Implementing a Trust and Reputation Model for Robotic Sensor Networks

Robotic sensor networks (RSNs) can be described as networks of devices equipped with communication, sensing and actuation capabilities. Successful implementations of RSNs require tackling challenging problems lying at the intersection of robotics, communication and perception. In addition, RSNs resemble human societies and emerging intelligent multi-agent systems in some respects. In these collaborative distributed systems, each node decides which to interact with and forms a network with other nodes in order to improve the quality of the decisions. In order to achieve this goal, trust and reputation models are of practical use. In this paper, a trust and reputation model for RNSs is proposed. Also, performance evaluations of the model in comparison with well-known models in the literature are given to prove its effectiveness. The results of the performance evaluations prove that the proposed model is successful in RSNs comprising of a large number of sensor nodes. In addition, the processing and memory requirements of the proposed model are moderate and the system runs effectively in systems with low processing power and limited main memory. DOI: http://dx.doi.org/10.5755/j01.eee.19.10.5884

systems at the same time.In DMASs, each agent may collaboratively select which agent to interact with [1].In order to achieve the goals of DMASs without putting the systems at risk, many TRMs have been proposed.In [3], a reputation system for DMASs, Sporas, is proposed.In this system, reputation is computed recursively and each rating is assigned a weight.In the model proposed in [4], Regret, reputation is managed in a different way.In this model, there are three types of reputation: individual reputation, social reputation, ontological reputation.Direct interactions with an agent are used to build individual reputation.Experiences of other agents in the group to which the agent belonged are used to build social reputation [1].On the other hand, when multiple aspects of reputation are combined, ontological reputation is built.In the reputation mechanism proposed in [5], AFRAS, the reputations of agents and the ratings of interactions are modelled by using fuzzy sets.In [6], a Bayesian network is used for computing the trust value among agents.The reputation system used in this model, MTrust, relies on a feedback submission algorithm.Other models proposed for multi-agent systems are given in [7]- [9].
Though P2P systems are very common in the distribution of information, they are open to several threats [2], [10].The use of community based reputations is one of the ways which help estimating trustworthiness of peers.In order to deal with the threats in P2P systems, many models have been proposed.In [11], a model which relies on dynamic weights that represent the factors having influence on the trust, DWTrust, is proposed.In this way, the modelling and the computing of the trust are simplified.In [12], a model which relies on swarm intelligence, AntRep, is proposed.This model uses an ant system to build trust relationships.EigenTrust, a popular trust model for P2P systems, is proposed in [13].Based on the history of uploads, each peer is assigned a unique trust value.In this way, total downloads of inauthentic files are reduced.As in other models, information coming from many sources is used to determine how trustworthy an entity is.In addition to this, pre-trusted entities are acceptable in EigenTrust.Therefore, EigenTrust is vulnerable to community structure and targeted attacks based on eigenvector centrality, since it ranks nodes close to the pre-trusted ones higher than the nodes further away.PeerTrust, a TRM which combines several key aspects of trust and reputation to develop a trust mechanism, is proposed in [14].Using PeerTrust, peers can evaluate the trustworthiness of other peers and perform trusted interactions based on the history of interactions.Its strengths are its satisfactory outcomes and its context factor used to distinguish the trust given to a peer for different transactions.On the other hand, it measures the credibility of a peer without distinguishing between the confidence placed on a peer when providing a service and when giving recommendations about other peers.
In MANETs, countermeasures need to be implemented to deal with misbehaving nodes.In [15], a robust reputation system for both P2P systems and MANETs, RRS, is proposed.In this reputation system, each node maintains rating lists both for reputation and trust about others.At predefined intervals, reputation information is exchanged with the others.In [16], a decentralized trust model, PTM, is proposed.In this fuzzy logic based trust model, each node maintains a key pair which consists of available certificates, behavioural information and a list which categorizes users as trustworthy or untrustworthy ones.
Though WSNs bring several benefits to monitoring applications, control applications, and many others, they are open to a several types of security threats [17], [18].The main goal of TRMs in WSNs is to provide information which permits nodes to identify which nodes are trustable.In addition, these models help coping with observable misbehaviour and minimizing the threats of inside attackers.In [19], a reputation and security model which is based on ant colony optimization, QDV, is proposed.In this model, a distance vector protocol detects malicious nodes in order to protect WSNs.When a node has more reputation, it is more reliable for communication.An agent based trust and reputation management model developed considering the limited resources of sensor nodes, ATRM, is proposed in [20].This management model is executed locally to minimize overhead.Mobile agents running on nodes are responsible for the administration of the trust and reputation of their hosting nodes.BTRM-WSN, a trust model based on a bio-inspired algorithm, is proposed in [21].Using BTRM-WSN, nodes can find the most trustworthy path which leads to the most reputable provider in a WSN.The model easily adapts to immediate changes in the topology.
Different from the target platforms of most TRMs, RSN implementations are generally real-world scenarios in which specific tasks need to be completed in real time or with a little delay.In addition, the requirements of the application scenarios and the inherent limitations of RSN nodes impose additional burden on the design of TRM models proposed for RSNs.Therefore, the use of complicated and time consuming TRM models for RSNs is questionable.

