Performance of Group Key Agreement Protocols( Theory)

Term paper

Performance of Group Key Agreement Protocols( Theory)

Original Title in German

Seminararbeit
Effizienz von Group Key Agreement Protokollen (Theorie)

[ On the Performance of Group Key Agreement Protocols for
Wireless Mesh Networks]

Dept. of Electr. Eng. and Information Science

Ruhr-Universität Bochum

Chair of Network and Data Security

Horst-Görtz Institute

Krassen Deltchev
e-mail: Krassen.Deltchev@rub.de

23.08.2010

Person in charge: Prof. Dr. Jörg Schwenk

Advisor: M.Sc. Andreas Noack

Abstract

Abstract
Nowadays networking is more than implementing static wired network infrastructure. The
utilisation of wireless agile network constructs, represents a well established build-up on the “old
world” and in some cases the only feasible solution. Therefore the aspects, concerning the
dynamics, stability, security and performance issues of such “new world” networks are still of great
interest of the researchers. An important approach to represent an appropriate security level of
dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the
reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc
Networks. Though, there are not enough publications on the topic of Group Key Agreement
Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of
their utilisation. We shall consider this as a exciting challenge for research on the topic of
Distributed Key Agreement Protocols.
The current term paper should represent a discussion over the security aspects of WMN, the
performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods,
concerning these performance aspects and illustrate the GKAPs by means of their classification.

Keywords: WMN, Wireless Mesh Networks, GKAP, Classification of Group Key Agreement
Protocols, Performance of Group Key Agreement Protocols, Communication Complexity

Kurzfassung

Die Fragen der Dynamik, Sicherheit und Stabilität, und Verwaltung von variablen
Gruppenteilnehmer in Netzen ist und wird ein aktuelles Thema im Bereich der IT-Sicherheit
darstellen. Besondere Interesse für eine Vorgehensweise, welche solche Problemaspekte effektiv
und adäquat löst, ist der Group Key Agreement Protokolle gewidmet.
Group Key Agreement Protokolle sind mehr oder weniger ausführlich beschrieben, wenn es von
Ad-Hoc( MANET)-Netze gesprochen wird.
Wenn es um Wireless Mesh Netze geht, findet man überraschenderweise kaum Literatur. Dies stellt
eine Herausforderung, dass man solche Fragen nachforscht und/oder von vorne herein erforscht.
Besonderes Thema zu diesem Gebiet stellen die Fragen der Effizienz im Bezug auf Group Key
Agreement Protokolle[GKAPs] in Wireless Mesh Netzen[WMN].
Diese Seminararbeit sollte einen Überblick bzgl. der IT-Sicherheitsaspekte von Wireless Mesh
Netzen, Group Key Agreement Protokollen und der Effezienz von GKAPs darstellen; anschliessend
entsprechnde Rechenverfahren vorstellen und eine Klassifizierung der Group Key Agreement
Protokolle illustrieren.

Stichwörter: WMN, Wireless Mesh Netze , GKAP, Klassifizierung von Group Key Agreement
Protokolle, Effizienz von Group Key Agreement Protokolle, Kommunikationskomplexität

3

Indexes

Indexes

Contents
Abstract.................................................................................................................................................3
Kurzfassung..........................................................................................................................................3
Indexes..................................................................................................................................................5
1. Introduction......................................................................................................................................9
1.1. Limitations of the paper..........................................................................................................10
1.2. The terms: performance, communication complexity, WMN and GKAP..............................10
1.2.1 Introduction to WMN.......................................................................................................10
1.2.2 WMN vs. WiMAX vs. MANET......................................................................................12
1.2.3 Introduction to GKAPs, communication complexity and performance...........................13
2. Classification of GKAPs................................................................................................................14
3. Methods..........................................................................................................................................17
3.1. Tsudik et al. method................................................................................................................18
3.2. Zheng/Foss/Lee method..........................................................................................................22
3.3. Noack's method.......................................................................................................................28
4. Results............................................................................................................................................37
5. Conclusion and future work...........................................................................................................39
Appendix............................................................................................................................................41
Bibliography.......................................................................................................................................47

5

Indexes

List of tables
Table 1: A proposal for GKAPs classification....................................................................................17
Table 2: Join-leave-[mass join]-[mass leave] results[ZFL05]............................................................25
Table 3: Merge-Partition results[ZFL05]............................................................................................26
Table 4: Join-leave-[mass join]-[mass leave]-merge-partition results[ZFL05]..................................27
Table 5: Abstractions of the probabilistic and the grid model[AN09b].............................................34
Table 6: Maximum impact factor x( initialisation phases)[AN09b]...................................................35
Table 7: Communication complexity STR and QGDH......................................................................44
Table 8: GKAPs adoption to Mesh Networks ...................................................................................45
Table 9: List of links...........................................................................................................................47

List of figures
Figure 1: GKMP map [SRSP10]........................................................................................................15
Figure 2: Taxonomy of Common TEK Group Key Management Protocols [CS05].........................16
Figure 3: Communication cost comparison [AKNRT04]...................................................................19
Figure 4: Join operation - average time at LAN [AKNRT04]............................................................19
Figure 5: Leave operation - average time at LAN [AKNRT04].........................................................20
Figure 6: Partition operation - average time at LAN [AKNRT04].....................................................20
Figure 7: Partition operation - Clustering effect [AKNRT04]...........................................................21
Figure 8: Merge operation - average time at LAN [AKNRT04]........................................................21
Figure 9: The extreme case of long delay networks[AKNRT04].......................................................21
Figure 10: Join and Leave operations - average time at WAN [AKNRT04]......................................22
Figure 11: Communication and computational costs[ZFL05]............................................................24
Figure 12: Burmester Desmedt I probabilistic model[AN09a]..........................................................30
Figure 13: Burmester Desmedt II probabilistic model[AN09a]........................................................31
Figure 14: TBKA probabilistic model[AN09a].................................................................................32
Figure 15: the grid model with simultaneous transmissions; and structure mapping[AN09b]..........33
Figure 16: Performance results of the grid vs probabilistic model comparison[AN09b]..................35
Figure 17: TGDH binary tree logical structure [SH08]......................................................................41
Figure 18: STR graph logical structure [RB03]................................................................................42
Figure 19: Queue-based group Diffie-Hellmann entity model[SH08]...............................................42
Figure 20: The Blind Key queues in group controller server [SH08]................................................43
Figure 21: Initialisation Performance - timeslots + x* MoT, x = 4,45...............................................46
Figure 22: Join Performance - timeslots + x* MoT, x = 4,45............................................................46
Figure 23: Leave Performance - timeslots + x* MoT, x = 4,45.........................................................46

7

1. Introduction

1. Introduction

"...the value of a telecommunications network is proportional to the square of the number of connected users of the
system (n2) ."
Metcalfe's law

We shall not argue in this paper whether the Metcalfe's law is provable, or empiric provable, or how
much the communication network increases in value; for the interested reader, please refer
to[BOT06]. However we must agree that, the better the communications infrastructure is presented,
the more consumer's interest to it. Nowadays the utilisation of wired networking could be still
considered as state-of-the-art solution, concerning aspects like stability and performance of the
telecommunication network. Though, there are many well known cases, which point out that ,
wireless networks should be considered as preferable solution instead of the well established wired
static approaches. Let's mention some of them. For example there are solutions for the police
mobile communications( MEA1), or for the fire fighters mobile communications implemented via
the proprietary and licensed 4.9 GHz WiFi Standard, the so called public safety networks; nowadays
most of the universities, schools, airports, hotels etc. are offering and utilising WiFi via hotspots and
wireless access points; in the U.S.A. after tornado storms the whole wired communications
infrastructure in several cities suffers heavy damages, wireless mesh networks appears to be in such
cases the most reasonable, efficient, time and effort saving solution, to rebuild the whole city
communications network in such disaster situations; in rural areas, or areas, which are difficult to
be accessed, wiring could be very pricey task, or even unfeasible task, in such cases covering the
area, utilising wireless mesh networks could be the best reasonable solution. This list can go further,
for examples on implementations of wireless mesh networks nowadays, please consider to read the
next chapters.
As we mention terms as WiFi, Wireless Mesh Networks[WMN], we shall consider a short
introduction to them in this chapter, keeping in mind that, the concerned reader is already aware of
them, though we shall apologise and proceed in this manner, concerning the better understanding of
the paper's thesis. Let's clarify the objections of the current term paper. This thesis is another
introduction to the wireless mesh networks, representing the security aspects of the WMN through
the Group Key Agreement Protocols[GKAP]. Furthermore, this paper shall represent a
classification of the GKAPs and discuss the performance aspects of the utilisation of the Group Key
Agreement Protocols for Wireless Mesh Networks. Let's represent this more detailed clarifying the
structure of the paper. In the next section the reader shall find information on the limitations of the
paper. Subsequently, the terms WMN, MANET, WiMAX, WiFi shall be clarified. In the next
chapter 2, a classification of the Wireless Mesh Networks shall be presented. Chapter 3, concerns
the methods related to the performance studies of the Group Key Agreement Protocols. Three
methods shall be described and compared one to another. The focus of this paper relies on the last
one, the Noack's method. The results of the method's comparison are represented at chapter 4. The
last 5th chapter concerns final thoughts and some proposals for future work.
Let's proceed with the limitations of this paper.

