Term paperPerformance of Group Key Agreement Protocols( Theory)                       Original Title in German            ...
AbstractAbstractNowadays networking is more than implementing static wired network infrastructure. Theutilisation of wirel...
IndexesIndexesContentsAbstract...............................................................................................
IndexesList of tablesTable 1: A proposal for GKAPs classification............................................................
1. Introduction1. Introduction    "...the value of a telecommunications network is proportional to the square of the numbe...
1. Introduction1.1. Limitations of the paperAs one of the objection of the thesis is the classification of the GKAPs, we s...
1. Introductioncan specify Mesh Clients as mesh leafs, implemented via mobile computers; Mesh Nodes,implemented via WiFi r...
1. IntroductionAndreas Noack states in his paper[AN09a] that, the Wireless Mesh Networks are the “missing link”,which acts...
1. Introductiontraditional wired networks.Lets start with a few introductory words on the Group Key Agreement Protocols, w...
1. Introductionutilising the agreement on the shared key. As a conclusion to this, we shall point out that, importantaspec...
2. Classification of GKAPsoverhead of the key management, if this is concentrated at a single instance, as in the examplea...
2. Classification of GKAPssecure channels with all group members at a given temporal state of the protocol run. Thedynamic...
2. Classification of GKAPsGKAPs subclasses:             Presented by:Ring based cooperation: ITW, GHD 1.0, GDH 2.0, GHD 3....
3. Methodscould be determined as sufficient, though not completed set of techniques for utilising an adequateperformance r...
3. Methodsof the protocols shall be denoted via graphs on one hand concerning the GKAPs implementations inLAN, and on anot...
3. MethodsFigure 5: Leave operation - average time at LAN [AKNRT04]The interested reader should notice that, there are not...
3. MethodsFigure 7: Partition operation - Clustering effect [AKNRT04]               Figure 8: Merge operation - average ti...
3. MethodsThe only GKAPs protocol operations significant for the performance evaluation, as the methodauthors, are Join an...
3. Methodsthere are cases of simultaneously occurring basic protocol operations on a click20 of the protocolrun, which sho...
3. MethodsFigure 11: Communication and computational costs[ZFL05]                                            24
3. Methods                               Nine scenarios in Join-leave-[mass join]-[mass leave]Join-leave-[mass join]-[mass...
3. Methods                             Merge-Partition average phases for the evaluated GKAPsMerge-Partition average phase...
3. Methods  Ten scenarios in Join-leave-[mass join]-[mass leave]-                                                         ...
3. Methods3.3. Noacks methodThis last method presented in the third chapter concerns the performance evaluation of Group K...
3. Methodsof the GKAP and the neighbour nodes in the WMN should be presented, which will present a cheapperfect BC. As men...
3. Methods    •   1 message to remote node counts #Hops timeslots    •   simulations sent messages count #hops of longest ...
3. MethodsFigure 13: Burmester Desmedt II probabilistic model[AN09a]                                             31
3. MethodsFigure 14: TBKA probabilistic model[AN09a]The presented probabilistic model points out BD II as the GKAP with th...
3. Methodsprobabilistic model.The author of the model still consider the problem of the exact modelling of the of wireless...
3. MethodsIt is mathematically comprehensible, observing the grid model, that, diagonal nodes do notinterfere, and the act...
3. MethodsBy interference- free conditions, the total performance value should be equal to the number ofcomputed timeslots...
4. Results4. ResultsWe shall discuss in this separate chapter the results of the comparison between the two abstractiontec...
5. Conclusion and future work5. Conclusion and future work                     "...The future applications for wireless me...
AppendixAppendixIn this Appendix three protocols shall be added to the probabilistic approach set of evaluatedprotocols:TG...
AppendixFigure 18: STR graph logical structure [RB03]Figure 19: Queue-based group Diffie-Hellmann entity model[SH08]      ...
AppendixFigure 20: The Blind Key queues in group controller server [SH08]In the following tables the results of the protoc...
Appendix              Direct Distant         Total                       Direct     Distant Total              Messag Mess...
Appendixoperations from [H08]. As there is no information regarding the initialisation phase in [H08] weproceed with the s...
Appendix  600  500  400                                                                                   BD I            ...
BibliographyBibliographyList of Links    L1      CERIAS Security Seminar Video - Provable security in mobile ad hoc networ...
BibliographySRSP10: Mrs. Sugandha Singh, Dr. Navin Rajpal, Dr. Ashok Kale Sharma and Mrs. Ritu Pahwa,         Policy based...
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
Upcoming SlideShare
Loading in …5
×

Performance of Group Key Agreement Protocols( Theory)

989 views

Published on

Here is another M.Sc. term apper of mine, covering the topic of Group Key Agreement Protocols on Wireless Mesh Networks.

This M.Sc. term paper is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk

Abstract:


Nowadays networking is more than implementing static wired network infrastructure. The
utilisation of wireless agile network constructs, represents a well established build-up on the “old
world” and in some cases the only feasible solution. Therefore the aspects, concerning the
dynamics, stability, security and performance issues of such “new world” networks are still of great
interest of the researchers. An important approach to represent an appropriate security level of
dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the
reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc
Networks. Though, there are not enough publications on the topic of Group Key Agreement
Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of
their utilisation. We shall consider this as a exciting challenge for research on the topic of
Distributed Key Agreement Protocols.
