a social network approach to trust management in...
TRANSCRIPT
Peer-to-Peer Netw. Appl.DOI 10.1007/s12083-012-0136-8
A social network approach to trust managementin VANETs
Zhen Huang · Sushmita Ruj · Marcos A. Cavenaghi ·Milos Stojmenovic · Amiya Nayak
Received: 8 December 2011 / Accepted: 4 April 2012© Springer Science+Business Media, LLC 2012
Abstract In the past few years, vehicular ad hocnetworks(VANETs) was studied extensively by re-searchers. VANETs is a type of P2P network, thoughit has some distinct characters (fast moving, shortlived connection etc.). In this paper, we present sev-eral limitations of current trust management schemesin VANETs and propose ways to counter them. Wefirst review several trust management techniques inVANETs and argue that the ephemeral nature ofVANETs render them useless in practical situations.We identify that the problem of information cascad-ing and oversampling, which commonly arise in so-cial networks, also adversely affects trust managementschemes in VANETs. To the best of our knowledge,we are the first to introduce information cascading andoversampling to VANETs. We show that simple votingfor decision making leads to oversampling and givesincorrect results in VANETs. To overcome this prob-lem, we propose a novel voting scheme. In our scheme,each vehicle has different voting weight according to
Z. Huang (B) · S. Ruj · A. NayakSEECS, University of Ottawa, Ottawa, Canadae-mail: [email protected]
S. Ruje-mail: [email protected]
A. Nayake-mail: [email protected]
M. A. CavenaghiUnesp, Sao Paulo State University, DCo, Sao Paulo, Brazile-mail: [email protected]
M. StojmenovicSingidunum University, Belgrade, Serbiae-mail: [email protected]
its distance from the event. The vehicle which is morecloser to the event possesses higher weight. Simulationsshow that our proposed algorithm performs better thansimple voting, increasing the correctness of voting.
Keywords Reputation system · Vehicular networks ·Security · Information cascading ·Information oversampling · P2P networks
1 Introduction
Vehicular ad hoc networks (VANETs) is a class ofP2P ad hoc networks which consists of vehicles (peers),Road Side Units (RSUs) and Certification Authori-ties (CA). VANETs are build to ensure the safety oftraffic. This is important, because accidents claim sev-eral lives. According to the National Highway TrafficSafety Administration (NHTSA) report, a total of37,261 people got killed in traffic accidents in 2008(http://www-fars.nhtsa.dot.gov/Main/index.aspx).
Communication can be of two types: Vehicle-to-Vehicle (V2V) or Vehicle-to-Infrastructure (V2I). InV2V communication, vehicles (nodes) send and receivemessages to and from one to another. These messagescan be alert signals about road congestion, accidentsahead or information about traffic on a given route.V2I communication takes place between nodes androad side infrastructure and involve finding nearestand cheapest gas stations, internet services, online tollpayment, etc. VANETs are a class of ephemeral net-works [1], in which the nodes have short lived con-nections with each other. The density of the networkchanges continuously as nodes move in and out of therange of each other. In all these situations, security
Peer-to-Peer Netw. Appl.
is an important concern. To preserve the security ofthe whole network, a node needs to authenticate itselfwhile sending information. This is done using signatureschemes [2, 3]. A node is given a public/private key pairby the CA. It signs the message using the private key,which can be verified by other nodes, using the sender’spublic key.
The other important concern is location privacy.Keeping track of nodes makes them susceptible tothreats, in which the adversary might gain useful infor-mation by observing the movement of the nodes. A fewpapers [4–6] focus on peer location privacy, while [7]is focusing on how to detect the location intrusion inmessage. One way to ensure privacy is to use a set ofpseudonyms for each node. The pseudonyms are likealiases. It should be ensured that these pseudonyms areunlinkable. A node changes its pseudonyms from timeto time, such that it is not possible for an observer toknow that two or more pseudonyms belong to the samenode. The problems of assigning pseudonyms [8, 9],changing pseudonyms [10, 11], and authentication byusing pseudonyms [12] have been studied extensively.
Due to the safety concerns, it is more important toknow the correctness of the data, rather than the au-thenticity of the nodes. Nodes might misbehave due toselfish reasons and might not send corrupt informationall the time. The vehicles are driven by humans andthe human behavioral tendencies are reflected in thebehavior of the nodes. Hence, it is more importantto know which data can be trusted and which cannotbe trusted. Trust management in VANETs is morecomplicated than that in MANETs. This is because ofthe following reasons:
1. Due to the ephemeral nature of VANETs, nodesare in contact for too short a time to build trustamongst themselves,
2. A misbehaving node might not be malicious butselfish. A node can send correct data and incorrectdata, and cannot always be labeled as “good” or“bad”,
3. Most reputation schemes in MANETs rely on vot-ing. Sometimes there might not be enough nodesto reach a threshold number of votes, due to con-stantly changing topology.
This makes trust management schemes difficult to beimplemented in VANETs. Zhang [13] presents a surveyon trust management schemes in VANETs.
Simple voting decisions also lead to two major prob-lems in ad hoc networks, which to the best of ourknowledge has not been addressed in literature. Thesetwo problems arise in social networks and are knownas information cascading [14, Chapter 16] and oversam-
pling [15]. Suppose there is a decision to be made andpeople decide sequentially after observing the behaviorof others. Then, one’s decision is highly influencedby the previous decisions and might overrule its ownobservation.
Oversampling occurs in the following situation: Forexample, node A receives the opinion of nodes Band C. It might be possible that B’s opinion isinfluenced by C. So we say that the opinion of C hasbeen oversampled (http://web.mit.edu/newsoffice/2010/crowd-wisdom-1115.html). In such cases, there is a needto discount the opinion of B, so that C’s decision isnot oversampled. We observe that this situation arisescommonly in VANETs. Suppose a node A receivesthe information of an event, “congestion” (say), froma node B and node C (where C’s decision is obtainedfrom B) and “no congestion” from node D and F.If the nodes were to decide what to do, and do amajority voting, then they receive two votes in bothfavor of and against congestion. However, the votesin favor of congestion has been over-weighed becauseC’s decision is obtained from B. In such cases, theopinion of C should be discounted, by using a weighingfactor α (<1). So instead of considering C’s vote as1, it is considered as α. Such a weighing mechanismwill counter oversampling, as we show in this paper byanalysis and simulation. This is the first paper whichstudies these two phenomenon in ad hoc networks. Wealso show experimentally that considering only the firsthand information gives better results than voting theopinions of all neighboring nodes.
The paper is organized as follows. In Section 2.1, wepresent a survey of reputation schemes for MANETsand point out why each of them is unsuitable forVANETs. Section 2.2 presents reputation schemesused in VANETs and points out the weaknesses ofthose schemes. We discuss the problem of informationcascading and information oversampling in Section 3.We propose an algorithm to overcome informationcascading and oversampling, in Section 4. In Section 5,we experimentally show that our approach performsbetter than normal voting. We conclude in Section 6with directions for future work. A preliminary versionof this paper has appeared in [16].
