Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung.

Hierarchical agent-based secure and reliable multicast in wireless mesh

networks

Yinan LI, Ing-Ray Chen

Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung

Introduction to Wireless Mesh Networks

● Wireless Mesh Networks (WMN) is a cost effective “last mile” tech generally consisting ofo wireless mesh routers (MR), these form the

backbone of the networko mesh clients (MC)o gateways for Internet connectivity

Intro (cont)

Group communication in WMNs have a problem of supporting secure and reliable mobile multicast The paper proposes an efficient algorithm called hierarchical agent-based secure and reliable multicast (HASRM) in order to mitigate this

HASRM requirements

● Only authenticated users interface with the multicast group

● Provide forward and backward secrecy● Must guarantee delivery of packets● Must support mobile multicast even

when they move and change locations / different (MR) areas

Integrated mobility, and multicast service management

● The system was designed because:o User mobility can have a significant impact on

multicast service managemento Performance optimization around egocentric

multicast service management may lead to excessive overhead when users are mobile.

o Minimizing network cost has significant fringe benefits in regards to the rest of the system

HASRM Organization

● Multicast Agents (MA) o an MA is also mesh routers (MR) o responsible for rekeying and group

membership managemento registers integrated mobility and multicast

server management capabilities across other MAs

o dynamically determines optimal regional service size in order to reduce over network cost

SPN modeling

● SPN is used here to analyze performanceo Focuses on the key parameters in HASRMo Under optimal settings outperforms traditional

shortest-path multicast algorithmso Also used to model previous work in order to

compare results Including SeGrOM (Secure Group Overlay

Multicast), and the paper which this work is extended from

Assumptions and design goals

● A multicast group member may join or leave a group at arbitrary times.

● Group members join and leave events can be modeled by a Poisson process with rates of and , respectively.𝝀 𝞵

● There is a p probability of packet loss o It assures packet transmission through a NAK-

based retransmission scheme

HASRM structure● Two-levels

o Upper level is a backbone multicast tree connecting mesh routers that serve as agents

Tree is updated whenever there is a leave or join event Tree maintains a list of all routers serving as agents An agent services a particular multicast group

o The lower level / local multicast group and its associated MA A single MA may contain several MRs The regional service size is a key parameter with a tradeoff of packet

delivery cost and managerial cost The optimal regional service can be modeled with the optimal threshold

of the number of hops a member can be away from its MA● Referenced Hoptimal● Non-optimal threshold is referenced by H

Secure Key Management

● Members and MAs share a secret key Kuo Established through Diffie-Hellmano Changed when transitioning to a new MA

MA Join

● Steps when a MA joins the backboneo Old group key, Kg is discardo New key, K’g is generated by hashing the

original key. (i.e.) K’g = h(Kg)o Source sends K’g to the newly joined using

public key encryption

MA Leave

● Steps when an MA leaves the backboneo Kg needs to be updated by using the key tree

approach o Distributes key through PKI to all MAs

excluding the one leaving via rekey messages

Reliable multicast data delivery

● Straight Forward Procedureo source encrypts the packet using Kgo disseminates the encrypted packet to the

subgroups MA through the treeo Each MA decrypts the packet using KGo MA re-encrypts packet with Ku, sends to each

group membero Member decrypts using Ku

Packet Loss● When loss is detected from a

membero negative acknowledgement

(NAK) is sent to MAo MA sends the missing packet to

member o After a period of time MA

discards packets● When loss is detected from

backbone (via seq num) two options are availableo Source multicasts the packet to

all MAso Source sends packet to all MAs

who exhibit the loss

Packet Loss (cont)

● Local (Lower) layer uses unicast becauseo Using multicast in a wireless environment can

be very costly in a multicast scenarioo Eliminates the need for multicast tree

maintenance at lower levelso In contrast to using multicast, error correction

requires significantly less overhead when dealing with many members

Dynamic group membership management(1/5)

Member join*MC selects a serving MR*MC -MR communication:

Dynamic group membership management(2/5)

Member join:MC executes DH protocol & generates a new Ku

Dynamic group membership management(3/5)

Member Leave

MA:● forwards the leave to the source● removes itself from the backbone if no other client is

servicedThe source: ● updates the backbone multicast tree ● sends MA the acknowledgement

Leave Request

Leave Acknowledgement

Dynamic group membership management(4/5)

Dynamic group membership management(5/5)

Mobility ManagementNEW MR not MA, ● but member of the OLD MA region

=>member reports a location update● not member of the OLD MA serving region=> NEW MR sends join

request to backbone multicast tree => become an MAIF NEW MR is MA =>member switches & starts receiving multicast packages

● MC executes DH protocol and generates a new Ku

Performance Model(1/3)

Mobility Rate (σ) 2dim n x n wireless mesh w/wrap aroundThe average unicast path length Markov Chain Model M/M/∞/M(1) P0- probability of not servicing any member

P1- probability that MR services one member

Performance Model (2/3)

H is the distance thresholdavg #MRs covered = 2H2 -2H+12: For any MR and MA

3: 0Probability MA services exactly one member4: K multicast scaling factor5: Leaves on the multicast tree (MAs)

Performance Model (3/3)6: #MRs on the tree7: Probability that a multicast data packet is delivered to a member H hops away8: Expected number of retransmissions to a member H hops away9: Expected hop distance (average length of paths from south to MA)10: Probability that a multicast packet is successfully transmitted from source to an MA L hops away11: Expected number of retransmissions to disseminate a packet to an MA

Markov Chain

SPN Model for HASRM

● SPN for describing a single group membero Token = a location changeo Move = the event of member movemento if NEW MR is: MA => transition probability P1 =1-PMA

just MR => 1.transition probability P2 = PMA

2.the member reports its new location to its MA(trans. MC2MA)

3. MR becomes MA => Reseto After each MC2MA, a token is placed into Hopso When mark(Hops)=H => transition Join is fried. Firing

“Join” resets hops from MA to zero

SPN Model

*mark(P) : number of tokens in place P

Costs● Cost := total #hops● Cs = CS

1 + CS2

CS1 : initial multicast and retransmissions to

all MAsCS

2 : Weighted cost for retransmissions from MA to a group memberCm : Cost of mobility management(15) Cost for security management when leaving or joining a tree(16) Cost for a member to create a new key(17): Cost per leave event(18): Total cost of all operations

Performance Evaluation

Service to Mobility Ratio

● SMR = λp / σ● The average number of the multicast

data packets transmitted from the source to a group member during the interval between two serving MR changes of the group number.

● It captures the service and mobility characteristics of group members.

Multicast group size and network size

γ = M / n2 γ: Member Population Density

HASRM Can Adapt to Changes in γ

p, the Loss Probability of Wireless Link

HASRM vs. HASRM-S (S: Static)

*Let H = 4 for HASRM-S

HASRM vs. HASRM-S (cont.)

Comparison: HARSM vs. SPT

● Comparison of HASRM and traditional multicast algorithms based on shortest-path tree (SPT)● the moderate γ● The total communication cost is per member per time unit metric

HARSM vs. SPT (cont.)

● When p is high,SPT performs poorly.

Comparison: HASRM vs. SeGrOM

● Secure Group Overlay Multicast ● hierarchical decentralized multicast

Algorithm● SeGrOM Selects a coordinator for each

subgroup of group members connected to the same MR.

● Coordinators are similar to MAs.● The service area of a coordinator is

exactly the coverage area of an MR.

HASRM vs. SeGrOM (cont.)

● The total communication cost is per member per time unit metric

HASRM vs. SeGrOM (cont.)

● When SMR is small(i.e., the mobility rate is high),the figure shows that HASRM copes well with high group membermobility.

Conclusion

● HASRM minimizes the overall communication cost.

● Dynamically maintains MAs.● Dynamically determines optimal

regional service size HOptimal.