III. A TRUST AND REPUTATION MODEL FOR ROBOTIC SENSOR NETWORKS
Trust is important in the decision making processes of any systems including RSNs.When uncertainty is one of the factors in an environment, there is a need for a trust management system (TMS).Generally, TMSs are classified into two categories based on the approach as follows: 1. Credential based TMSs: In these systems, credential verification is used in order to establish trust and restrict access to resources according to previously defined policies; 2. Behaviour based TMSs: In these systems, agents trust other agents based on their past behaviour or experience, the concept of reputation.Thus, nodes can perform evaluations on the other agents based on these features.
To address the issues which decrease the robustness of RSNs against malicious attacks and rapidly changing topologies, a number of approaches can be used as follows:  Creating and managing trust and reputation tables for all RSN nodes;  Finding out misbehaving and/or faulty nodes and reporting them for exclusion;  Using low-overhead cryptography for protecting the authenticity and integrity of exchanged data;  Applying watchdog mechanisms for monitoring the behaviour of surrounding RSN nodes;  Using mechanisms for guaranteeing that RSN nodes comply with protocol rules.In RSNs, nodes obtain the physical information of their surroundings, process the raw information, and finally communicate with other RSN nodes using wireless channels.Though all RSN nodes are battery-operated and mobile, they may have different computational capabilities.In RSNs, nodes can move to specific points when required.Hence, the topology changes whenever nodes move to other points.This is a rather problematic issue from the implementation point of view.The network model of the RSNs is determined by the organization of both the RSN nodes and the base station.In RSNs base stations are also mobile, but they can be static in some cases depending on the scenario.There may be no base station in some specific scenarios.
MANETs, WSNs and RSNs have common characteristics which create differing considerations compared to other systems when determining trust and reputation as follows:  Self-organization: They are autonomous networks and do not have fixed infrastructures or centralized administrative nodes;  End-to-end communication: Communication inside these networks generally requires packet forwarding for information to reach their destinations;  A dynamic topology: Dynamically changing topologies require scalable and reliable security mechanisms;  Limited bandwidth: Bandwidth limitations of nodes create considerable constraints.
On the other hand, RSNs differ from MANETs and WSNs since they have more processing power and energy resources.
Though mobility brings several advantages to traditional ad-hoc networks such as context aware deployment [22], continuous calibration, renewable energy which can be provided by mobile service robots, appropriate security measures must be taken in order to improve the security of the RSNs due to the inherent properties of RSNs which make them be prone to the surrounding environment and suffer from several types of attacks.Since the survival of RSNs depends on the trusting and cooperative nature of their nodes, establishing trusts between nodes is a must.Though sometimes security and trust are used interchangeably, they are different concepts; but they are tightly interdependent concepts.The definition of trust can be built upon reputation which is the opinion of one person about the other, of one agent about another agent, and by construct, of one RSN node about another RSN node.In RSNs, trust is derived from the reputation of a node.Based on the node's history of behaviour, the reputation is built over time and may reflect a negative or positive assessment as a result.In other words, while trust represents the opinion of a node of another node's reliability, honesty and capabilities based on its own experiences, reputation is the node's opinion of another node's reliability, honesty and capabilities based on recommendations received from other nodes.
