*3.1.3. Response component*

258 Wireless Sensor Networks – Technology and Protocols

**3. Reputation system overview** 

**3.1. Reputation system framework** 

or, otherwise, it decreases.

*3.1.1. Monitoring component* 

*3.1.2. Rating component* 

any.

as a quantity to the rating component.

Monitoring results of all types of routing activities.

In this section, an overview of the proposed reputation system will be presented. The section will start by describing the general framework. This is followed by a brief description of our customized reputation system that fits into the framework guidelines.

The conceptual operation of the reputation system is based on building a trust relation between different members of the community as they learn about each other. Thus, irrespective of why a node needs to build such relations, any reputation system must have two basic components, i.e. monitoring component to allow nodes to learn about each other and rating component to build the trust relations among nodes. However, the purpose of these trust relations will determine the specifications of each component and may imply a

Our reputation system is fully distributed in the sense that each node implements all modules with the full functionality. Moreover, at the initial deployment stage, all nodes start with default and equal reputation values. This implies that all nodes have the same trust relation among each other. However, these initial reputation values are not the ones that imply a full trust. This is because our system assumes an always-suspicious environment in which all nodes are always '*suspects*'. A node can increase its reputation by good behavior

Since the purpose of the reputation system in this work is to provide trust aware routing in

The reputation system operation starts by the execution of monitoring component. Monitoring component is responsible for collecting behavior information by direct observation of neighbor's activities. In this work, we are concerned only in routing activities and, more specifically, in packet forwarding, i.e. monitoring whether a router is forwarding a packet or not. After a monitoring node detects some misbehavior, it reports its observation

This component is responsible for evaluating the reputation of an observed node. Assume that node A wants to evaluate a reputation value for a node B that may or may not be directly monitored by A. Then, the reputation value of B evaluated by A is a number that reflects how good or bad node B behaves from the perspective of node A considering:

Monitoring results obtained by direct observations from A as first hand information, if

new component responsible for further actions based on the trust relations.

WSN, there are three basic components in our system. They are as follows.

Once node A gets reputation knowledge about node B and decides a trust relation with it, A may or may not respond to B's behavior. Since our system treats the secure routing purpose, A should respond in a proper manner. Among different possible reactions provided in many reputation systems [3, 5, 72], our system framework assumes three main response approaches with regard to node A.


The previous approaches show possible single responses that can be taken by a single node. However, by the assumption of nodes cooperation, these approaches can extend to more than one node or possibly to the whole network by the propagation of second hand information or some sort of alarms.

With these three components of our framework, the following block diagram in figure 1 illustrates our reputation system operation and inter-components relationships.

## **3.2. Customized reputation system – SNARE overview**

This section describes our new customized reputation system that fits into the general framework described earlier. We called our system: *Sensor Node Attached Reputation Evaluator* (SNARE) system[82][83].

SNARE is a collection of protocols and algorithms that interacts directly with the network layer. The system consists of three main components; i.e. monitoring component, rating component and response component.

**Figure 1.** SNARE Reputation system framework

The monitoring component, EMPIRE(Efficient Monitoring Procedure In REputation system)[84], observes packet forwarding events. A monitoring node will not be in a continuous monitoring mode of operation, rather, it will monitor the neighborhood periodically and probabilistically to save resources. When a misbehaving event is detected, it is counted and stored until an update time, Tupdate or TON is due, then a report is sent to the rating component.

The rating component, CRATER(Cautious Rating for Trust Enabled Routing)[85], evaluates the amount of risk an observed node would provide for routing operation. The risk value is a quantity that represents the previous misbehaving activities that a malicious node (a node that drops packet) obtained. This value is used as an expectation for how much risk would be suffered by selecting that malicious node as a router. It is calculated based on the first hand information and the second hand information. The first hand information is achieved by the direct observation done by the node of concern. Risk values are updated based on the first hand information every time a new misbehavior report is received from the monitoring component. Moreover, if an observed node shows an idle behavior during a certain period, its risk value is reduced. A monitor also updates the risk values of its neighbors by second hand information received periodically from some announcers.

In this work, our system adopts the defensive response approach of the proposed framework. Thus, depending on the trust relations, a node will try to avoid malicious nodes based on the routing decision made by the developed routing protocol - Geographic, Energy, Trust Aware Routing protocol (GETAR). GETAR incorporates the trust information along with distance and energy information to choose the best next hop for the routing operation. The detailed description of this enhanced protocol GETAR is presented in section 4.
