1 Performance Optimization of Region-Based Group Key Management in Mobile Ad Hoc Networks -...

1

Performance Optimization of Region-Based Group Key Management in Mobile Ad Hoc

Networks- Presentation by Scott Stewart, Arun Sudhir, and Morgan Yeh -

Authors include Jin-Hee Cho, Ing-Ray Chen, Ding-Chau Wang

2

Overview

Introduction Related Work and Information Terminology and Background Performance Model and Analysis Example at Work Summary and Conclusion

Introduction

Security Information transferNode integrity

CommunicationsNode interactions

Wireless / MobileReliability

Introduction

PKI – Public Key Infrastructure Confidentiality Integrity

Message integrity Authentication (not authorization) Non-repudiation

The ability to prevent a user from refuting their self-identity or transaction

Rekeying To change the value of a cryptographic key that is being used in

an application of a cryptographic system

Introduction

Mobile Ad Hoc Network (MANET)Rapidly deployable, but …Constrained resources (CPU, memory,

battery, bandwidth)Unreliable communicationFrequent network topology changes due to

node mobility

Introduction

Group key group members share a secret key

Backward secrecy Group key rekeyed New members cannot decrypt previous messages

Forward secrecy Group key rekeyed Members leaving cannot decrypt future

communications

Introduction

Group key management protocolAn algorithm that deals with the distribution,

updating, and revocation of group keysSome sort of certificate management system

ProblemMany existing group key management

protocols do not consider node mobility

Introduction

Proposal Region-based group key management protocol

Decentralized control reduce group key management overhead Make protocol scalable to large number of nodes in a group

Focus Security for mobility-induced events (group

partitioning/merging) Optimal setting to maximize performance of system Show that region-based outperforms non-region-

based protocols

Related Work and Information

Group key management Centralized

Uses key controller for key management tasks Not suitable for MANETs

Decentralized Divides a group into subgroups

Distributed No group key controller for group key management Contributory group key generation by all members


IGKMP (Hardjono et al. and Zhang et al.) Intra-domain Group Key Management Protocol Suitable for wired networks, not MANETs

HYDRA (Rafaeli et al.) Decentralized Based on use of multiple groups controllers in a region

DEP (Dondeti et al.) Dual Encryption Protocol Decentralized Multiple subgroup controllers


Existing works Considers hierarchical clustering for grouping nodes

into clusters Scalability Efficiency

Two-layer hierarchical key management structure (Rhee et al.)

Secure communications, used by UAVs Many other researches, but many lack

maximized system performance identifiers and proofs


Assumptions Nodes are equipped with GPS Nodes self-organize and group themselves into

region-based subgroups Saves energy by avoiding executing clustering algorithms

Derivation Based off of IGKMP Adopt distributed key management within each region

Robustness, avoid singling out a particular node to act as key controller


Distributed key management research GDH

Group Diffie-Hellman Octopus (Becker and Wille)

Based on DH (Diffie-Hellman) key exchange protocol LKH

Logical Key Hierarchy DLKH (Rodeh et al.)

Distributed LKH DOFT

Distributed One-way Function Tree Many known research incur high communication overheads


Goals Robustness without sacrificing efficiency Utilize any known distributed key management

schemes Identify the optimal region size to minimize network

traffic incurred by key management operations and mobility-induced events in MANETs

Optimal region size determined by GDH To be shown …

Terminology and Background


KG Group key KRL Leader key KRi Regional key in region i RVi Regional view in region i LV Leader view GV Group view RLi A leader in region i RMi,j A member j in region i



Bootstrapping Key management View management Rekeying protocol


Group member join Group member leave Group member leave by a leader member Boundary crossing by a non-leader member Boundary crossing by a leader member Group member disconnection and reconnection Leader election Group partition Group merge