The current term paper should represent a discussion over the security aspects of WMN, the
performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods,
concerning these performance aspects and illustrate the GKAPs by means of their classification.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
989
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Performance of Group Key Agreement Protocols( Theory)

  1. 1. Term paperPerformance of Group Key Agreement Protocols( Theory) Original Title in German SeminararbeitEffizienz von Group Key Agreement Protokollen (Theorie) [ On the Performance of Group Key Agreement Protocols for Wireless Mesh Networks] Dept. of Electr. Eng. and Information Science Ruhr-Universität Bochum Chair of Network and Data Security Horst-Görtz Institute Krassen Deltchev e-mail: Krassen.Deltchev@rub.de 23.08.2010 Person in charge: Prof. Dr. Jörg Schwenk Advisor: M.Sc. Andreas Noack
  2. 2. AbstractAbstractNowadays networking is more than implementing static wired network infrastructure. Theutilisation of wireless agile network constructs, represents a well established build-up on the “oldworld” and in some cases the only feasible solution. Therefore the aspects, concerning thedynamics, stability, security and performance issues of such “new world” networks are still of greatinterest of the researchers. An important approach to represent an appropriate security level ofdynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, thereader can find information, regarding these protocols, in literature, concerning Mobile Ad-HocNetworks. Though, there are not enough publications on the topic of Group Key AgreementProtocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues oftheir utilisation. We shall consider this as a exciting challenge for research on the topic ofDistributed Key Agreement Protocols.The current term paper should represent a discussion over the security aspects of WMN, theperformance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods,concerning these performance aspects and illustrate the GKAPs by means of their classification.Keywords: WMN, Wireless Mesh Networks, GKAP, Classification of Group Key AgreementProtocols, Performance of Group Key Agreement Protocols, Communication ComplexityKurzfassungDie Fragen der Dynamik, Sicherheit und Stabilität, und Verwaltung von variablenGruppenteilnehmer in Netzen ist und wird ein aktuelles Thema im Bereich der IT-Sicherheitdarstellen. Besondere Interesse für eine Vorgehensweise, welche solche Problemaspekte effektivund adäquat löst, ist der Group Key Agreement Protokolle gewidmet.Group Key Agreement Protokolle sind mehr oder weniger ausführlich beschrieben, wenn es vonAd-Hoc( MANET)-Netze gesprochen wird.Wenn es um Wireless Mesh Netze geht, findet man überraschenderweise kaum Literatur. Dies stellteine Herausforderung, dass man solche Fragen nachforscht und/oder von vorne herein erforscht.Besonderes Thema zu diesem Gebiet stellen die Fragen der Effizienz im Bezug auf Group KeyAgreement Protokolle[GKAPs] in Wireless Mesh Netzen[WMN].Diese Seminararbeit sollte einen Überblick bzgl. der IT-Sicherheitsaspekte von Wireless MeshNetzen, Group Key Agreement Protokollen und der Effezienz von GKAPs darstellen; anschliessendentsprechnde Rechenverfahren vorstellen und eine Klassifizierung der Group Key AgreementProtokolle illustrieren.Stichwörter: WMN, Wireless Mesh Netze , GKAP, Klassifizierung von Group Key AgreementProtokolle, Effizienz von Group Key Agreement Protokolle, Kommunikationskomplexität 3
  3. 3. IndexesIndexesContentsAbstract.................................................................................................................................................3Kurzfassung..........................................................................................................................................3Indexes..................................................................................................................................................51. Introduction......................................................................................................................................9 1.1. Limitations of the paper..........................................................................................................10 1.2. The terms: performance, communication complexity, WMN and GKAP..............................10 1.2.1 Introduction to WMN.......................................................................................................10 1.2.2 WMN vs. WiMAX vs. MANET......................................................................................12 1.2.3 Introduction to GKAPs, communication complexity and performance...........................132. Classification of GKAPs................................................................................................................143. Methods..........................................................................................................................................17 3.1. Tsudik et al. method................................................................................................................18 3.2. Zheng/Foss/Lee method..........................................................................................................22 3.3. Noacks method.......................................................................................................................284. Results............................................................................................................................................375. Conclusion and future work...........................................................................................................39Appendix............................................................................................................................................41Bibliography.......................................................................................................................................47 5
  4. 4. IndexesList of tablesTable 1: A proposal for GKAPs classification....................................................................................17Table 2: Join-leave-[mass join]-[mass leave] results[ZFL05]............................................................25Table 3: Merge-Partition results[ZFL05]............................................................................................26Table 4: Join-leave-[mass join]-[mass leave]-merge-partition results[ZFL05]..................................27Table 5: Abstractions of the probabilistic and the grid model[AN09b].............................................34Table 6: Maximum impact factor x( initialisation phases)[AN09b]...................................................35Table 7: Communication complexity STR and QGDH......................................................................44Table 8: GKAPs adoption to Mesh Networks ...................................................................................45Table 9: List of links...........................................................................................................................47List of figuresFigure 1: GKMP map [SRSP10]........................................................................................................15Figure 2: Taxonomy of Common TEK Group Key Management Protocols [CS05].........................16Figure 3: Communication cost comparison [AKNRT04]...................................................................19Figure 4: Join operation - average time at LAN [AKNRT04]............................................................19Figure 5: Leave operation - average time at LAN [AKNRT04].........................................................20Figure 6: Partition operation - average time at LAN [AKNRT04].....................................................20Figure 7: Partition operation - Clustering effect [AKNRT04]...........................................................21Figure 8: Merge operation - average time at LAN [AKNRT04]........................................................21Figure 9: The extreme case of long delay networks[AKNRT04].......................................................21Figure 10: Join and Leave operations - average time at WAN [AKNRT04]......................................22Figure 11: Communication and computational costs[ZFL05]............................................................24Figure 12: Burmester Desmedt I probabilistic model[AN09a]..........................................................30Figure 13: Burmester Desmedt II probabilistic model[AN09a]........................................................31Figure 14: TBKA probabilistic model[AN09a].................................................................................32Figure 15: the grid model with simultaneous transmissions; and structure mapping[AN09b]..........33Figure 16: Performance results of the grid vs probabilistic model comparison[AN09b]..................35Figure 17: TGDH binary tree logical structure [SH08]......................................................................41Figure 18: STR graph logical structure [RB03]................................................................................42Figure 19: Queue-based group Diffie-Hellmann entity model[SH08]...............................................42Figure 20: The Blind Key queues in group controller server [SH08]................................................43Figure 21: Initialisation Performance - timeslots + x* MoT, x = 4,45...............................................46Figure 22: Join Performance - timeslots + x* MoT, x = 4,45............................................................46Figure 23: Leave Performance - timeslots + x* MoT, x = 4,45.........................................................46 7
