Cross Layer Design in Wireless Ad Hoc Networks with Multiple Antennas
A Cross-Layer Key Management Scheme in Ad Hoc Network
-
Upload
shanmugkit -
Category
Documents
-
view
221 -
download
0
Transcript of A Cross-Layer Key Management Scheme in Ad Hoc Network
-
8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network
1/6
A Cross-Layer key management scheme in Ad hoc network
Zeng-Ping
Department of Communication EngineeringBeijing Electronic Science and Technology Institute
Beijing, China, [email protected]
Yang-Yatao
Department of Communication Engineering
Beijing Electronic Science and Technology Institute
Beijing, China, 100070
Hu-Ronglei
Department of Communication EngineeringBeijing Electronic Science and Technology Institute
Beijing, China, [email protected]
Song-Jie
Department of Communication Engineering
Beijing Electronic Science and Technology Institute
Beijing, China, 100070
Abstract: Wireless Ad hoc network is vulnerable to various
security threats and key management is one important means
to solve security problems of Ad hoc network. But the higher
the security of key management mechanisms, the easier toconsume more energy and network resources. An cross-layer
key management model is proposed to resolve the questions
due to the shortage of network resources and energy, both
think of network security and network performance factors.
The constraint conditions of each layer include providing the
network performance parameters, network security and
network requirements. On the basis of this model, a cross-layer
key management scheme is given based on threshold
cryptography. In key update process of the scheme, the
function of each layer involved in the update was clearly. The
algorithms and the exchange of the node to authenticate the
complexity may be caused by a decline in network, the network
performance would ultimately lead to failure of the key
updates or updated key information in an accurate
Transmission of information that exist in the high bit error
rates. Scheme analysis shows that the scheme is suitable for
wireless Ad hoc network.
Keywords: Ad hoc network, cross-layer key management;
threshold cryptography
I. INTRODUCTIONAs the characteristics of the Ad hoc network its
security problems are more difficult than traditional wireless
networks, based on the security problem, Note Key
Managementhas became a hotspot research topic.
And now, the study of key management scheme uses a
hierarchical structure mostly. The resolution of IDBS(Identity Based public key System) is an important part of
Ad hoc network Key Management Schemes. One of the
pioneers is Shamir[1], who first proposed Identity-basedcryptography system. A more recent work is carried out by
Bnoeh and Franklin in the reference [2], who introduces the
first practical identity based on security encryption scheme.Compared with original intention of Shamirs, identity
based on cryptography system reduced the cost of certificate
management in the certificated encryption management
system. In this system, each user has an identity, such as
email, telephone number and IP address. User's public key
of his own identity can be got by anybody while his private
key was generated by KDC (Key Distribution Center) orPKG (private key generator). There is no doubt that this
cryptography system has so many advantages.
Cross-layer solutions are becoming less promising anddue to the limitation of scalability, gathering of the
controlling information and implementation complexity. It
is essential to deal with information exchange timely and
accurate using distributed solutions for these delay-sensitive
applications. The advantages of cross-layer design are not
only to improve the performance of a system but also candecline energy loss, improving operates speed.
Because of the limited resources of the character in
Adhoc network, its design of the key management schemecauses the additional energy consumption, communication
and calculation. Which should be considerate primary,
therefore, the security of a cross-layer approach to the
design to Ad hoc network is particularly necessary. This
paper proposes a cross-layer key management scheme forsolving in the process of the key updating due to the
complexity of the algorithm and node authentication traffic.
This may result in network performance declining comparedwith before, finally ultimately lead to the failure of the key
issues and high bit-error-rate problems which generated by
key updating information in an accurate transmission.
The rest of this paper is organized as follows. In
section II, key management schemes, cross-layer design inAd hoc network are briefly described. In section III, a new
cross-layer threshold based on distributed CA key
management Scheme is introduced. In section IV, the
security and performance of our scheme are analyzed.