2 Survey of reputation schemes
In VANETs, an important issue is that how to trustthe specific vehicle or message. For instance, if a carsends the message that there is congestion at locationX, should other vehicles believe that this information iscorrect and take corresponding action? The aim of rep-
Peer-to-Peer Netw. Appl.
utation system is to construct trust value for each nodein the network, the other nodes decide whom to trustbased on these values. Resnick and Zeckhauser [17] listthe following three goals for reputation systems:
(a) To provide information to distinguish between atrustworthy and an untrustworthy peer.
(b) To encourage peers to act in a trustworthy manner.(c) To discourage untrustworthy peers from partici-
pating in the process.
There has been several works on reputation schemesin VANETs [13, 18–24]. These claim to build a trust-worthy network, but suffer from several disadvantages.
We will discuss each of these schemes in details inSection 2.2.
2.1 Reputation systems in MANETs
Reputation was first used in Internet and then spreadto mobile ad hoc network. While trust management isapplied to reputation system. The main features of trustare described below as given in [25–29]:
– A centralized certification authority is prone to sin-gle point failure, hence the decision method shouldbe distributed. In other words, decentralized mech-anism is required.
– The nodes in MANETs are not always cooperative.In a restricted environment, nodes may refuse tocooperate in order to save the energy or for someselfish reasons.
– Trust is not necessarily transitive. If A trusts B andB trusts C, it does not mean that A trusts C. Eachnode makes its own decision.
– Gathering reputation information from past rela-tionship is computationally expensive, so excessivecalculation should be minimized to reduce work-load of the network.
Most trust management schemes make use of vot-ing and game theoretic concepts. We show that theseschemes have some drawbacks and cannot be appliedas is to VANETs.
Marti et al. [30] propose a reputation system forad hoc networks. In their system, a node monitorsthe transmission of a neighbor to make sure that theneighbor forwards traffic. If the neighbor does notforward traffic, it is considered as uncooperative, andits reputation is propagated throughout the network. Inessence, one can consider such a reputation system asa repeated game whose objective is to stimulate coop-eration. Such reputation systems, however, may haveseveral issues. First, there is no formal specificationand analysis of the type of incentive provided by such
systems. Second, these systems have not considered thepossibility that even selfish nodes can collude with eachother in order to maximize their benefit. Third, someof the current systems depend on the broadcast natureof wireless networks in order to monitor other nodes.Such monitoring, however, may not always be possibledue to asymmetric links when nodes use power control.Furthermore, directional antennas, which are gainingmomentum in wireless networks in order to improvecapacity, will also make monitoring hard. Besides theproblems pointed out for MANETs, this reputationsystem cannot be applied to VANETs because a nodeis in contact with another node for a very short time.There is no time to monitor other node’s transmissions.
Michiardi et al. [31] propose a mechanism, calledCORE, to enforce node cooperation based on a col-laborative monitoring technique. CORE is suggestedas a generic mechanism that can be integrated withany network function like packet forwarding, routediscovery, network management, and location manage-ment. The reputation metric is computed based on datamonitored by the local entity and some informationprovided by other nodes involved in each operation.An interesting feature of the CORE mechanism is thatdenial of service attacks based on malicious broad-casting of negative ratings for legitimate nodes can beprevented. CORE is also based on the assumption thatreputation is a good measure of node’s contribution tocommon network operations. Nodes that have a goodreputation, because they helpfully cooperate with othernodes, can use the resources of the network, whilenodes with a bad reputation, because they refused tocooperate, are gradually excluded from the community.There are three types of reputation: a subjective reputa-tion, an indirect reputation and a functional reputation.The term subjective reputation is used to talk about thereputation calculated directly from a node’s observa-tion. The reason why more relevance is given to pastobservations is that a sporadic misbehavior in recentobservations should have a minimal influence on theevaluation of the final reputation value; as a result, it ispossible to avoid false detections due to link breaks andto take into account the possibility of a localized mis-behavior caused by disadvantaged nodes. The subjec-tive reputation is evaluated only considering the directinteraction between a subject and its neighbors. Theconcept of indirect reputation is introduced to evaluatethe effect of the information provided by other mem-bers of the community. Functional reputation has beenused to evaluate trust in different situations, like packetforwarding or route selection. CORE system also can-not be applied to VANETs. The reason is that COREis dependent on indirect reputation that is related
Peer-to-Peer Netw. Appl.
to the information provided by other members of thenetwork. Due to the ephemeral nature of VANETs, thecontact between two nodes are short lived.
Fahnrich et al. [32] propose the Buddy System asa distributed reputation system that is based on so-cial structure. The ensuing Buddy System improvesthe detection of vicious entities and, thus, increasescooperativeness. The considered system consists of au-tonomous entities that may cooperate in transactions.Each entity is autonomous and can therefore exhibitvicious behavior in any cooperation, i.e., it defects bybreaking his commitments. Each entity runs an inde-pendent instance of the reputation system and reportsany observed behavior. The instances of different en-tities may cooperate by exchanging recommendations.The individual trust levels are passed on in order toinform other entities about personal experiences made.The system is based on a mutual buddy-relationshipthat is established adaptively between a pair of entities(so-called buddies). A buddy-relationship necessitatesespecially high trust levels since the buddies mutuallyagree to be punished for the misbehavior of their part-ner buddy. There are two criteria for its establishment.Apart from mutually trusting each other, the entitieshave to perceive the trustworthiness of other agentslikewise. This additional criterion is called similarityof world views. It is set in place in order to reducethe conflict potential between buddies. The authorsshow how the Buddy System overcomes the limitationsof conventional distributed reputation systems. By themeans of simulation, they have shown that the BuddySystem improves the degree of cooperation and there-fore the overall quality of ad hoc network. The BuddySystem cannot be applied to VANETs because it isimpossible to establish a buddy relationship betweentwo nodes in a VANETs. Again, the contact betweenthem are short lived. Therefore, any assumption on arelationship is not applicable.