  5. 5. 1. Introduction1. Introduction "...the value of a telecommunications network is proportional to the square of the number of connected users of the system (n2) ." Metcalfes lawWe shall not argue in this paper whether the Metcalfes law is provable, or empiric provable, or howmuch the communication network increases in value; for the interested reader, please referto[BOT06]. However we must agree that, the better the communications infrastructure is presented,the more consumers interest to it. Nowadays the utilisation of wired networking could be stillconsidered as state-of-the-art solution, concerning aspects like stability and performance of thetelecommunication network. Though, there are many well known cases, which point out that ,wireless networks should be considered as preferable solution instead of the well established wiredstatic approaches. Lets mention some of them. For example there are solutions for the policemobile communications( MEA1), or for the fire fighters mobile communications implemented viathe proprietary and licensed 4.9 GHz WiFi Standard, the so called public safety networks; nowadaysmost of the universities, schools, airports, hotels etc. are offering and utilising WiFi via hotspots andwireless access points; in the U.S.A. after tornado storms the whole wired communicationsinfrastructure in several cities suffers heavy damages, wireless mesh networks appears to be in suchcases the most reasonable, efficient, time and effort saving solution, to rebuild the whole citycommunications network in such disaster situations; in rural areas, or areas, which are difficult tobe accessed, wiring could be very pricey task, or even unfeasible task, in such cases covering thearea, utilising wireless mesh networks could be the best reasonable solution. This list can go further,for examples on implementations of wireless mesh networks nowadays, please consider to read thenext chapters.As we mention terms as WiFi, Wireless Mesh Networks[WMN], we shall consider a shortintroduction to them in this chapter, keeping in mind that, the concerned reader is already aware ofthem, though we shall apologise and proceed in this manner, concerning the better understanding ofthe papers thesis. Lets clarify the objections of the current term paper. This thesis is anotherintroduction to the wireless mesh networks, representing the security aspects of the WMN throughthe Group Key Agreement Protocols[GKAP]. Furthermore, this paper shall represent aclassification of the GKAPs and discuss the performance aspects of the utilisation of the Group KeyAgreement Protocols for Wireless Mesh Networks. Lets represent this more detailed clarifying thestructure of the paper. In the next section the reader shall find information on the limitations of thepaper. Subsequently, the terms WMN, MANET, WiMAX, WiFi shall be clarified. In the nextchapter 2, a classification of the Wireless Mesh Networks shall be presented. Chapter 3, concernsthe methods related to the performance studies of the Group Key Agreement Protocols. Threemethods shall be described and compared one to another. The focus of this paper relies on the lastone, the Noacks method. The results of the methods comparison are represented at chapter 4. Thelast 5th chapter concerns final thoughts and some proposals for future work.Lets proceed with the limitations of this paper.1 Motorolas Mesh Enabled Architecture [MO05] 9
  6. 6. 1. Introduction1.1. Limitations of the paperAs one of the objection of the thesis is the classification of the GKAPs, we shall explicit clarify,which protocols shall be considered as irrelevant for the further discussion on the papers thesis.Two classes of protocols we designate as irrelevant: the class of proven security prone GKAPs andthe class of considerably inefficient Group Key Agreement Protocols. A very good classification ofthe first ones is given in[MOST97]. Lets illustrate the list of the proven security prone GKAPs:GKE.setup,Bull Otway Protocol, Boyd-Gonzalez Nieto Key Agreement Protocol, A-GDH, SA-GDH.2,Asokan-Ginzboorg.Furthermore, concerning the description of the Wireless Mesh Networks, we shall not illustrate, norrepresent any kind of constructs, concerning Seamless WMN2. Consequently to this, we shall notdiscuss terms like routing and routing issues of WMN. For the interested reader, please consider toanother interesting term paper related to the current masters workshop3: Konfiguration einesIEEE 802.11s konformen Mesh Netzwerks (Praxis), Andreas Hübner and other specific papers onthe topic: routing in wireless mesh networks.As discussing the Group Key Agreement Protocols as reasonable security approach for WMN, theintruder shall be described as an ordinary member of the Group Key construction. We shall not beinterested in discussing, whether the intruder can achieve DoS or MITM attacks, or just utilisepassive attacks as eavesdropping. The interested reader can find more information on this topic andattacks like: Wormhole Attacks, Out-of-band Attacks, Rushing Attacks, Threat Model in Ad-HocNetworks etc. at [L1].Finally, as we are discussing in this paper the performance issues of GKAPs, we shall understandthe same as we are discussing efficiency issues of the protocols.Now lets explain the basic terms, concerning the thesis of this paper.1.2. The terms: performance, communication complexity, WMN and GKAP1.2.1 Introduction to WMNLets introduce firstly the Wireless Mesh Networks4. WMN are based on the WiFi open standards802.11a/b/g/s5 at 2.4GHz. Thus building the infrastructure of WMN is easy and cost reducing,because most of the wireless devices for achieving this are on the market at consumer prices, likeWiFi routers and mobile devices with build-in WiFi network cards etc. There are alsoimplementations of WMN on the 802.16 standard, please consider further reading on the nextsection. As the name of these networks states, the WMN are build upon a mesh topology, utilisingWiFi routers, or other wireless devices as mesh nodes. A mesh node can be implemented in themesh topology as a WiFi router, mobile computer with WiFi network card etc. Thus the WMN arenot limited in their hardware implementation. Still, considering an example design of the WMN we2 http://www.smesh.org/3 http://www.nds.rub.de/chair/lectures/290/4 http://en.wikipedia.org/wiki/Wireless_mesh_network5 http://www.open80211s.org/ 10
  7. 7. 1. Introductioncan specify Mesh Clients as mesh leafs, implemented via mobile computers; Mesh Nodes,implemented via WiFi routes; and gateways, which connect the WMN to the internet. This isimportant to be clarified because of the mentioned above example of WMN utilisation- the MEAimplementation for police public WMN. Imagine if police patrol, reach an area where the internetconnection cannot be further established. Utilising a WMN in-between the members of the patrol,they can still contact to each other regardless the internet connection is not present. Thus we reachthe point to designate the advantages of Wireless Mesh Network, listed as follows, see[L2]: • Using fewer wires means it costs less to set up a network, particularly for large areas of coverage, • The more nodes are installed, the bigger and faster the wireless network becomes, • WMN rely on the same WiFi standards (802.11a, b and g) already in place for most wireless networks., the 802.11s standard is still in development, concerning WMN, • They are convenient where Ethernet wall connections are lacking - for instance, in outdoor concert venues, warehouses or transportation settings, • They are useful for Non-Line-of-Sight (NLoS) network configurations where wireless signals are intermittently blocked. For example, in an amusement park a Ferris wheel occasionally blocks the signal from a wireless access point. If there are dozens or hundreds of other nodes around, the mesh network will adjust to find a clear signal, • Mesh networks are "self configuring;" the network automatically incorporates a new node into the existing structure without needing any adjustments by a network administrator, • Mesh networks are "self healing," since the network automatically finds the fastest and most reliable paths to send data, even if nodes are blocked or lose their signal, • Wireless mesh configurations allow local networks to run faster, because local packets dont have to travel back to a central server, • Wireless mesh nodes are easy to install and uninstall, making the network extremely adaptable and expandable as more or less coverage is needed.Lets list also some of the recent example implementations of WMN in the real world, as follows,see[L3]: • Meraki Mesh( special long range radio)[L3] • Mesh Dynamics( multiple radios)[L3][L4] • OPLC XO-I childrens laptop[L3] • Smesh( fast roaming)[L3] • SolarMesh( mesh STA power comes from solar energy)[L3] • SONOS multi-room music system[L3] • Freifunk6 • Funkfeuer76 http://start.freifunk.net/7 http://funkfeuer.at/ 11
