Solving the cold start problem in Trust Management in IoT

Abstract

Internet of Things has a profound effect on everyday life and critical vertical services including healthcare, factories of the future and intelligent transport systems. The highly distributed nature of such networks and the heterogeneity of the devices, which constitute them, necessitates that their users should be able to trust them at all times. A method to determine the device's service trustworthiness is Trust Management (TM), which assigns scores to devices according to their trustworthiness level, based on evaluations from other entities that interacted with it. Often Internet of Things devices that just joined the network, have not interacted with any other entity of this network before, hence there is no way to determine its trustworthiness. Such an event is referred to as the cold start trust score or initial trust score problem. The majority of the trust management approaches address this problem by setting an arbitrary initial trust score, while others will ignore it. Assigning arbitrary trust scores for devices connected to the network for the first time has the potential to disrupt the operation of the entire system, when a high trust score is assigned to a non-trusted malicious device, or lead to unfair policies, when trusted devices are assumed as potential intruders, which also deteriorates the performance of the system. This paper proposes a mechanism, which combines the blockchain based BARRETT remote attestation protocol with a set of device's properties and communication and operational context parameters, in order to determine accurately and assign the initial trust score to each device. Through a set of extensive simulations over different experimental setups, the proposed scheme is achieving to safely distribute initial trust scores to one thousand devices over less than 6ms, while minimising the risk of computational denial of service attacks due to the inherent characteristics of the BARRETT remote attestation protocol.