1 Motorola's Mesh Enabled Architecture [MO05]

9

1. Introduction

1.1. Limitations of the paper

As one of the objection of the thesis is the classification of the GKAPs, we shall explicit clarify,
which protocols shall be considered as irrelevant for the further discussion on the paper's thesis.
Two classes of protocols we designate as irrelevant: the class of proven security prone GKAPs and
the class of considerably inefficient Group Key Agreement Protocols. A very good classification of
the first ones is given in[MOST97]. Let's illustrate the list of the proven security prone GKAPs:
GKE.setup,
Bull Otway Protocol, Boyd-Gonzalez Nieto Key Agreement Protocol, A-GDH, SA-GDH.2,
Asokan-Ginzboorg.
Furthermore, concerning the description of the Wireless Mesh Networks, we shall not illustrate, nor
represent any kind of constructs, concerning Seamless WMN2. Consequently to this, we shall not
discuss terms like routing and routing issues of WMN. For the interested reader, please consider to
another interesting term paper related to the current master's workshop3: Konfiguration eines
IEEE 802.11s konformen Mesh Netzwerks (Praxis), Andreas Hübner and other specific papers on
the topic: routing in wireless mesh networks.
As discussing the Group Key Agreement Protocols as reasonable security approach for WMN, the
intruder shall be described as an ordinary member of the Group Key construction. We shall not be
interested in discussing, whether the intruder can achieve DoS or MITM attacks, or just utilise
passive attacks as eavesdropping. The interested reader can find more information on this topic and
attacks like: Wormhole Attacks, Out-of-band Attacks, Rushing Attacks, Threat Model in Ad-Hoc
Networks etc. at [L1].
Finally, as we are discussing in this paper the performance issues of GKAPs, we shall understand
the same as we are discussing efficiency issues of the protocols.
Now let's explain the basic terms, concerning the thesis of this paper.

1.2. The terms: performance, communication complexity, WMN and
GKAP

1.2.1 Introduction to WMN
Let's introduce firstly the Wireless Mesh Networks4. WMN are based on the WiFi open standards
802.11a/b/g/s5 at 2.4GHz. Thus building the infrastructure of WMN is easy and cost reducing,
because most of the wireless devices for achieving this are on the market at consumer prices, like
WiFi routers and mobile devices with build-in WiFi network cards etc. There are also
implementations of WMN on the 802.16 standard, please consider further reading on the next
section. As the name of these networks states, the WMN are build upon a mesh topology, utilising
WiFi routers, or other wireless devices as mesh nodes. A mesh node can be implemented in the
mesh topology as a WiFi router, mobile computer with WiFi network card etc. Thus the WMN are
not limited in their hardware implementation. Still, considering an example design of the WMN we
2 http://www.smesh.org/
3 http://www.nds.rub.de/chair/lectures/290/
4 http://en.wikipedia.org/wiki/Wireless_mesh_network
5 http://www.open80211s.org/

10

1. Introduction

can specify Mesh Clients as mesh leafs, implemented via mobile computers; Mesh Nodes,
implemented via WiFi routes; and gateways, which connect the WMN to the internet. This is
important to be clarified because of the mentioned above example of WMN utilisation- the MEA
implementation for police public WMN. Imagine if police patrol, reach an area where the internet
connection cannot be further established. Utilising a WMN in-between the members of the patrol,
they can still contact to each other regardless the internet connection is not present. Thus we reach
the point to designate the advantages of Wireless Mesh Network, listed as follows, see[L2]:
• Using fewer wires means it costs less to set up a network, particularly for large areas of
coverage,
• The more nodes are installed, the bigger and faster the wireless network becomes,
• WMN rely on the same WiFi standards (802.11a, b and g) already in place for most wireless
networks., the 802.11s standard is still in development, concerning WMN,
• They are convenient where Ethernet wall connections are lacking - for instance, in outdoor
concert venues, warehouses or transportation settings,
• They are useful for Non-Line-of-Sight (NLoS) network configurations where wireless
signals are intermittently blocked. For example, in an amusement park a Ferris wheel
occasionally blocks the signal from a wireless access point. If there are dozens or hundreds
of other nodes around, the mesh network will adjust to find a clear signal,
• Mesh networks are "self configuring;" the network automatically incorporates a new node
into the existing structure without needing any adjustments by a network administrator,
• Mesh networks are "self healing," since the network automatically finds the fastest and most
reliable paths to send data, even if nodes are blocked or lose their signal,
• Wireless mesh configurations allow local networks to run faster, because local packets don't
have to travel back to a central server,
• Wireless mesh nodes are easy to install and uninstall, making the network extremely
adaptable and expandable as more or less coverage is needed.
Let's list also some of the recent example implementations of WMN in the real world, as follows,
see[L3]:
• Meraki Mesh( special long range radio)[L3]
• Mesh Dynamics( multiple radios)[L3][L4]
• OPLC XO-I children's laptop[L3]
• Smesh( fast roaming)[L3]
• SolarMesh( mesh STA power comes from solar energy)[L3]
• SONOS multi-room music system[L3]
• Freifunk6
• Funkfeuer7

6 http://start.freifunk.net/
7 http://funkfeuer.at/

11

1. Introduction

Andreas Noack states in his paper[AN09a] that, the Wireless Mesh Networks are the “missing link”,
which acts like an interface between the static wired internet and the modern ad-hoc networks. Let's
clarify this in the next section concerning the differentiation between the terms: WiFi, WiMAX,
WMN and MANET.

1.2.2 WMN vs. WiMAX vs. MANET

The title of this section is intentionally left confusing. Obviously, we are allowed to compare WiFi8
and WiMAX9, just because both of them represent two major standards for wireless
telecommunication networks. WiFi, or better Wi-Fi, is actually a marketing term and in many
countries stays as a synonym for WLAN, which is represented by the IEEE 802.11(a/b/g/i/n/s)10
standards. We shall just use WiFi as we are discussing the 802.11* implementations, in this paper.
As mentioned above, most of the consumer devices nowadays implement out-of-the-box the WiFi
standard, which makes in well known and wide spread. There are two implementations of the
802.11* standard: on one hand, there is an open standard, utilising 2,4GHz technical
implementations; and another one as mentioned above, which is licensed and operates on 4,9GHz.
The second one is obviously separated from the open standard and is used especially for as stated
above public networks like police MEA implementations, fire fighters mobile networks,
government implementations etc. The other standard, which is licensed, is IEEE 802.1611 and its
mnemonic equivalence is WiMAX( Worldwide Interoperability for Microwave Access). WiMAX
represents a telecommunication protocol in technical terms. Comparing WiFi and WiMAX we can
say in a word, that WiFi utilises shorter transmission ranges, so covering large areas, could be
established on behalf on the hardware assembling of many mesh nodes. On the contrary, the
WiMAX back-haul transmitter can cover larger areas, so the graph can be represented by fewer
nodes, making it optimised in terms of fewer graph members. Though, as the leading motto of this
first chapter states, the value of the network, increases with the incrementation of its connection
nodes. Furthermore, the WiMAX is licensed and could not be open implemented, without paying a
fee, so its hardware utilisation is much more pricey, not just because of the tax fee, but the
consumer devices implementing the 802.16 are not wide distributed, comparing to those ones with
WiFi logo on it. These facts lead us to the conclusion that, WiFi is the more appropriate
implementation for WMN.
Now let's clarify the terms WMN and MANET. As we already illustrated the common wireless
standards, let's illustrate more detailed the topology implementations of the WLAN. In a word the
MANET( Mobile Ad-Hoc Networks)12 represent a subclass of the Wireless Mesh Networks. As
WMN can utilise both ad-hoc and infrastructure[AN09a], mobile mesh networking is represented
via MANET. In this way of thoughts, we can accept, that the features, applied to MANET, belong to
WMN too. This means that, if there are research theories, related to Mobile Ad-Hocs, they should
be applied to the Wireless Mesh Networks as well. This is important statement, because nowadays
there is plenty enough literature on the Group Key Agreement Protocols for MANET and very few,
related to their superclass – the Wireless Mesh Networks. Thus, to achieve a proper introduction
and classification of the GKAPs and describe the performance issues for Group Key Agreement
Protocols for WMN, we shall find support in well known approaches, related to the MANET and
8 http://www.wi-fi.org/
9 http://en.wikipedia.org/wiki/WiMAX
10 http://en.wikipedia.org/wiki/IEEE_802.11
11 http://en.wikipedia.org/wiki/802.16
12 http://en.wikipedia.org/wiki/Mobile_ad_hoc_network

