist in the detection mechanisms. In this case, an
unreasonably high value of path trust constraint may cause
error trust evaluation events. Consequently, the threshold
of path trust should be reasonably selected in the context
of different applications. We can get a similar conclusion
when the malicious nodes launch message tampering attacks
(prevent the valid packets from reaching the destination by
modifying the content of packets) in the simulation, which is
illustrated in Figure 4.
As shown in Figure 5, the trust value typically grows over
time if no abnormal behavior occurs (from 30 s to 70 s).
However, the trust value decreases significantly when the
malicious nodes launch on-off attacks (from 75 s to 95 s).
Generally, we can find that the lower proportion of on-off
behavior (20%) makes the malicious node gain a relatively
International Journal of Distributed Sensor Networks 11

1 1.4

0.95
1.2
0.9
Average packet delivery ratio

0.85 1

0.8

Trust value
0.8
0.75

0.7 0.6

0.65
0.4
0.6
0.2
0.55

0.5 0
0 10 20 30 40 50 60 70 80 90
30 40 50 60 70 80 90
Simulation time
Simulation time
No Attacks Tampering + TSRF (t(p)th = 0.4) Bad mouth (the proportion of malicious behavior = 0.5)
Tampering Tampering + TSRF (t(p)th = 0.3)
Bad mouth (the proportion of malicious behavior= 0.5) + TSRF
Bad mouth (the proportion of malicious behavior = 0.2)
Figure 4: The effect of tampering attacks.
Bad mouth (the proportion of malicious behavior = 0.2) + TSRF

Figure 6: The effect of bad mouth attacks.

1.4

1.2
launch on-off attacks is 0.51 without introducing the adaptive
decay time factor, while the trust value of them is equal to 0.29
1 measured by TSRF (the proportion of malicious behavior =
0.5, at 90 s).
Trust value

0.8 We also proposed an inconsistency check scheme to

0.6
0.4
0.2
0
30 40 50 60 70 80
Simulation time
On-off (the proportion of malicious behavior = 0.5)
On-off (the proportion of malicious behavior= 0.5) + TSRF
On-off (the proportion of malicious behavior = 0.2)
On-off (the proportion of malicious behavior = 0.2) + TSRF
Figure 5: The effect of on-off attacks.
higher reputation. As an adaptive exponential decay time
factor is introduced into our trust evaluation model, the
negative assessment will decay more slowly than the positive
one. Compared with the trust evaluation process without
considering the decay time factor, our proposed scheme can
provide better resistance capability against on-off attacks. By
utilizing TSRF, the on-off attacker is difficult to build a good
reputation or get rid of bad reputation, which requires a
long-time interaction and consistent well-behaved behavior
of nodes. For example, the trust value of malicious nodes that
provide protection against bad mouth attacks, which is illus-
trated in Figure 6. In the simulation, the bad mouth attack-
ers provide negative/positive recommendation information
about well-behaved/malicious behavior. Consequently, the
trust value is relatively low when assessing well-behaved
behavior (from 30 s to 70 s) under bad mouth attacks, and
vice versa. More bad mouth attackers (the proportion of bad
mouth attackers = 0.5) may cause a greater impact on trust
90 evaluation process than less ones do (the proportion of bad
mouth attackers = 0.25). In this case, our inconsistency
check scheme can filter out most of false recommendations as
they normally have a significant difference (higher or lower)
from the ones provided by well-behaved nodes. Finally, the
accuracy of trust evaluation can be improved by adopting the
proposed inconsistency check scheme.
6.2. The Effectiveness and Security of TSRF. The procedure
of route establishment mainly includes trust derivation and
traditional route discovery schemes. In this paper, we pro-
posed a lightweight trust derivation scheme which does not
rely on specific routing protocols. We first introduce TSRF
into BAR routing protocol and compare its overhead with
some conventional trust derivation schemes such as flooding
and flooding with hop limit methods. Then, the time spent
on routing establishment is also studied by introducing TSRF
into GPSR routing protocol.
Routing overhead is an important factor we should con-
sider when designing routing protocol for WSNs. In Figure 7,
12 International Journal of Distributed Sensor Networks

700 220
200

Time spent on routing establishment (ms)

