Here is another M.Sc. term apper of mine, covering the topic of Group Key Agreement Protocols on Wireless Mesh Networks.
This M.Sc. term paper is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
Nowadays networking is more than implementing static wired network infrastructure. The
utilisation of wireless agile network constructs, represents a well established build-up on the “old
world” and in some cases the only feasible solution. Therefore the aspects, concerning the
dynamics, stability, security and performance issues of such “new world” networks are still of great
interest of the researchers. An important approach to represent an appropriate security level of
dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the
reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc
Networks. Though, there are not enough publications on the topic of Group Key Agreement
Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of
their utilisation. We shall consider this as a exciting challenge for research on the topic of
Distributed Key Agreement Protocols.
The current term paper should represent a discussion over the security aspects of WMN, the
performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods,
concerning these performance aspects and illustrate the GKAPs by means of their classification.
XAdES Specification based on the Apache XMLSec Project Krassen Deltchev
This B.Sc. project thesis is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, and
satisfies the legal requirements for advanced electronic signatures.There are several implementations of
XAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concerned
with Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer and
common user there is an implementation for the XMLDSIG specification, but still no one for XAdES.
The free source code implemetations of XAdES threat this project as a separate one and there is no interface,
which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to create
a library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionality
and level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced Electronic
Signatures, which is a standard of security nowadays.
The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as a
plug-in to the Security Project of Apache.
More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text-
based test suite of JUnit.
The topic, covering Web Application Forensics is challenging. There are not enough references,
discussing this subject, especially in the Scientific communities. Often is the the term 'Web
Application Forensics' misunderstood and mixed with IDS/ IPS defensive security approaches.
Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network
Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer
Forensics classification.
Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype.
Furthermore, Business Web Applications blast the common security knowledge and premise rapid
inventory of the current security best practices and approaches. The questions, concerning the
automation of the security defensive and investigation methods, are becoming undeniable
important.
In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the
Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools
for Webapp forensics.
Automated Validation of Internet Security Protocols and Applications (AVISPA) Krassen Deltchev
This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy!
This B.Sc. term paper is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
The AVISPA Model Checker is a tool for automated validation and verification of security
protocols. It provides a push-button web-based software- and hardware-independent interface and
installation binaries for UNIX-based Operating Systems.
It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive
formal language for specifying industrial-scale security protocols.
The different back-ends of the AVISPA tool implement new optimized analysing techniques for
automated protocol verification.
Therefore the researcher/scientist can prove even bigger in their specification protocols in a short
time and in a user-friendly way.
New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers
widest range of the modern authentication internet protocols, regarding their security validation.
This thesis examines using machine learning methods to extract cyber threat intelligence from hacker forums. It proposes a two-phase process using supervised and unsupervised learning. In phase one, classifiers like support vector machines are used to classify forum posts as relevant or not to security. Phase two applies topic modeling to identified relevant posts to discover discussion themes. Experiments on a real hacker forum show these methods effectively identify security-related information including zero-days, credentials, and malware. The study demonstrates hacker forums can provide useful threat intelligence and machine learning helps analyze large amounts of forum data.
The document is a PhD thesis that proposes and analyzes several security mechanisms for distributed communication systems, including an authority-based peer-to-peer key management scheme, a group key management scheme for dynamic peer groups, distributed secret sharing mechanisms, and a threshold multisignature scheme. The thesis also surveys existing group key management protocols for mobile ad hoc networks. The analysis shows that the proposed schemes satisfy security properties and are suitable for distributed systems with dynamic membership and unpredictable topology.
The document is a seminar report submitted by Alin Babu on the topic of secure cloud storage. It discusses cloud computing models and services, different access control mechanisms like mandatory access control and discretionary access control. It also covers secure data storage using AES encryption and the Disintegration Protocol (DIP) architecture for enhancing cloud security. Proxy re-encryption schemes and their advantages for secure file sharing in cloud applications like Dropbox and SugarSync are also summarized.
This dissertation summarizes an undergraduate project applying deep learning techniques to sentiment analysis. The project implements three technologies: 1) an HTTP API for sentiment analysis of text, 2) a Firefox extension that highlights webpage text according to sentiment, and 3) an interactive visualization of geolocated tweets with sentiment analysis. The dissertation provides background on deep learning and sentiment analysis methods before detailing the implementation and experimental evaluation of the three technologies.
This document presents a thesis that assesses the application of machine learning techniques to password list generation. The goal is to create human-like password dictionaries using character-based Recurrent Neural Networks (RNNs) and to classify passwords as human- or machine-generated using machine learning algorithms. The thesis shows that an attacker can facilitate machine learning to generate tailored password lists for specific victims by training a model on password creation schemes of other people in combination with user data of the victim. The results indicate that machine learning can accurately classify human passwords and successfully apply RNNs to recognize, learn, and recreate human password generation schemes to generate general and individual human password lists. While these approaches could be abused as an attack tool, they can also be
XAdES Specification based on the Apache XMLSec Project Krassen Deltchev
This B.Sc. project thesis is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, and
satisfies the legal requirements for advanced electronic signatures.There are several implementations of
XAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concerned
with Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer and
common user there is an implementation for the XMLDSIG specification, but still no one for XAdES.
The free source code implemetations of XAdES threat this project as a separate one and there is no interface,
which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to create
a library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionality
and level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced Electronic
Signatures, which is a standard of security nowadays.
The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as a
plug-in to the Security Project of Apache.
More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text-
based test suite of JUnit.
The topic, covering Web Application Forensics is challenging. There are not enough references,
discussing this subject, especially in the Scientific communities. Often is the the term 'Web
Application Forensics' misunderstood and mixed with IDS/ IPS defensive security approaches.
Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network
Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer
Forensics classification.
Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype.
Furthermore, Business Web Applications blast the common security knowledge and premise rapid
inventory of the current security best practices and approaches. The questions, concerning the
automation of the security defensive and investigation methods, are becoming undeniable
important.
In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the
Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools
for Webapp forensics.
Automated Validation of Internet Security Protocols and Applications (AVISPA) Krassen Deltchev
This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy!
This B.Sc. term paper is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
The AVISPA Model Checker is a tool for automated validation and verification of security
protocols. It provides a push-button web-based software- and hardware-independent interface and
installation binaries for UNIX-based Operating Systems.
It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive
formal language for specifying industrial-scale security protocols.
The different back-ends of the AVISPA tool implement new optimized analysing techniques for
automated protocol verification.
Therefore the researcher/scientist can prove even bigger in their specification protocols in a short
time and in a user-friendly way.
New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers
widest range of the modern authentication internet protocols, regarding their security validation.
This thesis examines using machine learning methods to extract cyber threat intelligence from hacker forums. It proposes a two-phase process using supervised and unsupervised learning. In phase one, classifiers like support vector machines are used to classify forum posts as relevant or not to security. Phase two applies topic modeling to identified relevant posts to discover discussion themes. Experiments on a real hacker forum show these methods effectively identify security-related information including zero-days, credentials, and malware. The study demonstrates hacker forums can provide useful threat intelligence and machine learning helps analyze large amounts of forum data.
The document is a PhD thesis that proposes and analyzes several security mechanisms for distributed communication systems, including an authority-based peer-to-peer key management scheme, a group key management scheme for dynamic peer groups, distributed secret sharing mechanisms, and a threshold multisignature scheme. The thesis also surveys existing group key management protocols for mobile ad hoc networks. The analysis shows that the proposed schemes satisfy security properties and are suitable for distributed systems with dynamic membership and unpredictable topology.
The document is a seminar report submitted by Alin Babu on the topic of secure cloud storage. It discusses cloud computing models and services, different access control mechanisms like mandatory access control and discretionary access control. It also covers secure data storage using AES encryption and the Disintegration Protocol (DIP) architecture for enhancing cloud security. Proxy re-encryption schemes and their advantages for secure file sharing in cloud applications like Dropbox and SugarSync are also summarized.
This dissertation summarizes an undergraduate project applying deep learning techniques to sentiment analysis. The project implements three technologies: 1) an HTTP API for sentiment analysis of text, 2) a Firefox extension that highlights webpage text according to sentiment, and 3) an interactive visualization of geolocated tweets with sentiment analysis. The dissertation provides background on deep learning and sentiment analysis methods before detailing the implementation and experimental evaluation of the three technologies.
This document presents a thesis that assesses the application of machine learning techniques to password list generation. The goal is to create human-like password dictionaries using character-based Recurrent Neural Networks (RNNs) and to classify passwords as human- or machine-generated using machine learning algorithms. The thesis shows that an attacker can facilitate machine learning to generate tailored password lists for specific victims by training a model on password creation schemes of other people in combination with user data of the victim. The results indicate that machine learning can accurately classify human passwords and successfully apply RNNs to recognize, learn, and recreate human password generation schemes to generate general and individual human password lists. While these approaches could be abused as an attack tool, they can also be
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Mostafa El-Beheiry
This document is a bachelor's thesis submitted by Mostafa Ahmed Mostafa El Beheiry to the German University in Cairo that examines challenges in VoIP (Voice over IP) systems. The thesis identifies four main categories of challenges - security, quality, dependency, and emergency services. It discusses specific issues within each category such as packet sniffing, bandwidth, power outages, and inability to call emergency services. It also includes a simulation of a SPIT (Spam over IP telephony) attack on a VoIP client/server setup. The thesis aims to comprehensively document challenges in VoIP systems and propose possible solutions to advance the field.
This document is a project report submitted by Aina Gupta to the Department of Applied Sciences at ITM University, Gurgaon, India in partial fulfillment of the requirements for a Master of Science degree in Mathematics. The report explores new encryption and decryption techniques on ZN(3) and ZN(4) under the supervision of Prof. N. Chandramowliswaran and Dr. Gaurav Gupta. The report includes an introduction to cryptography, preliminaries on relevant mathematical concepts, and several sections proposing and analyzing new bijective encryption functions on ZN(3) and ZN(4).
Efficient Planning and Offline Routing Approaches for IP NetworksEM Legacy
Pre-print archive of my dissertation on Efficient Planning and Offline Routing Approaches for IP Networks, Departement of Communication Networks, Technische Universitaet Hamburg-Harburg 2006
This report summarizes the selection process for the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST). NIST reviewed 15 initial candidate algorithms and selected 5 as finalists: MARS, RC6, Rijndael, Serpent, and Twofish. These finalists underwent further public analysis based on security, performance on software and hardware platforms, and other factors. Based on this analysis, NIST selected Rijndael as the AES due to its high security, efficient implementation across platforms, and simplicity of description.
The document describes the ns network simulator. It discusses how ns has evolved from version 1 to version 2, with changes including decomposing complex objects into simpler components, using OTcl as the configuration interface instead of Tcl, and separating the interface code from the main simulator. It also provides information on how to access documentation for ns.
Improved kernel based port-knocking in linuxdinomasch
This thesis presents TCP Stealth, a new port knocking technique designed to improve security and usability over previous port knocking designs. TCP Stealth replaces the random TCP sequence number with an authentication token that verifies the client and optionally integrity protects the first bytes of the TCP payload. The thesis describes an implementation of TCP Stealth called Knock for the Linux kernel and a library called libknockify that allows enabling Knock without recompiling applications. Experimental results show TCP Stealth is compatible with most existing Internet infrastructure.
This thesis examines self-organization and polychronization in liquid state machines (LSMs). LSMs are a type of recurrent neural network inspired by the brain. The thesis introduces machine learning concepts and neural network models. It discusses how self-organized recurrent neural networks can develop input separation and perform tasks through spike-timing dependent plasticity and other mechanisms. Polychronization, where groups of neurons fire together in precise patterns, is also examined. The thesis hypothesizes that an LSM incorporating both self-organization and polychronization could have improved information processing abilities compared to models without these features.