12

1. Introduction

traditional wired networks.
Let's start with a few introductory words on the Group Key Agreement Protocols, which shall be
discussed more detailed in a separate chapter, as already stated, in chapter 2.

1.2.3 Introduction to GKAPs, communication complexity and
performance

As we agree on the conclusion , that WiFi is a reasonable implementation for Wireless Mesh
Networks, we shall consider to introduce the security aspects of the WMN. As Noack states
at[AN09a] security of WMN is not only utilising WEP13( which is already considered as security
prone algorithm), or WPA/WPA2( IEEE802.11i), because these standards are designed to secure
point-to-point connections.
Keeping in mind that, Wireless Mesh Networks are dynamic, with main features: self-healing, self-
clustering, self-stabilising, WPA/WPA2 cannot be considered as sufficient pre-requirement for
securing such agile network constructs as WMN at all. Let's illustrate the main goals for securing a
network as [AN09a]: Authentication, Confidentiality, Integrity Protection. As Noack mentions, the
Authentication of WMN must be present by two means, on one hand there are commercial reasons,
or political reasons like MEA implementations of WMN 4,9GHz licensed standard, on another there
are legal reasons- to allow only parties in the network run, which should not misuse it. In this paper
we shall not concentrate on GKAPs with Authentication, for the interested reader, please refer
further to [RLKY04].
Subsequently, discussing the Confidentiality security aspect of the Wireless Mesh Network, we
shall admit, as concluded in [AN09a], that, the absence of physical protection of the transmitted
signals in such wireless networking constructs requires as a greater concern, applied to the
confidentiality of the transmitted sensitive data over the network. A good approach to achieve and
utilise this is represented by the sharing of common security key among all parties, members, nodes
of the wireless network. An automatic method for such multi-party key agreement should represent
a complete encryption solution[AN09a]. To conclude this security model of the wireless network,
we shall mention that the last feature, the Integrity Protection of the network, should be easily
achieved, if the Confidentiality aspect is fulfilled as a pre-requirement. One approach for hardening
a given shared key should be the MAC( Message Authentication Codes)14, as [AN09a]. Thus, we
reach to the conclusion, concerning the security of WMN by the utilisation of Group Key
Agreement Protocols. Let's clarify the rest of the basic terms , which will be important for the
further reading: the performance and the Communication Complexity15 of Wireless Mesh Networks.
Both of them are specified as communication requirements for Group Key Agreement Protocols in
[AN09a]. As already stated at the limitations section of the paper, the GKAPs do not request the
security of the communication channel as a pre-requirement, moreover the messages should be
protected at a message layer over the protocol run[AN09a]. Important question regarding this, is the
perfect broadcast aspect of the network, which should be explained in detail in the further chapters
of the paper. At this stage of the thesis we shall only mention that, there are two types of broadcast
channels in GKAPs: local and full broadcast channels, which are implemented on the physical
topology of the WMN. Furthermore, there is the logical structure implementation of the GKAPs for

13 http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
14 http://en.wikipedia.org/wiki/Message_authentication_codes
15 http://en.wikipedia.org/wiki/Communication_complexity

13

1. Introduction

utilising the agreement on the shared key. As a conclusion to this, we shall point out that, important
aspect for scaling the performance of the GKAPs for WMN is represented by the fact: generally the
performance of GKAPs decreases with increasing the differences between the physical structure of
the WMN and the logical structure of the GKAP, as [AN09a]. Consequently to this, we shall also
outline the fact, that in many cases the WMN utilise one shared medium to communicate over it, as
for an example one gateway to establish a connection to the internet. Imagine a doorway in a big
building, which is accessible for every member running-in and out of the building[L5]. This could
represent a bottleneck and prevent the protocol of its adequate protocol run.
On the contrary to this, the WiMAX implementations do not suffer such issues. They could be
merely abstracted as a building with many doorways, but limited member access through them- one
member can pass a doorway at a time[L5]. Therefore there is the need for further evaluation of the
communication cost, concerning performance aspect of the protocol run of GKAPs: the
Communication Complexity. On behalf of the proposed abstraction for WMN as a one doorway big
building, the communication complexity can be summarised as follows. There are two sets of
building members, one with the feature- members are outside the building, the another, members
are inside the building, which share a common feature- both sets can exchange limited amount of
members. For an instance a finite group of members of the set- members inside the building, like to
run out of the building as every one of them is running in the same way and this is considered by
both sets as an appropriate way to pass through the one door way in the building, the computation
of the lower bound, representing the min. members as a complete group successfully running out of
the building, knowing that the worst case in their group action would be to transform the one door
way in a bottleneck, should be represented by the communication complexity. The interested reader,
could refer further for more information to [AB07].
The term, communication complexity, shall be evaluated in chapter 3, where the reader shall find a
description of the three major methods, concerning the performance aspects of the GKAPs.
Let's proceed further with a more detailed representation of the Group Key Agreement Protocols,
which are illustrated via their classification in the next chapter.

2. Classification of GKAPs

As mentioned above, the most of the scientific sources, concerning Group Key Agreement
Protocols, are applied to MANET. Thus, we need to observe the security of Mobile Ad-Hoc
Networks and subsequently re-apply the conclusions on the WMN level. A starting point in the
research on the security of MANET is dedicated to the Key Management Protocols superclass. We
can list three major subclasses of Key Management protocols, see [SRSP10]:
• Centralized Group Key Management Protocols[GKMPs],
• Decentralized Group Key Management Protocols,
• Distributed Group Key Management Protocols
Let's describe them in detail. Main feature of the Centralized GKMPs is the presence of a Key
Distribution Center( KDC), which is responsible for the Key Management of the whole group of
protocol members. The Decentralized GKMPs represent a key management of large member
groups, where subgroup managers are responsible for the deployment of the protocols key
establishment. As intuitively supposed, this group of GKMPs implement an approach to reduce the

14


overhead of the key management, if this is concentrated at a single instance, as in the example
above with the utilisation of a single static KDC. The Distributed GKMPs illustrate a protocol
construct with no explicit definition of a KDC. Moreover, every protocol member participates in the
generation of a shared group key, which represents a key distribution derivative of each member’s
key contribution in the protocol run. The Distributed GKMPs represent a superclass of the
Contributory Key Agreement Protocols, which illustrate the class of the Group Key Agreement
Protocols. This classification is represented in [SRSP10][CS05][ZFL05]. Let's illustrate the
discussed GKMP classes in the next Figure 1, see [SRSP10]:

Figure 1: GKMP map [SRSP10]

We shall support this classification by the next Figure 2, which gives more detailed representation
of the class hierarchical three of the Distributed Key Management Protocols. Zheng et al. also
classify the Group Key Management Protocols in three major subclasses, see [ZFL05]: the category
of Centralized GKMPs, the category of Distributed GKMPs and the category of Contributory
GKMPs. This classification is adopted from [AKNRT04]. Tsudik et al. propose another definition
of the Distributed GKMPs. The KDC is represented by dynamically selecting of a special group
member. This member, acting as a key server, should be also able to maintain long-term pairwise