In the paper by Dewan et al. [33], the reputationof nodes in an ad hoc network is used to identify andsubsequently circumvent the malicious nodes. The rep-utation of a node is not contextual and is a function ofthe number of packets forwarded by a node. The nodesachieve high reputation by correctly routing packetsfor other nodes. If a node fails to route the packeteven after promising to do so, it gets a low reputationand hence is removed from the network. In the pro-posed reputation scheme, the source node finds a setof paths to the destination by using a routing protocolfor ad hoc networks. The source node sends the datapacket to its neighbor with the highest reputation. Theneighbor forwards the packet to the next hop neighborwith the highest reputation, and the process is repeated
till the packet reaches its destination. The destinationacknowledges the packet to the source that updatesits reputation table by giving a recommendation of+1 to its neighbors. All the intermediate nodes in theroute give a recommendation of +1 to their respectiveneighbors in the route and update their local reputationtables. If there is a malicious node in the route, thedata packet does not reach its destination. As a result,the source does not receive any acknowledgment forthe data packet in the stipulated time. The sourcegives a recommendation of −1 to the neighbor on theroute. The intermediate nodes propagate this recom-mendation in the route upto the node that has droppedthe packet. In other words, all the nodes between themalicious node and the sender, including the maliciousnode, get a recommendation of −1.
The salient features of the proposed reputation sys-tem are: 1) circumvention of malicious nodes, 2) in-jection of motivation to cooperate among nodes, 3)decentralized collection and storage of reputations, and4) subsequent increase in the average throughput ofthe network. In addition, the nodes in the network areable to quickly use the reputation information to makerouting decisions without having a significant impact onthe routing performance. The authors conclude that thereputation scheme improves the throughput by 65%with 40% malicious nodes in a network where thenodes are static. The cost of this improvement is the in-creased number of route requests. The throughput canbe further improved at the cost of extra messages, bymaking the nodes exchange their reputation databasesusing cryptographic protocols for ascertaining the cred-ibility of the source of information and the correctnessof the reputation information obtained. The reputationscheme presented by Dewan et al. cannot be appliedto VANETs, because it is based on an assumptionthat all nodes are static. Besides this assumption, thereputation is also based on the number of packets anode forwards. It is not possible to accurately managethis information in VANETs due to its dynamic nature.
2.2 Reputation systems in VANETs
The requirement for reputation system in VANETsalso differs from that in MANETs. All the ideas andtechniques presented in Section 2.1 cannot be appliedto VANETs. VANETs are different from MANETs inthe following ways:
(a) VANETs is an ephemeral network in which carsare constantly roaming around and is highly dy-namic. The velocity on a highway is up to 150 kmper hour. At this high speed, the contact and
Peer-to-Peer Netw. Appl.
reaction time is too short to build trust amongthemselves.
(b) VANETs is a large scale network where the num-ber of nodes and the density is much higher thanthat in MANETs. Network traffic can be veryhigh. Hence, there should be intelligent vehiclecommunication systems that are scalable and canprevent data congestion by deciding which peersto interact with [13].
(c) Almost all the existing reputation systems com-pute trust value based on the past interactionwith target node. However, this assumption is notvalid in VANETs due to the dynamic and openenvironment. In fact, if a vehicle is communicatingwith another vehicle, it is not guaranteed thatit will interact with the same vehicle in the fu-ture. Therefore, the existing algorithms which arebased on long-term relationship are not suitablefor VANETs.
(d) Some of the reputation models [34] depend ona central entity to gather the information. How-ever, the large number of nodes and high dynamicenvironment require a decentralized system inVANETs. Aggregation of reputation should be alocal action instead of a global action.
(e) Another important issue is pseudonymous au-thentication which is ignored by many re-searchers. As discussed above, for privacy con-sideration, each vehicle is issued a large numberof identities, and only CA knows the relationbetween real ID with pseudonymous identities.Therefore, it is infeasible to get meaningful rep-utation values because vehicles change identityover time. For instance, if vehicle A interacts withB then A has a reputation value for B, but at nextmoment if B changes its pseudonyms to C, thereputation value stored in A is no longer useful.
Only a few trust models have been proposed for hon-est information sharing in VANETs. Based on the char-acteristics discussed above, there are two basic mod-els: entity-oriented trust model and information-orientedtrust model. Entity-oriented trust model focuses on thetrust of vehicles that means constructing trust valuesfor vehicles and determine whether or not to believethe vehicles, whereas information-oriented trust modeldecides how to trust the message transmitted. Existinginformation-oriented models consider each vehicle be-ing equal, as a result, majority voting is widely used tojudge the correctness of the message.
Entity-oriented model As we discussed above, repu-tation of vehicles is not easily built in this ephemeral
environment. Two typical entity-oriented trust mod-els are proposed by Gerlach [35] and Minhas et al.[36]. Gerlach in [35] propose a sociological trust modelbased on the principle of trust and confidence tagging.Their trust establishment service tags content of thedatabase with confidence value which may be basedon certification or self-tests of the system. Then, theydescribe how to choose a confidence value. Meanwhile,the authors also propose an architecture for communi-cation and a model for privacy.
Minhas et al. [36] develope a multi-facet trust mod-eling framework which incorporates role-based trust,experience-based trust, and majority-based trust to re-ceive the most effective reports. Meanwhile, they de-scribe an algorithm that shows how to integrate varioustrusts. This model allows the vehicle to actively inquirean event by sending requests to other vehicles. Theabove two schemes are based on the trust value ofvehicles.
Information-oriented model The entity-orientedmodel does not work for ephemeral networks likeVANETs. The information-oriented model constructstrust not based on vehicles but on message itself. Inthese models, long-term relationships between vehiclesare not required which is the basis in entity-orientedmodel. Hence, information-oriented trust is moreefficient in this life-critical network because it decreasethe delay of relationship processing and computing.
2.3 Problems with existing reputation schemesfor VANETs
One of the first papers about reputation in VANETsis VARS, by Florian Dotzer et al. [18]. In that pa-per, the authors propose a modular reputation systemarchitecture that strictly separates direct and indirectreputation handling from opinion generation. VARS isnot based on the behavior of nodes but on the opinionabout distributed content, i.e., forwarding nodes forman opinion on the content of a message; this opinion isattached to the message before forwarding it to othernodes. Therefore, receivers can evaluate the opinion ofother nodes and use it as a basis for their own decisionabout the trustworthiness of a message. On arrival ofan event message every forwarding node generates anopinion on the trustworthiness of this message. Anopinion is calculated either from experience if the eventis detected, from indirect trust if the sender is known, orfrom partial opinions attached to the message or a com-bination thereof. This generated opinion is appendedas another partial opinion to the message, before it is
Peer-to-Peer Netw. Appl.
forwarded. A problem pointed out by the authors isthat attacks like simple modification or deletion of mes-sages can be wielded by every forwarding node as noauthentication is provided. Another possible problemwith VARS is that, if the number of forwarding nodesis high (in the case of a dense network), the communi-cation bandwidth would be seriously compromised dueto the overhead due to the extra information (manyopinions) on each package forwarded.