This document provides an introduction and table of contents for a book titled "Computational Thinking: A Primer for Programmers and Data Scientists". The book aims to introduce computational thinking concepts to laypeople through hands-on examples and exercises using sample datasets. It is organized into three parts covering foundational computational thinking topics, applications for data science, and more advanced concepts. An interactive digital version will also be released to provide hands-on practice of problem solutions.
This Masters thesis presents a framework for analyzing and generating code for multicore fault tolerant mixed criticality embedded systems. The framework consists of three stages: profiling code to collect execution time information, mapping tasks and scheduling resources safely, and generating the code. It includes developing a static analysis to determine loop bounds, estimating worst-case execution times, integrating multicore schedulability analysis, and generating code for a multicore platform with error detection.
The document is a thesis submitted by Maryam Hamidirad for the degree of Master of Applied Science. It proposes a cooperative mechanism to reduce energy consumption in the downlink channel of LTE networks for multicast video transmission. The mechanism clusters users based on distance from the base station. A cluster header is chosen using a utility function and receives data directly from the base station. Cluster headers then relay the data to other users in their cluster using WLAN. Simulations show the approach reduces base station power consumption by 5-25% compared to conventional multicast transmission.
Integration of OVS in OpenWrt wireless network and investigation of SDWMNNazmul Hossain Rakib
OpenFlow managed Software Defined Network (SDN) and Wireless Mesh Network (WMN) are being an emerging technology for their autonomous functionality and economic feasibility. SDN is somehow defined as next generation technology which let the network configure, optimize and heal centrally using artificial intelligence. WMN has been adopted by several applications because of its promising functionality. In this research, applicability of SDN on WMN has been studied as well as the decentralized controller mechanism over SDWMN (Software Defined Wireless Mesh Network). First of all, two types of Wireless connectivity (AD Hoc and WDS) has been researched using OpenWrt configured SDN. Then probability and availability of WMN using SDN has been investigated. Finally, some solutions has been tried to figure out for the further future implementation of SDWMN.
This thesis examines integrated optical realizations of qudits for quantum cryptography. The document is Thomas Balle's master's thesis submitted to the University of Aarhus. It provides background on quantum cryptography and discusses the design and characterization of integrated optical chips to encode photons for a quantum cryptography system based on the B92 protocol. The thesis also describes experiments conducted to test the chips and suggests improvements to the system.
This PhD thesis proposes methods for distributed iterative decoding and processing in wireless cooperative networks. It presents a block structure layered design for jointly designing channel encoders across all nodes in a wireless network. It also develops a generic implementation framework for sum-product algorithm message passing on factor graphs, using a proposed Karhunen-Loeve transform message representation. This framework can be applied to receiver processing in wireless networks. The thesis aims to advance both the global design of channel codes across network nodes, and the receiver processing of individual nodes, to better support wireless cooperative networks.
Research Challenges and Characteristic Features in Wireless Sensor NetworksEswar Publications
Wireless Sensor Networks have come to the forefront of the scientific community recently and it consists of small nodes with sensing, Communications and computing capabilities. The Wireless Sensor Network Systems can be applied to monitor different environments ranging from military to civil applications. It is observed that different protocols necessary for smooth functioning of the network system are highly application specific. Current WSNs typically communicate directly with a centralized controller or satellite. In this paper we survey the different research challenges in Wireless Sensor Networks and purpose of various research Challenges activities is the development of a framework, which is radically simplifies the development of software for sensor network applications and characteristic Features of Sensor Networks.
This thesis examines considerations for deploying software-defined networks (SDN) in telecommunication networks. It discusses strategies for migrating networks to allow both SDN and legacy devices to interoperate during an incremental deployment. The thesis formulates an automated process for bootstrapping newly deployed forwarding devices onto the network in an emulated environment. It also reviews solutions for programming forwarding devices, performing topology discovery, and providing secure remote management of devices located in untrusted environments.
This document describes a project analyzing source location privacy in wireless sensor networks through probabilistic model checking. It will model an algorithm for protecting source location privacy using the PRISM model checker. The model will be analyzed based on the probability of source location capture, expected number of messages, and expected time to source location capture. Future work may include implementing additional algorithms, expanding the network size, new network structures, and using high performance computing for larger models.
This thesis document describes Pierre Châtel's work toward a Doctor of Philosophy degree in Computer Science from University Pierre et Marie Curie – Paris 6. The thesis addresses the problem of agile service composition in distributed systems while considering non-functional constraints. The research objectives are to promote reactivity in complex distributed systems through late binding of services based on quality of service values, and to enable useful service composition through qualitative modeling and reasoning about preferences over non-functional properties. The thesis presents contributions in active, useful, and agile service composition, and includes formalization of the Linguistic CP-net model and details of an implementation framework.
This document summarizes a seminar report on cluster computing. The report discusses cluster components including applications, middleware, operating systems, interconnects, and nodes. It describes different types of clusters such as high availability clusters, load balancing clusters, and high performance clusters. It highlights advantages like high processing capacity and disadvantages like increased difficulty of management. It provides examples of cluster applications such as Google search engines, petroleum simulation, protein exploration, and earthquake simulation.
This document provides an abstract for a bachelor thesis that compares the SCADA protocols IEC 60870-5-104 and MQTT. The thesis includes:
1) An overview and evaluation of several SCADA protocols, including IEC 60870-5-104 and MQTT.
2) Experimental implementations of IEC 60870-5-104 and MQTT in a smart grid simulation created with the Mosaik framework.
3) An evaluation of the implementations and a conclusion that MQTT has potential for smart grid SCADA systems that need to interact with IoT devices, but it requires extensions to be fully useful for SCADA.
This white paper discusses an integrated security solution from Juniper Networks for virtualized data centers and clouds. It addresses the security challenges introduced by virtualized workloads, which physical firewalls have limited visibility into. The solution includes Juniper's SRX firewalls to protect physical workloads and segment traffic, and Firefly Host virtual firewalls to protect virtualized workloads within hypervisors and enforce the same security policies. This provides consistent security across physical and virtual environments as organizations adopt cloud computing.
This white paper discusses an integrated security solution from Juniper Networks for virtualized data centers and cloud environments. It addresses the security challenges of virtualized workloads, which lose visibility from traditional physical firewalls. The solution includes Juniper's SRX Series services gateways to protect physical workloads and a virtual gateway (vGW) to protect virtualized workloads. It provides integrated zone enforcement between the physical and virtual firewalls to consistently enforce security policies across physical and virtual systems.
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Mostafa El-Beheiry
This document is a bachelor's thesis submitted by Mostafa Ahmed Mostafa El Beheiry to the German University in Cairo that examines challenges in VoIP (Voice over IP) systems. The thesis identifies four main categories of challenges - security, quality, dependency, and emergency services. It discusses specific issues within each category such as packet sniffing, bandwidth, power outages, and inability to call emergency services. It also includes a simulation of a SPIT (Spam over IP telephony) attack on a VoIP client/server setup. The thesis aims to comprehensively document challenges in VoIP systems and propose possible solutions to advance the field.
This document is a project report submitted by Aina Gupta to the Department of Applied Sciences at ITM University, Gurgaon, India in partial fulfillment of the requirements for a Master of Science degree in Mathematics. The report explores new encryption and decryption techniques on ZN(3) and ZN(4) under the supervision of Prof. N. Chandramowliswaran and Dr. Gaurav Gupta. The report includes an introduction to cryptography, preliminaries on relevant mathematical concepts, and several sections proposing and analyzing new bijective encryption functions on ZN(3) and ZN(4).
Efficient Planning and Offline Routing Approaches for IP NetworksEM Legacy
Pre-print archive of my dissertation on Efficient Planning and Offline Routing Approaches for IP Networks, Departement of Communication Networks, Technische Universitaet Hamburg-Harburg 2006
This report summarizes the selection process for the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST). NIST reviewed 15 initial candidate algorithms and selected 5 as finalists: MARS, RC6, Rijndael, Serpent, and Twofish. These finalists underwent further public analysis based on security, performance on software and hardware platforms, and other factors. Based on this analysis, NIST selected Rijndael as the AES due to its high security, efficient implementation across platforms, and simplicity of description.
The document describes the ns network simulator. It discusses how ns has evolved from version 1 to version 2, with changes including decomposing complex objects into simpler components, using OTcl as the configuration interface instead of Tcl, and separating the interface code from the main simulator. It also provides information on how to access documentation for ns.
Improved kernel based port-knocking in linuxdinomasch
This thesis presents TCP Stealth, a new port knocking technique designed to improve security and usability over previous port knocking designs. TCP Stealth replaces the random TCP sequence number with an authentication token that verifies the client and optionally integrity protects the first bytes of the TCP payload. The thesis describes an implementation of TCP Stealth called Knock for the Linux kernel and a library called libknockify that allows enabling Knock without recompiling applications. Experimental results show TCP Stealth is compatible with most existing Internet infrastructure.
This thesis examines self-organization and polychronization in liquid state machines (LSMs). LSMs are a type of recurrent neural network inspired by the brain. The thesis introduces machine learning concepts and neural network models. It discusses how self-organized recurrent neural networks can develop input separation and perform tasks through spike-timing dependent plasticity and other mechanisms. Polychronization, where groups of neurons fire together in precise patterns, is also examined. The thesis hypothesizes that an LSM incorporating both self-organization and polychronization could have improved information processing abilities compared to models without these features.
This document provides an introduction and table of contents for a book titled "Computational Thinking: A Primer for Programmers and Data Scientists". The book aims to introduce computational thinking concepts to laypeople through hands-on examples and exercises using sample datasets. It is organized into three parts covering foundational computational thinking topics, applications for data science, and more advanced concepts. An interactive digital version will also be released to provide hands-on practice of problem solutions.
This Masters thesis presents a framework for analyzing and generating code for multicore fault tolerant mixed criticality embedded systems. The framework consists of three stages: profiling code to collect execution time information, mapping tasks and scheduling resources safely, and generating the code. It includes developing a static analysis to determine loop bounds, estimating worst-case execution times, integrating multicore schedulability analysis, and generating code for a multicore platform with error detection.
The document is a thesis submitted by Maryam Hamidirad for the degree of Master of Applied Science. It proposes a cooperative mechanism to reduce energy consumption in the downlink channel of LTE networks for multicast video transmission. The mechanism clusters users based on distance from the base station. A cluster header is chosen using a utility function and receives data directly from the base station. Cluster headers then relay the data to other users in their cluster using WLAN. Simulations show the approach reduces base station power consumption by 5-25% compared to conventional multicast transmission.
Integration of OVS in OpenWrt wireless network and investigation of SDWMNNazmul Hossain Rakib
OpenFlow managed Software Defined Network (SDN) and Wireless Mesh Network (WMN) are being an emerging technology for their autonomous functionality and economic feasibility. SDN is somehow defined as next generation technology which let the network configure, optimize and heal centrally using artificial intelligence. WMN has been adopted by several applications because of its promising functionality. In this research, applicability of SDN on WMN has been studied as well as the decentralized controller mechanism over SDWMN (Software Defined Wireless Mesh Network). First of all, two types of Wireless connectivity (AD Hoc and WDS) has been researched using OpenWrt configured SDN. Then probability and availability of WMN using SDN has been investigated. Finally, some solutions has been tried to figure out for the further future implementation of SDWMN.
This thesis examines integrated optical realizations of qudits for quantum cryptography. The document is Thomas Balle's master's thesis submitted to the University of Aarhus. It provides background on quantum cryptography and discusses the design and characterization of integrated optical chips to encode photons for a quantum cryptography system based on the B92 protocol. The thesis also describes experiments conducted to test the chips and suggests improvements to the system.
This PhD thesis proposes methods for distributed iterative decoding and processing in wireless cooperative networks. It presents a block structure layered design for jointly designing channel encoders across all nodes in a wireless network. It also develops a generic implementation framework for sum-product algorithm message passing on factor graphs, using a proposed Karhunen-Loeve transform message representation. This framework can be applied to receiver processing in wireless networks. The thesis aims to advance both the global design of channel codes across network nodes, and the receiver processing of individual nodes, to better support wireless cooperative networks.
