About this Journal Submit a Manuscript Table of Contents
International Journal of Distributed Sensor Networks
Volume 2013 (2013), Article ID 948641, 9 pages
http://dx.doi.org/10.1155/2013/948641
Research Article

Trust Management Scheme Based on D-S Evidence Theory for Wireless Sensor Networks

1School of Instrumentation Science and Opto-Electronics Engineering, Beihang University, Beijing 100191, China
2Science and Technology on Communication Information Security Control Laboratory, Jiaxing 314033, China

Received 9 January 2013; Revised 29 May 2013; Accepted 5 June 2013

Academic Editor: Anfeng Liu

Copyright © 2013 Renjian Feng et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Trust management scheme has been regarded as a powerful tool to defend against the wide set of security attacks and identify malicious nodes. In this paper, we propose a trust management scheme based on revised Dempster-Shafer (D-S) evidence theory. D-S theory is preponderant in tackling both random and subjective uncertainty in the trust mechanism. A trust propagation mechanism including conditional trust transitivity and dynamic recommendation aggregation is developed for obtaining the recommended trust values from third part nodes. We adopt a flexible synthesis method that uses recommended trust only when no direct trust exists to keep a good trust-energy consumption balance. We also consider on-off attack and bad mouthing attack in our simulation. The simulation results and analysis show that the proposed method has excellent ability to deal with typical network attacks, better security, and longer network lifetime.

1. Introduction

Wireless sensor networks (WSNs) consist of plentiful tiny, sensing capabilities, and resource-constrained sensor nodes, and are often deployed in unattended and hostile environments to perform various monitoring tasks [1, 2]. However, due to the wireless and unattended deployment nature of WSNs, there is a risk of unique threats [3]. Hence, security plays a vital role in guaranteeing the normal running of the whole network. Although security requirements of WSNs are quite similar with those of conventional networks, the security strategies based on the traditional authentication and encryption mechanisms are unsuitable to apply to WSNs because of the nodes’ resource constraints [4]. Therefore, the trust management scheme has attracted more and more research attentions as a complementary security mechanism [5]. The basic idea of the trust management scheme is to calculate trust values that are used to describe the trustworthiness, reliability, or competence of individual nodes, based on some monitoring schemes [6]. Then the trust information can be applied to higher layer decisions such as routing [7, 8], data aggregation [9], and cluster head election [10, 11]. To the best of our knowledge, a number of trust management schemes have been proposed for WSNs [1222], but most of them failed to establish a reasonable trust management scheme to express the subjectivity, uncertainty, and transitivity of trust characteristics in WSNs.

To resolve the problems, this paper puts forward a trust management scheme (TMS) based on revised D-S evidence theory in WSNs and achieves main contributions as follows. (1) A trust propagation mechanism including conditional trust transitivity and dynamic recommendation aggregation using the revised D-S evidence theory is proposed, which maintains the subjectivity, uncertainty, and transitivity of trust characteristics. (2) An adaptive time factor is adopted to dynamically weight history experience against current information, which enhances the accuracy of trust calculation. (3) To keep a good trust-energy consumption balance, a synthesis method that uses recommended trust only when no direct trust exists is proposed. (4) We address the issue of TMS performance in terms of ability to defeat some attacks (on-off attack, bad mouthing attack), detection of malicious nodes, and energy consumption, comparing with NBBTE [15] and BRSN [16]. Simulation results demonstrate that TMS has excellent ability to deal with typical network attacks, better security, and longer network lifetime.

The model proposed in this work extends our prior work [15] which integrated the approach of nodes behavioral strategies and modified evidence theory. In this paper, we improve the previous model with mechanisms for the propagation of nodes’ recommendation and the synthesis of nodes’ trust value. Moreover, we refine the algorithm of direct trust value, evaluate our scheme’s ability to defeat on-off attack and bad-mouthing attack, and study the security and energy consumption of the model.

The rest of this paper is organized as follows. Section 2 presents related work on trust establishment for WSNs. Section 3 describes the D-S evidence theory and the process of TMS, including computation of nodes’ trust value. In Section 4, comparing with NBBTE and BRSN, the superiority of TMS is shown by simulations. Finally, the conclusions are presented in Section 5.

