Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Performance versus Security
Trade-off in RANETs
Muhammad Jawad Ikram
School of Computing, Informatics and Media, Universit...
Project Objectives
• To gain deep insights on the workings of MANETs and
RANETs and to understand the fundamental concepts...
Motivation
• A robotic mobile wireless ad hoc network (RANET) with
low operational cost, mobility and decentralized contro...
Related Work
• Most of the relevant work is based on the papers of Wolter
and Cho et al.
• Wolter has carried out a detail...
• Characteristics, Limitations and Routing Protocols of
MANETs
• Advantages, and application of MANETs
MANETs
• Characteristics of MANETs
▫ Communication via wireless means
▫ Nodes can perform the roles of both hosts and rout...
MANETs- Advantages and Applications
Advantages Applications
• Cost-effective
• Lesser setup time
• Network is formed the f...
• Why MANETs for RANETs?
• Basic modes of Robot communications
• Mobile Robot Applications
• Challenges of RANETs
RANETs and Robotic Communications
• At low cost solutions for wireless communication,
robots should be developed to succes...
RANETS and Robotic Communications
• Basic Modes of Robot Communication
▫ Communication between mobile robots and a fixed
b...
Challenges of RANETs
• Problems at control, perception and intersection of
communication that are created from coordinatio...
•Petri Nets
•Stochastic Petri Nets (SPNs)
•Generalised Stochastic Petri Nets (GSPNs)
•Gated Queueing Network Model s(G-QNM...
Petri Nets
• Formal notation
• Models concurrency, causality and conflict
• gives the formalism an easier intuitive
interp...
Petri Nets
• Petri Net is a four- tuple i.e.
PN = <P, T, I, O>
• P: a finite set of places,
{P1, P2, ..., Pn}
• T: a finit...
Petri net Marking
• The state of the Petri net system at any time, is
characterised by the distribution of tokens over
the...
The Firing Rule
• A transition t is enabled in a marking M, if all
the pre-places of t (those connected by an input
arc) h...
Reachability Graph
• Starting from an initial marking and following the firing rule we can
progress through all the possib...
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
T1
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
T2
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
M4= (0, 2, 3)...
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
M4 = (0, 2, 3...
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
M4 = (0, 2, 3...
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
M4 = (0, 2, 3...
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
M4 = (0, 2, 3...
Example: Reachability Graph
P1
P3
P2
T1
T2
M0 = (3, 2, 0)
M1 = (2, 2, 1)
M2 = (1, 2, 2)
T1
T1
M3 = (2, 2, 0)
M4 = (0, 2, 3...
Stochastic Petri Nets
• Emerged as a modelling formalism for performance
analysis in the early 1980s.
• An exponentially d...
Generalised Stochastic Petri Nets
• Generalised Stochastic Petri Nets (GSPN)
represent an extension of the SPN formalism,
...
Immediate Transitions
• Immediate transitions describe events
that are assumed to take no time.
• They have priority over ...
Immediate Transitions
• Immediate transitions usually represent control and
logical actions.
• The control actions ensure ...
Inhibitor Arcs
• An inhibitor disables a transition, rather
than enables it.
• An inhibitor arc from a place to a
• transi...
Gated QNMs
• A RANET Node with Gated Queue in two
equivalent ways.
Gated QNMs
RANET node with Intermittent Link (i) and Intermittent Server (ii)
•Motivation
•Performance Models
•Performance Metrics
•Security Measurements and Metrics
•Modeling Security with GSPN
•Comb...
Motivation
• What does the Performance-Security tradeoff mean?
• How to measure Performance?
• How to measure Security?
• ...
Performance-Security Trade-off
• A situation in which one quality or feature of
something is lost in return for gaining an...
Performance Measurement- Motivation
• To know the cost of an activity.
• To identify the connection between parts of the
s...
Performance Models
• Markov Chains
• Queueing Network Models
• Petri Nets Models
Performance Metrics
Typical performance metrics for RANETs include;
• Throughput
• Packet Loss Probability
• End-to-End De...