Research Challenges and Characteristic Features in Wireless Sensor NetworksEswar Publications
Wireless Sensor Networks have come to the forefront of the scientific community recently and it consists of small nodes with sensing, Communications and computing capabilities. The Wireless Sensor Network Systems can be applied to monitor different environments ranging from military to civil applications. It is observed that different protocols necessary for smooth functioning of the network system are highly application specific. Current WSNs typically communicate directly with a centralized controller or satellite. In this paper we survey the different research challenges in Wireless Sensor Networks and purpose of various research Challenges activities is the development of a framework, which is radically simplifies the development of software for sensor network applications and characteristic Features of Sensor Networks.
This thesis examines considerations for deploying software-defined networks (SDN) in telecommunication networks. It discusses strategies for migrating networks to allow both SDN and legacy devices to interoperate during an incremental deployment. The thesis formulates an automated process for bootstrapping newly deployed forwarding devices onto the network in an emulated environment. It also reviews solutions for programming forwarding devices, performing topology discovery, and providing secure remote management of devices located in untrusted environments.
This document describes a project analyzing source location privacy in wireless sensor networks through probabilistic model checking. It will model an algorithm for protecting source location privacy using the PRISM model checker. The model will be analyzed based on the probability of source location capture, expected number of messages, and expected time to source location capture. Future work may include implementing additional algorithms, expanding the network size, new network structures, and using high performance computing for larger models.
This thesis document describes Pierre Châtel's work toward a Doctor of Philosophy degree in Computer Science from University Pierre et Marie Curie – Paris 6. The thesis addresses the problem of agile service composition in distributed systems while considering non-functional constraints. The research objectives are to promote reactivity in complex distributed systems through late binding of services based on quality of service values, and to enable useful service composition through qualitative modeling and reasoning about preferences over non-functional properties. The thesis presents contributions in active, useful, and agile service composition, and includes formalization of the Linguistic CP-net model and details of an implementation framework.
This document summarizes a seminar report on cluster computing. The report discusses cluster components including applications, middleware, operating systems, interconnects, and nodes. It describes different types of clusters such as high availability clusters, load balancing clusters, and high performance clusters. It highlights advantages like high processing capacity and disadvantages like increased difficulty of management. It provides examples of cluster applications such as Google search engines, petroleum simulation, protein exploration, and earthquake simulation.
This document provides an abstract for a bachelor thesis that compares the SCADA protocols IEC 60870-5-104 and MQTT. The thesis includes:
1) An overview and evaluation of several SCADA protocols, including IEC 60870-5-104 and MQTT.
2) Experimental implementations of IEC 60870-5-104 and MQTT in a smart grid simulation created with the Mosaik framework.
3) An evaluation of the implementations and a conclusion that MQTT has potential for smart grid SCADA systems that need to interact with IoT devices, but it requires extensions to be fully useful for SCADA.
This white paper discusses an integrated security solution from Juniper Networks for virtualized data centers and clouds. It addresses the security challenges introduced by virtualized workloads, which physical firewalls have limited visibility into. The solution includes Juniper's SRX firewalls to protect physical workloads and segment traffic, and Firefly Host virtual firewalls to protect virtualized workloads within hypervisors and enforce the same security policies. This provides consistent security across physical and virtual environments as organizations adopt cloud computing.
This white paper discusses an integrated security solution from Juniper Networks for virtualized data centers and cloud environments. It addresses the security challenges of virtualized workloads, which lose visibility from traditional physical firewalls. The solution includes Juniper's SRX Series services gateways to protect physical workloads and a virtual gateway (vGW) to protect virtualized workloads. It provides integrated zone enforcement between the physical and virtual firewalls to consistently enforce security policies across physical and virtual systems.
Network clustering is an important technique used in many large-scale distributed systems. Given good design and implementation, network clustering can significantly enhance the system\'s scalability and efficiency. However, it is very challenging to design a good clustering protocol for networks that scale fast and change continuously. In this paper, we propose a distributed network clustering protocol SDC targeting large-scale decentralized systems. In SDC, clusters are dynamically formed and adjusted based on SCM, a practical clustering accuracy measure. Based on SCM, each node can join or leave a cluster such that the clustering accuracy of the whole network can be improved. A big advantage of SDC is it can recover accurate clusters from node dynamics with very small message overhead. Through extensive simulations, we conclude that SDC is able to discover good quality clusters very efficiently.
This document summarizes the findings of the 5G NORMA project's Work Package 4 on flexible radio access network (RAN) architecture after the third design iteration. It presents three options for RAN slicing and discusses their standardization relevance. It also describes how the control and data layers can be functionally decomposed and adapted for specific services. Additionally, it introduces solutions for multi-tenancy radio resource management, multi-connectivity, virtual cells, and signaling optimizations for massive machine-type communication.
OPTIMIZED ROUTING AND DENIAL OF SERVICE FOR ROBUST TRANSMISSION IN WIRELESS N...IRJET Journal
This document proposes a system to optimize routing and prevent denial of service attacks in wireless networks. It aims to detect distributed denial of service (DDoS) attacks using a classifier system called CS_DDoS that classifies packets as malicious or normal. Malicious packets will be blocked and their IP addresses blacklisted. It also aims to use a hybrid optimization system (HOS) for efficient, quality routing to increase network lifetime and user communication. The system is designed to differentiate between genuine and malicious traffic, transfer data via alternative paths if attacks are detected, and balance network load for stable data transfer while improving packet delivery and throughput.
This document describes a master's thesis that designed a real-time telemetry system called BANET for monitoring mobile objects in groups. The system consists of sensing devices attached to objects, a group of monitored objects, and a monitoring application. Key design factors were the tendency of objects to form groups and their mobility. The innovative aspect of the system is that it supports group behavior by having neighboring objects form clusters with clusterheads that send aggregated data, improving performance over individual reporting. The thesis studied clustering algorithms and wireless technologies to design the network architecture. A prototype implementation including sensor nodes, server, and monitoring application was developed and experiments showed that clustering can significantly reduce data transmission costs for monitoring mobile groups in real-time.
There is a so much happening to improve the quality of automation in data center networking that it's best not to get hung up on whether it falls into the "hot topics." Modelling, automated verification, the use of programming and EDA methodologies applied to computer networking, particularly in the data center, are all going to be very valuable, and very quickly.
The document discusses the optical transport network (OTN) standard defined in ITU-T G.709. It describes the OTN layered structure, interfaces and rates, frame structure and overhead, and techniques for testing OTN elements. The OTN architecture allows more efficient transport of client signals using optical channels and standardized overhead to manage network functions like multiplexing and forward error correction.
A Push-pull based Application Multicast Layer for P2P live video streaming.pdfNuioKila
This document summarizes a master's thesis submitted by Bui Thi Lan Huong to Vietnam National University, Hanoi in 2011. The thesis proposes a push-pull based application layer multicast method for peer-to-peer live video streaming. Key points of the proposed method include organizing nodes into separate multicast sub-trees for pushing data, while also establishing links between nodes in different sub-trees for pulling data to reduce buffer times. The method aims to ensure fairness between nodes through a tit-for-tat policy and handle node failures with minimal impact. Simulation results showed improved quality of service for live streaming compared to other methods.
Similar to Performance of Group Key Agreement Protocols( Theory) (20)
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Performance of Group Key Agreement Protocols( Theory)
1. Term paper
Performance of Group Key Agreement Protocols( Theory)
Original Title in German
Seminararbeit
Effizienz von Group Key Agreement Protokollen (Theorie)
[ On the Performance of Group Key Agreement Protocols for
Wireless Mesh Networks]
Dept. of Electr. Eng. and Information Science
Ruhr-Universität Bochum
Chair of Network and Data Security
Horst-Görtz Institute
Krassen Deltchev
e-mail: Krassen.Deltchev@rub.de
23.08.2010
Person in charge: Prof. Dr. Jörg Schwenk
Advisor: M.Sc. Andreas Noack
2.
3. Abstract
Abstract
Nowadays networking is more than implementing static wired network infrastructure. The
utilisation of wireless agile network constructs, represents a well established build-up on the “old
world” and in some cases the only feasible solution. Therefore the aspects, concerning the
dynamics, stability, security and performance issues of such “new world” networks are still of great
interest of the researchers. An important approach to represent an appropriate security level of
dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the
reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc
Networks. Though, there are not enough publications on the topic of Group Key Agreement
Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of
their utilisation. We shall consider this as a exciting challenge for research on the topic of
Distributed Key Agreement Protocols.
The current term paper should represent a discussion over the security aspects of WMN, the
performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods,
concerning these performance aspects and illustrate the GKAPs by means of their classification.
Keywords: WMN, Wireless Mesh Networks, GKAP, Classification of Group Key Agreement
Protocols, Performance of Group Key Agreement Protocols, Communication Complexity
Kurzfassung
Die Fragen der Dynamik, Sicherheit und Stabilität, und Verwaltung von variablen
Gruppenteilnehmer in Netzen ist und wird ein aktuelles Thema im Bereich der IT-Sicherheit
darstellen. Besondere Interesse für eine Vorgehensweise, welche solche Problemaspekte effektiv
und adäquat löst, ist der Group Key Agreement Protokolle gewidmet.
Group Key Agreement Protokolle sind mehr oder weniger ausführlich beschrieben, wenn es von
Ad-Hoc( MANET)-Netze gesprochen wird.
Wenn es um Wireless Mesh Netze geht, findet man überraschenderweise kaum Literatur. Dies stellt
eine Herausforderung, dass man solche Fragen nachforscht und/oder von vorne herein erforscht.
Besonderes Thema zu diesem Gebiet stellen die Fragen der Effizienz im Bezug auf Group Key
Agreement Protokolle[GKAPs] in Wireless Mesh Netzen[WMN].
Diese Seminararbeit sollte einen Überblick bzgl. der IT-Sicherheitsaspekte von Wireless Mesh
Netzen, Group Key Agreement Protokollen und der Effezienz von GKAPs darstellen; anschliessend
entsprechnde Rechenverfahren vorstellen und eine Klassifizierung der Group Key Agreement
Protokolle illustrieren.
Stichwörter: WMN, Wireless Mesh Netze , GKAP, Klassifizierung von Group Key Agreement
Protokolle, Effizienz von Group Key Agreement Protokolle, Kommunikationskomplexität
3
7. Indexes
List of tables
Table 1: A proposal for GKAPs classification....................................................................................17
Table 2: Join-leave-[mass join]-[mass leave] results[ZFL05]............................................................25
Table 3: Merge-Partition results[ZFL05]............................................................................................26
Table 4: Join-leave-[mass join]-[mass leave]-merge-partition results[ZFL05]..................................27
Table 5: Abstractions of the probabilistic and the grid model[AN09b].............................................34
Table 6: Maximum impact factor x( initialisation phases)[AN09b]...................................................35
Table 7: Communication complexity STR and QGDH......................................................................44
Table 8: GKAPs adoption to Mesh Networks ...................................................................................45
Table 9: List of links...........................................................................................................................47
List of figures
Figure 1: GKMP map [SRSP10]........................................................................................................15
Figure 2: Taxonomy of Common TEK Group Key Management Protocols [CS05].........................16
Figure 3: Communication cost comparison [AKNRT04]...................................................................19
Figure 4: Join operation - average time at LAN [AKNRT04]............................................................19
Figure 5: Leave operation - average time at LAN [AKNRT04].........................................................20
Figure 6: Partition operation - average time at LAN [AKNRT04].....................................................20
Figure 7: Partition operation - Clustering effect [AKNRT04]...........................................................21
Figure 8: Merge operation - average time at LAN [AKNRT04]........................................................21
Figure 9: The extreme case of long delay networks[AKNRT04].......................................................21
Figure 10: Join and Leave operations - average time at WAN [AKNRT04]......................................22
Figure 11: Communication and computational costs[ZFL05]............................................................24
Figure 12: Burmester Desmedt I probabilistic model[AN09a]..........................................................30
Figure 13: Burmester Desmedt II probabilistic model[AN09a]........................................................31
Figure 14: TBKA probabilistic model[AN09a].................................................................................32
Figure 15: the grid model with simultaneous transmissions; and structure mapping[AN09b]..........33
Figure 16: Performance results of the grid vs probabilistic model comparison[AN09b]..................35
Figure 17: TGDH binary tree logical structure [SH08]......................................................................41
Figure 18: STR graph logical structure [RB03]................................................................................42
Figure 19: Queue-based group Diffie-Hellmann entity model[SH08]...............................................42
Figure 20: The Blind Key queues in group controller server [SH08]................................................43
Figure 21: Initialisation Performance - timeslots + x* MoT, x = 4,45...............................................46
Figure 22: Join Performance - timeslots + x* MoT, x = 4,45............................................................46
Figure 23: Leave Performance - timeslots + x* MoT, x = 4,45.........................................................46
7
8.