II. RELATED WORKSAd hoc network of cross-layer design is a relatively
new research topic. The current articles are not many. Butthe key of the discussion always focused on optimization of
2010 2nd International Conference on Signal Processing Systems (ICSPS)
V1-132978-1-4244-6893-5/$26.00 2010 IEEEC
-
8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network
2/6
a conduct objective which is generally single at the
traditional layers [3]. Literature [4] studied on the design of
the physical layer and MAC layer cross-layer, the
optimization goal is important in the respect of routing
protocols. Literature [5] focuses on the effective integrationof physical layer, MAC layer and network layer. The
emphasis of study is channel estimation and location
information. The optimization goal is wireless bandwidth.Literature [6] focuses on the cross-layer design of MAC
layer and network layer to realize differential service
targets. Literature [7] discussed the entire stack protocol in
the cross-layer design, but paying more attention on the
power efficiency. Literature [8] studies on transmitting fromapplication layer to the link layers under constraints
condition of delay, so that link layer can determine the
packet priority. Literature [9] solves the congestion problems of wireless network designing a cross-layer
congestion avoidance mode which collects the capacity
information of each layer such as bandwidth, link
propagation delay and so on at the transport layer. Transport
layer which gets capacity information from lower layeradjusts the output of the data stream, and then the networkcongestion will be avoided. To satisfy the translating of
real-time video streaming, Literature [10] adopts to the
cross-layer design, throwing the load information from thenetwork layer to the transport layer and data link layer,
while the capacity information of the data link layer is
transmitted to the network layer and transport layer.
Cross-layer will be applied to the key management
scheme. Their related researches are very few. Based onpre-distribution random key management scheme, Literature
[11] puts the hopping frequency parameters of the physical
layer and encryption key of application-layer into a unified
framework. According to the security demands of theservice level, the sender adopts random hopping frequency
parameter for encryption or selecting encryption key, or
both. Literature [12] introduces an infinite multicast based
on Cross-layer key management scheme, which involves thetransport efficiency of physical layer, multicast routing tree
of network layer and the final optimization objectives. It is
established that a high energy-efficient key distribution
scheme in application layer. Self-Adaptive design can beconsidered in key management program, the security level,
congestion and residual energy also considered. The core is
constraint conditions derived to optimize object from each-
layer.
III. PROPOSED SCHEMEA. threshold-Based Distributed CA Key Management
Scheme
In this paper, we use threshold theory based onDistributed CA Key Management Scheme. The design
thoughts are as follows: Lidong Zhou and Zygmunt J. Haas
propose algorithms based on threshold theory cryptographyto achieve distributed CA carrying out key management [13].
It is so-called (n, k) threshold cryptography. The algorithm
uses the characteristics of threshold cryptography,
concentrating network initialization. Its private key of
network is divided into n copies specifying the n nodes,
which n nodes act as a single distributed CA. When the CAneeds publish certificate, arbitrary k nodes of this n notes
co-generate a valid certificate. When a new node joins the
network, these n nodes can make the certificate applicationusing any of the k nodes, each node return to the signatures
certificate, together formed a complete certificate. In order
to prevent attacking on mobile adversaries, the node which
have been attacked by the enemy move to the next nodes, it
can break a lot of nodes as the time going, even up to knodes. By this it can be shared updating algorithm
periodically, that is, new n copies are generated from the old
n copies of the private key. Though the new private key isindependent of the old private key, so as long as obtain the
right updating cycle, you can attack against mobile
adversaries.
B.
detail schemeWe use (n, t +1) threshold cryptography design
generating n copies of (S1, S2, , Sn) based on the k copies
key of the management services. Each server share one copy
and use the key shared generated part of the signatures and
then submitted to a combiner. As long as there are T
+1correct part of the signatures, combiner will be able tofully calculate the correct signature. Figure 1 shows that the
server use the (3,2) threshold cryptography designed to
produce signatures: Given a server consisting of threeservers, setting K / k is the public /private key pair of the
serve. Using the design of (3,2) threshold cryptography, put
the k keys divided into three parts. Each server I will get a
si. For a message M, the server I can use the S generatingparts of the signatures PS (M, si). Normal servers 1 and 3
could produce part of the signatures and send it to thecombiner C. Even if the server 2 has failed to submit part of
the signatures, combination server C can still generate the
message M's signature using service key k.