Security Measurement - Motivation
• To minimize security costs.
• According to Forrester Research survey of 28
companies h...
Security Engineering
• Prevention
▫ Protection of data and communication is needed to avoid security
breaches.
• Diagnosis...
Measuring Security
• Using the approach of reliability, the system may be
assumed to be either in;
• Secure state,
• Insec...
Measuring Security
TBI
t1 td1 tr1 t2 td2 tr2 t
TTID
TTIR
TBDR
Security incidents occurs at times t1, t2, t3, ……, tn. i is ...
Security Metrics
Modeling Security with GSPN
recover secure fail
Insecure
detect
restoring
Combined Performance-Security Model
Performance-Security Trade-off in
RANETs
• Two metrics are taken into account;
▫ Security is measured in terms of mean tim...
Security Attacks in RANETs
• Outsider attacks
▫ come from outside of the network,
▫ for example if an external intruder at...
Rekeying Techniques
• Individual Rekeying
▫ Rekeying is performed each time after a robot join or leave the
system,
or if ...
IDS Techniques
• Host-based IDS
▫ A local detection is performed by each node (robot) to know
whether a neighbouring node ...
Security of RANETs
• Group communication amongst Robots in
RANETs using group key
• IDS checks for compromised nodes
Security of RANETs
• Group communication amongst Robots in
RANETs using group key
• IDS checks for compromised nodes
• IDS...
Security of RANETs
• Group communication amongst Robots in
RANETs using group key
• IDS checks for compromised nodes
• IDS...
Security of RANETs
• Group communication amongst Robots in
RANETs using group key
• IDS checks for compromised nodes
• IDS...
Security of RANETs
• Group communication amongst Robots in
RANETs using group key
• IDS checks for compromised nodes
• IDS...
Security of RANETs
• Group communication amongst Robots in
RANETs using group key
• IDS checks for compromised nodes
• IDS...
Security of RANETs
• Group communication amongst Robots
in RANETs using group key
• IDS checks for compromised nodes
• IDS...
Rekeying in RANETs
• Rekeying frequency
▫ rekeying increases security
▫ rekeying increases load (cost)
▫ batch rekeying af...
SPN Model
Optimal Double Thresholds (k1 and k2)
Mean Time to Security Failure System Performance Metrics
Parameters
• k1 rekey limit...
Intrusion Detection Interval
• Rekeying strategies
▫ individual rekeying (after each join, leave, evict event)
▫ threshold...
Optimal Intrusion Detection Interval
Mean Time to Security Failure System Response Time
• TIDS = 480 optimises MTTSF for i...
Conclusions
• Security and performance of wireless group
communication system in RANETs
• Security is measured in terms of...
• Future work
• Proposed SPN Model
Future Work
After providing a comprehensive review and detailed
analysis performance-security trade-off in RANETs,
• The S...
Proposed SPN Model with Gated Queue
Performance security tradeoff in Robotic Mobile Wireless Ad hoc Networks
Upcoming SlideShare
Loading in …5
×

Performance security tradeoff in Robotic Mobile Wireless Ad hoc Networks

650 views

Published on

Performance security tradeoff in Robotic Mobile Wireless Ad hoc Networks using Stochastic Petri Nets

Published in: Education, Technology, Business
  • Be the first to comment

Performance security tradeoff in Robotic Mobile Wireless Ad hoc Networks

  1. 1. Performance versus Security Trade-off in RANETs Muhammad Jawad Ikram School of Computing, Informatics and Media, University of Bradford, UK. 2012 MSc Networks and Performance Engineering Project Supervisor: Prof. Demtres D. Kouvatsos
  2. 2. Project Objectives • To gain deep insights on the workings of MANETs and RANETs and to understand the fundamental concepts. • To understand the trade-off between Performance and Security in computer networks in general and in RANETs in particular. • To understand the concepts of various performance-security analysis tools that include Petri Nets and their extensions, and gated queueing network model (G-QNM). • To learn how to apply them to evaluate the performance and security in RANETs.