9. 1. Introduction
1. Introduction
"...the value of a telecommunications network is proportional to the square of the number of connected users of the
system (n2) ."
Metcalfe's law
We shall not argue in this paper whether the Metcalfe's law is provable, or empiric provable, or how
much the communication network increases in value; for the interested reader, please refer
to[BOT06]. However we must agree that, the better the communications infrastructure is presented,
the more consumer's interest to it. Nowadays the utilisation of wired networking could be still
considered as state-of-the-art solution, concerning aspects like stability and performance of the
telecommunication network. Though, there are many well known cases, which point out that ,
wireless networks should be considered as preferable solution instead of the well established wired
static approaches. Let's mention some of them. For example there are solutions for the police
mobile communications( MEA1), or for the fire fighters mobile communications implemented via
the proprietary and licensed 4.9 GHz WiFi Standard, the so called public safety networks; nowadays
most of the universities, schools, airports, hotels etc. are offering and utilising WiFi via hotspots and
wireless access points; in the U.S.A. after tornado storms the whole wired communications
infrastructure in several cities suffers heavy damages, wireless mesh networks appears to be in such
cases the most reasonable, efficient, time and effort saving solution, to rebuild the whole city
communications network in such disaster situations; in rural areas, or areas, which are difficult to
be accessed, wiring could be very pricey task, or even unfeasible task, in such cases covering the
area, utilising wireless mesh networks could be the best reasonable solution. This list can go further,
for examples on implementations of wireless mesh networks nowadays, please consider to read the
next chapters.
As we mention terms as WiFi, Wireless Mesh Networks[WMN], we shall consider a short
introduction to them in this chapter, keeping in mind that, the concerned reader is already aware of
them, though we shall apologise and proceed in this manner, concerning the better understanding of
the paper's thesis. Let's clarify the objections of the current term paper. This thesis is another
introduction to the wireless mesh networks, representing the security aspects of the WMN through
the Group Key Agreement Protocols[GKAP]. Furthermore, this paper shall represent a
classification of the GKAPs and discuss the performance aspects of the utilisation of the Group Key
Agreement Protocols for Wireless Mesh Networks. Let's represent this more detailed clarifying the
structure of the paper. In the next section the reader shall find information on the limitations of the
paper. Subsequently, the terms WMN, MANET, WiMAX, WiFi shall be clarified. In the next
chapter 2, a classification of the Wireless Mesh Networks shall be presented. Chapter 3, concerns
the methods related to the performance studies of the Group Key Agreement Protocols. Three
methods shall be described and compared one to another. The focus of this paper relies on the last
one, the Noack's method. The results of the method's comparison are represented at chapter 4. The
last 5th chapter concerns final thoughts and some proposals for future work.
Let's proceed with the limitations of this paper.
1 Motorola's Mesh Enabled Architecture [MO05]
9
10. 1. Introduction
1.1. Limitations of the paper
As one of the objection of the thesis is the classification of the GKAPs, we shall explicit clarify,
which protocols shall be considered as irrelevant for the further discussion on the paper's thesis.
Two classes of protocols we designate as irrelevant: the class of proven security prone GKAPs and
the class of considerably inefficient Group Key Agreement Protocols. A very good classification of
the first ones is given in[MOST97]. Let's illustrate the list of the proven security prone GKAPs:
GKE.setup,
Bull Otway Protocol, Boyd-Gonzalez Nieto Key Agreement Protocol, A-GDH, SA-GDH.2,
Asokan-Ginzboorg.
Furthermore, concerning the description of the Wireless Mesh Networks, we shall not illustrate, nor
represent any kind of constructs, concerning Seamless WMN2. Consequently to this, we shall not
discuss terms like routing and routing issues of WMN. For the interested reader, please consider to
another interesting term paper related to the current master's workshop3: Konfiguration eines
IEEE 802.11s konformen Mesh Netzwerks (Praxis), Andreas Hübner and other specific papers on
the topic: routing in wireless mesh networks.
As discussing the Group Key Agreement Protocols as reasonable security approach for WMN, the
intruder shall be described as an ordinary member of the Group Key construction. We shall not be
interested in discussing, whether the intruder can achieve DoS or MITM attacks, or just utilise
passive attacks as eavesdropping. The interested reader can find more information on this topic and
attacks like: Wormhole Attacks, Out-of-band Attacks, Rushing Attacks, Threat Model in Ad-Hoc
Networks etc. at [L1].
Finally, as we are discussing in this paper the performance issues of GKAPs, we shall understand
the same as we are discussing efficiency issues of the protocols.
Now let's explain the basic terms, concerning the thesis of this paper.
1.2. The terms: performance, communication complexity, WMN and
GKAP
1.2.1 Introduction to WMN
Let's introduce firstly the Wireless Mesh Networks4. WMN are based on the WiFi open standards
802.11a/b/g/s5 at 2.4GHz. Thus building the infrastructure of WMN is easy and cost reducing,
because most of the wireless devices for achieving this are on the market at consumer prices, like
WiFi routers and mobile devices with build-in WiFi network cards etc. There are also
implementations of WMN on the 802.16 standard, please consider further reading on the next
section. As the name of these networks states, the WMN are build upon a mesh topology, utilising
WiFi routers, or other wireless devices as mesh nodes. A mesh node can be implemented in the
mesh topology as a WiFi router, mobile computer with WiFi network card etc. Thus the WMN are
not limited in their hardware implementation. Still, considering an example design of the WMN we
2 http://www.smesh.org/
3 http://www.nds.rub.de/chair/lectures/290/
4 http://en.wikipedia.org/wiki/Wireless_mesh_network
5 http://www.open80211s.org/
10
11. 1. Introduction
can specify Mesh Clients as mesh leafs, implemented via mobile computers; Mesh Nodes,
implemented via WiFi routes; and gateways, which connect the WMN to the internet. This is
important to be clarified because of the mentioned above example of WMN utilisation- the MEA
implementation for police public WMN. Imagine if police patrol, reach an area where the internet
connection cannot be further established. Utilising a WMN in-between the members of the patrol,
they can still contact to each other regardless the internet connection is not present. Thus we reach
the point to designate the advantages of Wireless Mesh Network, listed as follows, see[L2]:
• Using fewer wires means it costs less to set up a network, particularly for large areas of
coverage,
• The more nodes are installed, the bigger and faster the wireless network becomes,
• WMN rely on the same WiFi standards (802.11a, b and g) already in place for most wireless
networks., the 802.11s standard is still in development, concerning WMN,
• They are convenient where Ethernet wall connections are lacking - for instance, in outdoor
concert venues, warehouses or transportation settings,
• They are useful for Non-Line-of-Sight (NLoS) network configurations where wireless
signals are intermittently blocked. For example, in an amusement park a Ferris wheel
occasionally blocks the signal from a wireless access point. If there are dozens or hundreds
of other nodes around, the mesh network will adjust to find a clear signal,
• Mesh networks are "self configuring;" the network automatically incorporates a new node
into the existing structure without needing any adjustments by a network administrator,
• Mesh networks are "self healing," since the network automatically finds the fastest and most
reliable paths to send data, even if nodes are blocked or lose their signal,
• Wireless mesh configurations allow local networks to run faster, because local packets don't
have to travel back to a central server,
• Wireless mesh nodes are easy to install and uninstall, making the network extremely
adaptable and expandable as more or less coverage is needed.
Let's list also some of the recent example implementations of WMN in the real world, as follows,
see[L3]:
• Meraki Mesh( special long range radio)[L3]
• Mesh Dynamics( multiple radios)[L3][L4]
• OPLC XO-I children's laptop[L3]
• Smesh( fast roaming)[L3]
• SolarMesh( mesh STA power comes from solar energy)[L3]
• SONOS multi-room music system[L3]
• Freifunk6
• Funkfeuer7
6 http://start.freifunk.net/
7 http://funkfeuer.at/
11
12. 1. Introduction
Andreas Noack states in his paper[AN09a] that, the Wireless Mesh Networks are the “missing link”,
which acts like an interface between the static wired internet and the modern ad-hoc networks. Let's
clarify this in the next section concerning the differentiation between the terms: WiFi, WiMAX,
WMN and MANET.
1.2.2 WMN vs. WiMAX vs. MANET
The title of this section is intentionally left confusing. Obviously, we are allowed to compare WiFi8
and WiMAX9, just because both of them represent two major standards for wireless
telecommunication networks. WiFi, or better Wi-Fi, is actually a marketing term and in many
countries stays as a synonym for WLAN, which is represented by the IEEE 802.11(a/b/g/i/n/s)10
standards. We shall just use WiFi as we are discussing the 802.11* implementations, in this paper.
As mentioned above, most of the consumer devices nowadays implement out-of-the-box the WiFi
standard, which makes in well known and wide spread. There are two implementations of the
802.11* standard: on one hand, there is an open standard, utilising 2,4GHz technical
implementations; and another one as mentioned above, which is licensed and operates on 4,9GHz.
The second one is obviously separated from the open standard and is used especially for as stated
above public networks like police MEA implementations, fire fighters mobile networks,
government implementations etc. The other standard, which is licensed, is IEEE 802.1611 and its
mnemonic equivalence is WiMAX( Worldwide Interoperability for Microwave Access). WiMAX
represents a telecommunication protocol in technical terms. Comparing WiFi and WiMAX we can
say in a word, that WiFi utilises shorter transmission ranges, so covering large areas, could be
established on behalf on the hardware assembling of many mesh nodes. On the contrary, the
WiMAX back-haul transmitter can cover larger areas, so the graph can be represented by fewer
nodes, making it optimised in terms of fewer graph members. Though, as the leading motto of this
first chapter states, the value of the network, increases with the incrementation of its connection
nodes. Furthermore, the WiMAX is licensed and could not be open implemented, without paying a
fee, so its hardware utilisation is much more pricey, not just because of the tax fee, but the
consumer devices implementing the 802.16 are not wide distributed, comparing to those ones with
WiFi logo on it. These facts lead us to the conclusion that, WiFi is the more appropriate
implementation for WMN.
Now let's clarify the terms WMN and MANET. As we already illustrated the common wireless
standards, let's illustrate more detailed the topology implementations of the WLAN. In a word the
MANET( Mobile Ad-Hoc Networks)12 represent a subclass of the Wireless Mesh Networks. As
WMN can utilise both ad-hoc and infrastructure[AN09a], mobile mesh networking is represented
via MANET. In this way of thoughts, we can accept, that the features, applied to MANET, belong to
WMN too. This means that, if there are research theories, related to Mobile Ad-Hocs, they should
be applied to the Wireless Mesh Networks as well. This is important statement, because nowadays
there is plenty enough literature on the Group Key Agreement Protocols for MANET and very few,
related to their superclass – the Wireless Mesh Networks. Thus, to achieve a proper introduction
and classification of the GKAPs and describe the performance issues for Group Key Agreement
Protocols for WMN, we shall find support in well known approaches, related to the MANET and
8 http://www.wi-fi.org/
9 http://en.wikipedia.org/wiki/WiMAX
10 http://en.wikipedia.org/wiki/IEEE_802.11
11 http://en.wikipedia.org/wiki/802.16
12 http://en.wikipedia.org/wiki/Mobile_ad_hoc_network
12
13. 1. Introduction
traditional wired networks.