Figure 1. the signature of threshold K / k
In order to adapt to changes in the structure of their
own networks and the uncertainty of the enemy, we havealso used the key updating for the design of active defense.
Active defense is designed for mobile enemy (originally
proposed by Ostrovsky and Yung, mainly describe that the
enemy attacks on the server in the form of a virus attacks
network) concerned. It uses shared updating technology thatcollaborate in case of exposing the key services to any
server, if not, the server could calculate the new key copies
2010 2nd International Conference on Signal Processing Systems (ICSPS)
V1-133
-
8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network
3/6
according to the old one and re-form sharing service private
key(n, t +1). After the updating, the server generates part of
the signatures using new sharing copies. As the new shares
is independent of the old, the enemy can not calculate the
key binding the ways on the share copies of old and new, but the enemy is also possible to attack the t +1 servers
successfully in the cycle of updating. Share updating
technology has the following nature. If (S1, S2, S3, , Sn) is
a (n, t +1) structure to the sharing of the k1, (S1 ', S2', S3 ',
, Sn') is a (n, t +1) structure to the sharing of k2, then (S1 +
S1 ', S2 + S2', S3 + S3 ', , Sn + Sn') is a structure (n, t +1)
to the sharing of k1 + k2. Given n servers, (S1, S2, S3, ,
Sn) is a (n, t +1) structure to the sharing of key managementservice key k, server of the copy i corresponding sub-Si.
Assumption that all servers are working, sharing updating
according to the following manner: First, each server
generates an arbitrary (Si1, Si2, Si3, , Sin), we call these
new emerging Sij for sub-component of the server Si(shown in Figure 4.2 the first J columns). Then, each sub-
component Sij is securely transmitted to the server Sj, whenthe server J are (S1j, S2j, S3j, , Snj) (the composition of
Figure 1, the first j rows) it can calculate a new sJ '= Sj +
(S1j + S2j + + Snj) based on these sub-applications, as
well as the original old shared.
In order to allow the server to detect the incorrect sub-
copies, we can use verifiable key sharing design. We use the
non-reversible function to generate additional sub-publicinformation for each copy. Using this information, we can
judge the correctness of the corresponding sub-copies. Share
updating technology could adapt to the changes of the
structure in key management services, for instance, the key
management service of the structure was changed from (n, t
+1) into a (n ', t' +1). If a server is no longer credible, or anew server is added in, the key management service is
necessary to change its structure correspondingly. Forexample, a key management service starting its structure
(7,3), after a period of time a server is attacked, and then
key management service should be revised its structure to
(6,2) automatically. Note that updating did not change the
key pair. It is also certificated nodes using the same publickey in the network.This feature makes the sharing of refresh
for all nodes are transparent, so guaranteed to be scalable.
Figure 2. Sharing the key which have been updated
IV. ACROSS-LAYER KEY MANAGEMENT SCHEMEA. Cross-layer key management model
Firstly, a cross-layer key management model should be
established, as shown in Figure 3. Consideration of network
security and network performance which is guarantied by
QoS comprehensively, it includes the various protocol
layers, multiple parameters of cross-layer key managementmodel. Entity arrow of the diagram indicates that each floor
layer sent parameters of status information which are from
its own layer and related key management to database andthen stored it. The control center remove the data-related
from the database and analysis, afterwards, according to the
results which is analyzed by parameters of the state
information, it send consequential orders to the
corresponding layer (dashed arrows indicates). The layerscorrespondingly adjust the corresponding state according to
the order related key management which ensures the step
correspondingly progressing smoothly.
Figure 3. Cross-layer key management model
B. Key Distribution
To obtain a frequency hopping sequences from Ad hoc
network node, we commonly use the technology of which
monitoring The rate of change of the hopping sequence ingear-box, so we have to ensure the safety of hopping
sequences and change it within a shorter period of time
before the frequency-hopping sequences changed as long asthe enemy was found hopping sequence [11].