System model Nodes are randomly

distributed according to a homogeneous spatial Poisson process

Density = λ p

Operational area = A = Π r ^ 2 Average number of nodes = N

= ( λ p ) A

Rate of joining a group = λ Rate of leaving a group = μ Probabilities

Node in any group = λ / (λ+μ) Node not in any group = μ /

(λ+μ)


System model R(n) = 3n^2 + 3n + 1 n = 3, 37 regions n = 2, 19 regions n = 1, 7 regions Total number of

regional boundary edges = 6*R(n)

Total number of outward boundary edges = 12n+6


System model Mobility rate of a

node, where there is only one region = σ

σn = (2n + 1) σ PRM (n)


Security modelSecrecy (non-repudiation), confidentiality,

integrity, and authenticationGroup key secrecyForward/backward secrecyKey independence


Attack modelUnauthorized access to legitimate accountModify a data package to break data integrity Impersonating a group memberForge packets

Performance Model and Analysis Developed to evaluate network traffic cost Goal is to identify optimal region size

minimizing network traffic Derive a formula given a set of basic

parameter values Cost metric is total network traffic per time

unit

Performance Model and Analysis - Total network traffic per time unit

Incurred in response to group key management events Group merge/partition cost – Cost per time unit for dealing with

group partitioning and merging events Re-keying the group key Updating the group view

Regional mobility cost – Network response to mobility-induced regional boundary crossing events

Group join/leave cost – Cost for handling group join or leave events Includes cost caused by connection/disconnection events by group

members Periodic Beaconing Cost – Maintaining view consistency by all

members through periodic beaconing “I am alive”, “I-am-a-new-leader”

Performance Model and Analysis - State

Magnitude of cost depends on number of groups Find average cost for the system in steady-state

probabilities for number of groups Birth-death process used Each state i represents i partitioned groups with

merging and partitioning rates

Cost for group merging and partitioning Ĉmp,i

Cost for group partition - Ĉpartition,i

Product of group-partitioning rate (λnp,i) and cost per group partitioning event (Cnp,i)

Cnp,i covers 4 costs – Defined later Cintra is cost for intra-region re-key & view update (explained later) Cinter,i is cost for inter-region re-key & leader view update (later) Cgroup,i is cost for group re-key and group view update (later)

is cost for a leader to change groups

is number of partitioned regions; r is radius of area; s is radius of region

Cost for group merge - Ĉmerge,i

Product of group-merging rate (μnm,i) and cost per group merging event (Cnm,i)

Cnm,i covers same 4 costs as Cnp,i

Only pertains to single merged group is number of merged regions, similar to

Final equation for group merge/partition

Cost for regional boundary crossing - Ĉmobility,i

Traffic cost per time unit due to a regional boundary event

while the system has i groups Two factors: Leader & Non-Leader Mobility

Λm is the aggregate regional mobility by nodes in the

system, given by σn × N

Cost for non-leader regional boundary crossing -

Pnonleader is probability of a node being non-leader

Pnonleader = (N – Nleader)/N N is total number of nodes in system

Nleader is total number of leaders in system

Cintra is cost for intra-region re-key & view update

is cost for updating a regional view

is cost for re-keying a regional key Hregion is number of hops within a region; s is radius of region; R is wireless per-hop radio range

Cost for leader regional boundary crossing

Pleader is probability of a node being leader

Pleader = R(n)/N R(n) is the total number of regions in the system N is total number of nodes in system

Cinter,i is cost for inter-region communications

is cost for updating the leader view in a group

is cost for re-keying the leader key in a group Hleader,i is number of hops among leaders