Let's start with a few introductory words on the Group Key Agreement Protocols, which shall be
discussed more detailed in a separate chapter, as already stated, in chapter 2.
1.2.3 Introduction to GKAPs, communication complexity and
performance
As we agree on the conclusion , that WiFi is a reasonable implementation for Wireless Mesh
Networks, we shall consider to introduce the security aspects of the WMN. As Noack states
at[AN09a] security of WMN is not only utilising WEP13( which is already considered as security
prone algorithm), or WPA/WPA2( IEEE802.11i), because these standards are designed to secure
point-to-point connections.
Keeping in mind that, Wireless Mesh Networks are dynamic, with main features: self-healing, self-
clustering, self-stabilising, WPA/WPA2 cannot be considered as sufficient pre-requirement for
securing such agile network constructs as WMN at all. Let's illustrate the main goals for securing a
network as [AN09a]: Authentication, Confidentiality, Integrity Protection. As Noack mentions, the
Authentication of WMN must be present by two means, on one hand there are commercial reasons,
or political reasons like MEA implementations of WMN 4,9GHz licensed standard, on another there
are legal reasons- to allow only parties in the network run, which should not misuse it. In this paper
we shall not concentrate on GKAPs with Authentication, for the interested reader, please refer
further to [RLKY04].
Subsequently, discussing the Confidentiality security aspect of the Wireless Mesh Network, we
shall admit, as concluded in [AN09a], that, the absence of physical protection of the transmitted
signals in such wireless networking constructs requires as a greater concern, applied to the
confidentiality of the transmitted sensitive data over the network. A good approach to achieve and
utilise this is represented by the sharing of common security key among all parties, members, nodes
of the wireless network. An automatic method for such multi-party key agreement should represent
a complete encryption solution[AN09a]. To conclude this security model of the wireless network,
we shall mention that the last feature, the Integrity Protection of the network, should be easily
achieved, if the Confidentiality aspect is fulfilled as a pre-requirement. One approach for hardening
a given shared key should be the MAC( Message Authentication Codes)14, as [AN09a]. Thus, we
reach to the conclusion, concerning the security of WMN by the utilisation of Group Key
Agreement Protocols. Let's clarify the rest of the basic terms , which will be important for the
further reading: the performance and the Communication Complexity15 of Wireless Mesh Networks.
Both of them are specified as communication requirements for Group Key Agreement Protocols in
[AN09a]. As already stated at the limitations section of the paper, the GKAPs do not request the
security of the communication channel as a pre-requirement, moreover the messages should be
protected at a message layer over the protocol run[AN09a]. Important question regarding this, is the
perfect broadcast aspect of the network, which should be explained in detail in the further chapters
of the paper. At this stage of the thesis we shall only mention that, there are two types of broadcast
channels in GKAPs: local and full broadcast channels, which are implemented on the physical
topology of the WMN. Furthermore, there is the logical structure implementation of the GKAPs for
13 http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
14 http://en.wikipedia.org/wiki/Message_authentication_codes
15 http://en.wikipedia.org/wiki/Communication_complexity
13
14. 1. Introduction
utilising the agreement on the shared key. As a conclusion to this, we shall point out that, important
aspect for scaling the performance of the GKAPs for WMN is represented by the fact: generally the
performance of GKAPs decreases with increasing the differences between the physical structure of
the WMN and the logical structure of the GKAP, as [AN09a]. Consequently to this, we shall also
outline the fact, that in many cases the WMN utilise one shared medium to communicate over it, as
for an example one gateway to establish a connection to the internet. Imagine a doorway in a big
building, which is accessible for every member running-in and out of the building[L5]. This could
represent a bottleneck and prevent the protocol of its adequate protocol run.
On the contrary to this, the WiMAX implementations do not suffer such issues. They could be
merely abstracted as a building with many doorways, but limited member access through them- one
member can pass a doorway at a time[L5]. Therefore there is the need for further evaluation of the
communication cost, concerning performance aspect of the protocol run of GKAPs: the
Communication Complexity. On behalf of the proposed abstraction for WMN as a one doorway big
building, the communication complexity can be summarised as follows. There are two sets of
building members, one with the feature- members are outside the building, the another, members
are inside the building, which share a common feature- both sets can exchange limited amount of
members. For an instance a finite group of members of the set- members inside the building, like to
run out of the building as every one of them is running in the same way and this is considered by
both sets as an appropriate way to pass through the one door way in the building, the computation
of the lower bound, representing the min. members as a complete group successfully running out of
the building, knowing that the worst case in their group action would be to transform the one door
way in a bottleneck, should be represented by the communication complexity. The interested reader,
could refer further for more information to [AB07].
The term, communication complexity, shall be evaluated in chapter 3, where the reader shall find a
description of the three major methods, concerning the performance aspects of the GKAPs.
Let's proceed further with a more detailed representation of the Group Key Agreement Protocols,
which are illustrated via their classification in the next chapter.
2. Classification of GKAPs
As mentioned above, the most of the scientific sources, concerning Group Key Agreement
Protocols, are applied to MANET. Thus, we need to observe the security of Mobile Ad-Hoc
Networks and subsequently re-apply the conclusions on the WMN level. A starting point in the
research on the security of MANET is dedicated to the Key Management Protocols superclass. We
can list three major subclasses of Key Management protocols, see [SRSP10]:
• Centralized Group Key Management Protocols[GKMPs],
• Decentralized Group Key Management Protocols,
• Distributed Group Key Management Protocols
Let's describe them in detail. Main feature of the Centralized GKMPs is the presence of a Key
Distribution Center( KDC), which is responsible for the Key Management of the whole group of
protocol members. The Decentralized GKMPs represent a key management of large member
groups, where subgroup managers are responsible for the deployment of the protocols key
establishment. As intuitively supposed, this group of GKMPs implement an approach to reduce the
14
15. 2. Classification of GKAPs
overhead of the key management, if this is concentrated at a single instance, as in the example
above with the utilisation of a single static KDC. The Distributed GKMPs illustrate a protocol
construct with no explicit definition of a KDC. Moreover, every protocol member participates in the
generation of a shared group key, which represents a key distribution derivative of each member’s
key contribution in the protocol run. The Distributed GKMPs represent a superclass of the
Contributory Key Agreement Protocols, which illustrate the class of the Group Key Agreement
Protocols. This classification is represented in [SRSP10][CS05][ZFL05]. Let's illustrate the
discussed GKMP classes in the next Figure 1, see [SRSP10]:
Figure 1: GKMP map [SRSP10]
We shall support this classification by the next Figure 2, which gives more detailed representation
of the class hierarchical three of the Distributed Key Management Protocols. Zheng et al. also
classify the Group Key Management Protocols in three major subclasses, see [ZFL05]: the category
of Centralized GKMPs, the category of Distributed GKMPs and the category of Contributory
GKMPs. This classification is adopted from [AKNRT04]. Tsudik et al. propose another definition
of the Distributed GKMPs. The KDC is represented by dynamically selecting of a special group
member. This member, acting as a key server, should be also able to maintain long-term pairwise
15
16. 2. Classification of GKAPs
secure channels with all group members at a given temporal state of the protocol run. The
dynamically selected key server should be furthermore able to distribute at every click in the
protocol run the group keys. Tsudik et al. warn that, this could present a drawback, because, if a
new key server should be selected at a given short term of time, all the group keys should be
recreated by this instance from the start, which should reduce the performance of the security
protocol. Furthermore, the GKAPs are presented at this classification by the class of the
Contributory GKMPs. This category presents the same features as the Distributed GKMPs class in
the [SRSP10] classification. This points out the main design pattern to generate the shared group
key, as explained above, should be represented as a derivative of the contribution of every single
member in the protocol run. This shall illustrate the best approach for generating shared group
secret key, still without knowing drawbacks. Furthermore, the Contributory GKMPs rely on
modular exponentiations16, as [AKNRT04], and modular exponentiation functions are known to be
efficient even by big value of the exponent .This shall be a very important statement for the next
chapter 3, concerning the study on the performance methods for Group Key Agreement Protocols,
with focus on the performance method for GKAPs, concerning Wireless Mesh Networks.
Now let's illustrate the GKMPs classification, given in [CS05]:
Figure 2: Taxonomy of Common TEK Group Key Management Protocols [CS05]
Subsequently to this illustration, we shall specify in detail the classification of GKAPs and bring it
up-to-date. Note that this classification should be revised by adding new GKA Protocols in the
future as well. Most important subclasses are the ring based cooperation, hierarchical based
cooperation and broadcast based cooperation protocols, which represent the GKAPs, belonging to
the Contributory GKMPs. Other notable subclasses are the the GKA- derivatives and the
Authentication GKAPs. The last one shall not be discussed further, as already mentioned above.
Please, read further on the next page of the paper about Table 1:
16 http://en.wikipedia.org/wiki/Modular_exponentiation
16
17. 2. Classification of GKAPs
GKAPs subclasses: Presented by:
Ring based cooperation: ITW, GHD 1.0, GDH 2.0, GHD 3.0, BD I
Hierarchical based STR, BD II, TBKA, TGDH, CRTDH, BF- TGDH,Octopus, D- LKH,
cooperation: DH- LKH
Broadcast based Fiat et al., CKA
cooperation:
Centralized GKAPs: µSTR, µCLIQUES, µBD, µSTR-H, µTGDH
GKA- derivatives: GKA, Tree based GKA, RGKA, T-RGKA, W- RGKA, BD- RGKA,
Flexible RGKA, Fully RGKA
Clique- derivatives: CLIQUES I, CLIQUES II, µCLIQUES, M- CLIQUES
Authentication GKAPs: EGAKA, SAS- GMA
Not classified yet: EGK, CCEGK, AFTD, ...
Table 1: A proposal for GKAPs classification
Note that, concerning the group of inefficient GKAPs, mentioned in the limitations section of the
first chapter, the protocols: ITW, GHD 1.0, GDH 2.0, GHD 3.0, GKA, CLIQUES I and CLIQUES
II shall be pointed out a priory as belonging to this group and shall not be considered as relevant
protocols, concerning the performance discussion of Group Key Agreement Protocols for Wireless
Mesh Networks.
Let's proceed further with the illustration of three major performance evaluating methods for
GKAPs. Note that, they are not representing the complete set of calculation methods. There are
other approaches, which also contribute to the topic of performance evaluation of GKAPs, like in
[H08].
3. Methods
This chapter represents three significant methods for performance evaluation of Group Key
Agreement Protocols. Let's clarify the factors for selecting these methods as fundamental,
concerning the GKAPs research. The implementation of the methods is illustrated by finite set of
GKAPs, though the researchers try to develop methods, which are generally applicable for
evaluation tests on the performance of Group Key Agreement Protocols. In other words the methods
are not limited in their application on different GKAPs. Furthermore, the three methods represent
different and independent approaches in the performance research. The Tsudik et. al method utilise
a research approach on the LAN and WAN related GKAPs performance evaluation. Lee et al.
method, we shall use further in the paper the Zheng/Foss/Lee method designation, illustrate a
technique to study the performance of GKAPs over multiple operations, occurred during a stage of
the protocol run. The Noack's method is a unique approach to study the performance issues of the
Group Key Agreement Protocols for Wireless Mesh Networks, which are known to the author of the
paper17. The three methods represent a great contribution to the performance analysis of GKAPs and
17 The author of the paper, made a research on the topic of performance analysis for GKAPS for WMN, started in
17
18. 3. Methods
could be determined as sufficient, though not completed set of techniques for utilising an adequate
performance research on the Group Key Agreements Protocols. Now let's illustrate every single of
them in detail, starting with the Tsudik et al. method.
