Hierarchical agentbased secure and reliable multicast in wireless
Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung
Introduction to Wireless Mesh Networks ● Wireless Mesh Networks (WMN) is a cost effective “last mile” tech generally consisting of wireless mesh routers (MR), these form the backbone of the network o mesh clients (MC) o gateways for Internet connectivity o
Intro (cont) Group communication in WMNs have a problem of supporting secure and reliable mobile multicast The paper proposes an efficient algorithm called hierarchical agent-based secure and reliable multicast (HASRM) in order to mitigate this
HASRM requirements ● Only authenticated users interface with the multicast group ● Provide forward and backward secrecy ● Must guarantee delivery of packets ● Must support mobile multicast even when they move and change locations / different (MR) areas
Integrated mobility, and multicast service management ● The system was designed because: User mobility can have a significant impact on multicast service management o Performance optimization around egocentric multicast service management may lead to excessive overhead when users are mobile. o Minimizing network cost has significant fringe benefits in regards to the rest of the system o
HASRM Organization ● Multicast Agents (MA) an MA is also mesh routers (MR) responsible for rekeying and group membership management o registers integrated mobility and multicast server management capabilities across other MAs o dynamically determines optimal regional service size in order to reduce over network cost o o
SPN modeling ● SPN is used here to analyze performance Focuses on the key parameters in HASRM Under optimal settings outperforms traditional shortest-path multicast algorithms o Also used to model previous work in order to compare results § Including Se. Gr. OM (Secure Group Overlay Multicast), and the paper which this work is extended from o o
Assumptions and design goals ● A multicast group member may join or leave a group at arbitrary times. ● Group members join and leave events can be modeled by a Poisson process with rates of �� and �� , respectively. ● There is a p probability of packet loss o It assures packet transmission through a NAK-based retransmission scheme
HASRM structure ● Two-levels o Upper level is a backbone multicast tree connecting mesh routers that serve as agents § Tree is updated whenever there is a leave or join event § Tree maintains a list of all routers serving as agents § An agent services a particular multicast group o The lower level / local multicast group and its associated MA § A single MA may contain several MRs § The regional service size is a key parameter with a tradeoff of packet delivery cost and managerial cost § The optimal regional service can be modeled with the optimal threshold of the number of hops a member can be away from its MA ● Referenced Hoptimal ● Non-optimal threshold is referenced by H
Secure Key Management ● Members and MAs share a secret key Ku o o Established through Diffie-Hellman Changed when transitioning to a new MA
MA Join ● Steps when a MA joins the backbone Old group key, Kg is discard New key, K’g is generated by hashing the original key. (i. e. ) K’g = h(Kg) o Source sends K’g to the newly joined using public key encryption o o
MA Leave ● Steps when an MA leaves the backbone Kg needs to be updated by using the key tree approach o Distributes key through PKI to all MAs excluding the one leaving via rekey messages o
Reliable multicast data delivery ● Straight Forward Procedure source encrypts the packet using Kg disseminates the encrypted packet to the subgroups MA through the tree o Each MA decrypts the packet using KG o MA re-encrypts packet with Ku, sends to each group member o Member decrypts using Ku o o
Packet Loss ● ● When loss is detected from a member o negative acknowledgement (NAK) is sent to MA sends the missing packet to member o After a period of time MA discards packets When loss is detected from backbone (via seq num) two options are available o Source multicasts the packet to all MAs o Source sends packet to all MAs who exhibit the loss
Packet Loss (cont) ● Local (Lower) layer uses unicast because Using multicast in a wireless environment can be very costly in a multicast scenario o Eliminates the need for multicast tree maintenance at lower levels o In contrast to using multicast, error correction requires significantly less overhead when dealing with many members o