Radius of group approximated by r/√i

Cost for leader regional boundary crossing

Composed of four costs

Outgoing leader broadcasts two intent-to-leave messages to

regional members and other leaders Incoming leader broadcast two “I-am-a-new-leader” messages to

its regional members and other leaders

Final equation for cost of regional boundary crossing

Cost for group join/leave - Ĉjoin/leave,i

Ĉjoin/leave,i = ΛJ × Cjoin,i + ΛL × Cleave,i

Cjoin,i is group join cost for i groups

Cleave,i is group leave cost for i groups

ΛJ and ΛL aggregate join/leave rates

Cost for group join - Ĉjoin,i

Regional update and group update

Ĉjoin,i = Cintra + Cgroup,i

Cintra is cost for intra-region re-key & view update

is number of bits required in a broadcast messages for updating the group view for the leaders

is number of bits for updating the group view for members in a region

is number of bits for re-keying the group key for members in a region

Nregion, i is the number of regions in a group: R(n)/i

Cost for group leave - Ĉleave,i

Non-member leave and member-leave

Pleader & Pnon-leader are probabilities of a node being a leader or non-leader

Cintra is cost for intra-region re-key & view update Cinter,i is cost for inter-region re-key & leader view update is cost for a leader to change groups

Cost for beaconing - Ĉbeacon,i

Includes cost in two levels Intra-regional among region members for region view Inter-regional among leaders for leader view

Ĉbeacon,i = [ΛRB × Malive × Hregion] + [ΛLB × Malive × Hleader,i]

Malive is number of bits in beacon message

Hregion is number of hops between a regional leader and a regional

member

Hleader,i is number of hops among leaders in a group when there are

i groups

Cost for beaconing - Ĉbeacon,i

Ĉbeacon,i = [ΛRB × Malive × Hregion] + [ΛLB × Malive × Hleader,i]

ΛRB is overall beacon rate in the system by all members

at the intra-regional level

ΛLB is overall beacon rate in the system by all leaders at

the inter-regional level

Obtained my multiplying beaconing intervals (TRB, TLB) by

the number of members and leaders, respectively

Region-based key agreement protocol: Region-based key agreement protocol: An exampleAn example

GDH.3

- fixed size messages

- constant number of exponentiation operations by each participant

- ideally suited for mobile devices with low computational capabilities

Parameterizing intra-regional communication cost based on GDH.3Parameterizing intra-regional communication cost based on GDH.3

Consider a region:

Each participant shares a common base α and keeps its secret share Ni.

Stage 1: Upflow: Collect contributions from M1 to M

m-1

Contribution to C rekey

: 1 * v ( N region

– 2 )intra members



: H region

* vintra

Stage 2: Broadcast from Mm-1


Stage 3: Unicasts from Mi


: Hregion

* v ( Nregion




: Hregion

* v ( Nregion


Stage 4: Broadcast from Mm


GDH: New member join scenario

M m+1

joins the group.

Stage 1: Unicast from Mm+1

Stage 2: Broadcast from Mm

In the event of a member leaving, only the above stage is executed.

If Mm leaves, M

m-1 distributes the subkeys.

Parameterizing inter-regional communication cost based on GDH.3Parameterizing inter-regional communication cost based on GDH.3

Stages are the same as in the regional case.

Assuming i groups, for any of the i groups, we have:

Stage 1:unicast

Contribution to C rekey,i

: Hleader

* v ( Nregion,i

– 2 )inter


: Hleader,i

* vinter


: Hleader,i

* v inter stage3(GDH)


: Hleader,i

* v ( Nregion,i

– 1 )inter

stage1(GDH)

Stage 2: broadcast

Stage 4: broadcast

Stage 3: unicast

Where..

Hleader,i

= r/ (R√i )

Hleader

= 2s / R

Hleader,i

=

stage1(GDH)

stage3(GDH)

Parameterizing the per-group merging/partitioning rates at state i.Parameterizing the per-group merging/partitioning rates at state i.

A simulation of the model is run.

Number of merging and partitioning events during time T are collected.

Si - Sojourn time that the system is in state i.