3.1. Tsudik et al. method
The main goal of this method is to study the performance issues of Group Key Agreement
Protocols, supporting modern internet collaborative applications as voice- and video conferencing,
distributed simulations, internet online games, replicated servers and database systems of all types.
It's description paper[AKNRT04] also supports the basic security construct of a secured network:
data privacy, integrity and authentication, which are considered as pre-requirements for secured
collaborative applications. Furthermore, the Tsudik's et al. paper proposes a classification of the
GKMPs in peer groups, as already mentioned and give an answer to the question, which GKMP is
adequate and best fit, concerning dynamic peer groups. The Contributory GKMPs, to which as
already known GKAPs belong, are considered with their strong security properties. Tsudik et al.
focus their work on the performance analysis related to LAN and WAN implementations of Group
Key Agreement Protocols; especially on the dualistic paradoxon, concerning the two dominating
factors in the performance analysis of the protocols: the computation cost18 and communication
cost. The thesis that, computation efficient protocols usually require more communication rounds
for the execution of the protocol run and the opposite, protocols with reduced communication
complexity induce greater computational effort, shall be evaluated in the paper, describing the
Tsudik et al. method. Consequently to this, are the conclusions of this research work to be
mentioned. Tsudik et al. point on one hand out that, the results of their experiments clearly illustrate
the greater importance and domination of the communication cost, over the computational cost for
group-oriented cryptographic protocols over long delay networks( WAN). On the other hand, the
cost of simultaneous n broadcast messages is considered to be another important factor among the
well known computational overhead and number of rounds, which is relevant for the performance
analysis of GKAPs. These conclusions support the abstractions, related to the Noack's method.
Long delay networks( WAN) could be analogised to the WMN, where the protocols run over a
shared medium, so bottle necks in their execution should not be underestimated. That's why, main
parameter for evaluating the performance analysis in the Noack's method should be the
communication complexity and not the computational cost, which should be ignored in the
abstraction model as well. Noack also explains in [AN09a] that the simultaneous n messages
parameter is from greater importance and should not be ignored, which explains the fact that, Noack
do not assume a perfect broadcasting in the protocol run. This should be explained in detail in the
last section 3.3 of this chapter as well.
Now let's describe the protocols used in the Tsudik et al. performance evaluation method. The
observed GKAPs should be listed as follows: BD, CKD, GDH, STR, TGDH. Each of the protocols
is described by its basic operations, which are evaluated separately one from another: initiate, join,
leave, merge, partition. The authors of the method explain that, the initiate operation is not relevant
for their performance analysis. Moreover every protocol's operation is additionally illustrated via its
detailed and completed step execution. The evaluation of the communication cost and computation
cost of the observed GKAPs is presented in separate comparison tables as well. We shall illustrate
only the communication cost results in the next Figure 3. Furthermore, the performance evaluation
23.04.2010 and ended at the time of the paper's release: 23.08.2010.
18 http://en.wikipedia.org/wiki/Computational_complexity_theory
18
19. 3. Methods
of the protocols shall be denoted via graphs on one hand concerning the GKAPs implementations in
LAN, and on another their implementation in WAN. The interested reader shall also find graph
representations of the protocol's operations partition and merge, concerning STR and TGDH in
[AKNRT04].
Figure 3: Communication cost comparison [AKNRT04]
Let's illustrate the performance evaluation graphs in a row:
Figure 4: Join operation - average time at LAN [AKNRT04]
19
20. 3. Methods
Figure 5: Leave operation - average time at LAN [AKNRT04]
The interested reader should notice that, there are notable differences in the performance evaluation
comparison graphs, comparing the left side graph to the right side graph in Figure 4 and Figure 5
respectively. The computation cost is utilised by running the protocols in two scenarios, one with a
computation of a 512-bit secret key( RSA) and the second one presenting the computation cost of a
1024-bit security key( RSA). The authors of the method point out that, they intentionally choose a
non secure 512-bit size, so this could point out obviously the weight of the computation cost of the
performance analysis as well.
Figure 6: Partition operation - average time at LAN [AKNRT04]
20
21. 3. Methods
Figure 7: Partition operation - Clustering effect [AKNRT04]
Figure 8: Merge operation - average time at LAN [AKNRT04]
The next Figure 9, represents the technical implementation of the extreme case study, concerning
the long delay networks( WAN) performance evaluation. For the technical specification of the
network, please refer further to the method's description paper[AKNRT04].
Figure 9: The extreme case of long delay networks[AKNRT04]
21
22. 3. Methods
The only GKAPs protocol operations significant for the performance evaluation, as the method
authors, are Join and Leave, see Figure 10:
Figure 10: Join and Leave operations - average time at WAN [AKNRT04]
As conclusive results of the performance analysis Tsudik et al. point out TGDH as overall most
efficient GKAP, though in detail, concerning the evaluation of the single protocol operations, the
worst case communication cost of TGDH is significantly expensive compared to STR. By protocol
runs with less members, like a dozen, the more efficient GKAP is BD, though with the
incrementation of the members in the GKAP group the performance of this protocol decreases
immense.
The reader should find more detailed information on the Tsudik et al. method in [AKNRT04).
Let's proceed further and present in detail the next important performance evaluation method.
3.2. Zheng/Foss/Lee method
This method is described in [ZFL05]. It presents another approach for performance evaluation of
GKAPS with critic on the common knowledge on the topic. The Zheng/Foss/Lee Method, in short
ZFL method, should represent an extension to the Tsudik et al. method. The interested reader should
notice that, two of the five example protocols are the same as in the previous described method-
TGDH and STR. The performance evaluation focuses also on the Centralized GKMPs as in the
prior described technique. The full set of evaluated GKAPs in this method are: GHD3.0, EGK,
TGDH, STR and CCEGK.
GDH3.0 is already considered as inefficient GKAP, though considering the paper release in 2005,
we should proceed with the further investigation of the GDH3.0 by the ZFL method. Main
contribution of the ZFL technique is the evaluation of performance analysis on protocols group
operations, classified in the following categories: join-leave-[mass join]19-[mass leave]; merge-
partition; and join-leave-[mass-join]-[mass leave]-merge-partition. This is also a main critic point to
the known performance evaluation methods on the topic. The authors of the method disagree that,
the a performance analysis on the separate evaluated basic protocol operations could give a
complete and adequate conclusion, whether the security protocol is efficient, or not. In the reality,
19 The brackets are needed here to point out that, 'mass join' and 'mass leave' are single basic operations in the proper
GKAP run.
22
23. 3. Methods
there are cases of simultaneously occurring basic protocol operations on a click20 of the protocol
run, which should be considered as relevant for the performance analysis and therefore included in
its evaluation. The authors of the ZFL method point explicit out the features of the communication
and computation cost. Relevant parameters for the communication cost are: number of rounds,
number of unicast messages, number of broadcast messages, and number of messages[ZFL05]. The
computational cost include: total sequential exponentiations, total signatures, and total verifications.
Limitations of the method are: partition operations for TGDH and STR as implemented as best
guess due to the lack of sufficient documentation on the tropic at the paper's release. The initial
group sizes in this evaluation method are as follows: 200, 600 and 1000. The presented results in
the method's description paper are related to groups with 600 members, because of the absence of
significant results differences according to the three cases with 200, 600 and 1000 members.
Subsequently the operations run are specified as follows: 100,50 and 100 respectively to the
previous specified combined operations, see above. For complete information on the test scenarios,
please refer to the [ZFL05]. In the following pages of the term paper we shall illustrate the
performance evaluation results of the ZFL method in a row.
Let's present the results of the current performance analysis of GKAPs. Concerning the aspects
average phases and messages, efficient protocols are CCEGK and STR, followed by the TGDH,
RGK and GDH3.0. The placement of the GDH3.0 is obvious. Concerning the aspects, related to the
computational costs, as an average sequential exponentiations EGK is placed as best followed by
TGDH, CCEGK, STR and GDH3.0. This confirms the a priori categorisation of the GDH3.0 GKAP
as inefficient protocol as well. The authors of the method proceed further in their research and
present proposals for the efficient implementation of the evaluated GKAPs by means of the
performance analysis results as follows: CCEGK and STR should be considered as appropriate
protocols for networks with low communication power; concerning networks with low
computational power, best fit GKAPs are presented by EGK, TGDH and CCEGK; in network ,
which combine both of the prior described networking profiles, best suited protocols should be
represented by CCEGK and TGDH. Let's proceed with the results illustration in the next tables and
consequently to them straight ahead with the presentation of the last performance evaluation
method, concerning GKAPs analysis, the Noack's method.
20 In the ZFL method such combined operations are assumed as combination of basic protocol operations as an
independent and multinomial distribution[ZFL05]. The only exception to this assumption represent the Merge-
patition combined operation, which should be represented as an independent and uniform distribution.
23
25. 3. Methods
Nine scenarios in Join-leave-[mass join]-[mass leave]
Join-leave-[mass join]-[mass leave] average phases for Join-leave-[mass join]-[mass leave]average messages for
the evaluated GKAPs the best three evaluated GKAPs
Join-leave-[mass join]-[mass leave] average messages Join-leave-[mass join]-[mass leave]average seq.
for the evaluated GKAPs exponentiations for the evaluated GKAPs
Table 2: Join-leave-[mass join]-[mass leave] results[ZFL05]
25
26. 3. Methods
Merge-Partition average phases for the evaluated GKAPs
Merge-Partition average phases for the best three Merge-Partition average seq. exponentiations for the
evaluated GKAPs evaluated GKAPs
Merge-Partition average messages for the evaluated Merge-Partition average seq. exponentiations for the best
GKAPs three evaluated GKAPs
Table 3: Merge-Partition results[ZFL05]
26
27. 3. Methods
Ten scenarios in Join-leave-[mass join]-[mass leave]-
Join-leave-[mass join]-[mass leave]-merge-partition
merge-split
average phases for the evaluated GKAPs
Join-leave-[mass join]-[mass leave]-merge-partition Join-leave-[mass join]-[mass leave]-merge-partition
average messages for the evaluated GKAPs average seq. exponentiations for the evaluated GKAPs
Join-leave-[mass join]-[mass leave]-merge-partition Join-leave-[mass join]-[mass leave]-merge-partition
average messages for the best three evaluated GKAPs average seq. exponentiations - best three evaluated
GKAPs
Table 4: Join-leave-[mass join]-[mass leave]-merge-partition results[ZFL05]
27
28. 3. Methods
3.3. Noack's method
This last method presented in the third chapter concerns the performance evaluation of Group Key
Agreement Protocols for Wireless Mesh Networks, see subtitle of the terms paper. We shall once
again point out that, the focus of our research is dedicated to this method. Now let's describe it in
detail.
The method represents two techniques utilising performance analysis of GKAPs. The first
technique is described in [AN09b], the second one is well illustrated in [AN09b]. In a word, both of
the techniques represent theoretical models, concerning performance evaluation. Though they
represent different abstractions. This is very important for the better understanding of the further
presentation of the Noack's method. Let's proceed with the presentation of the first abstraction
technique, or abstraction model in the Noack's method. In short, we shall call it the probabilistic, or
just theoretical model. In distinction to this model the second abstraction technique shall be called
the grid model, please proceed with further reading.