2. Related Works

The research on establishing trusts can be classified into two categories, reputation-based [1619] and trust establishment [2022]. In the former category, trust is evaluated by direct observation and second-hand information distributed among a network. In the latter category, trust in neighbors is evaluated by direct observation and trust relations between two nodes.

Reputation-based framework for sensor networks (RFSN) [16] used watchdog mechanism to build trust rating. Within the framework of RFSN, a beta reputation system for sensor networks (BRSN) that used a Bayesian formulation was employed. Since then, many researches have been done based on the BRSN model such as MA&TP-BRSN, and RFM-WSN [17]. However, in RFSN, the stipulation that no node is allowed to disseminate bad reputation information makes it unable to cope with uncertain situations. Aivaloglou and Gritzalis [18] proposed a hybrid trust and reputation management protocol by exploiting the predeployment knowledge on the network topology and the information flows. But it is not easy to get the predeployment knowledge. In [19], the authors proposed a behavior reputation method which defined the similarity and the similarity matrix by using normal differences of the status estimate vectors. However, the initialization stage of the model is based on the authentication key which is prone to attacks.

Zarei et al. [20] presented a novel congestion control scheme based on fuzzy logic systems. The proposed scheme enabled the nodes to investigate the behavior of their neighbors and isolated them upon malfunctioning, decreasing congestion problem, and buffering capacity shortage. However, the use of fuzzy logic makes it easy to lose some information and may lead to an inaccurate result. In [21], the authors proposed a new lightweight group-based trust management scheme. In this model, each sensor node (SN) performed peer evaluation based on direct observations or recommendations, and each cluster head (CH) evaluated other CHs as well as SNs under its own cluster. However, trust in their case is assessed only based on past interaction experiences in message delivery. Lopez et al. [22] listed the best practices that were essential for developing a good trust management system and made an analysis of the state of the art related to these practices. The reference makes an excellent summary, proposes many profound viewpoints, and shows an additional insight on the trust evaluation field.

3. TMS Algorithm

Refer to [4], we define trust as the confidence that node (denoted as ) has on node (denoted as ) about how will perform as expected. A complete trustworthiness consists of subject entity’s observation and recommendation from third party. The TMS algorithm firstly establishes various trust factors based on our previous work [15]. Next, direct trust is calculated on the base of trust factors. Then, the recommendations of several neighbor nodes are acquired in accordance with the revised D-S rule and the trust difference between pieces of evidence. Finally, the overall trust value is computed through a flexible synthesis method that guarantees a good trust-energy consumption balance. Figure 1 shows the structure of TMS algorithm.

948641.fig.001
Figure 1: The structure of TMS algorithm.
3.1. D-S Evidence Theory

Due to the subjectivity of trust evaluation, it is unsuitable to simply establish the recommended trust value by weighted average. D-S evidence theory can briefly express the important conceptions, such as “uncertainty,” and make right judgments by efficiently integrating many-sided uncertain information. Hence, in our proposed algorithm, we calculate trust value and the average weight of recommendations based on the D-S rule. The basic definitions of D-S theory are defined as follows [23].

Definition 1. Let be the identification frame, denoting a set of mutually exclusive and exhaustive hypotheses about problem domains. Correspondingly, is the power set of .

Definition 2. Mass stands for a belief mapping from to the interval between 0 and 1, represented as . → [0, 1] is called the BPA (Basic Probability Assignment) and is defined as below:

Definition 3. The belief of a hypothesis is the sum of the beliefs for those hypotheses that are its subsets. Its definition is given as where is named focal element and is the basic confidence level of , representing how much the evidence supports to happen.

3.2. Trust Factors

To defeat various attacks, we had better take all kinds of factors that depend on the interactions between neighbor nodes into consideration. However, there is an obvious trade-off between the number of factors and the energy consumption. We select four trust factors from our previous work [15]. Suppose evaluates the trust degree on ; the trust factors are Received Packets Rate , Successfully Sending Packets Rate , Packets Forwarding Rate , and Node Availability .

3.3. Direct Trust Evaluation Approach

Subject monitors the behaviors of object in one cycle and acquires the current trust value based on the following expression:

The functions and are chosen in advance according to the specific assignments of network.