  8. 8. 1. IntroductionAndreas Noack states in his paper[AN09a] that, the Wireless Mesh Networks are the “missing link”,which acts like an interface between the static wired internet and the modern ad-hoc networks. Letsclarify this in the next section concerning the differentiation between the terms: WiFi, WiMAX,WMN and MANET.1.2.2 WMN vs. WiMAX vs. MANETThe title of this section is intentionally left confusing. Obviously, we are allowed to compare WiFi8and WiMAX9, just because both of them represent two major standards for wirelesstelecommunication networks. WiFi, or better Wi-Fi, is actually a marketing term and in manycountries stays as a synonym for WLAN, which is represented by the IEEE 802.11(a/b/g/i/n/s)10standards. We shall just use WiFi as we are discussing the 802.11* implementations, in this paper.As mentioned above, most of the consumer devices nowadays implement out-of-the-box the WiFistandard, which makes in well known and wide spread. There are two implementations of the802.11* standard: on one hand, there is an open standard, utilising 2,4GHz technicalimplementations; and another one as mentioned above, which is licensed and operates on 4,9GHz.The second one is obviously separated from the open standard and is used especially for as statedabove public networks like police MEA implementations, fire fighters mobile networks,government implementations etc. The other standard, which is licensed, is IEEE 802.1611 and itsmnemonic equivalence is WiMAX( Worldwide Interoperability for Microwave Access). WiMAXrepresents a telecommunication protocol in technical terms. Comparing WiFi and WiMAX we cansay in a word, that WiFi utilises shorter transmission ranges, so covering large areas, could beestablished on behalf on the hardware assembling of many mesh nodes. On the contrary, theWiMAX back-haul transmitter can cover larger areas, so the graph can be represented by fewernodes, making it optimised in terms of fewer graph members. Though, as the leading motto of thisfirst chapter states, the value of the network, increases with the incrementation of its connectionnodes. Furthermore, the WiMAX is licensed and could not be open implemented, without paying afee, so its hardware utilisation is much more pricey, not just because of the tax fee, but theconsumer devices implementing the 802.16 are not wide distributed, comparing to those ones withWiFi logo on it. These facts lead us to the conclusion that, WiFi is the more appropriateimplementation for WMN.Now lets clarify the terms WMN and MANET. As we already illustrated the common wirelessstandards, lets illustrate more detailed the topology implementations of the WLAN. In a word theMANET( Mobile Ad-Hoc Networks)12 represent a subclass of the Wireless Mesh Networks. AsWMN can utilise both ad-hoc and infrastructure[AN09a], mobile mesh networking is representedvia MANET. In this way of thoughts, we can accept, that the features, applied to MANET, belong toWMN too. This means that, if there are research theories, related to Mobile Ad-Hocs, they shouldbe applied to the Wireless Mesh Networks as well. This is important statement, because nowadaysthere is plenty enough literature on the Group Key Agreement Protocols for MANET and very few,related to their superclass – the Wireless Mesh Networks. Thus, to achieve a proper introductionand classification of the GKAPs and describe the performance issues for Group Key AgreementProtocols for WMN, we shall find support in well known approaches, related to the MANET and8 http://www.wi-fi.org/9 http://en.wikipedia.org/wiki/WiMAX10 http://en.wikipedia.org/wiki/IEEE_802.1111 http://en.wikipedia.org/wiki/802.1612 http://en.wikipedia.org/wiki/Mobile_ad_hoc_network 12
  9. 9. 1. Introductiontraditional wired networks.Lets start with a few introductory words on the Group Key Agreement Protocols, which shall bediscussed more detailed in a separate chapter, as already stated, in chapter 2.1.2.3 Introduction to GKAPs, communication complexity and performanceAs we agree on the conclusion , that WiFi is a reasonable implementation for Wireless MeshNetworks, we shall consider to introduce the security aspects of the WMN. As Noack statesat[AN09a] security of WMN is not only utilising WEP13( which is already considered as securityprone algorithm), or WPA/WPA2( IEEE802.11i), because these standards are designed to securepoint-to-point connections.Keeping in mind that, Wireless Mesh Networks are dynamic, with main features: self-healing, self-clustering, self-stabilising, WPA/WPA2 cannot be considered as sufficient pre-requirement forsecuring such agile network constructs as WMN at all. Lets illustrate the main goals for securing anetwork as [AN09a]: Authentication, Confidentiality, Integrity Protection. As Noack mentions, theAuthentication of WMN must be present by two means, on one hand there are commercial reasons,or political reasons like MEA implementations of WMN 4,9GHz licensed standard, on another thereare legal reasons- to allow only parties in the network run, which should not misuse it. In this paperwe shall not concentrate on GKAPs with Authentication, for the interested reader, please referfurther to [RLKY04].Subsequently, discussing the Confidentiality security aspect of the Wireless Mesh Network, weshall admit, as concluded in [AN09a], that, the absence of physical protection of the transmittedsignals in such wireless networking constructs requires as a greater concern, applied to theconfidentiality of the transmitted sensitive data over the network. A good approach to achieve andutilise this is represented by the sharing of common security key among all parties, members, nodesof the wireless network. An automatic method for such multi-party key agreement should representa complete encryption solution[AN09a]. To conclude this security model of the wireless network,we shall mention that the last feature, the Integrity Protection of the network, should be easilyachieved, if the Confidentiality aspect is fulfilled as a pre-requirement. One approach for hardeninga given shared key should be the MAC( Message Authentication Codes)14, as [AN09a]. Thus, wereach to the conclusion, concerning the security of WMN by the utilisation of Group KeyAgreement Protocols. Lets clarify the rest of the basic terms , which will be important for thefurther reading: the performance and the Communication Complexity15 of Wireless Mesh Networks.Both of them are specified as communication requirements for Group Key Agreement Protocols in[AN09a]. As already stated at the limitations section of the paper, the GKAPs do not request thesecurity of the communication channel as a pre-requirement, moreover the messages should beprotected at a message layer over the protocol run[AN09a]. Important question regarding this, is theperfect broadcast aspect of the network, which should be explained in detail in the further chaptersof the paper. At this stage of the thesis we shall only mention that, there are two types of broadcastchannels in GKAPs: local and full broadcast channels, which are implemented on the physicaltopology of the WMN. Furthermore, there is the logical structure implementation of the GKAPs for13 http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy14 http://en.wikipedia.org/wiki/Message_authentication_codes15 http://en.wikipedia.org/wiki/Communication_complexity 13
  10. 10. 1. Introductionutilising the agreement on the shared key. As a conclusion to this, we shall point out that, importantaspect for scaling the performance of the GKAPs for WMN is represented by the fact: generally theperformance of GKAPs decreases with increasing the differences between the physical structure ofthe WMN and the logical structure of the GKAP, as [AN09a]. Consequently to this, we shall alsooutline the fact, that in many cases the WMN utilise one shared medium to communicate over it, asfor an example one gateway to establish a connection to the internet. Imagine a doorway in a bigbuilding, which is accessible for every member running-in and out of the building[L5]. This couldrepresent a bottleneck and prevent the protocol of its adequate protocol run.On the contrary to this, the WiMAX implementations do not suffer such issues. They could bemerely abstracted as a building with many doorways, but limited member access through them- onemember can pass a doorway at a time[L5]. Therefore there is the need for further evaluation of thecommunication cost, concerning performance aspect of the protocol run of GKAPs: theCommunication Complexity. On behalf of the proposed abstraction for WMN as a one doorway bigbuilding, the communication complexity can be summarised as follows. There are two sets ofbuilding members, one with the feature- members are outside the building, the another, membersare inside the building, which share a common feature- both sets can exchange limited amount ofmembers. For an instance a finite group of members of the set- members inside the building, like torun out of the building as every one of them is running in the same way and this is considered byboth sets as an appropriate way to pass through the one door way in the building, the computationof the lower bound, representing the min. members as a complete group successfully running out ofthe building, knowing that the worst case in their group action would be to transform the one doorway in a bottleneck, should be represented by the communication complexity. The interested reader,could refer further for more information to [AB07].The term, communication complexity, shall be evaluated in chapter 3, where the reader shall find adescription of the three major methods, concerning the performance aspects of the GKAPs.Lets proceed further with a more detailed representation of the Group Key Agreement Protocols,which are illustrated via their classification in the next chapter.2. Classification of GKAPsAs mentioned above, the most of the scientific sources, concerning Group Key AgreementProtocols, are applied to MANET. Thus, we need to observe the security of Mobile Ad-HocNetworks and subsequently re-apply the conclusions on the WMN level. A starting point in theresearch on the security of MANET is dedicated to the Key Management Protocols superclass. Wecan list three major subclasses of Key Management protocols, see [SRSP10]: • Centralized Group Key Management Protocols[GKMPs], • Decentralized Group Key Management Protocols, • Distributed Group Key Management ProtocolsLets describe them in detail. Main feature of the Centralized GKMPs is the presence of a KeyDistribution Center( KDC), which is responsible for the Key Management of the whole group ofprotocol members. The Decentralized GKMPs represent a key management of large membergroups, where subgroup managers are responsible for the deployment of the protocols keyestablishment. As intuitively supposed, this group of GKMPs implement an approach to reduce the 14