  3. 3. Motivation • A robotic mobile wireless ad hoc network (RANET) with low operational cost, mobility and decentralized control seems to be a most suitable architectural platform to support the dynamic nature of their applications. • Security mechanisms, such as encryption or security protocols, come at a cost of extra computing resources and therefore, have an adverse effect of RANET’s performance. • Thus, it is vital to develop quantitative models and techniques, based on both performance and security metrics, for the analysis of RANETs.
  4. 4. Related Work • Most of the relevant work is based on the papers of Wolter and Cho et al. • Wolter has carried out a detailed literature review, mainly based on the combined study of performance and security. • Wolter also proposes that Stochastic Petri Nets are the best tools to study the trade-off between performance and security. • Cho et al propose an SPN model, in which they study group communication in MANETs. • They obtained optimal settings for the system that satisfy both performance and security requirements.
  5. 5. • Characteristics, Limitations and Routing Protocols of MANETs • Advantages, and application of MANETs
  6. 6. MANETs • Characteristics of MANETs ▫ Communication via wireless means ▫ Nodes can perform the roles of both hosts and routers ▫ No centralized controller and infrastructure ▫ Dynamic network topology ▫ Frequent routing updates ▫ Autonomous, no infrastructure needed ▫ Can be set up anywhere. • Limitations of MANETs ▫ Limited resources ▫ Limited physical security ▫ Intrinsic mutual trust vulnerable to attacks ▫ Lack of authorization facilities ▫ Volatile network topology makes it hard to detect malicious nodes ▫ Route changes due to mobility ▫ Battery constraints • Routing protocols of MANETs ▫ Proactive protocols (DSDV, OLSR ,WRP, CRSR) ▫ Reactive protocols (DSR, LMR, AODV, ABR) ▫ Hybrid protocols (ZRP)
  7. 7. MANETs- Advantages and Applications Advantages Applications • Cost-effective • Lesser setup time • Network is formed the fly and adapt changes • Easy of deploy • Speed of deployment • Less dependency on infrastructure • Military or police exercises • Disaster relief operations • Mine site operations • Urgent Business meetings • Robot data acquisition
  8. 8. • Why MANETs for RANETs? • Basic modes of Robot communications • Mobile Robot Applications • Challenges of RANETs
  9. 9. RANETs and Robotic Communications • At low cost solutions for wireless communication, robots should be developed to successfully perform cooperative work and have the capability to construct a network. • Why MANETs for RANETs? ▫ Low-powered transceivers allow only direct communication ▫ Centralized scheme is known to be susceptible as a single point of failure ▫ Using base stations increases total cost of networks ▫ MANETs are suitable for unpredictable environments
  10. 10. RANETS and Robotic Communications • Basic Modes of Robot Communication ▫ Communication between mobile robots and a fixed base station ▫ Communication between mobile robots without a base station ▫ Communication between individual components of the robot itself • Mobile robots applications ▫ Robot soccer games ▫ Explosive ordnance or hazardous materials disposal ▫ Rescue and recovery operations ▫ Unmanned vehicles ▫ Planetary and volcano exploration
  11. 11. Challenges of RANETs • Problems at control, perception and intersection of communication that are created from coordination of multiple autonomous robots must have to overcome. • Fault Localisation in RANETs ▫ The dynamic changing topology of MANETs and, thus RANETs, requires an efficient fault management system to perform rapid intrusion detection, fault localisation i.e., the process of deducing the exact source of a failure from a set of observed failure indications and provide suitable self- healing to mission-critical applications in a timely and efficient manner.