600
180

500 160
Routing overhead

140
400 120
100
300
80
200 60
40
100
20

0 0
4 6 8 10 12 14 4 6 8 10 12 14
Average number of neighbor nodes Average number of neighbor nodes

BAR + flooding GPSR + flooding

BAR + flooding with hop limit (2 hops) GPSR + flooding with hop limit (2 hops)
BAR + TSRF GPSR + TSRF
BAR GPSR

Figure 7: Routing overhead. Figure 8: Time spent on routing establishment.

we can see that the routing overhead of flooding is much 1

higher than the other three schemes due to its large number 0.9
of broadcast and rebroadcast packets. The overhead of BAR
without security mechanisms and flooding method remains 0.8
Average packet delivery ratio

stable as the former mainly depends on network uptime,

while the latter depends on the number of nodes in the 0.7
network. Imposing hop limit in flooding or using our trust 0.6
derivation approach in TSRF can significantly reduce the
routing overhead of the network with security mechanisms. 0.5
Comparing the two improved schemes, when the average
0.4
number of neighbor nodes is small, these two schemes
produce similar overhead. However, the routing overhead 0.3
produced by the former will grow with the increasing number
of neighbor nodes (node density). In contrast, the overhead 0.2
produced by TSRF remains relatively stable throughout. For
0.1
example, when the average number of neighbor nodes is 0 10 20 30 40 50 60 70 80 90
equal to 14, our approach saves 79.4% of routing overhead Simulation time
than flooding with 2-hop limit. More saving can be expected
for denser networks. GPSR + TSRF (the proportion of malicious nodes = 20%)
GPSR (the proportion of malicious nodes = 20%)
Figure 8 represents the different time spent to complete
GPSR + TSRF (the proportion of malicious nodes = 40%)
the routing establishment process between TSRF and other GPSR (the proportion of malicious nodes = 40%)
mechanisms. It is clear that latency performance exhibits
similar phenomena as those in routing overhead, with more Figure 9: The effect of malicious nodes.
obvious advantages over other schemes. For example, com-
pared with the flooding with 2-hop limit, our scheme can save
32.2% of time when the average number of neighbor nodes is
equal to 14. nodes will indeed cause greater damage to the network.
To validate the security of TSRF, we assume that malicious TSRF can offer an effective solution to these attacks. By
nodes will launch greyhole, tampering, on-off, and bad introducing TSRF into existing routing protocol, the average
mouth attacks on the network (from 20s). The probability packet delivery ratio has increased constantly, because TSRF
of each one is 25%. In the simulation, we vary the number will quickly launch a route update procedure to find a trusted
of malicious nodes and analyze their effects on the average route when detecting malicious intermediate nodes in the
packet delivery ratio. As shown in Figure 9, more malicious previous path.
International Journal of Distributed Sensor Networks
1 In the future, we plan to design distributed intrusion
0.95
0.9
Average packet delivery ratio
0.85
0.8
0.75
0.7
0.65
0.6
0.55
0.5
0 10 20 30 40 50 60 70 80 90
Simulation time
BAR + TSRF (the proportion of malicious nodes = 20%)
BAR + TSR (the proportion of malicious nodes = 20%)
BAR + TSRF (the proportion of malicious nodes = 40%)
BAR + TSR (the proportion of malicious nodes = 40%)
Figure 10: The effect of indirect trust.
TSR [23] is a trust evaluation scheme that only considers
the direct trust value. We compare its performance with
our proposed scheme when introducing them into the same
routing protocol. The correctness of the trust evaluation is
based on the accuracy of intrusion detection mechanisms.
If all the behavior of nodes can be detected accurately, the
indirect trust data are not necessary. However, it is almost
impossible to realize it in actual conditions. Consequently, we
take an error probability of detection into account and set it