15


secure channels with all group members at a given temporal state of the protocol run. The
dynamically selected key server should be furthermore able to distribute at every click in the
protocol run the group keys. Tsudik et al. warn that, this could present a drawback, because, if a
new key server should be selected at a given short term of time, all the group keys should be
recreated by this instance from the start, which should reduce the performance of the security
protocol. Furthermore, the GKAPs are presented at this classification by the class of the
Contributory GKMPs. This category presents the same features as the Distributed GKMPs class in
the [SRSP10] classification. This points out the main design pattern to generate the shared group
key, as explained above, should be represented as a derivative of the contribution of every single
member in the protocol run. This shall illustrate the best approach for generating shared group
secret key, still without knowing drawbacks. Furthermore, the Contributory GKMPs rely on
modular exponentiations16, as [AKNRT04], and modular exponentiation functions are known to be
efficient even by big value of the exponent .This shall be a very important statement for the next
chapter 3, concerning the study on the performance methods for Group Key Agreement Protocols,
with focus on the performance method for GKAPs, concerning Wireless Mesh Networks.
Now let's illustrate the GKMPs classification, given in [CS05]:

Figure 2: Taxonomy of Common TEK Group Key Management Protocols [CS05]

Subsequently to this illustration, we shall specify in detail the classification of GKAPs and bring it
up-to-date. Note that this classification should be revised by adding new GKA Protocols in the
future as well. Most important subclasses are the ring based cooperation, hierarchical based
cooperation and broadcast based cooperation protocols, which represent the GKAPs, belonging to
the Contributory GKMPs. Other notable subclasses are the the GKA- derivatives and the
Authentication GKAPs. The last one shall not be discussed further, as already mentioned above.
Please, read further on the next page of the paper about Table 1:

16 http://en.wikipedia.org/wiki/Modular_exponentiation

16


GKAPs subclasses: Presented by:
Ring based cooperation: ITW, GHD 1.0, GDH 2.0, GHD 3.0, BD I
Hierarchical based STR, BD II, TBKA, TGDH, CRTDH, BF- TGDH,Octopus, D- LKH,
cooperation: DH- LKH
Broadcast based Fiat et al., CKA
cooperation:
Centralized GKAPs: µSTR, µCLIQUES, µBD, µSTR-H, µTGDH
GKA- derivatives: GKA, Tree based GKA, RGKA, T-RGKA, W- RGKA, BD- RGKA,
Flexible RGKA, Fully RGKA
Clique- derivatives: CLIQUES I, CLIQUES II, µCLIQUES, M- CLIQUES
Authentication GKAPs: EGAKA, SAS- GMA
Not classified yet: EGK, CCEGK, AFTD, ...
Table 1: A proposal for GKAPs classification

Note that, concerning the group of inefficient GKAPs, mentioned in the limitations section of the
first chapter, the protocols: ITW, GHD 1.0, GDH 2.0, GHD 3.0, GKA, CLIQUES I and CLIQUES
II shall be pointed out a priory as belonging to this group and shall not be considered as relevant
protocols, concerning the performance discussion of Group Key Agreement Protocols for Wireless
Mesh Networks.
Let's proceed further with the illustration of three major performance evaluating methods for
GKAPs. Note that, they are not representing the complete set of calculation methods. There are
other approaches, which also contribute to the topic of performance evaluation of GKAPs, like in
[H08].

3. Methods

This chapter represents three significant methods for performance evaluation of Group Key
Agreement Protocols. Let's clarify the factors for selecting these methods as fundamental,
concerning the GKAPs research. The implementation of the methods is illustrated by finite set of
GKAPs, though the researchers try to develop methods, which are generally applicable for
evaluation tests on the performance of Group Key Agreement Protocols. In other words the methods
are not limited in their application on different GKAPs. Furthermore, the three methods represent
different and independent approaches in the performance research. The Tsudik et. al method utilise
a research approach on the LAN and WAN related GKAPs performance evaluation. Lee et al.
method, we shall use further in the paper the Zheng/Foss/Lee method designation, illustrate a
technique to study the performance of GKAPs over multiple operations, occurred during a stage of
the protocol run. The Noack's method is a unique approach to study the performance issues of the
Group Key Agreement Protocols for Wireless Mesh Networks, which are known to the author of the
paper17. The three methods represent a great contribution to the performance analysis of GKAPs and
17 The author of the paper, made a research on the topic of performance analysis for GKAPS for WMN, started in

17

3. Methods

could be determined as sufficient, though not completed set of techniques for utilising an adequate
performance research on the Group Key Agreements Protocols. Now let's illustrate every single of
them in detail, starting with the Tsudik et al. method.

3.1. Tsudik et al. method

The main goal of this method is to study the performance issues of Group Key Agreement
Protocols, supporting modern internet collaborative applications as voice- and video conferencing,
distributed simulations, internet online games, replicated servers and database systems of all types.
It's description paper[AKNRT04] also supports the basic security construct of a secured network:
data privacy, integrity and authentication, which are considered as pre-requirements for secured
collaborative applications. Furthermore, the Tsudik's et al. paper proposes a classification of the
GKMPs in peer groups, as already mentioned and give an answer to the question, which GKMP is
adequate and best fit, concerning dynamic peer groups. The Contributory GKMPs, to which as
already known GKAPs belong, are considered with their strong security properties. Tsudik et al.
focus their work on the performance analysis related to LAN and WAN implementations of Group
Key Agreement Protocols; especially on the dualistic paradoxon, concerning the two dominating
factors in the performance analysis of the protocols: the computation cost18 and communication
cost. The thesis that, computation efficient protocols usually require more communication rounds
for the execution of the protocol run and the opposite, protocols with reduced communication
complexity induce greater computational effort, shall be evaluated in the paper, describing the
Tsudik et al. method. Consequently to this, are the conclusions of this research work to be
mentioned. Tsudik et al. point on one hand out that, the results of their experiments clearly illustrate
the greater importance and domination of the communication cost, over the computational cost for
group-oriented cryptographic protocols over long delay networks( WAN). On the other hand, the
cost of simultaneous n broadcast messages is considered to be another important factor among the
well known computational overhead and number of rounds, which is relevant for the performance
analysis of GKAPs. These conclusions support the abstractions, related to the Noack's method.
Long delay networks( WAN) could be analogised to the WMN, where the protocols run over a
shared medium, so bottle necks in their execution should not be underestimated. That's why, main
parameter for evaluating the performance analysis in the Noack's method should be the
communication complexity and not the computational cost, which should be ignored in the
abstraction model as well. Noack also explains in [AN09a] that the simultaneous n messages
parameter is from greater importance and should not be ignored, which explains the fact that, Noack
do not assume a perfect broadcasting in the protocol run. This should be explained in detail in the
last section 3.3 of this chapter as well.
Now let's describe the protocols used in the Tsudik et al. performance evaluation method. The
observed GKAPs should be listed as follows: BD, CKD, GDH, STR, TGDH. Each of the protocols
is described by its basic operations, which are evaluated separately one from another: initiate, join,
leave, merge, partition. The authors of the method explain that, the initiate operation is not relevant
for their performance analysis. Moreover every protocol's operation is additionally illustrated via its
detailed and completed step execution. The evaluation of the communication cost and computation
cost of the observed GKAPs is presented in separate comparison tables as well. We shall illustrate
only the communication cost results in the next Figure 3. Furthermore, the performance evaluation

23.04.2010 and ended at the time of the paper's release: 23.08.2010.
18 http://en.wikipedia.org/wiki/Computational_complexity_theory

18

3. Methods

of the protocols shall be denoted via graphs on one hand concerning the GKAPs implementations in
LAN, and on another their implementation in WAN. The interested reader shall also find graph
representations of the protocol's operations partition and merge, concerning STR and TGDH in
[AKNRT04].

Figure 3: Communication cost comparison [AKNRT04]

Let's illustrate the performance evaluation graphs in a row:

Figure 4: Join operation - average time at LAN [AKNRT04]

19

3. Methods

Figure 5: Leave operation - average time at LAN [AKNRT04]

The interested reader should notice that, there are notable differences in the performance evaluation
comparison graphs, comparing the left side graph to the right side graph in Figure 4 and Figure 5
respectively. The computation cost is utilised by running the protocols in two scenarios, one with a
computation of a 512-bit secret key( RSA) and the second one presenting the computation cost of a
1024-bit security key( RSA). The authors of the method point out that, they intentionally choose a
non secure 512-bit size, so this could point out obviously the weight of the computation cost of the
performance analysis as well.