The probabilistic model
The main goal of this abstraction model is to give an adequate approach for evaluating performance
issues on Contributory GKMPs for Wireless Mesh Networks. As we point out in the previous
sections of this and the prior chapters, the Wireless Mesh Networks represent agile wireless
networking constructs by means of WiFi standard. The main features of these networks are once
again to mention: self-clustering, self-healing, self-stabilising. These networks can sustain active no
matter there is a connection to the internet, or not- remember the MEA mesh implementations for
the police mobile public networks. As appropriate security protocols are designated the
Contributory GKMPs, or the Group Key Agreement Protocols, where the shared group key is
generated collaboratively by all members in a very run of the GKMP. Though, there are drawbacks
in this mesh networks, because the protocols run in most time over shared medium, that's why
performance analysis is required, so the WMN can operate successfully and efficient in their
implementations as well. Knowing this two major issues: the bottle neck problem and the
simultaneous n broadcast messages problem[AKNRT04], we should construct this abstraction
model in an appropriate way. This means that, a well known abstraction for the security channel in
the model, assuming perfect broadcasting is allowed to be applied, could not be considered in the
case of WMN as an adequate ansatz. Perfect broadcasting could be applied to the nearest
neighbours21 of a very node, though this is not a realistic approach, concerning a remote node to
this. Sending a message to all nodes in the WMN, represent further difficulties to apply perfect
broadcasting, because of the computation overhead as a spanning three of nodes should be selected,
whose broadcasting radii should cover the whole WMN topology, with the implication of other
algorithms there could be a risk of performance sink of the WMN, because further collision issues
on frequency level. Subsequently, we shall point out the main criteria for performance analysis for
further deliberations: the number of broadcast[BC] messages and the adaptability of the logical
group structure[AN09a]. It's obvious, if a protocol implements fewer BC messages, needed for the
proper protocol run, the performance in the WMN will increase. As stated before, if the logical
structure of the GKAP should be easily applied over the physical structure of the WMN, the
performance of the networks should also increase. In such case the matching of the neighbour nodes
21 Neighbour nodes within the reach of the wireless broadcasting radius of the sending/ receiving node
28
29. 3. Methods
of the GKAP and the neighbour nodes in the WMN should be presented, which will present a cheap
perfect BC. As mentioned before: GKAPs do not consider message protection on the
communication channel, but the messages should be protected by the protocol on itself[AN09a]. In
this way of thoughts, the same conclusions regarding perfect BC on the WMN level, should be
applied to the GKAPs. We define here two types of BC: local and full BC, the first one represents
perfect BC, the second one implements message forwarding by means of hops, according to a click
in the protocol run, respectively. As the WMN represent dynamically changing, agile wireless
networking constructs, we should not assume a common physical structure of the network as an
etalon. Concerning the communication complexity analysis of the GKAPs for WMN we shall
consider the next assumption in the probabilistic model- the logical structure of the GKAPs presents
perfect matching with the physical structure of the WMN.
Now let's explain the communication complexity definitions, applied to the topic. Keeping in mind
the prior pointed out drawbacks, we shall define the following terms as [AN09a].
Performance indicators
Timeslot
The timeslot defines the time for sending a local BC of a maximum sized message( MTU),
assuming an interference-free full capacity communication channel as a pre-requirement, see
[AN09a].
MoT
Note, we allow us, to designate in short the second indicator as MoT in the current term paper. This
abbreviation is originally not given by the author of the method.
MoT( number of messages over timeslot) quantifies the expected interference of the shared medium
in the WMN. If the network interference( intensity and occurrence at all) depends on the network's
load factor, an adequate weight of the interference could be represented by the number of
simultaneously transmitted messages over a timeslot22, remember the simultaneous n BC messages
issue at [AKNRT04].
Message counting
The probabilistic model proposes the following message counting as more appropriate for WMN:
• 1 message is a message from a very node to its neighbour
• 1 message send from a very node to a remote node is counted by #Hops
#Hop
A #Hop represent the number of edges in the execution path of 1 Message in the graph representing
the network structure. Note, that there is the assumption in the theoretical model- the physical
structure matches the logical structure, which is not the case in the praxis; forwarding of messages
in WMN should be abstracted in this model.
Timeslot measurement
According to the assumption for structures' matching:
• 1 message counts 1 timeslot
22 Andreas Noack points out at [AN09a] that evaluating the estimation of the interference per collision domain should
be considered as a more reasonable factor, though it shall not be utilised in this model abstraction.
29
30. 3. Methods
• 1 message to remote node counts #Hops timeslots
• simulations sent messages count #hops of longest path
MoT calculates number of total messages over number of timeslots and as next assumption its value
should sustain as an average value over the completed protocol run.
The method is evaluated over three GKAPs: BD I,BD II, TBKA.
As in [AKNRT04], the protocols are discussed in the description paper[AN09a] with demonstration
of the logical structure of the protocol, representation of the protocol's execution by means of the
basic protocol operations: initialisation, join, leave. The communication complexity is estimated by
the formula: timeslots + x*( MoT). In [AN09a] the value of x is chosen too small, x = 0.5, later the
author of the method will self-criticise at [AN09b] and correct this with a more appropriate value of
4.45. For more on the topic , please consider further reading, regarding the grid model.
This value is also confirmed at [Q10].
Let's illustrate the results of the probabilistic model in the following Figures:
Figure 12: Burmester Desmedt I probabilistic model[AN09a]
30
32. 3. Methods
Figure 14: TBKA probabilistic model[AN09a]
The presented probabilistic model points out BD II as the GKAP with the smallest number of
timeslots needed for complete protocol run, thus as an most efficient under the three evaluated
GKAPs.
Let's proceed further with the presentation of the grid model, which should either support the results
of the probabilistic abstraction, or suggest another GKAP as more efficient one.
The Grid model
The main objection of the grid model is to represent a nearly reality model of the static WMN, with
the main feature: local broadcasts should be used to construct both unicast and broadcast
transmissions[AN09b]. The full BC should be further represented as a bunch of local BCs, while
the interference issues of the real world WMN should be considered as well. Furthermore, the grid
model represents approach to avoid the drawbacks, or assumptions, in the theoretical model: the
assumption that the perfect matching of the physical and logical structure shall be presented,
because of the lack of information regarding the physical structure of the WMN; the value of the
interference impact factor could not be determined; simultaneous n messages are not limited in the
32
33. 3. Methods
probabilistic model.
The author of the model still consider the problem of the exact modelling of the of wireless
interference under general conditions as an open issue, which is still very hard to be solved.
Subsequently to this, the grid model should represent a more restricted abstraction model, than the
probabilistic one. This should lead to the estimation of absolute performance values without
concerning an instability factor.
Andreas Noack states that, the grid model abstraction, should also consider the fact to be able to
approximate the communication performance of all kind of GKAPs. Another important feature of
the utilisation of the grid model is the fact, it should be used as a comparison to the probabilistic
model, as mentioned above. The three GKAPs evaluated by the theoretical model shall be observed
via the grid model too.
Now let's describe the grid performance evaluation technique.
As the name of the model states, a grid topology of the physical structure shall be constructed. The
main goal is to compare the different GKAPs performance evaluations under equal conditions. The
introduced performance indicator in the probabilistic model regarding the communication
complexity are utilised in the grid model too, preserving their already introduced definitions.
Concerning the wireless interference issues, the grid model introduces the following abstraction:
simultaneous transmissions are only allowed, if such are not adjacent, in other words the wireless
ranges of the simultaneous transmissions an a very click of the protocol run do not overlap[AN09b].
Noack points out that this is a very important feature in the construct of the grid model, which
allows an adequate abstraction of the wireless interference. Furthermore, this fact considers the
estimation of absolute results with a deterministic protocol simulation, respecting the natural
wireless interference of the GKAPs. Let's illustrate this construction in the next Figure:
Figure 15: the grid model with simultaneous
transmissions; and structure mapping[AN09b]
33
34. 3. Methods
It is mathematically comprehensible, observing the grid model, that, diagonal nodes do not
interfere, and the active communication channels for a very transmission are only allowed on the
axis of this construct. Subsequently, next assumption in the grid model should be, the interference
range should be equal to the transmission range, concerning simplicity reasons. The author of the
method points out that, an issue for further research should be, if the results from both of the
abstraction models represent notable differences, it should consider finding an appropriate relation
between the both ranges. Let's describe the performance measurement according to the grid model.
This is achieved in three steps. First step is to determine the logical structure of the GKAP and
subsequently apply it successfully to the grid structure, see examples in Figure 15. The mapping of
the both structures should be also optimised in efficient way. As TBKA does not represent a certain
logical structure, it is abstracted as a logical line structure as already implemented in the
probabilistic model. An advantage of this mapping approach is the fact, that altering the logical
structure, for an instance as dynamically growing, should be adapted automatically to the physical
grid as well. Furthermore, the mapping is considering random decisions in the application of the
logical protocol's structure to the physical grid model. The second step represent the protocol
execution with random coins23. This consider the representing of the communication order in the
real world, also randomised. This affects the steps completion of the protocol. The third step in the
performance measurement is to summarize the results. Note that, the number of steps differ to the
number of rounds in the protocol completion. Next grid model abstraction should be to set the
number of steps equal to the number of used timeslots. In other words, it is assumed that each
transmission needs the same time, which could be accepted, because of the fact that, there is no
interference and the distances between the nodes are standardised.
Let's illustrate the comparison between the two abstraction models in the Noack's method, see the
next table:
features Probabilistic model Grid model
Physical structure Equal to the logical structure N x M grid
Structure known yes yes
Routing given yes yes
Transmission range Direct neighbour Direct neighbour
Interference x*(MoT) excluded
Measurement unit Timeslots( TS) Timeslots( TS)
Table 5: Abstractions of the probabilistic and the grid model[AN09b]
As stated above the probabilistic model has several drawbacks: the perfect matching of the physical
and logical structure, because the physical is unknown; and the unknown factor x. Let's describe in
detail the factor x. It should be determined by means of the conditions of the Wireless Mesh
Network, concerning the criteria: wireless technology, network physical structure and external
influences. The value of x = 0.5 is considered inappropriate. We shall give a definition of two more
indicators: minimum and maximum possible execution time as:
• mint = # timeslots
• maxt = # messages
23 http://en.wikipedia.org/wiki/RP_%28complexity%29
34
35. 3. Methods
By interference- free conditions, the total performance value should be equal to the number of
computed timeslots. In the case of maximum interference, the total performance value should be
equal to the “# messages” timeslots, because of the fact that no messages should be transmitted
simultaneous under this conditions. The total performance is computed for the probabilistic model
as already stated:
Total Performance = timeslots + x*( MoT), with 0 <= x <= timeslots - ( timeslots²/# messages).
This is illustrated in the following distribution table:
5 nodes 20 nodes 100 nodes
BD1 X=3.36 X=10.70 X=50.74
BD2 X=1.88 X=4.57 X=6.88
TBKA X=2.10 X=12.19 X=56.39
Table 6: Maximum impact factor x( initialisation phases)[AN09b]
An impact factor x=1 means that the average number of MoT is added once to the whole
completion time, which obviously points out why the value of 0.5 is inappropriate. Note that, x=1 is
quite unstable and hold only in interference-free WMN, which is practically unfeasible, so greater
values of x are considerable. Now let's illustrate the results of the probabilistic and grid model
comparison in the next Figure:
Figure 16: Performance results of the grid vs probabilistic model comparison[AN09b]
35
36.
37. 4. Results
4. Results
We shall discuss in this separate chapter the results of the comparison between the two abstraction
techniques in the Noack's method: the grid model and the probabilistic model. They are illustrated
as shown in Figure 16. The impact factor is corrected to 4.45 and we can observe the following
dependencies between the two different models. There is obvious a monotony in the way the values
are increasing, regarding the protocol runs with different nodes. This states that, nevertheless the
result values are not overlapping the grid model supports the performance evaluation of the
probabilistic model. The grid model points out the TBKA protocol obviously as more efficient
compared to BD I and BD II. Though the differences in the values between TBKA and BD II could
not be considered as always sufficient, concerning the different testing scenarios. BD I is
considerably the performance most inefficient protocol in the tested set of GKAPs.