Another paper about reputation in VANETs isVehicle Behavior Analysis to Enhance Security inVanets [23]. In that paper, the authors introduce adistributed Vehicle Behavior Analysis and EvaluationScheme (VEBAS). The scheme comprises of a frame-work for behavior analysis on which an evaluationof neighboring vehicles regarding trustworthiness isperformed. This system is able to distinguish betweenthree classes: trustworthy, untrustworthy, and neutralvehicles. Therefore, it detects misbehavior, especiallyintentional misbehavior, and honors evident honest be-havior and also preserves a class of vehicles that cannotbe analyzed due to insufficient (sensor) information.
Another paper about reputation in VANETs is [19]by Nai-Wei Lo et al.. An event-based reputation sys-tem (ERS) is introduced in the paper, to filter outinaccurate messages caused by the dynamics of trafficevent and vehicles with different detection capabilitieson embedded sensors, and false messages spread bymalicious attackers in VANETs. The purpose is todetermine whether a traffic event really exists and howlong it lasts through distributed vehicle observations.The status of a traffic event is stored and managed ineach vehicle which has encountered it or is aware ofit from received messages. ERS is enlightened by acooperation enforcement schemes, where nodes collab-oratively observe neighbors and broadcast warnings ifmisbehaved nodes are discovered. Traffic informationcomes either from received messages via wireless inter-face or from on-board sensors. An event table in ERSstores all received and derived traffic event informationincluding event identity, type of traffic event, occur-rence timestamp, event location, message transmissionrange, event reputation value, and event confidencelist. One obvious problem with ERS is the difficultyin managing the confidence list for each traffic eventcreated in the network. Another potential problemis when a vehicle broadcasts an emergency messagesignaling the existence of an accident on the road, ERSmay fail to deliver the message to other drivers just intime to avoid another accident because of the lack ofsimilar messages to corroborate the traffic event. Thiscan jeopardize the security of other drivers.
2.4 Trust in VANETs
A trust module using game theoretic techniques waspresented by Raya et al. [22]. There are two types ofgames: one played between the group of good nodesand the group of adversarial nodes, and another playedbetween the nodes of the same type. Each node is as-signed benefit if it behaves well and a cost if it behavesbadly. Nodes observing misbehaviors can either voteor abstain from voting. There are some issues with thisapproach:
1. Who decides the cost and benefit?2. Raya et al. [22] assume these costs incurred by a
node to be fixed. But, in reality in a continuouslychanging environment, these costs will also changeand so will the threshold of trust (to decide whowins the game).
3. Different types of vehicles must have different costsand benefits. For example, if a police car behavesbadly, then it will incur more costs than an ordinarycar.
A Central Authority cannot decide this because itmight be far away (say a government security agency).An interesting question will be to model the costs andbenefits with the changing network topology.
Umar et al. [20] examine the challenge of designingintelligent agents to enable the sharing of informationbetween vehicles in mobile ad hoc vehicular networks.Their focus was on developing a framework that modelsthe trustworthiness of the agents of other vehicles inorder to receive the most effective reports. The authorsdeveloped a multi-facet trust modeling framework thatincorporates role-based trust, experience-based trust,and majority-based trust.The framework is able to re-strict the number of reports that are received. Theauthors included an algorithm to integrate these var-ious dimensions of trust, along with experimentationto validate the benefits of their approach. The authorsemphasized the importance of different facets that wereincluded. The authors also clarified how their approachwas able to meet various critical challenges for trustmodeling in VANETs. As a final result they presenteda methodology to enable vehicle to vehicle communi-cation via intelligent agents. In order to capture thecomplexity that arises between interacting agents inVANETs, the authors propose several different trustmetrics with various key characteristics. The authorsalso propose that, in order to derive a rather completeand comprehensive view of trust for agents in VANETenvironments, it is necessary to integrate securitysolutions with trust management. The core of their
Peer-to-Peer Netw. Appl.
model is divided in two parts. The first one is com-posed of role-based, experience-based, and priority-based trusts. These trusts maintain trustworthiness ofagents in order for trusted agents (called advisors)to be chosen for their feedback. The first two trusts(role-based and experience-based) are combined intothe priority-based trust, that can be used to chooseproper advisors. The role-based trust exploits certainpredefined roles that are enabled through the iden-tification of agents (vehicles). Agents can put moretrust in certain agents as compared to others (law en-forcing authorities, for instance). The experience-basedtrust represents a component of trust that is based ondirect interactions among agents. The second part oftheir model is composed of the majority opinion. Thispart aggregates feedback from selected advisors. Basedon this model, when an agent in a VANETs receivesreports from other agents about an event, eg., traffic orcollision ahead, it may need to verify if the informationreceived is reliable. To do so, the agent asks othertrusted agents about the received information. For thispurpose, each agent in the system keeps track of a listof other agents. The agent updates the trust values ofthe senders after the truth of their reported events isrevealed.
The role-based approach is based on the followingfour different roles listed in decreasing importance: au-thority (agents representing authorities such as trafficpatrols, law enforcement, police, etc.), expert (agentsspecialized in road condition related issues such asmedia (TV, radio, etc.), traffic reporters, etc., seniority(agents familiar with the traffic or road conditions ofthe area in consideration, e.g. local people who com-mute to work on certain roads or have many yearsof driving experience with a good driving record), or-dinary (all other agents). The problem with this ap-proach is to assume that the nodes can maintain a listof trusted and untrusted agents and that it is possibleto request “advices” about a message. The ephemeralnature of VANETs leads to a very short lived relation-ship between nodes, for which is not possible to buildan effective list of trusted nodes to ask for advices.Furthermore, due to the speed each node is moving inthe network, when an advice arrives it may be too latefor the node to consider it. These issues have not beenconsidered by the authors.
In another paper by Umar et al. [21], the authors usethe same multi-facet trust model introduced by theirprevious work. In this paper, they argue that there isa need to model trust in various dimensions and thatcombining these elements effectively can assist agentsin making transportation decisions. They introduced
two elements to their proposed model: i) distinguish-ing direct and indirect reports that are shared, and ii)employing a penalty for misleading reports, to promotehonesty. They demonstrate through a series of exper-iments of simulated traffic how these two elementstogether serve to increase the value of the trust model.In order to distinguish direct and indirect experience,when information is provided by an agent to anotheragent, it is required that each agent declare whetherits information has been derived from firsthand experi-ence or not. It is initially assumed that this declarationis truthful, and determine which action to take througha weighting of the advice that has been provided. If anagent is not a direct witness but claims to be one, then itwill run the risk of having its trust value reduced moreseverely, if its advice is verified to be unreliable. Themain idea is that an agent that asks for informationfrom other agents will value advice from the directwitnesses more than that from the indirect ones. Anagent B is considered dishonest or deceitful by an agentA if the personal experience trust value that A hason B falls below some value that A can accept. Eachagent that seeks advice from other agents maintainsa set of dishonest agents to whom it will not respondwhen asked, as a penalty to these dishonest agents. Theauthors demonstrate by experiments that the proposedpenalty system effectively promotes honesty. Besidesthe problems pointed out for the previous paper, an-other problem with this approach is that a node canlie to a requesting agent about a firsthand information.Sometimes the node may say it is a firsthand informa-tion when it is not, and the node may say it is not, whenit is a firsthand information (the dishonest node tries totrick the requesting node to gain advantage). Further-more, the penalty applied to a misbehaving node is notenough to enforce its good behavior, because the timetwo agents (vehicles) are in contact with other is notlong enough to establish a trust relationship betweenthem.