  11. 11. 2. Classification of GKAPsoverhead of the key management, if this is concentrated at a single instance, as in the exampleabove with the utilisation of a single static KDC. The Distributed GKMPs illustrate a protocolconstruct with no explicit definition of a KDC. Moreover, every protocol member participates in thegeneration of a shared group key, which represents a key distribution derivative of each member’skey contribution in the protocol run. The Distributed GKMPs represent a superclass of theContributory Key Agreement Protocols, which illustrate the class of the Group Key AgreementProtocols. This classification is represented in [SRSP10][CS05][ZFL05]. Lets illustrate thediscussed GKMP classes in the next Figure 1, see [SRSP10]:Figure 1: GKMP map [SRSP10]We shall support this classification by the next Figure 2, which gives more detailed representationof the class hierarchical three of the Distributed Key Management Protocols. Zheng et al. alsoclassify the Group Key Management Protocols in three major subclasses, see [ZFL05]: the categoryof Centralized GKMPs, the category of Distributed GKMPs and the category of ContributoryGKMPs. This classification is adopted from [AKNRT04]. Tsudik et al. propose another definitionof the Distributed GKMPs. The KDC is represented by dynamically selecting of a special groupmember. This member, acting as a key server, should be also able to maintain long-term pairwise 15
  12. 12. 2. Classification of GKAPssecure channels with all group members at a given temporal state of the protocol run. Thedynamically selected key server should be furthermore able to distribute at every click in theprotocol run the group keys. Tsudik et al. warn that, this could present a drawback, because, if anew key server should be selected at a given short term of time, all the group keys should berecreated by this instance from the start, which should reduce the performance of the securityprotocol. Furthermore, the GKAPs are presented at this classification by the class of theContributory GKMPs. This category presents the same features as the Distributed GKMPs class inthe [SRSP10] classification. This points out the main design pattern to generate the shared groupkey, as explained above, should be represented as a derivative of the contribution of every singlemember in the protocol run. This shall illustrate the best approach for generating shared groupsecret key, still without knowing drawbacks. Furthermore, the Contributory GKMPs rely onmodular exponentiations16, as [AKNRT04], and modular exponentiation functions are known to beefficient even by big value of the exponent .This shall be a very important statement for the nextchapter 3, concerning the study on the performance methods for Group Key Agreement Protocols,with focus on the performance method for GKAPs, concerning Wireless Mesh Networks.Now lets illustrate the GKMPs classification, given in [CS05]:Figure 2: Taxonomy of Common TEK Group Key Management Protocols [CS05]Subsequently to this illustration, we shall specify in detail the classification of GKAPs and bring itup-to-date. Note that this classification should be revised by adding new GKA Protocols in thefuture as well. Most important subclasses are the ring based cooperation, hierarchical basedcooperation and broadcast based cooperation protocols, which represent the GKAPs, belonging tothe Contributory GKMPs. Other notable subclasses are the the GKA- derivatives and theAuthentication GKAPs. The last one shall not be discussed further, as already mentioned above.Please, read further on the next page of the paper about Table 1:16 http://en.wikipedia.org/wiki/Modular_exponentiation 16
  13. 13. 2. Classification of GKAPsGKAPs subclasses: Presented by:Ring based cooperation: ITW, GHD 1.0, GDH 2.0, GHD 3.0, BD IHierarchical based STR, BD II, TBKA, TGDH, CRTDH, BF- TGDH,Octopus, D- LKH,cooperation: DH- LKHBroadcast based Fiat et al., CKAcooperation:Centralized GKAPs: µSTR, µCLIQUES, µBD, µSTR-H, µTGDHGKA- derivatives: GKA, Tree based GKA, RGKA, T-RGKA, W- RGKA, BD- RGKA, Flexible RGKA, Fully RGKAClique- derivatives: CLIQUES I, CLIQUES II, µCLIQUES, M- CLIQUESAuthentication GKAPs: EGAKA, SAS- GMANot classified yet: EGK, CCEGK, AFTD, ...Table 1: A proposal for GKAPs classificationNote that, concerning the group of inefficient GKAPs, mentioned in the limitations section of thefirst chapter, the protocols: ITW, GHD 1.0, GDH 2.0, GHD 3.0, GKA, CLIQUES I and CLIQUESII shall be pointed out a priory as belonging to this group and shall not be considered as relevantprotocols, concerning the performance discussion of Group Key Agreement Protocols for WirelessMesh Networks.Lets proceed further with the illustration of three major performance evaluating methods forGKAPs. Note that, they are not representing the complete set of calculation methods. There areother approaches, which also contribute to the topic of performance evaluation of GKAPs, like in[H08].3. MethodsThis chapter represents three significant methods for performance evaluation of Group KeyAgreement Protocols. Lets clarify the factors for selecting these methods as fundamental,concerning the GKAPs research. The implementation of the methods is illustrated by finite set ofGKAPs, though the researchers try to develop methods, which are generally applicable forevaluation tests on the performance of Group Key Agreement Protocols. In other words the methodsare not limited in their application on different GKAPs. Furthermore, the three methods representdifferent and independent approaches in the performance research. The Tsudik et. al method utilisea research approach on the LAN and WAN related GKAPs performance evaluation. Lee et al.method, we shall use further in the paper the Zheng/Foss/Lee method designation, illustrate atechnique to study the performance of GKAPs over multiple operations, occurred during a stage ofthe protocol run. The Noacks method is a unique approach to study the performance issues of theGroup Key Agreement Protocols for Wireless Mesh Networks, which are known to the author of thepaper17. The three methods represent a great contribution to the performance analysis of GKAPs and17 The author of the paper, made a research on the topic of performance analysis for GKAPS for WMN, started in 17
  14. 14. 3. Methodscould be determined as sufficient, though not completed set of techniques for utilising an adequateperformance research on the Group Key Agreements Protocols. Now lets illustrate every single ofthem in detail, starting with the Tsudik et al. method.3.1. Tsudik et al. methodThe main goal of this method is to study the performance issues of Group Key AgreementProtocols, supporting modern internet collaborative applications as voice- and video conferencing,distributed simulations, internet online games, replicated servers and database systems of all types.Its description paper[AKNRT04] also supports the basic security construct of a secured network:data privacy, integrity and authentication, which are considered as pre-requirements for securedcollaborative applications. Furthermore, the Tsudiks et al. paper proposes a classification of theGKMPs in peer groups, as already mentioned and give an answer to the question, which GKMP isadequate and best fit, concerning dynamic peer groups. The Contributory GKMPs, to which asalready known GKAPs belong, are considered with their strong security properties. Tsudik et al.focus their work on the performance analysis related to LAN and WAN implementations of GroupKey Agreement Protocols; especially on the dualistic paradoxon, concerning the two dominatingfactors in the performance analysis of the protocols: the computation cost18 and communicationcost. The thesis that, computation efficient protocols usually require more communication roundsfor the execution of the protocol run and the opposite, protocols with reduced communicationcomplexity induce greater computational effort, shall be evaluated in the paper, describing theTsudik et al. method. Consequently to this, are the conclusions of this research work to bementioned. Tsudik et al. point on one hand out that, the results of their experiments clearly illustratethe greater importance and domination of the communication cost, over the computational cost forgroup-oriented