Figure 6: Partition operation - average time at LAN [AKNRT04]

20

3. Methods

Figure 7: Partition operation - Clustering effect [AKNRT04]

Figure 8: Merge operation - average time at LAN [AKNRT04]

The next Figure 9, represents the technical implementation of the extreme case study, concerning
the long delay networks( WAN) performance evaluation. For the technical specification of the
network, please refer further to the method's description paper[AKNRT04].

Figure 9: The extreme case of long delay networks[AKNRT04]

21

3. Methods

The only GKAPs protocol operations significant for the performance evaluation, as the method
authors, are Join and Leave, see Figure 10:

Figure 10: Join and Leave operations - average time at WAN [AKNRT04]

As conclusive results of the performance analysis Tsudik et al. point out TGDH as overall most
efficient GKAP, though in detail, concerning the evaluation of the single protocol operations, the
worst case communication cost of TGDH is significantly expensive compared to STR. By protocol
runs with less members, like a dozen, the more efficient GKAP is BD, though with the
incrementation of the members in the GKAP group the performance of this protocol decreases
immense.
The reader should find more detailed information on the Tsudik et al. method in [AKNRT04).
Let's proceed further and present in detail the next important performance evaluation method.

3.2. Zheng/Foss/Lee method

This method is described in [ZFL05]. It presents another approach for performance evaluation of
GKAPS with critic on the common knowledge on the topic. The Zheng/Foss/Lee Method, in short
ZFL method, should represent an extension to the Tsudik et al. method. The interested reader should
notice that, two of the five example protocols are the same as in the previous described method-
TGDH and STR. The performance evaluation focuses also on the Centralized GKMPs as in the
prior described technique. The full set of evaluated GKAPs in this method are: GHD3.0, EGK,
TGDH, STR and CCEGK.
GDH3.0 is already considered as inefficient GKAP, though considering the paper release in 2005,
we should proceed with the further investigation of the GDH3.0 by the ZFL method. Main
contribution of the ZFL technique is the evaluation of performance analysis on protocols group
operations, classified in the following categories: join-leave-[mass join]19-[mass leave]; merge-
partition; and join-leave-[mass-join]-[mass leave]-merge-partition. This is also a main critic point to
the known performance evaluation methods on the topic. The authors of the method disagree that,
the a performance analysis on the separate evaluated basic protocol operations could give a
complete and adequate conclusion, whether the security protocol is efficient, or not. In the reality,

19 The brackets are needed here to point out that, 'mass join' and 'mass leave' are single basic operations in the proper
GKAP run.

22

3. Methods

there are cases of simultaneously occurring basic protocol operations on a click20 of the protocol
run, which should be considered as relevant for the performance analysis and therefore included in
its evaluation. The authors of the ZFL method point explicit out the features of the communication
and computation cost. Relevant parameters for the communication cost are: number of rounds,
number of unicast messages, number of broadcast messages, and number of messages[ZFL05]. The
computational cost include: total sequential exponentiations, total signatures, and total verifications.
Limitations of the method are: partition operations for TGDH and STR as implemented as best
guess due to the lack of sufficient documentation on the tropic at the paper's release. The initial
group sizes in this evaluation method are as follows: 200, 600 and 1000. The presented results in
the method's description paper are related to groups with 600 members, because of the absence of
significant results differences according to the three cases with 200, 600 and 1000 members.
Subsequently the operations run are specified as follows: 100,50 and 100 respectively to the
previous specified combined operations, see above. For complete information on the test scenarios,
please refer to the [ZFL05]. In the following pages of the term paper we shall illustrate the
performance evaluation results of the ZFL method in a row.
Let's present the results of the current performance analysis of GKAPs. Concerning the aspects
average phases and messages, efficient protocols are CCEGK and STR, followed by the TGDH,
RGK and GDH3.0. The placement of the GDH3.0 is obvious. Concerning the aspects, related to the
computational costs, as an average sequential exponentiations EGK is placed as best followed by
TGDH, CCEGK, STR and GDH3.0. This confirms the a priori categorisation of the GDH3.0 GKAP
as inefficient protocol as well. The authors of the method proceed further in their research and
present proposals for the efficient implementation of the evaluated GKAPs by means of the
performance analysis results as follows: CCEGK and STR should be considered as appropriate
protocols for networks with low communication power; concerning networks with low
computational power, best fit GKAPs are presented by EGK, TGDH and CCEGK; in network ,
which combine both of the prior described networking profiles, best suited protocols should be
represented by CCEGK and TGDH. Let's proceed with the results illustration in the next tables and
consequently to them straight ahead with the presentation of the last performance evaluation
method, concerning GKAPs analysis, the Noack's method.

20 In the ZFL method such combined operations are assumed as combination of basic protocol operations as an
independent and multinomial distribution[ZFL05]. The only exception to this assumption represent the Merge-
patition combined operation, which should be represented as an independent and uniform distribution.

23

3. Methods

Figure 11: Communication and computational costs[ZFL05]

24

3. Methods

Nine scenarios in Join-leave-[mass join]-[mass leave]

Join-leave-[mass join]-[mass leave] average phases for Join-leave-[mass join]-[mass leave]average messages for
the evaluated GKAPs the best three evaluated GKAPs

Join-leave-[mass join]-[mass leave] average messages Join-leave-[mass join]-[mass leave]average seq.
for the evaluated GKAPs exponentiations for the evaluated GKAPs

Table 2: Join-leave-[mass join]-[mass leave] results[ZFL05]

25

3. Methods

Merge-Partition average phases for the evaluated GKAPs

Merge-Partition average phases for the best three Merge-Partition average seq. exponentiations for the
evaluated GKAPs evaluated GKAPs

Merge-Partition average messages for the evaluated Merge-Partition average seq. exponentiations for the best
GKAPs three evaluated GKAPs

Table 3: Merge-Partition results[ZFL05]

26

3. Methods

Ten scenarios in Join-leave-[mass join]-[mass leave]-
Join-leave-[mass join]-[mass leave]-merge-partition
merge-split
average phases for the evaluated GKAPs

Join-leave-[mass join]-[mass leave]-merge-partition Join-leave-[mass join]-[mass leave]-merge-partition
average messages for the evaluated GKAPs average seq. exponentiations for the evaluated GKAPs

Join-leave-[mass join]-[mass leave]-merge-partition Join-leave-[mass join]-[mass leave]-merge-partition
average messages for the best three evaluated GKAPs average seq. exponentiations - best three evaluated
GKAPs

Table 4: Join-leave-[mass join]-[mass leave]-merge-partition results[ZFL05]

27

3. Methods

3.3. Noack's method

This last method presented in the third chapter concerns the performance evaluation of Group Key
Agreement Protocols for Wireless Mesh Networks, see subtitle of the terms paper. We shall once
again point out that, the focus of our research is dedicated to this method. Now let's describe it in
detail.
The method represents two techniques utilising performance analysis of GKAPs. The first
technique is described in [AN09b], the second one is well illustrated in [AN09b]. In a word, both of
the techniques represent theoretical models, concerning performance evaluation. Though they
represent different abstractions. This is very important for the better understanding of the further
presentation of the Noack's method. Let's proceed with the presentation of the first abstraction
technique, or abstraction model in the Noack's method. In short, we shall call it the probabilistic, or
just theoretical model. In distinction to this model the second abstraction technique shall be called
the grid model, please proceed with further reading.

