A Hybrid Trust-Modeling Approach for IoT Security

The Internet contains many types of services with different security options, which may be updated very frequently. An entity selects only those services in trusted networks that satisfy its security requirements. The primary challenge is to determine the trust level of services in such networks, which contain devices with limited processing power, such as Internet-of-Things (IoT) devices. We propose a hybrid approach to formulate the trust of a security system in IoT networks. Our approach provides a systematic way to model the trust of security from the viewpoint of an entity. Furthermore, using a case study, we evaluate the approach via simulations of a smart entity that has to select a trusted network. The evaluation results show that our approach provides satisfactory and flexible trust computations.

PDF

___

1. W. Stallings, L. Brown, "Computer Security: Principles and Practice", 3rd ed. Upper Saddle River, NJ, USA: Prentice Hall Press, 2014.

2. P. Massa, "Trust in E-services: Technologies,Practices and Challenges", Idea Group Inc., 2007, ch. A Survey of Trust Use and Modeling in Real Online Systems, pp. 51-83. [CrossRef]

3. S. Bahtiyar, "Core-crust modeling approach for formal representation of trust in relation to computer security," Department of Computer Engineering, Bogazici University, İstanbul, Turkey, 2011.

4. T. Ryutov, "A socio-cognitive approach to modeling policies in open environments", in Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY '07. Bologna, Italy: IEEE Computer Society, 13-15 Jun, 2007, pp. 29-38. [CrossRef]

5. O. Ajayi, R. Sinnott, A. Stell, "Trust realisation in multi-domain collaborative environments", in 6th IEEE/ACIS International Conference on Computer and Information Science, ICIS 2007. Melbourne, Qld: IEEE, 11-13 Jul, 2007, pp. 906 - 11. [CrossRef]

6. S. Bahtiyar, M. U. Caglayan, "Extracting trust information˘ from security system of a service", Journal of Network and Computer Applications, vol. 35, no. 1, pp. 480-90, Jan, 2012. [CrossRef]

7. T. Grandison, M. Sloman, "A survey of trust in internet applications", IEEE Communications Survey, vol. 3, pp. 2-16, 2000. [CrossRef]

8. Z. Yan, "Trust management for mobile computing platforms", Department of Electrical and Communication Engineering, Helsinki University of Technology, Network Laboratory, 2007.

9. R. Juliana, P. U. Maheswari, "An energy efficient cluster head selection technique using network trust and swarm intelligence", Wireless Personal Communications, vol. 89, no. 2, pp. 351-64, Jun, 2016. [CrossRef]

10. D. Andert, R. Wakefield, J. Weise, "Trust modeling for security architecture development", Sun Microsystems, Inc., Santa Clara, CA, USA, Tech. Rep., 2002.

11. Z. Sun, Y. L. Han, K. J. R. Liu, "Defense of trust management vulnerabilities in distributed networks", IEEE Communications Magazine, vol. 46, pp. 112-9, 2008. [CrossRef]

12. M. Blaze, J. Feigenbaum, J. Lacy, "Decentralized trust management" in IEEE Symposium on Security and Privacy, ser. SP '96. Oakland, CA, USA: IEEE Computer Society, May 1996, pp. 164-73.

13. M. Blaze, S. Kannan, I. Lee, O. Sokolsky, J. M. Smith, A. D. Keremytis, W. Lee, "Dynamic trust management", IEEE Computer, vol. 42, pp. 44-52, 2009. [CrossRef]

14. N. Dimmock, A. Belokosztolszki, D. Eyers, J. Bacon, K. Moody, "Using trust and risk in role-based access control policies", in Proceedings of the ninth ACM symposium on Access control models and technologies, ser. SACMAT '04. New York, NY, USA: ACM, 2-4 June 2004, pp. 156-62. [CrossRef]

15. F. Olivieroa, L. Pelusoa, S. Romano, "Refacing: An autonomic approach to network security based on multidimensional trustworthiness", Computer Networks, vol. 52, pp. 2745-63, 2008. [CrossRef]

16. H. Zhu, S. Du, Z. Gao, M. Dong, Z. Cao, "A probabilistic misbehavior detection scheme toward efficient trust establishment in delay-tolerant networks", IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 1, pp. 22-32, 2014. [CrossRef]

17. L. Xiao, Q. Yan, W. Lou, G. Chen, Y. T. Hou, "Proximitybased security techniques for mobile users in wireless networks", IEEE Transactions on Information Forensics and Security, vol. 8, no. 12, pp. 2089-100, 2013. [CrossRef]

18. L. M. Kaufman, "Can a trusted environment provide security?", IEEE Security&Privacy, vol. 8, no. 1, pp. 50-2, Jan/Feb 2010. [CrossRef]

19. G. Yang, C. H. Tan, "Certificateless cryptography with kgc trust level 3", Theoretical Computer Science, vol. 412, no. 39, pp. 5446- 57, 2011. [CrossRef]

20. X. Zhao, F. Zhang, "Fully cca2 secure identity-based broadcast encryption with black-box accountable authority", The Journal of Systems and Software, vol. 85, no. 3, pp. 708-16, Mar, 2012. [CrossRef]

21. U. Thiruvaazhi, R. Divya, "Web authentication protocol using zero knowledge proof", Information Security Journal: A Global Perspective, vol. 20, no. 2, pp. 112-21, Jan, 2011. [CrossRef]

22. F. Martinelli, M. Petrocchi, "A uniform framework for security and trust modeling and analysis with crypto-ccs", Electronic Notes in Theoretical Computer Science, vol. 186, pp. 85-99, Jul, 2007. [CrossRef]

23. S. Hajian, T. Tassa, F. Bonchi, "Individual privacy in social influence networks", Social Network Analysis and Mining, vol. 6, no. 1, pp. 1-14, 2015. [CrossRef]

24. W. Ni, M. Gu, X. Chen, "Location privacy-preserving k nearest neighbor query under user's preference", Knowledge-Based Systems, vol. 103, no. C, pp. 19-27, Jul, 2016. [CrossRef]

25. C. L. Miltgen, J. Henseler, C. Gelhard, A. Popovic, "Introducingˇ new products that affect consumer privacy: A mediation model", Journal of Business Research, vol. 69, no. 10, pp. 4659-66, Oct, 2016. [CrossRef]