In this article we assume that the time of changing the
frequency-hopping sequence is short enough but it is as a
prerequisite that the both sides of the communication couldcomplete the synchronization.
General, frequency hopping parameters include:
Frequency hopping setting: Available frequency valuewithin the available bandwidth
Residence time: Interval of the time between hoppingfrequencies
Hopping frequency pattern: set the order of the hopping
frequency point which was changing.Each node of the Ad hoc network shares the hopping
parameters above together.
The changing order of each hopping frequency node in the
hopping frequency pattern is using random order. Though
2010 2nd International Conference on Signal Processing Systems (ICSPS)
V1-134
-
8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network
4/6
the assumption at beginning of this section, we can see that
point of change in hopping frequency sequence is a secret.
Using the values of the frequency node as a key encryption,
if only guarantee that hopping frequency have been
completed when the enemy monitoring get the value of thefrequency. And then communicate using the next value of
the frequency. At the same time, the initialization process of
the key management has been completed when the enemyobtained the random sequence of the whole changing
frequency node can be.
As mentioned earlier, based on threshold theory of
distributed CA key management scheme, the data is not
encrypted at the transmission proceeding of which the primary key is divided into n copies and distributed to n
random nodes, that is transmit at the channel of insecurity.
Shown in Figure 4, we ensure the security of keydistribution adopting that current frequency value of the key
parameters at the random frequency-hopping between the
sharing physical layers regard as data which is encrypted at
the transmission proceeding of the key distribution.
When the key management program initializes thedistribution key, the application layer will transmit theinformation needed preceding the key distribution transmit
to the database, and then control center get this information,
afterwards inform the physical layer in which will startcross-layer mechanism of the random hopping frequency.
Transmitting parameters of the random frequency-hopping
to the database, the control center gets the database sent to
application layer which encrypted key transmission data
adopted current frequency value of the frequency-hopping
parameter and then transmitted.
Figure 4. Key Distribution
3) Key Renew
Cross layer mechanism which was granted by QoS
(quality of service)Cross-layer design can be summarized as two aspects
of the state and optimization [20]. State includes 5 layers
which various state information from physical layer toapplication layer. For the sake of clarity, it can be
distinguished according to levels, Such as the node position
at the physical layer, movement parameters (such as speed,
direction, etc.), transmission power, hopping frequency, biterror rate , SNR and other state parameters, which can be
expressed as P (var1, var2 ,...). At the link layer, the
bandwidth of the link, the quality of the link, data types, the
number and length of the retransmission data frame,available time information in wireless channel, switching to
launch and completion time, delay, delay jitter, etc., which
can be expressed as L (var1 , var2 ,...). At the network layer,the routing information, address information, mobile
switching information, physical network interfaces which is
currently being used and so on, which can be expressed as N
(var1, var2...). At the transport layer, error control, round-
trip time, retransmission timeout, maximum transmission
unit, the receiver window, congestion window, packet lossrate, the actual throughput, which can be expressed as T
(var1, var2...)? At the application layer, operatingcharacteristics, topology control algorithm, packet loss
statistics, QoS requirements, key algorithm, which can be
expressed as A (var1, var2...)Optimization objective in
this article is to set out the next that is QoS service quality
assurance in the key update phase of the key management,which can be expressed as Q. System constraints, S (var1,
var2 ...) represent that it is the necessary parameters to
ensure that system design does not diffuse, for instance ofthe constraints of adhoc network resources and dynamic
topology. In this way, cross-layer design process can be
expressed using a function as
O = f (P, L, N, T, A, S)
As the network characteristics and the requirements ofwhich people designed the network is various, the function
does not have a fix solution or the form of determined and
can not have, but it gives method how to analysis the problem in the design proceeding of the cross-layer
network. The right side of the formula set out the various
network information which are handled by cross-layer
module and the left shows the optimization goals in the
cross-layer design.