The probabilistic model

The main goal of this abstraction model is to give an adequate approach for evaluating performance
issues on Contributory GKMPs for Wireless Mesh Networks. As we point out in the previous
sections of this and the prior chapters, the Wireless Mesh Networks represent agile wireless
networking constructs by means of WiFi standard. The main features of these networks are once
again to mention: self-clustering, self-healing, self-stabilising. These networks can sustain active no
matter there is a connection to the internet, or not- remember the MEA mesh implementations for
the police mobile public networks. As appropriate security protocols are designated the
Contributory GKMPs, or the Group Key Agreement Protocols, where the shared group key is
generated collaboratively by all members in a very run of the GKMP. Though, there are drawbacks
in this mesh networks, because the protocols run in most time over shared medium, that's why
performance analysis is required, so the WMN can operate successfully and efficient in their
implementations as well. Knowing this two major issues: the bottle neck problem and the
simultaneous n broadcast messages problem[AKNRT04], we should construct this abstraction
model in an appropriate way. This means that, a well known abstraction for the security channel in
the model, assuming perfect broadcasting is allowed to be applied, could not be considered in the
case of WMN as an adequate ansatz. Perfect broadcasting could be applied to the nearest
neighbours21 of a very node, though this is not a realistic approach, concerning a remote node to
this. Sending a message to all nodes in the WMN, represent further difficulties to apply perfect
broadcasting, because of the computation overhead as a spanning three of nodes should be selected,
whose broadcasting radii should cover the whole WMN topology, with the implication of other
algorithms there could be a risk of performance sink of the WMN, because further collision issues
on frequency level. Subsequently, we shall point out the main criteria for performance analysis for
further deliberations: the number of broadcast[BC] messages and the adaptability of the logical
group structure[AN09a]. It's obvious, if a protocol implements fewer BC messages, needed for the
proper protocol run, the performance in the WMN will increase. As stated before, if the logical
structure of the GKAP should be easily applied over the physical structure of the WMN, the
performance of the networks should also increase. In such case the matching of the neighbour nodes
21 Neighbour nodes within the reach of the wireless broadcasting radius of the sending/ receiving node

28

3. Methods

of the GKAP and the neighbour nodes in the WMN should be presented, which will present a cheap
perfect BC. As mentioned before: GKAPs do not consider message protection on the
communication channel, but the messages should be protected by the protocol on itself[AN09a]. In
this way of thoughts, the same conclusions regarding perfect BC on the WMN level, should be
applied to the GKAPs. We define here two types of BC: local and full BC, the first one represents
perfect BC, the second one implements message forwarding by means of hops, according to a click
in the protocol run, respectively. As the WMN represent dynamically changing, agile wireless
networking constructs, we should not assume a common physical structure of the network as an
etalon. Concerning the communication complexity analysis of the GKAPs for WMN we shall
consider the next assumption in the probabilistic model- the logical structure of the GKAPs presents
perfect matching with the physical structure of the WMN.
Now let's explain the communication complexity definitions, applied to the topic. Keeping in mind
the prior pointed out drawbacks, we shall define the following terms as [AN09a].
Performance indicators
Timeslot
The timeslot defines the time for sending a local BC of a maximum sized message( MTU),
assuming an interference-free full capacity communication channel as a pre-requirement, see
[AN09a].
MoT
Note, we allow us, to designate in short the second indicator as MoT in the current term paper. This
abbreviation is originally not given by the author of the method.
MoT( number of messages over timeslot) quantifies the expected interference of the shared medium
in the WMN. If the network interference( intensity and occurrence at all) depends on the network's
load factor, an adequate weight of the interference could be represented by the number of
simultaneously transmitted messages over a timeslot22, remember the simultaneous n BC messages
issue at [AKNRT04].
Message counting
The probabilistic model proposes the following message counting as more appropriate for WMN:
• 1 message is a message from a very node to its neighbour
• 1 message send from a very node to a remote node is counted by #Hops
#Hop
A #Hop represent the number of edges in the execution path of 1 Message in the graph representing
the network structure. Note, that there is the assumption in the theoretical model- the physical
structure matches the logical structure, which is not the case in the praxis; forwarding of messages
in WMN should be abstracted in this model.
Timeslot measurement
According to the assumption for structures' matching:
• 1 message counts 1 timeslot

22 Andreas Noack points out at [AN09a] that evaluating the estimation of the interference per collision domain should
be considered as a more reasonable factor, though it shall not be utilised in this model abstraction.

29

3. Methods

• 1 message to remote node counts #Hops timeslots
• simulations sent messages count #hops of longest path
MoT calculates number of total messages over number of timeslots and as next assumption its value
should sustain as an average value over the completed protocol run.
The method is evaluated over three GKAPs: BD I,BD II, TBKA.
As in [AKNRT04], the protocols are discussed in the description paper[AN09a] with demonstration
of the logical structure of the protocol, representation of the protocol's execution by means of the
basic protocol operations: initialisation, join, leave. The communication complexity is estimated by
the formula: timeslots + x*( MoT). In [AN09a] the value of x is chosen too small, x = 0.5, later the
author of the method will self-criticise at [AN09b] and correct this with a more appropriate value of
4.45. For more on the topic , please consider further reading, regarding the grid model.
This value is also confirmed at [Q10].
Let's illustrate the results of the probabilistic model in the following Figures:

Figure 12: Burmester Desmedt I probabilistic model[AN09a]

30

3. Methods

Figure 13: Burmester Desmedt II probabilistic model[AN09a]

31

3. Methods

Figure 14: TBKA probabilistic model[AN09a]

The presented probabilistic model points out BD II as the GKAP with the smallest number of
timeslots needed for complete protocol run, thus as an most efficient under the three evaluated
GKAPs.
Let's proceed further with the presentation of the grid model, which should either support the results
of the probabilistic abstraction, or suggest another GKAP as more efficient one.

The Grid model

The main objection of the grid model is to represent a nearly reality model of the static WMN, with
the main feature: local broadcasts should be used to construct both unicast and broadcast
transmissions[AN09b]. The full BC should be further represented as a bunch of local BCs, while
the interference issues of the real world WMN should be considered as well. Furthermore, the grid
model represents approach to avoid the drawbacks, or assumptions, in the theoretical model: the
assumption that the perfect matching of the physical and logical structure shall be presented,
because of the lack of information regarding the physical structure of the WMN; the value of the
interference impact factor could not be determined; simultaneous n messages are not limited in the

32

3. Methods

probabilistic model.
The author of the model still consider the problem of the exact modelling of the of wireless
interference under general conditions as an open issue, which is still very hard to be solved.
Subsequently to this, the grid model should represent a more restricted abstraction model, than the
probabilistic one. This should lead to the estimation of absolute performance values without
concerning an instability factor.
Andreas Noack states that, the grid model abstraction, should also consider the fact to be able to
approximate the communication performance of all kind of GKAPs. Another important feature of
the utilisation of the grid model is the fact, it should be used as a comparison to the probabilistic
model, as mentioned above. The three GKAPs evaluated by the theoretical model shall be observed
via the grid model too.
Now let's describe the grid performance evaluation technique.
As the name of the model states, a grid topology of the physical structure shall be constructed. The
main goal is to compare the different GKAPs performance evaluations under equal conditions. The
introduced performance indicator in the probabilistic model regarding the communication
complexity are utilised in the grid model too, preserving their already introduced definitions.
Concerning the wireless interference issues, the grid model introduces the following abstraction:
simultaneous transmissions are only allowed, if such are not adjacent, in other words the wireless
ranges of the simultaneous transmissions an a very click of the protocol run do not overlap[AN09b].
Noack points out that this is a very important feature in the construct of the grid model, which
allows an adequate abstraction of the wireless interference. Furthermore, this fact considers the
estimation of absolute results with a deterministic protocol simulation, respecting the natural
wireless interference of the GKAPs. Let's illustrate this construction in the next Figure:

Figure 15: the grid model with simultaneous
transmissions; and structure mapping[AN09b]