In the paper [24], the authors present a trust-basedframework for message propagation and evaluation invehicular ad-hoc networks where peers share infor-mation regarding road condition or safety and othersprovide opinions about whether the information canbe trusted. More specifically, the trust-based messagepropagation model collects and propagates peer’s opin-ions in an efficient, secure, and scalable way by dy-namically controlling information dissemination. Thetrust-based message evaluation model allows peers toevaluate the information in a distributed and collabo-rative fashion by taking into account others’ opinions.Experimental results demonstrate that the framework
Peer-to-Peer Netw. Appl.
significantly improves network scalability by reducingthe utilization of wireless bandwidth caused by a largenumber of malicious messages. The system is alsodemonstrated to be effective in mitigating the maliciousmessages and protecting peers from being affected. Theidea of the framework is to evaluate and disseminatea message based on its quality. The framework wasdesigned in a way that messages can be evaluated ina distributed and collaborative fashion. At the sametime, the dissemination depth of a particular messageis largely dependent on its quality, so that messages ofgood quality propagate to the furthest distance whilemalicious data, such as spam, is controlled to a lo-cal minimum. The message quality is modeled usinga trust-based approach, the quality of a message ismapped to a trustworthiness value, which can be com-puted from a collection of distributed feedback fromother peers in the network. Specifically, during the mes-sage propagation, the peer who receives the messagecan instantly provide feedback, namely, a trust opiniongenerated from an equipped analysis module.
A set of trust opinions are appended to the messageduring message propagation. For those who receive themessage, their action module may decide to trust or dis-trust the message by computing its trustworthiness froman aggregated list of trust opinions. Apart from thetrust modeling on data quality, the behavior of vehicleentities is modeled using a peer-to-peer trust approach.Three types of messages are generated in the system:sender message, trust opinion, and aggregate message.A sender message comes from a peer which wants tosend an information. Associated with the message isthe confidence. Higher confidence indicates the senderitself is more confident of the reported event. Trustopinion is a message provided by a peer that servesas the evaluation of the sender message. Evaluationis conducted by comparing the reported event withthe peer’s current knowledge, which may come froma number of equipped car sensors, the local database,or even human interactions. Aggregated message is acombination of a sender message and a list of trustopinions from distinct peers.
One design principle is that the trust opinion shouldalways be generated before any disclosure of the ex-isting trust opinions in the aggregated message; thegeneration of the trust opinion is purely based on thepeer’s local knowledge such as direct observations. So,malicious peers who give trust opinions by strategi-cally guessing the message trustworthiness from others’trust opinions can be removed from the network. If atrust opinion can be provided, it is broadcasted andappended to the sender message. In the model, message
propagation consists of two components: cluster co-operation and the relay control model. Based on acluster-based routing mechanism, the cluster coopera-tion serves as the foundation for message propagationand trust opinion aggregation. The relay control modelworks as a filter that controls the relay of messages. Thetrust opinion aggregation scheme ensures that messageevaluation and propagation can be done with littleinterference on each other. It provides high flexibilityin the sense that during message propagation, trustopinions can be aggregated in a secure, scalable, andefficient way.
The model also employs both role-based trust andexperience-based trust. A minority of vehicles, such aspolice cars, which are assigned a specific role and aspecific role-based trust value. For other vehicles, theyare associated with experience-based trust. Each peermaintains experience-based trust for other peers. Theoffline central authority assigns roles and updates role-based trust, collects distributed experience-based trustfrom peers, and rewards or punishes peers accordingly.This work presents the same issues pointed out in [20]and [21]: it is based on opinions propagated in thenetwork. The limitations of bandwidth, in case of adense network, and the lack of a mechanism to detectlies propagated by malicious nodes can jeopardize theeffectiveness of this approach.
3 Information cascading and oversampling in VANETs
The decisions taken by nodes in the network influencethe decisions taken by other nodes. In certain situa-tions, the opinions about events reported by nodes canbe so overwhelming that the opinion of one node can besuppressed. It occurs mainly when decisions are madesequentially [14]. Consider the situation shown in Fig. 1.
Fig. 1 A network situation
Peer-to-Peer Netw. Appl.
There are five nodes in the vicinity of an intersection(nodes 2, 3, 4, 5, and 6), 1 is an RSU. Nodes 2, 5, and6 consist of the first-observation set. Node 3 is in thecommunication range of nodes 2, 5 and 6. Node 4 is inthe range of node 3. Let us assume some event (likea “Car Crash”) occurs on the left of first-observationset (2, 5, and 6) (as shown in the Fig. 1), then nodeswill send out alert messages. After receiving these alertmessages, node 3 will make a decision and re-broadcastthese messages to node 4. Node 4 receives four mes-sages from four different nodes (messages from nodes2, 5, and 6 are first-hand and retransmitted by node 3 tonode 4, message from node 3, which it calculates fromthe first-hand decisions).
Now, suppose that the majority of nodes 2, 5, and6 send out false information (it means two false infor-mations and one correct information). All the vehiclesbehind nodes 2, 5, and 6 will receive the false informa-tion. There is no way to prevent this.
Now assume that nodes 2 and 5 are good, whilenodes 6 and 3 are malicious/selfish. So, the majorityof first-observation set is correct and node 3 makesan incorrect decision deliberately. Node 4 will receivetwo correct and two false (incorrect) messages. Thissituation is called information cascading, where thedecisions of other nodes influences one node to takea decision contrary to its observation. Even if node 4observes that node 2 and 5 have acted as if there is acongestion, its decision might be overridden by that of6 and 3. So a wrong decision will cascade through theentire network. There should be a way to decrease theimportance of the message sent by node 3.
The above situation can also leads to oversampling.When node 4 makes a decision, it uses the opinions ofnodes 2, 3, 5 and 6. However, the opinion of node 3is based on the opinions of nodes 2, 5 and 6. So, theobservations of nodes 2, 5 and 6 are being oversampled.This is an instance of information oversampling. Oneway to overcome this, is to give weight to the decisionsmade by nodes. For example, nodes which observean event are considered with weight 1. However lessweight is given to nodes, which are at two or more hopsfrom the direct observers.
4 Counting information oversampling
Consider a network containing N nodes. Emergencyevents can be either congested road, hazardous roadcondition, accidents, etc. Nodes transmit alert signalson observing such events. Some nodes can generatefalse alert messages either for malicious or selfish
reasons. A node which generates an alert message isknown as a first-hand observer.