Key Renew
As mentioned earlier, based on threshold theory of
distributed CA key management programs are generallyadopt non-symmetric cryptosystem such as RSA public key
algorithm or key algorithm of the elliptic curve. And this
leads to certification nodes needed a heavy amount of thecomputation and the calculating in the key updating phase
of the nodes. Whereas the Ad hoc network resource
constrained, it likely to cause communication bottlenecks in
process of the key transmission and consultation. Therefore,
the problems are that how to ensure the absolute accuracy of
the key information in the high bit error rate wirelessnetwork also exist. To solve these problems, we use cross-
layer mechanisms which are granted by QoS service quality
optimizing the process of updating the key and reducingdata traffic, consumption of limited resources in the Ad hoc
network and ensuring the accuracy of key information.
In general, the key management algorithm should be
performed at the application layer regarded as a kind ofservice needs, while the key transmission and consultation
2010 2nd International Conference on Signal Processing Systems (ICSPS)
V1-135
-
8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network
5/6
can be viewed as highly demanding service needs of the
QoS. When the key is needed for update, you can use cross-
layer mechanism. The specific process as shown in Figure
4.5, the application layer will transmit information of
needed special QoS service requirements back to thedatabase at the time of the key updating. Control center will
get the information extracted from the database and then
notify the protocol layer; each protocol layer is to start thecorresponding Cross-layer mechanism of the QoS service
quality: the physical layer selection physical network
interface which is relatively safe, efficient to transmit data
that contains the key information; link layer priority hand
the data frame that contains key information, at the sametime using a stronger error correction coding and more re-
transmission times to the data that contains key information
in order to ensure the accuracy and inerrability of keyinformation which send to the destination node and send the
parameter of the link-layer throughput, link connection
status information to the database. Control center sent the
information reflecting of throughput which is provided by
link layer to the application layer, application layer adjustsending speed based on this information, the control centerwill transmit the information reflecting the parameters of
link connection status to the transport layer, transport layer
adjust TCP packet round-trip time (RTT) and retransmissiontimer (RTO)based on this information in order to control the
retransmission mechanism in the link layer to ensure that
key information smoothly transmit to its destination and
when the channel connection is lower they can not be easily
discarded database packet and have sufficient
retransmission times; network layer chooses the best routequickly and securely transmitting the key information to the
destination. Each protocol layer cross-layer that interacts
together ensures the smooth progress of key updates providing QoS service quality assurance which the key
updating required.
Figure 5. Updating of the Key
V. SCHEME ANALYSISFigure 3 Cross-layer model is a theoretical framework,
including its entire protocol layer, involving multiple
parameters. The model proposed that the settings of every
node about parameters database of the key managementinformation which are sent from each layer and the key
management control center as the core model of a whole aresaved, through databases and key management control
centers, each protocol layer is organically linked together,
the model is a basic cross-layer mechanism which could
optimize in a key management program.Figure 4 key distributions is according to theoretical
basis for randomness of the frequency hopping parameters
in the wireless Ad hoc networks, in Figure 4.3, within the
framework of cross-layer model, cross-layer mechanismfrom the physical layer to application layer achieve
encryption key in the phase of key distribution used of
current frequency value through random frequency hopping
parameters.Figure 5 Key update is based on QoS to optimize
objectives of quality service and the key updated as a
special request of the QoS service features in application
layer, as Figure 4.3, within the framework of cross-layermodel for exchange status information, every protocol layer
and other layers exchange status information and according
to these status information from other layer they can adjust
the level of its own state and moves. For this, it would besolved communication bottlenecks in the key update phaseowing to complexity of the algorithm and accurate
transmission in a high bit-error-rate.
In the model above, the key management controlcenter plays a crucial role as a coordinator of intermediary.
Obtaining state information from the database and analyzing
these information, and then determine based on an analysis,
finally sending some instructions from some protocol layer
correspondingly, it can be said, the key management control
center is the heart of the whole model. We need to furtherresearch on the writing of the control center commands
language and making the occupying of storage capacity of
algorithm orders as small as possible, the algorithm is assimple as possible and so on.