cryptographic protocols over long delay networks( WAN). On the other hand, thecost of simultaneous n broadcast messages is considered to be another important factor among thewell known computational overhead and number of rounds, which is relevant for the performanceanalysis of GKAPs. These conclusions support the abstractions, related to the Noacks method.Long delay networks( WAN) could be analogised to the WMN, where the protocols run over ashared medium, so bottle necks in their execution should not be underestimated. Thats why, mainparameter for evaluating the performance analysis in the Noacks method should be thecommunication complexity and not the computational cost, which should be ignored in theabstraction model as well. Noack also explains in [AN09a] that the simultaneous n messagesparameter is from greater importance and should not be ignored, which explains the fact that, Noackdo not assume a perfect broadcasting in the protocol run. This should be explained in detail in thelast section 3.3 of this chapter as well.Now lets describe the protocols used in the Tsudik et al. performance evaluation method. Theobserved GKAPs should be listed as follows: BD, CKD, GDH, STR, TGDH. Each of the protocolsis described by its basic operations, which are evaluated separately one from another: initiate, join,leave, merge, partition. The authors of the method explain that, the initiate operation is not relevantfor their performance analysis. Moreover every protocols operation is additionally illustrated via itsdetailed and completed step execution. The evaluation of the communication cost and computationcost of the observed GKAPs is presented in separate comparison tables as well. We shall illustrateonly the communication cost results in the next Figure 3. Furthermore, the performance evaluation 23.04.2010 and ended at the time of the papers release: 23.08.2010.18 http://en.wikipedia.org/wiki/Computational_complexity_theory 18
  15. 15. 3. Methodsof the protocols shall be denoted via graphs on one hand concerning the GKAPs implementations inLAN, and on another their implementation in WAN. The interested reader shall also find graphrepresentations of the protocols operations partition and merge, concerning STR and TGDH in[AKNRT04].Figure 3: Communication cost comparison [AKNRT04]Lets illustrate the performance evaluation graphs in a row:Figure 4: Join operation - average time at LAN [AKNRT04] 19
  16. 16. 3. MethodsFigure 5: Leave operation - average time at LAN [AKNRT04]The interested reader should notice that, there are notable differences in the performance evaluationcomparison graphs, comparing the left side graph to the right side graph in Figure 4 and Figure 5respectively. The computation cost is utilised by running the protocols in two scenarios, one with acomputation of a 512-bit secret key( RSA) and the second one presenting the computation cost of a1024-bit security key( RSA). The authors of the method point out that, they intentionally choose anon secure 512-bit size, so this could point out obviously the weight of the computation cost of theperformance analysis as well. Figure 6: Partition operation - average time at LAN [AKNRT04] 20
  17. 17. 3. MethodsFigure 7: Partition operation - Clustering effect [AKNRT04] Figure 8: Merge operation - average time at LAN [AKNRT04]The next Figure 9, represents the technical implementation of the extreme case study, concerningthe long delay networks( WAN) performance evaluation. For the technical specification of thenetwork, please refer further to the methods description paper[AKNRT04].Figure 9: The extreme case of long delay networks[AKNRT04] 21
  18. 18. 3. MethodsThe only GKAPs protocol operations significant for the performance evaluation, as the methodauthors, are Join and Leave, see Figure 10:Figure 10: Join and Leave operations - average time at WAN [AKNRT04]As conclusive results of the performance analysis Tsudik et al. point out TGDH as overall mostefficient GKAP, though in detail, concerning the evaluation of the single protocol operations, theworst case communication cost of TGDH is significantly expensive compared to STR. By protocolruns with less members, like a dozen, the more efficient GKAP is BD, though with theincrementation of the members in the GKAP group the performance of this protocol decreasesimmense.The reader should find more detailed information on the Tsudik et al. method in [AKNRT04).Lets proceed further and present in detail the next important performance evaluation method.3.2. Zheng/Foss/Lee methodThis method is described in [ZFL05]. It presents another approach for performance evaluation ofGKAPS with critic on the common knowledge on the topic. The Zheng/Foss/Lee Method, in shortZFL method, should represent an extension to the Tsudik et al. method. The interested reader shouldnotice that, two of the five example protocols are the same as in the previous described method-TGDH and STR. The performance evaluation focuses also on the Centralized GKMPs as in theprior described technique. The full set of evaluated GKAPs in this method are: GHD3.0, EGK,TGDH, STR and CCEGK.GDH3.0 is already considered as inefficient GKAP, though considering the paper release in 2005,we should proceed with the further investigation of the GDH3.0 by the ZFL method. Maincontribution of the ZFL technique is the evaluation of performance analysis on protocols groupoperations, classified in the following categories: join-leave-[mass join]19-[mass leave]; merge-partition; and join-leave-[mass-join]-[mass leave]-merge-partition. This is also a main critic point tothe known performance evaluation methods on the topic. The authors of the method disagree that,the a performance analysis on the separate evaluated basic protocol operations could give acomplete and adequate conclusion, whether the security protocol is efficient, or not. In the reality,19 The brackets are needed here to point out that, mass join and mass leave are single basic operations in the proper GKAP run. 22
  19. 19. 3. Methodsthere are cases of simultaneously occurring basic protocol operations on a click20 of the protocolrun, which should be considered as relevant for the performance analysis and therefore included inits evaluation. The authors of the ZFL method point explicit out the features of the communicationand computation cost. Relevant parameters for the communication cost are: number of rounds,number of unicast messages, number of broadcast messages, and number of messages[ZFL05]. Thecomputational cost include: total sequential exponentiations, total signatures, and total verifications.Limitations of the method are: partition operations for TGDH and STR as implemented as bestguess due to the lack of sufficient documentation on the tropic at the papers release. The initialgroup sizes in this evaluation method are as follows: 200, 600 and 1000. The presented results inthe methods description paper are related to groups with 600 members, because of the absence ofsignificant results differences according to the three cases with 200, 600 and 1000 members.Subsequently the operations run are specified as follows: 100,50 and 100 respectively to theprevious specified combined operations, see above. For complete information on the test scenarios,please refer to the [ZFL05]. In the following pages of the term paper we shall illustrate theperformance evaluation results of the ZFL method in a row.Lets present the results of the current performance analysis of GKAPs. Concerning the aspectsaverage phases and messages, efficient protocols are CCEGK and STR, followed by the TGDH,RGK and GDH3.0. The placement of the GDH3.0 is obvious. Concerning the aspects, related to thecomputational costs, as an average sequential exponentiations EGK is placed as best followed byTGDH, CCEGK, STR and GDH3.0. This confirms the a priori categorisation of the GDH3.0 GKAPas inefficient protocol as well. The authors of the method proceed further in their research andpresent proposals for the efficient implementation of the evaluated GKAPs by means of theperformance analysis results as follows: CCEGK and STR should be considered as appropriateprotocols for networks with low communication power; concerning networks with lowcomputational power, best fit GKAPs are presented by EGK, TGDH and CCEGK; in network ,which combine both of the prior described networking profiles, best suited protocols should berepresented by CCEGK and TGDH. Lets proceed with the results illustration in the next tables andconsequently to them straight ahead with the presentation of the last performance evaluationmethod, concerning GKAPs analysis, the Noacks method.20 In the ZFL method such combined operations are assumed as combination of basic protocol operations as an independent and multinomial distribution[ZFL05]. The only exception to this assumption represent the Merge- patition combined operation, which should be represented as an independent and uniform distribution. 23
  20. 20. 3. MethodsFigure 11: Communication and computational costs[ZFL05] 24
  21. 21. 3. Methods Nine scenarios in Join-leave-[mass join]-[mass leave]Join-leave-[mass join]-[mass leave] average phases for Join-leave-[mass join]-[mass leave]average messages forthe evaluated GKAPs the best three evaluated GKAPsJoin-leave-[mass join]-[mass leave] average messages Join-leave-[mass join]-[mass leave]average seq.for the evaluated GKAPs exponentiations for the evaluated GKAPsTable 2: Join-leave-[mass join]-[mass leave] results[ZFL05] 25