Dynamic group membership management(1/5) Member join *MC selects a serving MR *MC -MR communication:
Dynamic group membership management(2/5) Member join: MC executes DH protocol & generates a new Ku
Dynamic group membership management(3/5) Member Leave Request Leave Acknowledgement MA: ● forwards the leave to the source ● removes itself from the backbone if no other client is serviced The source: ● updates the backbone multicast tree ● sends MA the acknowledgement
Dynamic group membership management(4/5)
Dynamic group membership management(5/5) Mobility Management NEW MR not MA, ● but member of the OLD MA region =>member reports a location update ● not member of the OLD MA serving region=> NEW MR sends join request to backbone multicast tree => become an MA IF NEW MR is MA =>member switches & starts receiving multicast packages ● MC executes DH protocol and generates a new Ku
Performance Model(1/3) Mobility Rate (σ) 2 dim n x n wireless mesh w/wrap around The average unicast path length Markov Chain Model M/M/∞/M (1) P - probability of not 0 servicing any member P 1 - probability that MR services one member
Performance Model (2/3) H is the distance threshold avg #MRs covered = 2 H 2 -2 H+1 2: For any MR and MA 3: 0 Probability MA services exactly one member 4: K multicast scaling factor 5: Leaves on the multicast tree (MAs)
Performance Model (3/3) 6: #MRs on the tree 7: Probability that a multicast data packet is delivered to a member H hops away 8: Expected number of retransmissions to a member H hops away 9: Expected hop distance (average length of paths from south to MA) 10: Probability that a multicast packet is successfully transmitted from source to an MA L hops away 11: Expected number of retransmissions to disseminate a packet to an MA
Markov Chain
SPN Model for HASRM ● SPN for describing a single group member o Token = a location change o Move = the event of member movement o if NEW MR is: MA => transition probability P 1 =1 -PMA just MR => 1. transition probability P = P 2 MA 2. the member reports its new location to its MA(trans. MC 2 MA) 3. MR becomes MA => Reset o After each MC 2 MA, a token is placed into Hops o When mark(Hops)=H => transition Join is fried. Firing “Join” resets hops from MA to zero
SPN Model *mark(P) : number of tokens in place P
Costs Cost : = total #hops Cs = C S 1 + C S 2 CS 1 : initial multicast and retransmissions to all MAs CS 2 : Weighted cost for retransmissions from MA to a group member Cm : Cost of mobility management (15) Cost for security management when leaving or joining a tree (16) Cost for a member to create a new key (17): Cost per leave event (18): Total cost of all operations ● ●
Performance Evaluation
Service to Mobility Ratio ● SMR = λp / σ ● The average number of the multicast data packets transmitted from the source to a group member during the interval between two serving MR changes of the group number. ● It captures the service and mobility characteristics of group members.
Multicast group size and network size
γ = M / n 2 γ: Member Population Density
HASRM Can Adapt to Changes in γ
p, the Loss Probability of Wireless Link
HASRM vs. HASRM-S (S: Static) *Let H = 4 for HASRM-S
HASRM vs. HASRM-S (cont. )
Comparison: HARSM vs. SPT ● Comparison of HASRM and traditional multicast algorithms based on shortest-path tree (SPT) ● the moderate γ ● The total communication cost is per member per time unit metric
HARSM vs. SPT (cont. ) ● When p is high, SPT performs poorly.
Comparison: HASRM vs. Se. Gr. OM ● Secure Group Overlay Multicast ● hierarchical decentralized multicast Algorithm ● Se. Gr. OM Selects a coordinator for each subgroup of group members connected to the same MR. ● Coordinators are similar to MAs. ● The service area of a coordinator is exactly the coverage area of an MR.
HASRM vs. Se. Gr. OM (cont. ) ● The total communication cost is per member per time unit metric
HASRM vs. Se. Gr. OM (cont. ) ● When SMR is small (i. e. , the mobility rate is high), the figure shows that HASRM copes well with high group member mobility.
Conclusion ● HASRM minimizes the overall communication cost. ● Dynamically maintains MAs. ● Dynamically determines optimal regional service size HOptimal.
- Slides: 43