Furthermore, the direct trust value is recalculated in accordance with history records. The update of direct trust value is calculated as follows: where is the direct trust value of subject on object in current cycle; is the direct trust value of latest cycle; parameter is the adaptive time factor used to weight history experience against current information. To keep preferably dynamic, it is satisfied as follows: where . The parameter and represent the trust components of and , respectively.

3.4. Recommended Trust Evaluation Approach
3.4.1. Trust Transitivity

Suppose the recommended trust value of on can be obtained through different paths. And the number of recommendation paths depends on nodes’ distribution and transmission radius. In order to avoid trust recycle recursion and decrease network communication payload, the recommendation values are confined to direct trust value of the common neighbors owned by both and . As shown in Figure 2, can only get the trust recommendation of from .

948641.fig.002
Figure 2: Recommendation relationship between subject and object .

Assume that is the recommended trust value of on through recommendation path . The vector forms of , , are as follows:

Let us set and . Then, the is calculated as

Using the symbol to denote this operation, we can get

To vividly show the process of trust transitivity, we resort to Figure 3. It is obvious to see that as long as one of and is distrust, is distrust.

948641.fig.003
Figure 3: The process of trust transitivity.

Extending the above transitivity to multihop, we can get recommended trust through complex recommendation paths with many middle nodes as follows: where the symbol indicates anonymous nodes in recommendation paths.

3.4.2. Dynamic Aggregation of Recommended Trust

On the basis of trust transitivity, obtains recommended trust values on through recommendation paths; namely:

Then, would aggregate these pieces of evidence to get a consensus on . Due to the existence of malicious nodes that may offer false recommendations, we introduce the revised D-S combination rule which adopts a consistent intensity to adjust weights of recommended trust values. The integration process is described in detail as follows.

Firstly, we compute the corresponding average weight denoted as . The consistent intensity between and is defined as where , , is the inner product of and .

The difference between two recommended trust pieces of evidence increases with the reduction of consistent intensity. The lower the consistent intensity is, the more probably false trust recommendation may occur.

Furthermore, the matrix of consistent intensity which is composed of all the recommended trust values is defined as

Through summation in row and normalization, the totally consistent intensity of recommended trust , which is equal to the average weight , is computed by

Then, the basic reliability function of every recommended trust evidence is amended by as follows:

Above all, the recommended trust can be modified as

Finally, we can get the consistent recommended trust as follows:

3.5. Synthesis of Overall Trust Value

The recommendation trust is useful to get a more accurate trust value, but calculating it will consume more energy. Thus there is a need for a good trust-energy consumption balance in the trust management system. To solve this problem, we calculate the overall trust by a flexible synthesis method which works as follows: only when does not have direct evidence on , the recommendation trust is taken into account. Hence, the overall trust value is

If the decision model satisfies

Then subject regards as “Trust,” and adds into its trustworthiness list. In like manner, can be marked “Uncertain” or “Distrust.”

4. Simulation Results

In this section, we use Matlab platform to show TMS has better performance than NBBTE and BRSN in terms of ability to defeat some attacks (on-off attack, bad mouthing attack), detection of malicious nodes, and energy consumption.

4.1. Defense of Attacks
4.1.1. On-Off Attack

Trust is a dynamic event. A good entity may be captured by attackers and turns into compromise node. On the other side, an incompetent entity can redeem the way that its neighbors regard it and become competent due to environmental changes. Because of the nodes’ resource limitation, some trust schemes adopted trust compensation mechanism. However, a smart attacker can capitalize on this feature of the trust schemes and create on-off attacks in which malicious entities behave well and badly alternatively [6]. To address this issue, we adopt the adaptive time factor which is introduced in Section 3.2. depends on specific situations. Here, we can choose , . In order to prevent the malicious node registering as a new user, the pessimistic initialization strategy of trust value is accepted. Suppose that malicious nodes cooperate well with neighbor nodes to get good trust records at the beginning of the simulation but behave badly after 40 rounds. The simulation results are shown in Figures 4 and 5.

948641.fig.004
Figure 4: The change of direct trust value under on-off attack.
948641.fig.005
Figure 5: Comparison of trust value under on-off attack.

From Figure 4 we can see that increases slowly and decreases slowly in the trust compensation stage (0–40 rounds). Once the malicious nodes behave badly, falls off sharply while races up. In other words, the time for trust accumulation is much longer than that for trust collapse. It is because which means that history information affects the trust value heavily in the trust compensation stage and which means current information bulks large when attacks happen.