to 0.1. In Figure 10, we can see that the average packet delivery
ratio will suffer a significant degradation when malicious
nodes launch attacks on the network (from 20 s). As some
error detecting events may occur in the simulated scenarios,
TSRF can improve the security of the network compared
with TSR. This situation is more obvious when the number
of malicious nodes increases. Because TSRF both take direct
trust and indirect trust into consideration, which can provide
better resistance capability for error detecting events.
7. Conclusion and Future Work
In this paper, we first analyzed characteristics of various
attacks on trust-based routing protocols. Then, we proposed
a lightweight trust computation and trust derivation scheme
to deal with these attacks. By utilizing the semirings theory,
an optimized routing algorithm was also presented which
considered the combination of trust metric and other QoS
metrics. Compared with some traditional trust-ware mech-
anisms, the simulation results showed that TSRF had a
wide applicability and could improve the performance of the
network under the premise of security assurance, especially
in a dense networks.
13
detection systems for WSNs which can both enhance the
accuracy of trust evaluation and improve the security of
WSNs.
Conflict of Interests
The authors declare that there is no conflict of interests
regarding the publication of the paper.
Acknowledgments
This work was supported in part by National Basic Research
Program of China (“973 program”) (2013CB329101),
National Natural Science Foundation of China (NSFC)
under Grant (no. 61201204, no. 61100217, no. 61100219),
SRFDP (20110009120004), and in part by the Basic Research
Supporting of Beijing Jiaotong University under Grant no.
2012JBM011.
References
[1] T. Watteyne and K. S. J. Pister, “Smarter cities through stand-
ards-based wireless sensor networks,” IBM Journal of Research
and Development, vol. 55, no. 1-2, pp. 7–10, 2011.
[2] Y. Cao, C. Xu, J. Guan, F. Song, and H. Zhang, “Environment-
aware CMT for efficient video delivery in wireless multimedia
sensor networks,” International Journal of Distributed Sensor
Networks, vol. 2012, Article ID 381726, 12 pages, 2012.
[3] B. C. Villaverde, S. Rea, and D. Pesch, “InRout—a QoS aware
route selection algorithm for industrial wireless sensor net-
works,” Ad Hoc Networks, vol. 10, no. 3, pp. 458–478, 2012.
[4] D. A. Tran and H. Raghavendra, “Congestion adaptive routing
in mobile ad hoc networks,” IEEE Transactions on Parallel and
Distributed Systems, vol. 17, no. 11, pp. 1294–1305, 2006.
[5] H.-X. Tan, M.-C. Chan, W. Xiao, P.-Y. Kong, and C.-K. Tham,
“Information quality aware routing in event-driven sensor
networks,” in Proceedings of the IEEE INFOCOM, March 2010.
[6] M. Zhang, C. Xu, J. Guan, R. Zheng, Q. Wu, and H. Zhang, “A
novel physarum-inspired routing protocol for wireless sensor
networks,” International Journal of Distributed Sensor Networks,
vol. 2013, Article ID 483581, 12 pages, 2013.
[7] C. Zhang, X. Zhu, Y. Song, and Y. Fang, “A formal study of trust-
based routing in wireless ad hoc networks,” in Proceedings of the
IEEE INFOCOM, March 2010.
[8] L. Abusalah, A. Khokhar, and M. Guizani, “A survey of secure
mobile Ad hoc routing protocols,” IEEE Communications Sur-
veys & Tutorials, vol. 10, no. 4, pp. 78–93, 2008.
[9] Y. Zhou, Y. Fang, and Y. Zhang, “Securing wireless sensor
networks: a survey,” IEEE Communications Surveys & Tutorials,
vol. 10, no. 3, pp. 6–28, 2008.
[10] D. Djenouri, L. Khelladi, and N. Badache, “A survey of security
issues in mobile ad hoc networks,” IEEE Communications
Surveys, vol. 7, no. 4, pp. 2–28, 2005.
[11] S. Paris, C. Nita-Rotaru, F. Martignon, and A. Capone, “EFW: a
cross-layer metric for reliable routing in wireless mesh networks
with selfish participants,” in Proceedings of the IEEE INFOCOM,
pp. 576–580, April 2011.