33

3. Methods

It is mathematically comprehensible, observing the grid model, that, diagonal nodes do not
interfere, and the active communication channels for a very transmission are only allowed on the
axis of this construct. Subsequently, next assumption in the grid model should be, the interference
range should be equal to the transmission range, concerning simplicity reasons. The author of the
method points out that, an issue for further research should be, if the results from both of the
abstraction models represent notable differences, it should consider finding an appropriate relation
between the both ranges. Let's describe the performance measurement according to the grid model.
This is achieved in three steps. First step is to determine the logical structure of the GKAP and
subsequently apply it successfully to the grid structure, see examples in Figure 15. The mapping of
the both structures should be also optimised in efficient way. As TBKA does not represent a certain
logical structure, it is abstracted as a logical line structure as already implemented in the
probabilistic model. An advantage of this mapping approach is the fact, that altering the logical
structure, for an instance as dynamically growing, should be adapted automatically to the physical
grid as well. Furthermore, the mapping is considering random decisions in the application of the
logical protocol's structure to the physical grid model. The second step represent the protocol
execution with random coins23. This consider the representing of the communication order in the
real world, also randomised. This affects the steps completion of the protocol. The third step in the
performance measurement is to summarize the results. Note that, the number of steps differ to the
number of rounds in the protocol completion. Next grid model abstraction should be to set the
number of steps equal to the number of used timeslots. In other words, it is assumed that each
transmission needs the same time, which could be accepted, because of the fact that, there is no
interference and the distances between the nodes are standardised.
Let's illustrate the comparison between the two abstraction models in the Noack's method, see the
next table:
features Probabilistic model Grid model
Physical structure Equal to the logical structure N x M grid
Structure known yes yes
Routing given yes yes
Transmission range Direct neighbour Direct neighbour
Interference x*(MoT) excluded
Measurement unit Timeslots( TS) Timeslots( TS)
Table 5: Abstractions of the probabilistic and the grid model[AN09b]

As stated above the probabilistic model has several drawbacks: the perfect matching of the physical
and logical structure, because the physical is unknown; and the unknown factor x. Let's describe in
detail the factor x. It should be determined by means of the conditions of the Wireless Mesh
Network, concerning the criteria: wireless technology, network physical structure and external
influences. The value of x = 0.5 is considered inappropriate. We shall give a definition of two more
indicators: minimum and maximum possible execution time as:
• mint  = # timeslots
• maxt = # messages

23 http://en.wikipedia.org/wiki/RP_%28complexity%29

34

3. Methods

By interference- free conditions, the total performance value should be equal to the number of
computed timeslots. In the case of maximum interference, the total performance value should be
equal to the “# messages” timeslots, because of the fact that no messages should be transmitted
simultaneous under this conditions. The total performance is computed for the probabilistic model
as already stated:
Total Performance = timeslots + x*( MoT), with 0 <= x <= timeslots - ( timeslots²/# messages).
This is illustrated in the following distribution table:
5 nodes 20 nodes 100 nodes
BD1 X=3.36 X=10.70 X=50.74
BD2 X=1.88 X=4.57 X=6.88
TBKA X=2.10 X=12.19 X=56.39
Table 6: Maximum impact factor x( initialisation phases)[AN09b]
An impact factor x=1 means that the average number of MoT is added once to the whole
completion time, which obviously points out why the value of 0.5 is inappropriate. Note that, x=1 is
quite unstable and hold only in interference-free WMN, which is practically unfeasible, so greater
values of x are considerable. Now let's illustrate the results of the probabilistic and grid model
comparison in the next Figure:

Figure 16: Performance results of the grid vs probabilistic model comparison[AN09b]

35

4. Results

4. Results

We shall discuss in this separate chapter the results of the comparison between the two abstraction
techniques in the Noack's method: the grid model and the probabilistic model. They are illustrated
as shown in Figure 16. The impact factor is corrected to 4.45 and we can observe the following
dependencies between the two different models. There is obvious a monotony in the way the values
are increasing, regarding the protocol runs with different nodes. This states that, nevertheless the
result values are not overlapping the grid model supports the performance evaluation of the
probabilistic model. The grid model points out the TBKA protocol obviously as more efficient
compared to BD I and BD II. Though the differences in the values between TBKA and BD II could
not be considered as always sufficient, concerning the different testing scenarios. BD I is
considerably the performance most inefficient protocol in the tested set of GKAPs.
As Noack explains in [AN09b] one of the main objections of the grid model is to be universally
applicable for the Group Key Agreement Protocols and even extended to Authentication GKMPs
etc. Tsudik et al. use security frameworks, see [AKNRT04] to stabilise the structure( tree) of the
TGDH and implement it successfully in the testing environments. Concerning WMN this should be
an interesting point out. The grid model is not limited in its structure, because it do not represent a
symmetric grid, but a N x M grid. This designates one of the main advantages of the model, to be
automatically extendible over the logical structure of particular GKAP. The strategy to implement
abstraction models, which are different in their design patterns- the one relies on probabilistic
abstractions, the other is more restricted, though more deterministic, represent the Noack's method
as unique and motivational for further research. The author points out in [AN09b] some of the
limitations of the models, like the absence of unique WMN nodes evaluation; the absence of
introduction of external interference; the grid model does not consider to express the interference in
the network via SNR24 and the abstraction of the simultaneous transmissions is not deterministic on
the point, whether such are allowed, or not, which makes it as a raw approximation. These issues
drive the strive for future research on the topic and implementation of the method even more.

24 http://en.wikipedia.org/wiki/Signal-to-noise_ratio

37

5. Conclusion and future work

5. Conclusion and future work

"...The future applications for wireless mesh networks are limited only by our imaginations. "
Dave Roos[L2]
The objection to give a classification of the Group Key Agreement Protocols in the term paper is
fulfilled. The classification is not designated as completed as at least new protocols shall be
developed and other well know shall be considered as security prone or inefficient, concerning the
vast technological progress in the Wireless Mesh Networks and the related implementation
standards. Two different classifications of Group Key Management Protocols are also presented and
compared. Both of them consider the GKAPs to belong to the class of Contributory GKMPs. This
designate the Group Key Agreement Protocols as best fit for implementations, concerning dynamic
peer groups and especially Wireless Mesh Networks. The GKAPs can be considered nowadays as
only security protocols presenting adequate security of WMN. Regarding the performance of
Group Key agreement Protocols three different methods are presented. The focus of the research in
the paper is set on the Noack's method, which is the only one evaluating performance issues of
GKAPs for Wireless Mesh Networks. The methods could be considered as sufficient, still not
completed set of approaches, concerning the performance analysis of GKAPs. As future work
related to the Noack's method, should be proposed the following. As the author points out in
[AN09b] the method could be completed as a framework, concerning the security routing,
authentication and key agreement for Wireless Mesh Networks. Another possible topic for future
work could be the implementation of security frameworks for stabilising the protocol structures, as
utilised in the Tsudik et al. method. Furthermore, the approach represented in the ZFL method
could be applied to extend the evaluation results, by implementing performance analysis not only
on separated basic operations of the GKAPs, but also on combinations of them. This should not be
considered as weaknesses in the Noack's method, which is still in development, but represent
possible extensions in the features of the Noack's performance analysis approach and perhaps give a
positive contribution to it.

39

Appendix

Appendix

In this Appendix three protocols shall be added to the probabilistic approach set of evaluated
protocols:
TGDH, STR and DGDH[SH08].As [RB03] TBKA I is represented by the TGDH protocol and
TBKA II is represented by STR. This means that TGDH is already given in the [AN09a] as TBKA,
which shall not be evaluated further, just represented with the proper index x=4,45.
TGDH and STR implement 2 Pair Diffie Hellmann Key Exchange and a ( binary) tree graph logical
structure. The advantages of STR in the merge/ partition operations shall not be illustrated at this
point.
The QGDH is more specific as it implements an extension of TGDH based on the utilisation of a
Group Controller Server( GCS). The GCS filters inefficient members in the protocol run deploying
a Blind Key Queues( BKQ), see [SH08]. The three protocols are utilising the divide and conquer
method.
Following, the Graphs of the three protocols shall be illustrated.

Figure 17: TGDH binary tree logical structure [SH08]

41

Appendix

Figure 18: STR graph logical structure [RB03]

Figure 19: Queue-based group Diffie-Hellmann entity model[SH08]

42

Appendix

Figure 20: The Blind Key queues in group controller server [SH08]

In the following tables the results of the protocols' evaluation by means of the probabilistic model
shall be illustrated and compared, see further.
Once again, we allow us to give a short name of: ( #message/timeslot) as MoT.
Let's clarify the assumptions concerning the different fields in Table 7.