Figure 5 compares the trust value calculated by different methods under on-off attack. The trust value calculated by BFSN increases the fastest in the trust compensation stage and the trust value calculated by NBBTE has the slowest decline in the attacking stage. Both BFSN and NBBTE fail to resist on-off attack. On the contrary, TMS defends against on-off attack effectively as the trust value calculated by TMS has the slowest increase in the trust compensation stage and falls off sharply once the malicious nodes behave badly.

4.1.2. Bad Mouthing Attack

Once recommendations are taken into consideration, we take the risk of receiving dishonest recommendations which aim at framing good parties or boosting trust values of malicious peers [6]. This attack, referred to as the bad mouthing attack, is the most straightforward attack. Because of our flexible synthesis method, bad mouthing attack happens only when has no direct evidence on . To defeat this attack, we introduce the revised D-S rule that includes the average weight to combine recommendation pieces of evidence.

Suppose receives twenty recommendation pieces of evidence of credible and , , , , , are false recommendation information. Refer to Table 1 for detailed information.

tab1
Table 1: Detailed information of twenty recommendations.

Combining those twenty pieces of evidence by our method, we can obtain . The average weight = (0.9997, 0.9893, 0.9805, 0.8772, 0.8630, 0.9968, 0.9788, 1.0000, 0.8657, 0.9806, 0.8374, 0.9921, 0.9942, 0.8408, 0.9968, 0.9895, 0.9900, 0.9007, 0.9783, 0.9842). It is obvious to see that , , , , , are smaller than others. Without the average weight, would mistake for unbelievable node.

To further explain TMS’s ability to defeat against bad mouthing attack, we compare it with NBBTE and BFSN under two conditions: framing good parties and boosting trust values of malicious peers. The results are shown in Figures 6 and 7.

948641.fig.006
Figure 6: The trust value at different proportion of malicious nodes when framing good party.
948641.fig.007
Figure 7: The trust value at different proportion of malicious nodes when boosting trust values of malicious peer.

When a malicious node launches the bad mouthing attack which aims at framing good parties, BFSN performs excellent as it only propagates good reputation information about other nodes. However, it cannot prevent malicious nodes from boosting trust values of malicious peer, as shown in Figure 7. No matter which condition it is, TMS performs better than NBBTE. Considering that BFSN is incapable of dealing with the second condition, we can come to the conclusion that TMS defends against bad mouthing attack most effectively.

4.2. Analysis of Network Security

To evaluate the network security, we compare our method with NBBTE and BRSN on the aspect of detecting malicious nodes. The proportions of detected malicious nodes under different trust mechanisms are shown in Figure 8.

948641.fig.008
Figure 8: The proportions of detected malicious nodes under different trust mechanisms.

It is obvious to see that TMS does better at detecting malicious nodes than BRSN. This results from two aspects. First, by using D-S theory, TMS takes subject uncertainty into consideration and avoids considering prior distribution, and consequently the accuracy of trust evaluation is improved. Second, we adopt the corresponding average weight of recommended trust, which increases the robustness of trust mechanism. The proportions of detected malicious nodes of TMS are little lower than that of NBBTE, because TMS uses recommended trust conditionally while BRSN considers both direct and recommended trust.

4.3. Analysis of Energy Consumption

To evaluate the performance of the flexible synthesis method proposed in Section 3.5, we make experiments on the energy consumption under different circumstances. The radio energy model proposed in [24] is used for our simulation. The simulation parameters are listed in Table 2 and the simulation results are shown in Table 3 and Figure 9.

tab2
Table 2: Simulation parameters.
tab3
Table 3: Round of dies with different parameter values.
948641.fig.009
Figure 9: Residual energy of under different circumstances.

Circumstance 1 is a special situation, where has no neighbor. Compare circumstance 2 and circumstance 3, we can see that the more neighbors has, the longer it will survive. It is because computing direct trust just needs one interaction while computing recommended trust needs two. Circumstance 3 and circumstance 4 tell us that the decreasing of average recommended pieces of evidence can increase ’s lifetime. The reason is that decreasing one piece of average recommended evidence can reduce interactions. In a word, the simulation results demonstrate that the flexible synthesis method saves energy greatly, especially when the number of average recommended pieces of evidence is small.