Nnm,i

– number of merging events when there are i groups

Nnp,i

– number of merging events when there are i groups

Merging rate: μnm,i

= Nnm,i

/ Si

Partitioning rate: λnm,i

= Nnp,i

/ Si

Simulation results – Group merging rateSimulation results – Group merging rate

Simulation results – Group partitioning rateSimulation results – Group partitioning rate

NUMERICAL ANALYSISNUMERICAL ANALYSIS

Overall cost (CÔverall cost (Cˆtotaltotal) vs. number of regions (N) vs. number of regions (N

regionregion) as a function of mobility rate (σ)) as a function of mobility rate (σ)

Overall cost (COverall cost (Ctotaltotal) in no region vs. in 37 regions as a function of mobility rate (σ)) in no region vs. in 37 regions as a function of mobility rate (σ)

Breakdown of CˆBreakdown of Cˆmobilitymobility,Cˆ,Cˆ

join/leavejoin/leave,Cˆ,Cˆbeaconbeacon, and Cˆ, and Cˆ

mpmp vs. number of regions (N vs. number of regions (Nregionregion).).

CˆCˆmobilitymobility,Cˆ,Cˆ

join/leavejoin/leave,Cˆ,Cˆbeaconbeacon, and Cˆ, and Cˆ

mpmp under no region vs. under optimal region size. under no region vs. under optimal region size.

Overall cost (CÔverall cost (Cˆtotaltotal) vs. number of regions (N) vs. number of regions (N

regionregion) as a function of node density (λ) as a function of node density (λpp).).

Overall cost (CÔverall cost (Cˆtotaltotal) under no region vs. under optimal region size as a function of node density (λ) under no region vs. under optimal region size as a function of node density (λ

pp))

Overall cost (CÔverall cost (Cˆtotaltotal) vs. number of regions N) vs. number of regions N

regionregion as a function of λ:μ as a function of λ:μ

λ:μ – Group join/ Group leave

Overall cost (CÔverall cost (Cˆtotaltotal) under no region vs. under optimal region size as a function of ) under no region vs. under optimal region size as a function of λλ:μ:μ

λ:μ – Group join/ Group leave

SIMULATION USING SMPLSIMULATION USING SMPL

SIMULATION USING SMPLSIMULATION USING SMPL

Node lifecycle events: GROUP JOIN, GROUP LEAVE, BEACON, MOBILITYGROUP MERGE, GROUP PARTITION

Mobility is modeled by Random Waypoint Mobility (RWM)

S(σ) = 2r / expntl(1/σ) r – MANET area radius, expntl(1/σ) -random distribution with mean σ.

GROUP JOIN and GROUP LEAVE are assumed to be markovian with ratesλ and μ respectively. BEACONs are periodic

Batch Mean Analysis is used with 10 batches; each batch having 200,000 observations.

Results are obtained with 95% confidence and 10% accuracy level from the true mean. Also, the first 200 values of the first batch are discarded.

SIMULATION RESULT:SIMULATION RESULT:Overall cost (CÔverall cost (Cˆ

totaltotal) vs. number of regions (N) vs. number of regions (Nregionregion) as a function of node density (λ) as a function of node density (λ

pp).).

SIMULATION vs ANALYSISSIMULATION vs ANALYSIS

Curves bear a very close resemblance

The slight difference is due to using RWM for mobility rates in simulation.

Also, the analysis uses mathematical equations while the simulation keeps track of each node's location to calculate the hops.

SUMMARYSUMMARY

A scalable and efficient region-based secure group key management protocol to support secure group communications in MANETs.

Reduces network communication costs, but also provides robust security properties.

The optimal region size minimises overall network traffic and is a trade-off betweenintra and inter regional overheads

Its also dependent on system parameters like node density, mobility rate and the group join and leave rates.

FUTURE WORKFUTURE WORK

Consider energy consumption issues

Consider insider attacks and intrusion detection

Questions or Comments?Questions or Comments?

Date post:	21-Jan-2016
Category:	Documents
Upload:	barnaby-hubbard
View:	215 times
Download:	0 times

1 Performance Optimization of Region-Based Group Key Management in Mobile Ad Hoc Networks -...

Documents