In distributed RSN applications, while some nodes offer services, other nodes request these services.The requesting nodes need models which help selecting the best service providers according to certain criteria.Though each model has specific characteristics and particularities, most models share the same steps in order to complete transactions in a distributed system.The steps of TRMs designed for RSNs can be designed as similar to the steps of the well-known models in the literature such as [2], [23] and [24].Except for mobility and longer node life provided by the internal batteries of mobile robots, RSNs exhibit the characteristics of WSNs and other distributed systems.Hence, after identifying the main steps of the well-known models, we have designed a model shown in Fig. 1.The first step of the model gathers behavioural information about nodes in the system.The behavioural information obtained from many sources including direct experiences, neighbours and belonging groups or organizations is used to determine the absolute or relative trustworthiness of the nodes.The important point of this step is to take confidence levels into consideration when the information is provided by indirect sources [25].The information obtained from neighbouring nodes is a kind of second-hand information and the authenticity of its sources and the integrity of their contents cannot be guaranteed directly.Hence, a mechanism for assuring the correct management of the information is necessary [25], [26].The second step is to compute a score for the nodes after collecting the history of transactions and weighing them.Bayesian networks, fuzzy logic, analytic expressions and algorithms are some of the methods used for computing the score [1], [23].After scoring, a global ranking is done.This ranking is used to help deciding which node to interact with.Using the rankings obtained in Step 2, the node to interact with is decided in the third step.After node selection, the transaction is carried out between both nodes.Finally, after the transaction, the client node assesses the transaction.After the assessment, it rewards or punishes the servicing node.
Since behavioural information gathered in Step 1 is received from many sources in the network and it is propagated in one or multi hops depending on node locations, a complementary mechanism to minimize bandwidth usage is necessary.In order to optimize this distribution, we propose a strategy similar to the one proposed in [27].The strategy relies on many factors including the resource constraints of the RSN nodes and the routing protocol used in the network.Behavioural information distribution is critical since scoring and ranking step, Step 2, mainly depends on the behavioural information in addition to the personal evaluations of the nodes.There are different approaches to control the distribution of behavioural information as follows:  In the most basic approach, RSN nodes only deliver to their immediate neighbours.To implement this approach, nodes maintain tables which include next hops for all routes.
 In an alternative approach, to propagate behavioural information, RSN nodes can use limited flooding in which the reports are allowed to travel a predetermined distance.In this way, the amount of additional network load is limited.This approach permits RSN nodes to contribute to behavioural information more than the basic approach. In a more systematic approach, RSN nodes process all messages in order to extract the routing nodes from the source nodes up to and including the next hop nodes.In this approach, routes are stored in a table.When a threat or good behaviour is observed by a node, the node examines the table in order to identify the source nodes which recently routed messages through this node.Then, the node informs the source nodes.This approach also minimizes the amount of additional network load.
Aggregating the behavioural information obtained from many sources is an important step of the proposed approach.Behavioural information can be aggregated by taking the reliability levels of nodes into consideration as given in (1).Reliability levels can be obtained from intrusion detection systems (IDSs) running on nodes or can be assigned dynamically based on the transaction history.While low values mean the existence of malicious activity or unreliability, high values exhibit reliability.In our system, we assign numerical values to nodes as listed in Table I.Our aggregation approach takes the distance to each RSN node delivering behavioural information report.In this way, behavioural information reports from RSN nodes located outside the neighbourhood of the receiving node can be accepted and the distance of these nodes can be considered during the evaluation of reports.Our approach also includes a report aging scheme which ensures that stale behavioural information is not used.The main steps of the algorithm used in the proposed model, TRM for RSNs, are explained as follows.i CM represents the maximum number of cycles permitted at node i .
( ) i H k represents the distance, in hops, from node i to the reporting node k .
i HM represents the maximum distance which can be permitted for node i .