  12. 12. •Petri Nets •Stochastic Petri Nets (SPNs) •Generalised Stochastic Petri Nets (GSPNs) •Gated Queueing Network Model s(G-QNMs)
  13. 13. Petri Nets • Formal notation • Models concurrency, causality and conflict • gives the formalism an easier intuitive interpretation than the Markov process • -- at least for small or moderately sized models • Introduced in 1960 for modelling variety of concurrent systems • Use for Performance modelling originates from 1980s
  14. 14. Petri Nets • Petri Net is a four- tuple i.e. PN = <P, T, I, O> • P: a finite set of places, {P1, P2, ..., Pn} • T: a finite set of transitions, {T1, T2, ..., Tn} • I: an input function, (T x P) -- > {0, 1} • O: an output function, (T x P) - -> {0, 1} • M0: an initial marking, P --> N • <P, T, I, O, M0> -- a marked Petri net
  15. 15. Petri net Marking • The state of the Petri net system at any time, is characterised by the distribution of tokens over the places, generally termed a marking: m : P --> N, where M(p) = n means that there are n tokens on place p.
  16. 16. The Firing Rule • A transition t is enabled in a marking M, if all the pre-places of t (those connected by an input arc) have a marking that is greater than or equal to the multiplicity of that input arc. • Otherwise t is said to be disabled. • A transition which is enabled in M may fire. • When t fires, a new marking is reached.
  17. 17. Reachability Graph • Starting from an initial marking and following the firing rule we can progress through all the possible states/markings of the model. • Continuing in this way, the reachability set is obtained that gives all the possible states of the model. • Also called playing the token game. • Initial marking is important. • Different initial markings might lead to different reachability sets. • While playing the token game, we come across all the possible states of the system, reachability graph is obtained by recording the transitions between those states.
  18. 18. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0)
  19. 19. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) T1
  20. 20. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1
  21. 21. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) T2
  22. 22. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) M4= (0, 2, 3) T1 T2
  23. 23. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) M4 = (0, 2, 3) T1 M5 = (1, 2, 1) T1 T2 T2
  24. 24. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) M4 = (0, 2, 3) T1 M5 = (1, 2, 1) T1 T2 T2 M6 = (0, 2, 2) T1 T2
  25. 25. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) M4 = (0, 2, 3) T1 M5 = (1, 2, 1) T1 T2 T2 M6 = (0, 2, 2) T1 T2 M7 = (1, 2, 0) T2
  26. 26. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) M4 = (0, 2, 3) T1 M5 = (1, 2, 1) T1 T2 T2 M6 = (0, 2, 2) T1 T2 M7 = (1, 2, 0) T2 M8 = (0, 2, 1) T1 T2
  27. 27. Example: Reachability Graph P1 P3 P2 T1 T2 M0 = (3, 2, 0) M1 = (2, 2, 1) M2 = (1, 2, 2) T1 T1 M3 = (2, 2, 0) M4 = (0, 2, 3) T1 M5 = (1, 2, 1) T1 T2 T2 M6 = (0, 2, 2) T1 T2 M7 = (1, 2, 0) T2 M8 = (0, 2, 1) T1 T2 M9 = (0, 2, 0) T2
  28. 28. Stochastic Petri Nets • Emerged as a modelling formalism for performance analysis in the early 1980s. • An exponentially distributed delay is associated with the firing of each transition. • The delay occurs between when the transition becomes enabled and when it fires. • The reachability graph of an SPN forms the state transition diagram of an underlying Markov process.
  29. 29. Generalised Stochastic Petri Nets • Generalised Stochastic Petri Nets (GSPN) represent an extension of the SPN formalism, • Two new primitives are added to the notation ▫ immediate transitions ▫ inhibitor arcs
  30. 30. Immediate Transitions • Immediate transitions describe events that are assumed to take no time. • They have priority over any enabled timed transitions. • Two or more immediate transitions can be enabled at the same time. • The probability that each of them is the one to fire must be declared in the model.
  31. 31. Immediate Transitions • Immediate transitions usually represent control and logical actions. • The control actions ensure the correct behaviour of the model and are executed in negligible time. • Logical actions happen when there are two or more alternatives and the system makes a choice amongst them. • Immediate actions give an additional tool for abstraction within the model.