A node can receive contradictory messages aboutevents, for example “accident” and “no accident”. Insuch situations, it has to decide which of these informa-tions are correct and transmits that information. Nodescan receive several messages from other nodes andmake a decision about which one to accept. A nodecan receive messages from direct observers or throughmulti-hop paths.
4.1 Network model
We first give the notations of our network. If a vehicleobserves an event (for example, an accident) in frontof it, it transmits the information to the vehicles behindit. Let ni be a vehicle. Vehicle n j is said to be in theneighborhood of ni, if n j is in the communication rangeof ni. The neighborhood of ni is denoted by nbd(i).Hence n j ∈ nbd(i) (Table 1).
A message Mi sent by a node ni contains a number c,which denotes the number of hops from the forst handobservers to ni. For example, the first hand observershave c = 0, second hand observers have c = 1, and soon. This number is denoted by c(Mi). Mi also contains adecision di, which can be either +1 or −1. Let F be a setof vehicles which observe an event. They report eitheran accident C (correct) or no accident I (incorrect). Thedecision of any vehicle ni is denoted by di. A vehicle ni
receives messages from its neighbors and has to decidewhether there is an accident or not. It considers all theneighbors n j ∈ nbd(i) that are in front of ni. A majorityvoting algorithm works as follows. Let vi = numberof nodes which report C− number of vehicles whichreport I. If vi ≥ 0, then di = 1 which indicates that thevehicle ni says “there is an accident”, and if vi < 0, thendi = −1 to indicate that the vehicle says “there is noaccident”. A benign vehicle transmits di and a malignvehicle transmits −di.
Table 1 Table of notations
Notation Meaning
ni ith vehiclenbd(i) Neighborhood set of vehicle ni
Mi Message sent by vehicle ni
c(Mi) The number of hop between ni with first-handobservers
di Decision of vehicle ni
F The set of first-hand oberversα Weight factor
Peer-to-Peer Netw. Appl.
4.2 Our algorithm
To deal with information oversampling we do not con-sider all the opinions received with equal weight. Wegive more weight to vehicles which are closer to theevent (that lead to the alert), than to vehicles that arefar away. The opinion of a vehicle, which observesan event directly is given a weight of one, whereas avehicle which receives second hand information is givena weight α. The opinion of the vehicle at two hops fromthe direct observer is given a wight α2 and, so on. Thepseudo code of our approach is in Algorithm 1. If ni isthe neighbor of n j, ni maybe receive the message fromn j for a few times since there exist several routes, in ourscheme, we only consider the message which is directlyfrom n j.
Algorithm 1 This algorithm decides the opinion ofnode ni, based upon the messages it received from itsneighbors nbd(i)Input: Node ni which has to make a decision and messages M j,where n j ∈ nbd(ni)
Output: Decision taken by each node ni “accident” or “no acci-dent”1: vi = 02: for n j ∈ nbd(i) and in front of ni do3: w j = αc(M j)
4: vi = vi + w jd j5: end for6: if vi ≥ 0 then7: if ni is a good node then8: di = 19: Opinion of ni is “there is accident”
10: else11: di = −112: Opinion of ni is “there is no accident”13: end if14: else15: if ni is a good node then16: di = −117: Opinion of ni is “there is no accident”18: else19: di = 120: Opinion of ni is “there is accident”21: end if22: end if23: c(Mi) = 1 + minn j∈nbd(i)and in front{c(M j)}
If a vehicle receives n messages, the set of vehiclesR1 are first hand observers, the set of vehicles R2 areone-hop neighborhood of R1, the set Rn are (n − 1)-thhop neighborhood of R1, then the decision of vehicle istaken as
∑i∈R1
di + α∑
i∈R2di + · · · + αn−1 ∑
i∈Rndi.
Let’s look back to the example in Section 3. Vehicle2, 5 and 6 consist of first-hand observers, hence theweight of these three is 1. While vehicle 3 is the neigh-bor of 2,5 and 6, so the weight of vehicle 3 is α. Setα = 0.5, when vehicle 4 makes the decision, the value
is 1 + 1 − 1 − 0.5 since vehicle 2 and 5 are benign while6 and 3 are malign. Now after we applied this simplescheme, vehicle 4 will give the correct decision whichmeans the information cascading is overcame in thissituation.
5 Experimental results
This section shows how simple voting can result inincorrect decision making. The algorithm performs bet-ter by reducing the effect of oversampling. The bestapproach is to rely only on the information of thefirst-hand observers and transmit only that informationacross to other nodes. There is no need to transmit thedecision of the intermediate nodes to the other nodes.This is because it will result in oversampling and henceincorrect results, and the intermediate nodes might bemalicious/selfish and change received decisions.
Different decision making situations are simu-lated using NCTUns (National Chiao Tung Univer-sity Network Simulator, http://nsl10.csie.nctu.edu.tw/).The simulator was proposed by S.Y.Wang in 2002 andwritten in C++. Table 2 shows the parameters wechoose for each vehicle in the simulation. The followingsimulation environment is considered:
(a) The simulations occur around a road intersection.(b) In every experiment, 35 vehicles are randomly
deployed in the vicinity of the road intersection.(c) Each experiment is run for 10 times, and the
average is calculated.(d) The transimission range is set as 100 m. Due to the
path loss, the effective range in the experiment isapproximate 80 m. That means every two vehiclesduring 80 m radius can receive the messages fromeach other.
(e) No obstacles(like buildings) are considered in thesimulation.
Table 2 Experiment parameters
Frequency 2400 MHzPath loss model Two ray groundAntenna height (m) 1.5Transmission power (dbm) 15Transmission range (m) 100Type of antenna (degree) 360TxGain of antenna 1RxGain of antenna 1Fading channel RiceanWidth of road (m) 20
Peer-to-Peer Netw. Appl.
5.1 Simulation results
We show how our algorithm performs for differentvalue of α in Fig. 2. Our algorithm reach the bestperformance when α = 0 which means the intermediatevehicle’s opinions to a specific event are not considered.In other words, each vehicle makes decision only basedon the messages from first-hand obervers. While α = 1means the weight of each decision is equal, and thevoting correctness is the lowest.
We then demostrate that our algorithm can exactlyreduce the impact of information oversampling. Wecompare three different voting schemes to show theimprovement of our scheme.
Mechanism 1: Each vehicle makes a decision basedon the messages from the first-hand ob-servers. This means theoretically everyvehicle should obtain the same opinionfor a specific event since they all re-ceive the same messages.
Mechanism 2: The messages vehicles use to vote arefrom neighbors. Neighbors are consid-ered to be the vehicle who reports anevent in front.
Mechanism 3: This is a combination of Mechanism1 and Mechanism 2. Vehicles maketheir own decisions based on theirneighbor’s messages and the first-handobervers’ messages.