43

Appendix

Direct Distant Total Direct Distant Total
Messag Message Message Message
e
Initialisatio n ((n-1)-1)n (n-1)n Initialisatio n (h1-1)n h1*n
n n
Join (n-1)+1 n-3 2n-3 Join n-1 2n-2 3n-3
Leave 0 n-3 n-3 Leave n-1 2n-2 3n-3
STR - # messages QGDH - # messages
e
Initialisatio 1 n-3 n-2 Initialisatio 1 2^h1-2 2^h1-1
n n
Join 1 n-3 n-2 Join 2 n-1 n +1
Leave 0 n-3 n-3 Leave 1 n-1 n
STR - timeslots QGDH - timeslots
e
Initialisatio n (n-2)n/ (n- (n-1)n/ (n- Initialisatio n (h1-1)n/ h1*n/
n 3) 2) n (2^h1-2) (2^h1-1)
Join n 1 (2n-3)/ (n- Join (n-1)/ 2 2 (3n-3)/ (n+1)
2)
Leave 0 1 1 Leave n-1 2 (3n-3)/ (n)
STR - MoT QGDH - MoT
Table 7: Communication complexity STR and QGDH
Cutline:
h = n-1 , [STR]
h1 = ld(n+1) , [QGDH]

As explained above the STR and QGDH implement Two Pair Diffie Hellmann Key Exchange and a
binary tree graph logical structure. We are allowed to adopt the equations from the Noacks'
probabilistic method concerning the TBKA, as TBKA represents a TGDH I. The formula
concerning the full broadcast case, represented in Table 7 by the 'Distant Messages' is as known:
2 h−2 . As stated in the cutline the height of the tree is n-1, concerning the STR with O( n)
modular exponentiation, and ld(n+1), concerning the QGDH with O( ld( n+1))[H08] modular
exponentiation. Substituting them in the 'Distant Messages' formula, we gain the results as
represented in Table 7, see above. We would like to respect the implementation of the QGDH,
concerning the iterations in the group controller server and adopt the values for the join and leave

44

Appendix

operations from [H08]. As there is no information regarding the initialisation phase in [H08] we
proceed with the standard method represented in the Noack's probabilistic model applied to TBKA
and STR.
The exact communication complexity results are given in the next Table 8.

5 10 20 50 100 5 10 20 50 100
Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes
s s
Initialisatio 20 90 420 2450 9900 Initialisatio 15 40 100 300 700
n n
Join 7 17 37 97 197 Join 12 27 57 147 297
Leave 2 7 17 47 97 Leave 12 27 57 147 297
STR - # messages QGDH - # messages
5 10 20 50 100 5 10 20 50 100
s s
n n
Join 3 8 18 48 98 Join 6 11 21 51 101
Leave 2 7 17 47 97 Leave 5 10 20 50 100
STR - timeslots QGDH - timeslots
5 10 20 50 100 5 10 20 50 100
s s
n n
Join 3 3 2 2 2 Join 2 3 3 3 3
Leave 1 1 1 1 1 Leave 3 3 3 3 3
STR - MoT QGDH - MoT
Table 8: GKAPs adoption to Mesh Networks

Table 8 represents the implementation of the equations defines in Table 7, concerning the cases: 5
nodes, 10 nodes, …, and 100 nodes. A graphical representation of these results is given in Figure
21, Figure 22,Figure 23, which illustrate the initialisation, join and leave singular operations,
respectively.

45

Appendix

600

500

400
BD I
BD II
300
TBKA I[TGDH]
200 TBKA II[STR]
QGDH
100

0
5 Nodes 10 nodes 20 Nodes 50 Nodes 100 Nodes

Figure 21: Initialisation Performance - timeslots + x* MoT, x = 4,45

140

120

100
BD I
80
BD II
60 TBKA I[TGDH]
TBKA II[STR]
40 QGDH
20

0
5 Nodes 10 Nodes 20 Nodes 50 Nodes 100 Nodes

Figure 22: Join Performance - timeslots + x* MoT, x = 4,45

160

140

120

100 BD I
BD II
80
TBKA I[TGDH]
60 TBKA II[STR]
40 QGDH

20

0
5 Nodes 10 Nodes 20 Nodes 50 Nodes 100 Nodes

Figure 23: Leave Performance - timeslots + x* MoT, x = 4,45

46

Bibliography

Bibliography

List of Links
L1 CERIAS Security Seminar Video - Provable security in mobile ad hoc networks
Mike Burmester, 2006
http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details.php?
uid=49608-y3xDO24uE3W4-7698-bq0h6IRT79tE7qcj
L2 How Wireless Mesh Networks Work
Dave Roos,
http://communication.howstuffworks.com/how-wireless-mesh-networks-
work.htm/printable
L3 Wireless Mesh Networks under FreeBSD
Rui Paulo, AsiaBSDCon 2010
http://www.youtube.com/watch?v=ZL30z1uI-JI
L4 MeshDynamics Mobile Mesh Networking (P3M) Animation
http://www.youtube.com/watch?v=l1prct6Xxzw
L5 How WiMAX Works
Marshall Brain, Ed Grabianowski
http://www.howstuffworks.com/wimax.htm/printable
Table 9: List of links

Reference list
MO05: Motorola, Comparison of Motorola Mesh , 2005
http://www.motorola.com/governmentandenterprise/contentdir/he_IL/Files
/SolutionInformation/ComparisonMeshNetworksEnabledArchitecture_WP.pdf
BOT06: Bob Briscoe, Andrew Odlyzko, Benjamin Tilly, Metcalfe's Law is Wrong , 2006
http://spectrum.ieee.org/computing/networks/metcalfes-law-is-wrong
MOST97: Ra'ul Monroy and Graham Steel, Faulty Group Protocols , 1997
http://homepages.inf.ed.ac.uk/gsteel/group-protocol-corpus/survey.pdf
AN09a: Andreas Noack, Group Key Agreement for Wireless Mesh Networks , 2009
http://www.nds.ruhr-uni-bochum.de/chair/people/noack/
RLKY04: Kui Ren, Hyunrok Lee, Kwangjo Kim, Taewhan Yoo, Efficient Authenticated Key
Agreement Protocol for Dynamic Groups , 2004
http://dasan.sejong.ac.kr/~wisa04/ppt/4A1.ppt
AB07: Sanjeev Arora, Boaz Barak, Computational Complexity: A Modern Approach,
Chapter 12: Communication Compexity , 2007
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.103.4782&rep=rep1&type=pdf

47

Bibliography

SRSP10: Mrs. Sugandha Singh, Dr. Navin Rajpal, Dr. Ashok Kale Sharma and Mrs. Ritu Pahwa,
Policy based Decentralized Group key Security for Mobile Ad-hoc Networks , 2010
www.ijcsi.org/papers/7-3-10-44-49.pdf
CS05: Yacine Challal , Hamida Seba , Group Key Management Protocols: A Novel
Taxonomy , 2005 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.1953
ZFL05: Shanyu Zheng and Jim Alves-Foss, Stephen S. Lee, Performance of group key
agreement protocols over multiple operations , 2005
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.9641
AKNRT04: Yair Amir, Yongdae Kim, Cristina Nita-Rotaru, Gene Tsudik, On the
performance of group key agreement protocols , 2004
www.cnds.jhu.edu/pub/papers/perf.pdf
H08: Sunghyuck Hong, Queue-based Group Key Agreement Protocol , 2008
ijns.femto.com.tw/contents/ijns-v9-n2/ijns-2009-v9-n2-p135-142.pdf
AN09b: Andreas Noack, Jörg Schwenk, Group Key Agreement Performance in Wireless Mesh
Networks , 2009 http://www.nds.ruhr-uni-bochum.de/chair/people/noack/
Q10: Alexander Queisser, Group Key Agreement in Wireless Mesh Networks, Practical
implementation of Burmester Desmedt II , 2010 http://www.nds.ruhr-uni-
bochum.de/chair/people/noack/
SH08: Sunghyuck Hong, Queue-based Group Key Agreement Protocol , 2008
http://ijns.femto.com.tw/contents/ijns-v9-n2/ijns-2009-v9-n2-p135-142.pdf
RB03: Raghav Bhaskar, Group Key Agreement in Ad hoc Networks , 2003
http://hal.inria.fr/docs/00/07/17/54/PDF/RR-4832.pdf

48

Performance of Group Key Agreement Protocols( Theory)

Recommended

Recommended

More Related Content

What's hot

What's hot (9)

Similar to Performance of Group Key Agreement Protocols( Theory)

Similar to Performance of Group Key Agreement Protocols( Theory) (20)

Recently uploaded

Recently uploaded (20)

Performance of Group Key Agreement Protocols( Theory)