  22. 22. 3. Methods Merge-Partition average phases for the evaluated GKAPsMerge-Partition average phases for the best three Merge-Partition average seq. exponentiations for theevaluated GKAPs evaluated GKAPsMerge-Partition average messages for the evaluated Merge-Partition average seq. exponentiations for the bestGKAPs three evaluated GKAPsTable 3: Merge-Partition results[ZFL05] 26
  23. 23. 3. Methods Ten scenarios in Join-leave-[mass join]-[mass leave]- Join-leave-[mass join]-[mass leave]-merge-partition merge-split average phases for the evaluated GKAPsJoin-leave-[mass join]-[mass leave]-merge-partition Join-leave-[mass join]-[mass leave]-merge-partitionaverage messages for the evaluated GKAPs average seq. exponentiations for the evaluated GKAPsJoin-leave-[mass join]-[mass leave]-merge-partition Join-leave-[mass join]-[mass leave]-merge-partitionaverage messages for the best three evaluated GKAPs average seq. exponentiations - best three evaluated GKAPsTable 4: Join-leave-[mass join]-[mass leave]-merge-partition results[ZFL05] 27
  24. 24. 3. Methods3.3. Noacks methodThis last method presented in the third chapter concerns the performance evaluation of Group KeyAgreement Protocols for Wireless Mesh Networks, see subtitle of the terms paper. We shall onceagain point out that, the focus of our research is dedicated to this method. Now lets describe it indetail.The method represents two techniques utilising performance analysis of GKAPs. The firsttechnique is described in [AN09b], the second one is well illustrated in [AN09b]. In a word, both ofthe techniques represent theoretical models, concerning performance evaluation. Though theyrepresent different abstractions. This is very important for the better understanding of the furtherpresentation of the Noacks method. Lets proceed with the presentation of the first abstractiontechnique, or abstraction model in the Noacks method. In short, we shall call it the probabilistic, orjust theoretical model. In distinction to this model the second abstraction technique shall be calledthe grid model, please proceed with further reading.The probabilistic modelThe main goal of this abstraction model is to give an adequate approach for evaluating performanceissues on Contributory GKMPs for Wireless Mesh Networks. As we point out in the previoussections of this and the prior chapters, the Wireless Mesh Networks represent agile wirelessnetworking constructs by means of WiFi standard. The main features of these networks are onceagain to mention: self-clustering, self-healing, self-stabilising. These networks can sustain active nomatter there is a connection to the internet, or not- remember the MEA mesh implementations forthe police mobile public networks. As appropriate security protocols are designated theContributory GKMPs, or the Group Key Agreement Protocols, where the shared group key isgenerated collaboratively by all members in a very run of the GKMP. Though, there are drawbacksin this mesh networks, because the protocols run in most time over shared medium, thats whyperformance analysis is required, so the WMN can operate successfully and efficient in theirimplementations as well. Knowing this two major issues: the bottle neck problem and thesimultaneous n broadcast messages problem[AKNRT04], we should construct this abstractionmodel in an appropriate way. This means that, a well known abstraction for the security channel inthe model, assuming perfect broadcasting is allowed to be applied, could not be considered in thecase of WMN as an adequate ansatz. Perfect broadcasting could be applied to the nearestneighbours21 of a very node, though this is not a realistic approach, concerning a remote node tothis. Sending a message to all nodes in the WMN, represent further difficulties to apply perfectbroadcasting, because of the computation overhead as a spanning three of nodes should be selected,whose broadcasting radii should cover the whole WMN topology, with the implication of otheralgorithms there could be a risk of performance sink of the WMN, because further collision issueson frequency level. Subsequently, we shall point out the main criteria for performance analysis forfurther deliberations: the number of broadcast[BC] messages and the adaptability of the logicalgroup structure[AN09a]. Its obvious, if a protocol implements fewer BC messages, needed for theproper protocol run, the performance in the WMN will increase. As stated before, if the logicalstructure of the GKAP should be easily applied over the physical structure of the WMN, theperformance of the networks should also increase. In such case the matching of the neighbour nodes21 Neighbour nodes within the reach of the wireless broadcasting radius of the sending/ receiving node 28
  25. 25. 3. Methodsof the GKAP and the neighbour nodes in the WMN should be presented, which will present a cheapperfect BC. As mentioned before: GKAPs do not consider message protection on thecommunication channel, but the messages should be protected by the protocol on itself[AN09a]. Inthis way of thoughts, the same conclusions regarding perfect BC on the WMN level, should beapplied to the GKAPs. We define here two types of BC: local and full BC, the first one representsperfect BC, the second one implements message forwarding by means of hops, according to a clickin the protocol run, respectively. As the WMN represent dynamically changing, agile wirelessnetworking constructs, we should not assume a common physical structure of the network as anetalon. Concerning the communication complexity analysis of the GKAPs for WMN we shallconsider the next assumption in the probabilistic model- the logical structure of the GKAPs presentsperfect matching with the physical structure of the WMN.Now lets explain the communication complexity definitions, applied to the topic. Keeping in mindthe prior pointed out drawbacks, we shall define the following terms as [AN09a].Performance indicatorsTimeslotThe timeslot defines the time for sending a local BC of a maximum sized message( MTU),assuming an interference-free full capacity communication channel as a pre-requirement, see[AN09a].MoTNote, we allow us, to designate in short the second indicator as MoT in the current term paper. Thisabbreviation is originally not given by the author of the method.MoT( number of messages over timeslot) quantifies the expected interference of the shared mediumin the WMN. If the network interference( intensity and occurrence at all) depends on the networksload factor, an adequate weight of the interference could be represented by the number ofsimultaneously transmitted messages over a timeslot22, remember the simultaneous n BC messagesissue at [AKNRT04].Message countingThe probabilistic model proposes the following message counting as more appropriate for WMN: • 1 message is a message from a very node to its neighbour • 1 message send from a very node to a remote node is counted by #Hops#HopA #Hop represent the number of edges in the execution path of 1 Message in the graph representingthe network structure. Note, that there is the assumption in the theoretical model- the physicalstructure matches the logical structure, which is not the case in the praxis; forwarding of messagesin WMN should be abstracted in this model.Timeslot measurementAccording to the assumption for structures matching: • 1 message counts 1 timeslot22 Andreas Noack points out at [AN09a] that evaluating the estimation of the interference per collision domain should be considered as a more reasonable factor, though it shall not be utilised in this model abstraction. 29
  26. 26. 3. Methods • 1 message to remote node counts #Hops timeslots • simulations sent messages count #hops of longest pathMoT calculates number of total messages over number of timeslots and as next assumption its valueshould sustain as an average value over the completed protocol run.The method is evaluated over three GKAPs: BD I,BD II, TBKA.As in [AKNRT04], the protocols are discussed in the description paper[AN09a] with demonstrationof the logical structure of the protocol, representation of the protocols execution by means of thebasic protocol operations: initialisation, join, leave. The communication complexity is estimated bythe formula: timeslots + x*( MoT). In [AN09a] the value of x is chosen too small, x = 0.5, later theauthor of the method will self-criticise at [AN09b] and correct this with a more appropriate value of4.45. For more on the topic , please consider further reading, regarding the grid model.This value is also confirmed at [Q10].Lets illustrate the results of the probabilistic model in the following Figures:Figure 12: Burmester Desmedt I probabilistic model[AN09a] 30
  27. 27. 3. MethodsFigure 13: Burmester Desmedt II probabilistic model[AN09a] 31
  28. 28. 3. MethodsFigure 14: TBKA probabilistic model[AN09a]The presented probabilistic model points out BD II as the GKAP with the smallest number oftimeslots needed for complete protocol run, thus as an most efficient under the three evaluatedGKAPs.Lets proceed further with the presentation of the grid model, which should either support the resultsof the probabilistic abstraction, or suggest another GKAP as more efficient one.The Grid modelThe main objection of the grid model is to represent a nearly reality model of the static WMN, withthe main feature: local broadcasts should be used to construct both unicast and broadcasttransmissions[AN09b]. The full BC should be further represented as a bunch of local BCs, whilethe interference issues of the real world WMN should be considered as well. Furthermore, the gridmodel represents approach to avoid the drawbacks, or assumptions, in the theoretical model: theassumption that the perfect matching of the physical and logical structure shall be presented,because of the lack of information regarding the physical structure of the WMN; the value of theinterference impact factor could not be determined; simultaneous n messages are not limited in the 32