Figure 3 shows the different performances of abovethree schemes. Mechanism 1 reaches the best perfor-mance in all these three schemes, which means if wedo not consider the messages(opinions) of intermediatevehicle, the voting correctness increase. One can notethat Mechanism 1 is the situation that when α = 0 inour proposed algorithm. While in Mechanism 3, eachvehicle not only consider the messages from first-handobservers, but also from the intermediate vehicles.
Fig. 2 Experimental results with different values of alpha
Fig. 3 Experimental results comparing different decision-making mechanisms
Therefore the information oversampling is existing aswe discussed before, consequently the voting perfor-mance is lower. Results and conclusions obtained withthe simulations are the following:
1. If we give lower weight to the intermediate ve-hicle’s opinion, according to Fig. 2, with the de-creasing of weight factor α, the voting performanceimporves.
2. When weight factor α = 0, there is no informationoversampling in our scheme since each vehicle be-hind only consider the messages from first-handobservers.
3. Our algorithm presented in Section 4.2 is consid-ered as a way to handle information oversampling.And the above simulations illustrate it clearly.
6 Conclusion
In this paper, the limitations of reputation schemes inVANETs have been discussed. We survey trust man-agement schemes in VANETs and point out their draw-backs and limitations. We show that trust managementschemes in MANETs cannot be used for VANETs. Weidentified that the problem of information cascadingand oversampling also adversely affect trust manage-ment schemes in VANETs. We showed that simplevoting for decision making leads to oversampling andgives incorrect results in VANETs. To overcome thisproblem, we proposed a novel voting scheme that per-forms better than simple voting. Through simulations,we have shown that our scheme increased the correct-ness of voting. Though the solution is described in thesituation for VANETs, this can be applied to MANETsto deal with information oversampling.
The following questions need more explanations:when the vehicles make the decision? Do they make adecision immediately after receiving the messages? Or
Peer-to-Peer Netw. Appl.
do they wait for a small interval to collect the opinionsof other vehicles? In real life situations, there are delaysin transmissions. If we make decisions immediately,we might lose important messages to make the voting.However, if we wait for some time before voting, thereis also a problem: during this interval, vehicles mightreceive some incorrect messages. This will adverselyaffect the decision. This is an open problem.
Acknowledgements This work is partially supported byNSERC Grant CRDPJ386874-09 and “Digital signal processing,and the synthesis of an information security system”, TR32054,Serbian Ministry of Science and Education.
References
1. Raya M (2009) Data-centric trust in ephemeral networks.PhD thesis. EPFL, Lausanne
2. Wasef A, Shen X (2009) Maac: message authentication ac-celeration protocol for vehicular ad hoc networks. In: IEEEGLOBECOM, pp 1–6
3. Zhu H, Lin X, Lu R, Ho P-H, Shen X (2008) Aema: an aggre-gated emergency message authentication scheme for enhanc-ing the security of vehicular ad hoc networks. In: IEEE ICC,pp 1436–1440
4. Lu R, Lin X, Shen X (2010) SPRING: a social-based privacy-preserving packet forwarding protocol for vehicular delaytolerant networks. In: Proc. IEEE INFOCOM’10, San Diego,California, USA, 14–19 March 2010
5. Lin X, Lu R, Liang X, Shen X (2011) STAP: a social-tier-assisted packet forwarding protocol for achieving receiver-location privacy preservation in VANETs. In: Proc. IEEEINFOCOM’11, Shanghai, China, 10–15 April 2011
6. Lu R, Lin X, Liang X, Shen X (2010) Sacrificing the plum treefor the peach tree: a socialspot tactic for protecting receiver-location privacy in VANET. In: Proc. IEEE Globecom’10,Miami, Florida, USA, 6–10 Dec 2010
7. Ruj S, Cavenaghi MA, Huang Z, Nayak A, Stojmenovic I(2011) On data centric misbehavior detection in VANETs.In: IEEE 74th Vehicular Technology Conference, VTC-Fall,San Francisco, USA
8. Papadimitratos P, Buttyan L, Holczer T, Schoch E, FreudigerJ, Raya M, Ma Z, Kargl F, Kung A, Hubaux JP (2008) Securevehicular communication systems: design and architecture.IEEE Wirel Commun Mag 46(11):100–109
9. Papadimitratos P, Buttyan L, Hubaux J-P, Kargl F, Kung A,Raya M (2007) Architecture for secure and private vehicularcommunications. In: IEEE ITST, pp 1–6
10. Buttyán L, Holczer T, Vajda I (2007) On the effectiveness ofchanging pseudonyms to provide location privacy in vanets.In: ESAS. Lecture notes in computer science, vol 4572,pp 129–141
11. Freudiger J, Manshaei MH, Le Boudec J-Y, Hubaux J-P(2010) On the age of pseudonyms in mobile ad hoc networks.In: IEEE INFOCOM, pp 1577–1585
12. Calandriello G, Papadimitratos P, Hubaux J-P, Lioy A (2007)Efficient and robust pseudonymous authentication in vanet.In: Holfelder W, Santi P, Hu Y-C, Hubaux J-P (eds) Vehicu-lar ad hoc networks, pp 19–28
13. Zhang J (2011) A survey on trust management for vanets.In: 25th IEEE international conference on advanced infor-mation networking and applications, pp 105–112
14. Easley D, Kleinberg J (2010). Networks, crowds, and mar-kets: reasoning about a highly connected world. CambridgeUniversity Press
15. Acemoglu D, Dahleh MA, Lobel I, Ozdaglar A (2010)Bayesian learning in social networks. Available at http://web.mit.edu/newsoffice/2010/crowd-wisdom-1115.html
16. Huang Z, Ruj S, Cavenaghi MA, Nayak A (2011) Limitationsof trust management schemes in VANET and countermea-sures. In: IEEE PIMRC
17. Resnick P, Zeckhauser R (2002) Trust among strangers ininternet transactions: empirical analysis of eBay’s reputationsystem. In: Baye MR (ed) The economics of the internet andE-commerce. Advances in applied microeconomics. ElsevierScience, pp 127–157
18. Dotzer F, Fischer L, Magiera P (2005) Vars: a vehicle ad-hocnetwork reputation system. In: IEEE international sympo-sium on a world of wireless mobile and multimedia networks,pp 454–456
19. Lo N-W, Tsai H-C (2009) A reputation system for trafficsafety event on vehicular ad hoc networks. EURASIP - Jour-nal on Wireless Communications and Networking. doi:10.1155/2009/125348
20. Minhas UF, Zhang J, Tran T, Cohen R (2010) Towards ex-panded trust management for agents in vehicular ad-hoc net-works. IJCITP 5(1):3–15
21. Minhas UF, Zhang J, Tran T, Cohen R, Cheriton DR (2010)Intelligent agents in mobile vehicular ad-hoc networks: lever-aging trust modeling based on direct experience with incen-tives for honesty. In: IEEE/WIC/ACM international confer-ence on web intelligence and intelligent agent technology,pp 243–247
22. Raya M, Shokri R, Hubaux J-P (2010) On the tradeoff be-tween trust and privacy in wireless ad hoc networks. In: ACMWISEC, pp 75–80
23. Schmidt RK, Leinmuller T, Schoch E, Held A, SchaferG (2008) Vehicle behavior analysis to enhance security invanets. In: Workshop on vehicle to vehicle communications
24. Zhang J, Chen C, Cohen R (2010) A scalable andeffective trust-based framework for vehicular ad-hoc net-works. JoWUA 1(4):3–15
25. Adams WJ, Davis NJ (2005) Toward a decentralized trust-based access control system for dynamic collaboration. In:IEEE workshop on information assurance, pp 317–324
26. Eschenauer L, Gligor VD, Baras J (2002) On trust estab-lishment in mobile ad-hoc networks. In: Proceedings of thesecurity protocols workshop, pp 47–66
27. Sun YL, Han Z, Ray Liu KJ (2006) Information the-oretic framework of trust modeling and evaluation forad hoc networks. IEEE J Sel Areas Commun 24(2):305–317
28. Lu R, Li X, Liang X, Lin X, Shen X (2011) GRS: The green,reliability, and security of emerging machine to machine com-munications. IEEE Commun Mag (Feature topic on recentprogress in machine to machine communications) 49(4):28–35
Peer-to-Peer Netw. Appl.