To further show how long can survive by the flexible synthesis method of TMS comparing with NBBTE and BRSN, we count rounds that can survive under different number of average recommended pieces of evidence. In this experiment, we set the number of ’s neighbor nodes 30 and the number of average recommended pieces of evidence 10, 20, and 30, respectively. The results are shown in Figure 10. It is obvious to see that can survive the longest by using TMS.

948641.fig.0010
Figure 10: Round of under different number of average recommended pieces of evidence.

5. Conclusions

In this paper, a trust management scheme (TMS) based on revised D-S evidence theory is proposed. It provides vector forms to express subjective trust opinions. On this basis, direct trust value on each neighbor node is calculated by considering trust factors which are defined according to node behaviors in order to detect malicious attacks. At the same time, recommended trust value from common neighbor nodes of subject and object nodes is obtained through conditional transitivity and the weight of each recommendation is obtained by revised D-S evidence theory. Afterwards, we use a flexible synthesis method to calculate the overall trust. Furthermore, the Matlab platform is used to test the performance of TMS, and simulation results show that the proposed algorithm can effectively resist vulnerabilities such as on-off attack and bad mouthing attack, reasonably evaluate trust levels of sensor nodes, and improve the network robustness and security. In addition, the flexible synthesis method saves energy greatly and, hence, prolongs the lifetime of WSNs.

Acknowledgments

The authors are grateful to the anonymous reviewers for their insightful comments. This work is supported by the National Natural Science Foundation of China under Grant no. 61201317 and no. 61001138.