As Noack explains in [AN09b] one of the main objections of the grid model is to be universally
applicable for the Group Key Agreement Protocols and even extended to Authentication GKMPs
etc. Tsudik et al. use security frameworks, see [AKNRT04] to stabilise the structure( tree) of the
TGDH and implement it successfully in the testing environments. Concerning WMN this should be
an interesting point out. The grid model is not limited in its structure, because it do not represent a
symmetric grid, but a N x M grid. This designates one of the main advantages of the model, to be
automatically extendible over the logical structure of particular GKAP. The strategy to implement
abstraction models, which are different in their design patterns- the one relies on probabilistic
abstractions, the other is more restricted, though more deterministic, represent the Noack's method
as unique and motivational for further research. The author points out in [AN09b] some of the
limitations of the models, like the absence of unique WMN nodes evaluation; the absence of
introduction of external interference; the grid model does not consider to express the interference in
the network via SNR24 and the abstraction of the simultaneous transmissions is not deterministic on
the point, whether such are allowed, or not, which makes it as a raw approximation. These issues
drive the strive for future research on the topic and implementation of the method even more.
24 http://en.wikipedia.org/wiki/Signal-to-noise_ratio
37
38.
39. 5. Conclusion and future work
5. Conclusion and future work
"...The future applications for wireless mesh networks are limited only by our imaginations. "
Dave Roos[L2]
The objection to give a classification of the Group Key Agreement Protocols in the term paper is
fulfilled. The classification is not designated as completed as at least new protocols shall be
developed and other well know shall be considered as security prone or inefficient, concerning the
vast technological progress in the Wireless Mesh Networks and the related implementation
standards. Two different classifications of Group Key Management Protocols are also presented and
compared. Both of them consider the GKAPs to belong to the class of Contributory GKMPs. This
designate the Group Key Agreement Protocols as best fit for implementations, concerning dynamic
peer groups and especially Wireless Mesh Networks. The GKAPs can be considered nowadays as
only security protocols presenting adequate security of WMN. Regarding the performance of
Group Key agreement Protocols three different methods are presented. The focus of the research in
the paper is set on the Noack's method, which is the only one evaluating performance issues of
GKAPs for Wireless Mesh Networks. The methods could be considered as sufficient, still not
completed set of approaches, concerning the performance analysis of GKAPs. As future work
related to the Noack's method, should be proposed the following. As the author points out in
[AN09b] the method could be completed as a framework, concerning the security routing,
authentication and key agreement for Wireless Mesh Networks. Another possible topic for future
work could be the implementation of security frameworks for stabilising the protocol structures, as
utilised in the Tsudik et al. method. Furthermore, the approach represented in the ZFL method
could be applied to extend the evaluation results, by implementing performance analysis not only
on separated basic operations of the GKAPs, but also on combinations of them. This should not be
considered as weaknesses in the Noack's method, which is still in development, but represent
possible extensions in the features of the Noack's performance analysis approach and perhaps give a
positive contribution to it.
39
40.
41. Appendix
Appendix
In this Appendix three protocols shall be added to the probabilistic approach set of evaluated
protocols:
TGDH, STR and DGDH[SH08].As [RB03] TBKA I is represented by the TGDH protocol and
TBKA II is represented by STR. This means that TGDH is already given in the [AN09a] as TBKA,
which shall not be evaluated further, just represented with the proper index x=4,45.
TGDH and STR implement 2 Pair Diffie Hellmann Key Exchange and a ( binary) tree graph logical
structure. The advantages of STR in the merge/ partition operations shall not be illustrated at this
point.
The QGDH is more specific as it implements an extension of TGDH based on the utilisation of a
Group Controller Server( GCS). The GCS filters inefficient members in the protocol run deploying
a Blind Key Queues( BKQ), see [SH08]. The three protocols are utilising the divide and conquer
method.
Following, the Graphs of the three protocols shall be illustrated.
Figure 17: TGDH binary tree logical structure [SH08]
41
43. Appendix
Figure 20: The Blind Key queues in group controller server [SH08]
In the following tables the results of the protocols' evaluation by means of the probabilistic model
shall be illustrated and compared, see further.
Once again, we allow us to give a short name of: ( #message/timeslot) as MoT.
Let's clarify the assumptions concerning the different fields in Table 7.
43
44. Appendix
Direct Distant Total Direct Distant Total
Messag Message Message Message
e
Initialisatio n ((n-1)-1)n (n-1)n Initialisatio n (h1-1)n h1*n
n n
Join (n-1)+1 n-3 2n-3 Join n-1 2n-2 3n-3
Leave 0 n-3 n-3 Leave n-1 2n-2 3n-3
STR - # messages QGDH - # messages
Direct Distant Total Direct Distant Total
Messag Message Message Message
e
Initialisatio 1 n-3 n-2 Initialisatio 1 2^h1-2 2^h1-1
n n
Join 1 n-3 n-2 Join 2 n-1 n +1
Leave 0 n-3 n-3 Leave 1 n-1 n
STR - timeslots QGDH - timeslots
Direct Distant Total Direct Distant Total
Messag Message Message Message
e
Initialisatio n (n-2)n/ (n- (n-1)n/ (n- Initialisatio n (h1-1)n/ h1*n/
n 3) 2) n (2^h1-2) (2^h1-1)
Join n 1 (2n-3)/ (n- Join (n-1)/ 2 2 (3n-3)/ (n+1)
2)
Leave 0 1 1 Leave n-1 2 (3n-3)/ (n)
STR - MoT QGDH - MoT
Table 7: Communication complexity STR and QGDH
Cutline:
h = n-1 , [STR]
h1 = ld(n+1) , [QGDH]
As explained above the STR and QGDH implement Two Pair Diffie Hellmann Key Exchange and a
binary tree graph logical structure. We are allowed to adopt the equations from the Noacks'
probabilistic method concerning the TBKA, as TBKA represents a TGDH I. The formula
concerning the full broadcast case, represented in Table 7 by the 'Distant Messages' is as known:
2 h−2 . As stated in the cutline the height of the tree is n-1, concerning the STR with O( n)
modular exponentiation, and ld(n+1), concerning the QGDH with O( ld( n+1))[H08] modular
exponentiation. Substituting them in the 'Distant Messages' formula, we gain the results as
represented in Table 7, see above. We would like to respect the implementation of the QGDH,
concerning the iterations in the group controller server and adopt the values for the join and leave
44
45. Appendix
operations from [H08]. As there is no information regarding the initialisation phase in [H08] we
proceed with the standard method represented in the Noack's probabilistic model applied to TBKA
and STR.
The exact communication complexity results are given in the next Table 8.
5 10 20 50 100 5 10 20 50 100
Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes
s s
Initialisatio 20 90 420 2450 9900 Initialisatio 15 40 100 300 700
n n
Join 7 17 37 97 197 Join 12 27 57 147 297
Leave 2 7 17 47 97 Leave 12 27 57 147 297
STR - # messages QGDH - # messages
5 10 20 50 100 5 10 20 50 100
Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes
s s
Initialisatio 3 8 18 48 98 Initialisatio 2 3 4 5 6
n n
Join 3 8 18 48 98 Join 6 11 21 51 101
Leave 2 7 17 47 97 Leave 5 10 20 50 100
STR - timeslots QGDH - timeslots
5 10 20 50 100 5 10 20 50 100
Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes
s s
Initialisatio 7 12 24 52 102 Initialisatio 8 14 25 60 117
n n
Join 3 3 2 2 2 Join 2 3 3 3 3
Leave 1 1 1 1 1 Leave 3 3 3 3 3
STR - MoT QGDH - MoT
Table 8: GKAPs adoption to Mesh Networks
Table 8 represents the implementation of the equations defines in Table 7, concerning the cases: 5
nodes, 10 nodes, …, and 100 nodes. A graphical representation of these results is given in Figure
21, Figure 22,Figure 23, which illustrate the initialisation, join and leave singular operations,
respectively.
45
47. Bibliography
Bibliography
List of Links
L1 CERIAS Security Seminar Video - Provable security in mobile ad hoc networks
Mike Burmester, 2006
http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details.php?
uid=49608-y3xDO24uE3W4-7698-bq0h6IRT79tE7qcj
L2 How Wireless Mesh Networks Work
Dave Roos,
http://communication.howstuffworks.com/how-wireless-mesh-networks-
work.htm/printable
L3 Wireless Mesh Networks under FreeBSD
Rui Paulo, AsiaBSDCon 2010
http://www.youtube.com/watch?v=ZL30z1uI-JI
L4 MeshDynamics Mobile Mesh Networking (P3M) Animation
http://www.youtube.com/watch?v=l1prct6Xxzw
L5 How WiMAX Works
Marshall Brain, Ed Grabianowski
http://www.howstuffworks.com/wimax.htm/printable
Table 9: List of links
Reference list
MO05: Motorola, Comparison of Motorola Mesh , 2005
http://www.motorola.com/governmentandenterprise/contentdir/he_IL/Files
/SolutionInformation/ComparisonMeshNetworksEnabledArchitecture_WP.pdf
BOT06: Bob Briscoe, Andrew Odlyzko, Benjamin Tilly, Metcalfe's Law is Wrong , 2006
http://spectrum.ieee.org/computing/networks/metcalfes-law-is-wrong
MOST97: Ra'ul Monroy and Graham Steel, Faulty Group Protocols , 1997
http://homepages.inf.ed.ac.uk/gsteel/group-protocol-corpus/survey.pdf
AN09a: Andreas Noack, Group Key Agreement for Wireless Mesh Networks , 2009
http://www.nds.ruhr-uni-bochum.de/chair/people/noack/
RLKY04: Kui Ren, Hyunrok Lee, Kwangjo Kim, Taewhan Yoo, Efficient Authenticated Key
Agreement Protocol for Dynamic Groups , 2004
http://dasan.sejong.ac.kr/~wisa04/ppt/4A1.ppt
AB07: Sanjeev Arora, Boaz Barak, Computational Complexity: A Modern Approach,
Chapter 12: Communication Compexity , 2007
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.103.4782&rep=rep1&type=pdf
47
48. Bibliography
SRSP10: Mrs. Sugandha Singh, Dr. Navin Rajpal, Dr. Ashok Kale Sharma and Mrs. Ritu Pahwa,
Policy based Decentralized Group key Security for Mobile Ad-hoc Networks , 2010
www.ijcsi.org/papers/7-3-10-44-49.pdf
CS05: Yacine Challal , Hamida Seba , Group Key Management Protocols: A Novel
Taxonomy , 2005 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.1953
ZFL05: Shanyu Zheng and Jim Alves-Foss, Stephen S. Lee, Performance of group key
agreement protocols over multiple operations , 2005
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.9641
AKNRT04: Yair Amir, Yongdae Kim, Cristina Nita-Rotaru, Gene Tsudik, On the
performance of group key agreement protocols , 2004
www.cnds.jhu.edu/pub/papers/perf.pdf
H08: Sunghyuck Hong, Queue-based Group Key Agreement Protocol , 2008
ijns.femto.com.tw/contents/ijns-v9-n2/ijns-2009-v9-n2-p135-142.pdf
AN09b: Andreas Noack, Jörg Schwenk, Group Key Agreement Performance in Wireless Mesh
Networks , 2009 http://www.nds.ruhr-uni-bochum.de/chair/people/noack/
Q10: Alexander Queisser, Group Key Agreement in Wireless Mesh Networks, Practical
implementation of Burmester Desmedt II , 2010 http://www.nds.ruhr-uni-
bochum.de/chair/people/noack/
SH08: Sunghyuck Hong, Queue-based Group Key Agreement Protocol , 2008
http://ijns.femto.com.tw/contents/ijns-v9-n2/ijns-2009-v9-n2-p135-142.pdf
RB03: Raghav Bhaskar, Group Key Agreement in Ad hoc Networks , 2003
http://hal.inria.fr/docs/00/07/17/54/PDF/RR-4832.pdf
48