  32. 32. Inhibitor Arcs • An inhibitor disables a transition, rather than enables it. • An inhibitor arc from a place to a • transition, means the transition cannot fire if there is a token in the place; • It can fire when there is no token in the place. • The inhibitor arcs impose an additional constraint to the usual firing rule.
  33. 33. Gated QNMs • A RANET Node with Gated Queue in two equivalent ways.
  34. 34. Gated QNMs RANET node with Intermittent Link (i) and Intermittent Server (ii)
  35. 35. •Motivation •Performance Models •Performance Metrics •Security Measurements and Metrics •Modeling Security with GSPN •Combined Performance-Security Model •Performance-Security Tradeoff in RANETs •Security Attacks in RANETs •Rekeying and IDS Techniques •System Model •Results and Analysis
  36. 36. Motivation • What does the Performance-Security tradeoff mean? • How to measure Performance? • How to measure Security? • What are the costs of Performance? • What are the costs of Security? • Can we trade one against the other?
  37. 37. Performance-Security Trade-off • A situation in which one quality or feature of something is lost in return for gaining another quality or feature is called trade-off. • The performance-security trade-off means that both performance and security can be measured together and if we want to improve one, we have to pay in terms of the other.
  38. 38. Performance Measurement- Motivation • To know the cost of an activity. • To identify the connection between parts of the system. • To identify the number of operations. • To study the effects of growing traffic on the system. • To determine the think time of the system.
  39. 39. Performance Models • Markov Chains • Queueing Network Models • Petri Nets Models
  40. 40. Performance Metrics Typical performance metrics for RANETs include; • Throughput • Packet Loss Probability • End-to-End Delay • Average Number of Hops • Optimal Number of hops • Routing Overhead • Channel Utilization • Energy/Power consumption
  41. 41. Security Measurement - Motivation • To minimize security costs. • According to Forrester Research survey of 28 companies held in 2007, security breaches cost $90 to $305 per lost record and 25% respondents do not know how to quantify that loss.
  42. 42. Security Engineering • Prevention ▫ Protection of data and communication is needed to avoid security breaches. • Diagnosis/Detection ▫ It is important to identify whether and when security incident has occurred? • Response ▫ Security attacks should be stopped immediately to avoid further damage. • Recovery ▫ Recovery from security breach should be performed. New key should be assigned for encryption.
  43. 43. Measuring Security • Using the approach of reliability, the system may be assumed to be either in; • Secure state, • Insecure state or, • Recovery state between insecure and secure. The state of the system may change from secure to insecure, from insecure to recovery and from recovery back to secure.
  44. 44. Measuring Security TBI t1 td1 tr1 t2 td2 tr2 t TTID TTIR TBDR Security incidents occurs at times t1, t2, t3, ……, tn. i is the security incident occurring at time ti that is followed by its detection time tdi and recovery from this incident at time tri
  45. 45. Security Metrics
  46. 46. Modeling Security with GSPN recover secure fail Insecure detect restoring
  47. 47. Combined Performance-Security Model
  48. 48. Performance-Security Trade-off in RANETs • Two metrics are taken into account; ▫ Security is measured in terms of mean time to security failure (MTTSF). ▫ Performance is measured in terms of service response time (R). • The main objective is to find optimal settings that includes the best intrusion detection interval and best batch rekey interval under which MTTSF is maximized while satisfying performance requirement in terms of R.
  49. 49. Security Attacks in RANETs • Outsider attacks ▫ come from outside of the network, ▫ for example if an external intruder attempts to gain unauthorized access to the group communication in the system. ▫ can be controlled by prevention methods like authentication and encryption. • Insider Attacks ▫ come from trusted members who become compromised due to some reasons ▫ They can share the group key with some outsider attackers to break the security of the system. ▫ Intrusion detection system (IDS) methods are developed to detect compromised nodes and evict them from group formation to achieve better security .