29. Li X, Li Z, Stojmenovic M, Narasimhan V, Nayak A (2012)Autoregressive trust management in wireless Ad Hoc net-works. In: Ad Hoc sensor wireless networks, (to appear)
30. Marti S, Giuli TJ, Lai K, Baker M (2000) Mitigating rout-ing misbehavior in mobile ad hoc networks. In: MOBICOM,pp 255–265
31. Michiardi P, Molva R (2002) Core: a collaborative reputationmechanism to enforce node cooperation in mobile ad hocnetworks. In: Mobile ad hoc networks. communication andmultimedia security
32. Fahnrich S, Obreiter P (2004) The buddy system—a distributed reputation system based on social struc-ture. Technical report, Universitat Karlsruhe, Faculty ofInformatics
33. Dewan P, Dasgupta P, Bhattacharya A (2004) On using rep-utations in ad hoc networks to counter malicious nodes. In:IEEE international conference on parallel and distributedsystems, pp 665–672
34. Zhang J, Cohen R (2006) Trusting advice from other buy-ers in e-marketplaces: the problem of unfair ratings. In: 8thinternational conference on electronic commerce: the new e-commerce—innovations for conquering current barriers, ob-stacles and limitations to conducting successful business onthe internet, pp 225–234
35. Gerlach M (2007) Trust for vehicular applications. In: Inter-national symposium on autonomous decentralized systems,pp 295–304
36. Minhas U, Zhang J, Tran T, Cohen R (2010) Intelligentagents in mobile vehicular ad-hoc networks: leveraging trustmodeling based on direct experience with incentives for hon-esty, pp 243–247
Zhen Huang is currently a Ph.D student in Electric and Com-puter Engineering at University of Ottawa, Canada. He receivedhis Master’s degree in Electric and Computer Engineering fromUniversity of Ottawa in 2011, and B.E. degree in Communi-cations Engineering from Southwest University of Science andTechnology, China. His research interests are security in Vehic-ular ad hoc networks and smart grid. Mailing address is SEECS,University of Ottawa, 800 King Edward, Ottawa, ON, K1N 6N5,Canada. Email: [email protected]
Sushmita Ruj received her B.E. degree in Computer Sciencefrom Bengal Engineering and Science University, Shibpur, Indiain 2004, and Masters and Ph.D in Computer Science from IndianStatistical Institute, India in 2006 and 2010, respectively. Between2009 and 2010, she was a Erasmus Mundus Post Doctoral Fellowat Lund University, Sweden. She is currently a Post DoctoralFellow at University of Ottawa, Canada. Her research interestsare in security in mobile ad hoc networks, vehicular networks,cloud security, combinatorics and cryptography. She is the Edito-rial Board of Ad Hoc and Sensor Wireless Networks. Her mailingaddress is SEECS, University of Ottawa, 800 King Edward, Ot-tawa, Ontario, K1N6N5 Canada. Email: [email protected]
Marcos A. Cavenaghi has been working at Unesp - State Uni-versity of Sao Paulo in Brazil since 1994. His research interestsinclude Security in Vehicular ad hoc Networks and Wirelessad hoc Networks, Distributed Systems, and Grid Computing.Cavenaghi received a PhD in Computational Physics from USP- University of Sao Paulo, Brazil in 1997, a MsC in Sciencesfrom USP - University of Sao Paulo, Brazil in 1992, and a BsCdegree in Physics from Unesp - State University of Sao Paulo,Brazil in 1990. His mailing address is Department of Computing,Av. Luiz E.C. Coube 14-01, 17033-360 - Bauru – SP, Brazil.Email: [email protected]
Peer-to-Peer Netw. Appl.
Milos Stojmenovic is an assistant professor at the depart-ment of Informatics and Computation at Singidunum Uni-versity, in Belgrade, Serbia. He received his PhD in Com-puter Science degree at the School of Information Technol-ogy and Engineering, University of Ottawa, in 2008. He haspublished roughly thirty articles in the fields of computer vi-sion, image processing, and wireless networks. More details canbe found at www.site.uottawa.ca/~mstoj075. Mailing address:Singidunum University, Danijelova 32, 11000, Belgrade, Serbia.Email: [email protected]
Amiya Nayak received his B.Math. degree in Computer Scienceand Combinatorics & Optimization from University of Waterlooin 1981, and Ph.D. in Systems and Computer Engineering fromCarleton University in 1991. He has over 17 years of industrialexperience in software engineering, avionics and navigation sys-tems, simulation and system level performance analysis. He is inthe Editorial Board of several journals, including IEEE Trans-actions on Parallel & Distributed Systems, International Journalof Parallel, Emergent and Distributed Systems, InternationalJournal of Computers and Applications, and EURASIP Journalof Wireless Communications and Networking. Currently, he is aFull Professor at the School of Electrical Engineering and Com-puter Science at the University of Ottawa. His research interestsare in the area of fault tolerance, distributed systems/algorithms,and mobile ad hoc networks with over 150 publications inrefereed journals and conference proceedings. Mailing addressSchool of Information Technology & Engineering, University ofOttawa, 800 King Edward Avenue, Ottawa, ON K1N 6N5,Canada. Email: [email protected]