References

  1. W. T. Zhu, J. Zhou, R. H. Deng, and F. Bao, “Detecting node replication attacks in wireless sensor networks: a survey,” Journal of Network and Computer Applications, vol. 35, no. 3, pp. 1022–1034, 2012. View at Publisher · View at Google Scholar · View at Scopus
  2. M. Saleem, G. A. Di Caro, and M. Farooq, “Swarm intelligence based routing protocol for wireless sensor networks: survey and future directions,” Information Sciences, vol. 181, no. 20, pp. 4597–4624, 2011. View at Publisher · View at Google Scholar · View at Scopus
  3. T. A. Zia, “Reputation-based trust management in wireless sensor networks,” in Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP '08), pp. 163–166, December 2008. View at Publisher · View at Google Scholar · View at Scopus
  4. P. Trakadas, S. Maniatis, P. Karkazis, T. Zahariadis, H. C. Leligou, and S. Voliotis, “A novel flexible trust management system for heterogeneous wireless sensor networks,” in Proceedings of the International Symposium on Autonomous Decentralized Systems (ISADS '09), pp. 369–374, March 2009. View at Publisher · View at Google Scholar · View at Scopus
  5. Y. Yu, K. Li, W. Zhou, and P. Li, “Trust mechanisms in wireless sensor networks: attack analysis and countermeasures,” Journal of Network and Computer Applications, vol. 35, no. 3, pp. 867–880, 2012. View at Publisher · View at Google Scholar · View at Scopus
  6. Y. L. Sun, Z. Han, and K. J. R. Liu, “Defense of trust management vulnerabilities in distributed networks,” Communications Magazine, vol. 46, no. 4, pp. 112–119, 2008.
  7. H. C. Leligou, P. Trakadas, S. Maniatis, P. Karkazis, and T. Zahariadis, “Combining trust with location information for routing in wireless sensor networks,” Wireless Communications and Mobile Computing, vol. 12, no. 12, pp. 1091–1103, 2012.
  8. H. Deng, Y. Yang, G. Jin, R. Xu, and W. Shi, “Building a trust-aware dynamic routing solution for wireless sensor networks,” in Proceedings of the IEEE Globecom Workshops (GC '10), pp. 153–157, December 2010. View at Publisher · View at Google Scholar · View at Scopus
  9. N. Poolsappasit and S. Madria, “A secure data aggregation based trust management approach for dealing with untrustworthy motes in sensor network,” in Proceedings of the 40th International Conference on Parallel Processing (ICPP '11), pp. 138–147, September 2011. View at Publisher · View at Google Scholar · View at Scopus
  10. R. J. Feng, S. Y. Che, and X. Wang, “A credible cluster-head election algorithm based on fuzzy logic in wireless sensor networks,” Journal of Computational Information Systems, vol. 8, no. 15, pp. 6241–6248, 2012.
  11. G. V. Crosby, N. Pissinou, and J. Gadze, “A framework for trust-based cluster head election in wireless sensor networks,” in Proceedings of the 2nd IEEE Workshop on Dependability and Security in Sensor Networks and Systems (DSSNS '06), pp. 10–22, April 2006. View at Publisher · View at Google Scholar · View at Scopus
  12. W. R. Claycomb and D. Shin, “A novel node level security policy framework for wireless sensor networks,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 418–428, 2011. View at Publisher · View at Google Scholar · View at Scopus
  13. F. Bao, I.-R. Chen, M. Chang, and J.-H. Cho, “Hierarchical trust management for wireless sensor networks and its applications to trust-based routing and intrusion detection,” IEEE Transactions on Network and Service Management, vol. 9, no. 2, pp. 169–183, 2012. View at Publisher · View at Google Scholar · View at Scopus
  14. M. Momani, S. Challa, and R. Alhmouz, “BNWSN: bayesian network trust model for wireless sensor networks,” in Proceedings of the International Conference on Communications, Computers and Applications (MIC-CCA '08), pp. 110–115, August 2008. View at Publisher · View at Google Scholar · View at Scopus
  15. R. Feng, X. Xu, X. Zhou, and J. Wan, “A trust evaluation algorithm for wireless sensor networks based on node behaviors and D-S evidence theory,” Sensors, vol. 11, no. 2, pp. 1345–1360, 2011. View at Publisher · View at Google Scholar · View at Scopus
  16. S. Ganeriwal, L. K. Balzano, and M. B. Srivastava, “Reputation-based framework for high integrity sensor networks,” ACM Transactions on Sensor Networks, vol. 4, no. 3, article 15, 2008. View at Publisher · View at Google Scholar · View at Scopus
  17. X. Gu, J. L. Qiu, and J. Wang, “Research on trust model of sensor nodes in WSNs,” Procedia Engineering, vol. 29, pp. 909–913, 2012. View at Publisher · View at Google Scholar
  18. E. Aivaloglou and S. Gritzalis, “Hybrid trust and reputation management for sensor networks,” Wireless Networks, vol. 16, no. 5, pp. 1493–1510, 2010. View at Publisher · View at Google Scholar · View at Scopus
  19. M.-Z. Zhou, Y. Zhang, J. Wang, and S.-Y. Zhao, “A reputation model based on behavior trust in wireless sensor networks,” in Proceedings of the International Conference on Scalable Computing and Communications- 8th International Conference on Embedded Computing, pp. 189–194, September 2009. View at Publisher · View at Google Scholar · View at Scopus
  20. M. Zarei, A. M. Rahmani, A. Sasan, and M. Teshnehlab, “Fuzzy based trust estimation for congestion control in wireless sensor networks,” in Proceedings of the International Conference on Intelligent Networking and Collaborative Systems (INCoS '09), pp. 233–236, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  21. R. A. Shaikh, H. Jameel, B. J. d'Auriol, H. Lee, S. Lee, and Y.-J. Song, “Group-based trust management scheme for clustered wireless sensor networks,” IEEE Transactions on Parallel and Distributed Systems, vol. 20, no. 11, pp. 1698–1712, 2009. View at Publisher · View at Google Scholar · View at Scopus
  22. J. Lopez, R. Roman, I. Agudo, and C. Fernandez-Gago, “Trust management systems for wireless sensor networks: best practices,” Computer Communications, vol. 33, no. 9, pp. 1086–1093, 2010. View at Publisher · View at Google Scholar · View at Scopus
  23. C. Q. Tian and B. J. Yang, “A D-S evidence theory based fuzzy trust model in file-sharing P2P networks,” Peer-To-Peer Networking and Applications, 2012. View at Publisher · View at Google Scholar
  24. W. R. Heinzelman and H. Balakrishnan, “Energy-efficient communication protocol for wireless microsensor networks,” in Proceedings of the 33rd Hawaii International Conference on System Sciences, pp. 3005–3014, 2000.