IV. PERFORMANCE EVALUATIONS
Performance evaluations of the models have been carried out by using the simulator shown in Fig. 2, Trust and Reputation Models Simulator for Robotic Sensor Networks, developed with NetBeans IDE 6.9.1 in Java.Source codes of TRMSim-WSN trust and reputation models simulator [28] were used to develop our own Java-based simulator.TRMSim-WSN simulator was designed to simulate different trust and reputation models proposed for WSNs.Different from this simulator, the simulator we developed mainly aims at evaluating the model explained in Section III.But the models explained in Section II can be evaluated using our simulator.Similar to TRMSim-WSN, we have included oscillating server behaviour [23] and collusion threats in the simulator.If oscillating server behaviour option is selected, malicious servers become benevolent or vice versa after a predefined number of iterations.If collusion option is selected, then malicious servers form collusions among themselves.Malicious servers assign their maximum rating for other malicious servers and the minimum rating for benevolent servers [28].performTran, rewardNode, punishNode in order to perform the steps shown in Fig. 1.These methods use arguments and return their values in objects.Each next step uses the return value of the previous step as it is illustrated in Fig. 1.However, in some TRMs, punishment and reward mechanisms are not used.Thus, depending on the TRM being implemented in the simulator, rewardNode and punishNode methods may not have any code.
In our first set of performance evaluations, we have computed the average satisfaction level by collecting the satisfaction of all clients belonging to the tested RSNs which comprised of 100 nodes.The total number of RSNs was set as 100.For each RSN, the number of clients was set as 15, of relay servers was set as 5, of malicious servers was set as 70, and of benevolent servers was set as 10.The model was executed on each RSN for 100 times.According to the results of our performance evaluations, we have observed that the average success of the proposed model, selecting the most trustworthy server (a benevolent server), was 85.92 %.The average number of hops required to reach the most trustworthy server was 5.41.
In our second set of performance evaluations, by using the parameters of the first evaluations, we have compared the average success of the model for different number of sensors.The notebook used for the simulation studies has an Intel Core I5 460M CPU and 8 GB main memory.Table II lists the results of the model in addition to CPU and memory usages.As listed in Table II, the success of the model has not changed considerably when we have changed the number of nodes.On the other hand, when we have increased the number of nodes, the CPU and memory usages of the simulator have increased considerably.Also, simulation time heavily depends on the total number of nodes.Hence, there is a trade-off between the total number of RSN nodes and the practical applicability of trust models.In our third set of performance evaluations, we have evaluated the effect of CPU power on the processing time of the model.With this goal, the simulator has been run on two different systems.Table III lists the hardware specifications of the systems.Windows 7 Home Basic 64 bit operating system (OS) runs on System 1 and Windows 7 Starter OS 32 bit runs on System 2. Table IV lists the CPU power rankings of these systems which were performed by independent organizations.This table has been used to check the consistency of the results of the performance evaluations with the CPU power rankings.In this set of simulations, the number of RSNs was 100, and the number of nodes belonging to the RSNs was 125.For each RSN, the number of clients was 25, of relay servers was set as 5, of malicious servers was set as 75, and of benevolent servers was set as 20.The model was executed on each RSN for 100 times.
Generally, the amount of processing power needed by an application determines CPU usage.The amount of memory space needed to hold a running application determines memory usage.Thus, no consistent relationship exists between CPU and memory usage.But, considering the results of the third set of performance evaluations listed in Table V, it can be seen that since CPU power cannot be used efficiently in most cases, subtasks of the simulator wait on the processing queue and result in higher memory usage on System 2 due to the data of the subtasks.In our fourth set of performance evaluations, we have evaluated the performance of the proposed model in comparison with the well-known models in the literature such as EigenTrust [13] and PeerTrust [14], though these models were originally proposed for P2P systems.These simulations have been run on System 1.In this set of simulations, the parameters of the third set of evaluation have been used.The number of RSNs was 100, and the number of nodes belonging to the RSNs was 125.For each RSN, the number of clients was 25, of relay servers was set as 5, of malicious servers was set as 75, and of benevolent servers was set as 20.The models were executed on each RSN for 100 times.As listed in Table VI, the success of the proposed model is higher than EigenTrust.Though the success of the proposed model is slightly less than PeerTrust, originally proposed for P2P systems, as listed in Table VI, it is computationally less intensive and requires less memory than EigenTrust and PeerTrust models.Thus, the proposed model is more suitable for RSN nodes with limited processing power and main memory.V. CONCLUSIONS This paper presents a TRM for RSNs to cope with security threats and evaluates its performance through several simulation studies.Since almost all TRMs have common characteristics and RSNs exhibit the characteristics of different systems and networks, we have also described well-known models found in the literature.In addition, we have developed an interface to provide a common layer which can be used in the design of TRMs for heterogeneous environments consisting of mobile robots and sensor nodes and have implemented this interface in the simulator.
The performance evaluations presented here prove that the TRM proposed in this study achieves results similar to EigenTrust and PeerTrust TRM models in terms of accuracy.On the other hand, its memory requirement and processing overhead are lower than of those models.Another conclusion that resulted from the performance evaluations is that the success of the proposed model is independent of the specifications of target platforms.
We can finally conclude that the proposed model can be utilized to secure RSNs against several types of attacks and that it is a promising TRM for RSNs comprised of nodes with limited resources since it provides accurate results even in RSNs with a large number of nodes and requires less CPU and memory resources than the well-known models in the literature.

Fig. 1 .
Fig. 1.The steps of general trust and/or reputation models for RSNs.
represents the reliability level of RSN node j observed at node i , n represents the number of nodes which report about node j , ( ) k RL j represents the reliability level which node k has of node j .req RL represents the required reliability level for the delivery of current message.( ) i CR k represents the remaining cycles used to diminish the contribution of older reports at node i for node k .

Fig. 2 .
Fig. 2. Trust and reputation model simulator for RSNs.The base part of simulator we developed is TRM_RSN Java class.This class contains several generic parameters.These generic parameters are provided by TRM_Param class.New TRMs can easily be added to the simulator by implementing subclasses of TRM_RSN and TRM_Param.TRM_RSN class also defines a set of public abstract methods including gatherInfo, score_and_Ranking,

TABLE II .
THE RELATION BETWEEN THE NUMBER OF NODES AND THE ACCURACY OF THE MODEL.

TABLE III .
SPECIFICATIONS OF THE SYSTEMS.

TABLE VI .
THE COMPARISON OF THE MODEL WITH EIGENTRUST AND PEERTRUST.