  50. 50. Rekeying Techniques • Individual Rekeying ▫ Rekeying is performed each time after a robot join or leave the system, or if a compromised node is removed from the system . • Trusted And Untrusted Double Threshold- based rekeying (TAUDT) ▫ Rekeying is performed when the thresholds (k1, k2) are reached  k1= rekey limit on (trusted) join and leave requests.  k2= rekey limit on detected and falsely detected compromised nodes. • Join And Leave Doubled Threshold-based rekeying ▫ Rekeying is performed when the thresholds (k1, k2) are reached  k1 = rekey limit on join requests.  k2 = rekey limit on leave requests and evicted nodes.
  51. 51. IDS Techniques • Host-based IDS ▫ A local detection is performed by each node (robot) to know whether a neighbouring node is compromised or not? Characterized by false negative and false positive probabilities p1 and p2. • Voting-based IDS • Voting is performed by m vote participants, against a periodically selected node, called target node. • If the majority of vote goes against the target, then the target node would be evicted from the system. Characterized by false negative and false positive probabilities Pfn and Pfp.
  52. 52. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes
  53. 53. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes • IDS may not detect (false negative)
  54. 54. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes • IDS may not detect (false negative) • IDS may erroneously detect (false positive)
  55. 55. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes • IDS may not detect (false negative) • IDS may erroneously detect (false positive) • IDS may correctly detect
  56. 56. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes • IDS may not detect (false negative) • IDS may erroneously detect (false positive) • IDS may correctly detect and remove
  57. 57. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes • IDS may not detect (false negative) • IDS may erroneously detect (false positive) • IDS may correctly detect and remove • Node is excluded
  58. 58. Security of RANETs • Group communication amongst Robots in RANETs using group key • IDS checks for compromised nodes • IDS may not detect (false negative) • IDS may erroneously detect (false positive) • IDS may correctly detect and remove • Node is excluded • To maintain secure group communication, key change is necessary Performance analysis of dynamic group communication systems with intrusion detection integrated with batch rekeying in mobile ad hoc networks. J.-H. Cho, I.-R. Chen, and P.-G. Feng. AINAW '08: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications { Workshops, pp. 644{649, Washington, DC, USA, 2008. ,
  59. 59. Rekeying in RANETs • Rekeying frequency ▫ rekeying increases security ▫ rekeying increases load (cost) ▫ batch rekeying after n membership changes • optimisation problem ▫ how often to change key for optimal performance and security?
  60. 60. SPN Model
  61. 61. Optimal Double Thresholds (k1 and k2) Mean Time to Security Failure System Performance Metrics Parameters • k1 rekey limit on (trusted) join and leave requests • k2 rekey limit on detected and falsely detected compromised nodes
  62. 62. Intrusion Detection Interval • Rekeying strategies ▫ individual rekeying (after each join, leave, evict event) ▫ threshold-based rekeying  TAUDT, k1, k2 as above  JALDT, k1 = limit on join requests, k2 = limit in leave requests and evicted nodes. • Parameters ▫ Investigate optimal IDS interval (firing time) ▫ set TAUDT: (k1, k2) = (4,1), JALDT: (k1, k2) = (5,2) (enabling condition)
  63. 63. Optimal Intrusion Detection Interval Mean Time to Security Failure System Response Time • TIDS = 480 optimises MTTSF for individual rekeying • TIDS = 600 optimises MTTSF for threshold-based rekeying • TIDS = 600 optimises response time for all rekeying strategies
  64. 64. Conclusions • Security and performance of wireless group communication system in RANETs • Security is measured in terms of MTTSF • Performance is measured in terms of response time • Intrusion detection threshold and Intrusion detection interval are chosen as to optimise those measures
  65. 65. • Future work • Proposed SPN Model
  66. 66. Future Work After providing a comprehensive review and detailed analysis performance-security trade-off in RANETs, • The SPN model can be simulated in java or any other object oriented language to study the effect of changing system parameters. • Combination of SPNs, QPNs and QNMs can be used to study various aspects of RANETs more efficiently.
  67. 67. Proposed SPN Model with Gated Queue

×