VI. CONCLUSIONThe key management scheme of the Ad hoc network
security was researched. Node certification has great
computation and communications, data transmissionchannel is insecurity. At the same time the problem of
higher error rate in wireless network also exists. Focusing
on the issue which mentioned above, a cross-layer key
management scheme based on threshold cryptography is
proposed.
Firstly, a framework structure in cross-layer model is
proposed in which the state information of every layer,characteristics requirements and constraints condition of
interaction are achieved through the supporting of thedatabase and control. In which, as the core of the model, key
management control center played a crucial role; Then, it
has given scheme called threshold based on cross-layer of
distributed CA which describes the proceed of master key
divided n copies distributing n random key management.This scheme solves the security problem distribution of the
transmission in the non-secure channel. Finally we have
2010 2nd International Conference on Signal Processing Systems (ICSPS)
V1-136
-
8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network
6/6
given detailed the model of cross-layer mechanism about
security QoS service quality based on a threshold theory of
distributed key management scheme in the process of CA
key updating. This model solves the issue of performance
degradation in the network which caused by complexity ofthe algorithm and higher node authenticated communication
and this finally lead to the failure of key updating and
accurate transmission of the key information in high bit-error-rate.
The scheme in the design based on cross-layer key
management which proposed above is applied to a specific
Ad hoc network, but it also necessary to further improve for
the cross-layer model, such as the settings of databasecapacity, the command parameters of the control center,
whether the algorithm of the control center could cause
significant additional burden, it is due to some timelinessissues of the dynamic network state parameters. In this
process it has many problems needed to be solved.
ACKNOWLEDGEMENT
This research was supported by The Key LaboratoryFoundation of Beijing Electronic Science and TechnologyInstitute (YZDJ0805) and Beijing Municipal EducationCommission build a special project funded.
REFERENCES
[1] J.W.Byun, S.M.Lee, and D.H.Lee, et al. Constant-round password- based group key generation for multi-layer Ad hoc networks.
LNCS3934, Security in Pervasive Computing - Third InternationalConference, SPC 2006, Proceedings, 2006, pp.3-17
[2] Junghyun Nam, Juryon Paik, Ung Mo Kim, et al. SecurityEnhancement to a Password Authenticated Group Key ExchangeProtocol for Mobile Ad-hoc Networks[J]. IEEE Communicationsletters, vol12, no2, february 2008:127-129.
[3] Tian H T, Bose S K, Law C L, et al. CLA- QOS: a cross- layer QoS provisioning approach for mobile Ad hoc networks. TENCON
2005IEEE Region 10, 2005
[4] Yuen W H,Lee H,Andersen T D.A simple and effective cross layernetworking system for mobile Ad hoc networks.IEEE InternationalSymposium,2002
[5] Kyamakya K,Nguyen V D.Cross-layer optimization,especiallycombination of channel estimation and position determination inmulti-hop wireless networks,Vehicular Technology Conference,2003
[6] Yao Z,Fan P,Cao Z,et al.Cross Layer design for servicedifferentiation in mobile Ad hoc networks.IEEE Proceedings ,2003
[7] Li X,Zheng B.Study on cross-layer design and power conservation inAd hoc network.PDCAT,2003
[8] Xylomenos G Polyzos G C.Quality of service support overmultiservice wireless internet links.Computer Networks,2001.
[9] Kliazovich D,Granelli F.Cross-layer Congestion Cpmtrolin Multi-hopWireless Local Area Networks.WICON,2005
[10] Setton E,Yoo T,Zhu Xiaoqing.Cross-layer Design of Ad Hoc Networks For Real-time Video Streaming.IEEE WirelessCommunications.2005
[11] K Jones,A Wadaa, et al. towards a new paradigm for securingwireless sensor networks. IEEE Proceedings ,2004
[12] Loukas L , Radha P .Cross-Layer Design for Energy-Efficient SecureMulticastCommunications in Ad Hoc Networks.IEEECommunications Society,2004
[13] Lidong Zhou and Zygmunt J. Haas ,Securing Ad Hoc Networks,IEEENclwork Novcmbcd, 1999
2010 2nd International Conference on Signal Processing Systems (ICSPS)
V1-137