[12] S. Buchegger and J.-Y. Le Boudec, “Performance analysis of
the CONFIDANT protocol (Cooperation of nodes: Fairness
14
in dynamic ad-hoc networks),” in Proceedings of the 3rd ACM
International Symposium on Mobile Ad Hoc Networking and
Computing (MOBIHOC ’02), pp. 226–236, June 2002.
[13] J. J. Garcia-Luna-Aceves and M. Spohn, “Source-tree routing
in wireless networks,” in Proceedings of the 7th International
Conference on Network Protocols (ICNP ’99), pp. 273–282,
November 1999.
[14] J. Cordasco and S. Wetzel, “Cryptographic versus trust-based
methods for MANET routing security,” Electronic Notes in
Theoretical Computer Science, vol. 197, no. 2, pp. 131–140, 2008.
[15] S. G. Yoo, K. Y. Park, and J. Kim, “A security-performance-
balanced user authentication scheme for wireless sensor net-
works,” International Journal of Distributed Sensor Networks,
vol. 2012, Article ID 382810, 11 pages, 2012.
[16] M. L. Das, “Two-factor user authentication in wireless sensor
networks,” IEEE Transactions on Wireless Communications, vol.
8, no. 3, pp. 1086–1090, 2009.
[17] P. Ning, A. Liu, and W. Du, “Mitigating DoS attacks against
broadcast authentication in wireless sensor networks,” ACM
Transactions on Sensor Networks, vol. 4, no. 1, article no. 1, 2008.
[18] G. Theodorakopoulos and J. S. Baras, “On trust models and
trust evaluation metrics for ad hoc networks,” IEEE Journal on
Selected Areas in Communications, vol. 24, no. 2, pp. 318–328,
2006.
[19] G. Zhan, W. Shi, and J. Deng, “Design and implementation
of TARF: a trust-aware routing framework for WSNs,” IEEE
Transactions on Dependable and Secure Computing, vol. 9, no.
2, pp. 184–197, 2012.
[20] A. A. Pirzada, C. McDonald, and A. Datta, “Performance
comparison of trust-based reactive routing protocols,” IEEE
Transactions on Mobile Computing, vol. 5, no. 6, pp. 695–710,
2006.
[21] X. Li, Z. Jia, P. Zhang, R. Zhang, and H. Wang, “Trust-based
on-demand multipath routing in mobile ad hoc networks,” IET
Information Security, vol. 4, no. 4, pp. 212–232, 2010.
[22] J.-H. Cho, A. Swami, and I.-R. Chen, “A survey on trust man-
agement for mobile ad hoc networks,” IEEE Communications
Surveys and Tutorials, vol. 13, no. 4, pp. 562–583, 2011.
[23] H. Xia, Z. Jia, X. Li, L. Ju, and E. H.-M. Sha, “Trust prediction
and trust-based source routing in mobile ad hoc networks,” Ad
Hoc Networks, vol. 11, no. 7, pp. 2096–2114, 2013.
[24] M. G. Zapata and N. Asokan, “Securing ad hoc routing
protocols,” in Proceedings of the 1st ACM Workshop on Wireless
Security, pp. 1–10, September 2002.
[25] D. Cerri and A. Ghioni, “Securing AODV: the A-SAODV secure
routing prototype,” IEEE Communications Magazine, vol. 46,
no. 2, pp. 120–125, 2008.
[26] Y. Wang, G. Attebury, and B. Ramamurthy, “A survey of security
issues in wireless sensor networks,” IEEE Communications
Surveys & Tutorials, vol. 8, no. 2, pp. 2–22, 2006.
[27] J. Cordasco and S. Wetzel, “Cryptographic versus trust-based
methods for MANET routing security,” Electronic Notes in
Theoretical Computer Science, vol. 197, no. 2, pp. 131–140, 2008.
[28] P. Narula, S. K. Dhurandher, S. Misra, and I. Woungang,
“Security in mobile ad-hoc networks using soft encryption and
trust-based multi-path routing,” Computer Communications,
vol. 31, no. 4, pp. 760–769, 2008.
[29] K.-S. Hung, K.-S. Lui, and Y.-K. Kwok, “A trust-based geo-
graphical routing scheme in sensor networks,” in Proceedings of
the IEEE Wireless Communications and Networking Conference
(WCNC ’07), pp. 3125–3129, March 2007.
International Journal of Distributed Sensor Networks
[30] M. E. Mahmoud and X. Shen, “Trust-based and energy-aware
incentive routing protocol for multi-hop wireless networks,” in
Proceedings of the IEEE International Conference on Communi-
cations (ICC ’11), June 2011.
[31] M. Mohi, A. Movaghar, and P. M. Zadeh, “A bayesian game
approach for preventing DoS attacks in wireless sensor net-
works,” in Proceedings of the IEEE International Conference on
Communications and Mobile Computing (CMC ’09), pp. 507–511,
January 2009.
[32] C. Karlof and D. Wagner, “Secure routing in wireless sensor
networks: attacks and countermeasures,” Ad Hoc Networks, vol.
1, no. 2-3, pp. 293–315, 2003.
[33] Y. Yu, K. Li, W. Zhou, and P. Li, “Trust mechanisms in wireless
sensor networks: attack analysis and countermeasures,” Journal
of Network and Computer Applications, vol. 35, no. 3, pp. 867–
880, 2012.
[34] K. Ren, T. Li, Z. Wan, F. Bao, R. H. Deng, and K. Kim, “Highly
reliable trust establishment scheme in ad hoc networks,” Com-
puter Networks, vol. 45, no. 6, pp. 687–699, 2004.
[35] T. Zahariadis, P. Trakadas, H. C. Leligou, S. Maniatis, and P.
Karkazis, “A novel trust-aware geographical routing scheme for
wireless sensor networks,” Wireless Personal Communications,
vol. 69, no. 2, pp. 805–826, 2013.
[36] L. Abusalah, A. Khokhar, and M. Guizani, “Trust aware routing
in mobile ad hoc networks,” in Proceedings of the IEEE Telecom-
munications Conference (GLOBECOM ’06), pp. 1–5, December
2006.
[37] S. R. Zakhary and M. Radenkovic, “Reputation-based security
protocol for MANETs in highly mobile disconnection-prone
environments,” in Proceedings of the 7th International Con-
ference on Wireless On-demand Network Systems and Services
(WONS ’10), pp. 161–167, February 2010.
[38] Y. L. Sun, Z. Han, W. Yu, and K. J. R. Liu, “A trust evaluation
framework in distributed networks: vulnerability analysis and
defense against attacks,” in Proceedings of the 25th IEEE Inter-
national Conference on Computer Communications (INFOCOM
’06), pp. 1–13, April 2006.
[39] S. Marti, T. J. Giuli, K. Lai, and M. Baker, “Mitigating routing
misbehavior in mobile ad hoc networks,” in Proceedings of the
6th Annual International Conference on Mobile Computing and
Networking (MOBICOM ’00), pp. 255–265, ACM, August 2000.
[40] J. Lopez, R. Roman, I. Agudo, and C. Fernandez-Gago, “Trust
management systems for wireless sensor networks: best prac-
tices,” Computer Communications, vol. 33, no. 9, pp. 1086–1093,
2010.
[41] J. Duan, D. Gao, C. H. Foh, and H. Zhang, “TC-BAC: a trust and
centrality degree based access control model in wireless sensor
networks,” Ad Hoc Networks, vol. 11, no. 8, pp. 2675–2692, 2013.
[42] Y. L. Sun, W. Yu, and Z. Han, “Information theoretic framework
of trust modeling and evaluation for ad hoc networks,” IEEE
Journal on Selected Areas in Communications, vol. 24, no. 2, pp.
305–315, 2006.
[43] B. Karp and H. T. Kung, “GPSR: greedy perimeter stateless
routing for wireless networks,” in Proceedings of the 6th Annual
International Conference on Mobile Computing and Networking
(MOBICOM ’00), pp. 243–254, ACM, August 2000.
[44] K. Fall and K. Varadhan, “The ns Manual,” The VINT Project 1,
2002.
 International Journal of

Rotating
Machinery

The Scientific
Engineering
Journal of Advances in
Journal of Mechanical
World Journal
Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation
Sensors
Hindawi Publishing Corporation
Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

International Journal of
Distributed Advances in
Sensor Networks
Hindawi Publishing Corporation
Civil Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

Advances in Submit your manuscripts at

OptoElectronics http://www.hindawi.com

Journal of
Robotics
Hindawi Publishing Corporation
Hindawi Publishing Corporation Volume 2014 http://www.hindawi.com Volume 2014
http://www.hindawi.com

VLSI Design

Modelling &
International Journal of Simulation
International Journal of Navigation and in Engineering Advances in
Chemical Engineering Observation Acoustics and Vibration
Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014

Journal of

Control Science
and Engineering

International Journal of Journal of

Active and Passive Antennas and Electrical and Computer
Electronic Components Propagation Shock and Vibration Engineering
Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014