  29. 29. 3. Methodsprobabilistic model.The author of the model still consider the problem of the exact modelling of the of wirelessinterference under general conditions as an open issue, which is still very hard to be solved.Subsequently to this, the grid model should represent a more restricted abstraction model, than theprobabilistic one. This should lead to the estimation of absolute performance values withoutconcerning an instability factor.Andreas Noack states that, the grid model abstraction, should also consider the fact to be able toapproximate the communication performance of all kind of GKAPs. Another important feature ofthe utilisation of the grid model is the fact, it should be used as a comparison to the probabilisticmodel, as mentioned above. The three GKAPs evaluated by the theoretical model shall be observedvia the grid model too.Now lets describe the grid performance evaluation technique.As the name of the model states, a grid topology of the physical structure shall be constructed. Themain goal is to compare the different GKAPs performance evaluations under equal conditions. Theintroduced performance indicator in the probabilistic model regarding the communicationcomplexity are utilised in the grid model too, preserving their already introduced definitions.Concerning the wireless interference issues, the grid model introduces the following abstraction:simultaneous transmissions are only allowed, if such are not adjacent, in other words the wirelessranges of the simultaneous transmissions an a very click of the protocol run do not overlap[AN09b].Noack points out that this is a very important feature in the construct of the grid model, whichallows an adequate abstraction of the wireless interference. Furthermore, this fact considers theestimation of absolute results with a deterministic protocol simulation, respecting the naturalwireless interference of the GKAPs. Lets illustrate this construction in the next Figure: Figure 15: the grid model with simultaneous transmissions; and structure mapping[AN09b] 33
  30. 30. 3. MethodsIt is mathematically comprehensible, observing the grid model, that, diagonal nodes do notinterfere, and the active communication channels for a very transmission are only allowed on theaxis of this construct. Subsequently, next assumption in the grid model should be, the interferencerange should be equal to the transmission range, concerning simplicity reasons. The author of themethod points out that, an issue for further research should be, if the results from both of theabstraction models represent notable differences, it should consider finding an appropriate relationbetween the both ranges. Lets describe the performance measurement according to the grid model.This is achieved in three steps. First step is to determine the logical structure of the GKAP andsubsequently apply it successfully to the grid structure, see examples in Figure 15. The mapping ofthe both structures should be also optimised in efficient way. As TBKA does not represent a certainlogical structure, it is abstracted as a logical line structure as already implemented in theprobabilistic model. An advantage of this mapping approach is the fact, that altering the logicalstructure, for an instance as dynamically growing, should be adapted automatically to the physicalgrid as well. Furthermore, the mapping is considering random decisions in the application of thelogical protocols structure to the physical grid model. The second step represent the protocolexecution with random coins23. This consider the representing of the communication order in thereal world, also randomised. This affects the steps completion of the protocol. The third step in theperformance measurement is to summarize the results. Note that, the number of steps differ to thenumber of rounds in the protocol completion. Next grid model abstraction should be to set thenumber of steps equal to the number of used timeslots. In other words, it is assumed that eachtransmission needs the same time, which could be accepted, because of the fact that, there is nointerference and the distances between the nodes are standardised.Lets illustrate the comparison between the two abstraction models in the Noacks method, see thenext table:features Probabilistic model Grid modelPhysical structure Equal to the logical structure N x M gridStructure known yes yesRouting given yes yesTransmission range Direct neighbour Direct neighbourInterference x*(MoT) excludedMeasurement unit Timeslots( TS) Timeslots( TS)Table 5: Abstractions of the probabilistic and the grid model[AN09b]As stated above the probabilistic model has several drawbacks: the perfect matching of the physicaland logical structure, because the physical is unknown; and the unknown factor x. Lets describe indetail the factor x. It should be determined by means of the conditions of the Wireless MeshNetwork, concerning the criteria: wireless technology, network physical structure and externalinfluences. The value of x = 0.5 is considered inappropriate. We shall give a definition of two moreindicators: minimum and maximum possible execution time as: • mint  = # timeslots • maxt = # messages23 http://en.wikipedia.org/wiki/RP_%28complexity%29 34
  31. 31. 3. MethodsBy interference- free conditions, the total performance value should be equal to the number ofcomputed timeslots. In the case of maximum interference, the total performance value should beequal to the “# messages” timeslots, because of the fact that no messages should be transmittedsimultaneous under this conditions. The total performance is computed for the probabilistic modelas already stated:Total Performance = timeslots + x*( MoT), with 0 <= x <= timeslots - ( timeslots²/# messages).This is illustrated in the following distribution table: 5 nodes 20 nodes 100 nodesBD1 X=3.36 X=10.70 X=50.74BD2 X=1.88 X=4.57 X=6.88TBKA X=2.10 X=12.19 X=56.39Table 6: Maximum impact factor x( initialisation phases)[AN09b]An impact factor x=1 means that the average number of MoT is added once to the wholecompletion time, which obviously points out why the value of 0.5 is inappropriate. Note that, x=1 isquite unstable and hold only in interference-free WMN, which is practically unfeasible, so greatervalues of x are considerable. Now lets illustrate the results of the probabilistic and grid modelcomparison in the next Figure:Figure 16: Performance results of the grid vs probabilistic model comparison[AN09b] 35
  32. 32. 4. Results4. ResultsWe shall discuss in this separate chapter the results of the comparison between the two abstractiontechniques in the Noacks method: the grid model and the probabilistic model. They are illustratedas shown in Figure 16. The impact factor is corrected to 4.45 and we can observe the followingdependencies between the two different models. There is obvious a monotony in the way the valuesare increasing, regarding the protocol runs with different nodes. This states that, nevertheless theresult values are not overlapping the grid model supports the performance evaluation of theprobabilistic model. The grid model points out the TBKA protocol obviously as more efficientcompared to BD I and BD II. Though the differences in the values between TBKA and BD II couldnot be considered as always sufficient, concerning the different testing scenarios. BD I isconsiderably the performance most inefficient protocol in the tested set of GKAPs.As Noack explains in [AN09b] one of the main objections of the grid model is to be universallyapplicable for the Group Key Agreement Protocols and even extended to Authentication GKMPsetc. Tsudik et al. use security frameworks, see [AKNRT04] to stabilise the structure( tree) of theTGDH and implement it successfully in the testing environments. Concerning WMN this should bean interesting point out. The grid model is not limited in its structure, because it do not represent asymmetric grid, but a N x M grid. This designates one of the main advantages of the model, to beautomatically extendible over the logical structure of particular GKAP. The strategy to implementabstraction models, which are different in their design patterns- the one relies on probabilisticabstractions, the other is more restricted, though more deterministic, represent the Noacks methodas unique and motivational for further research. The author points out in [AN09b] some of thelimitations of the models, like the absence of unique WMN nodes evaluation; the absence ofintroduction of external interference; the grid model does not consider to express the interference inthe network via SNR24 and the abstraction of the simultaneous transmissions is not deterministic onthe point, whether such are allowed, or not, which makes it as a raw approximation. These issuesdrive the strive for future research on the topic and implementation of the method even more.24 http://en.wikipedia.org/wiki/Signal-to-noise_ratio 37
  33. 33. 5. Conclusion and future work5. Conclusion and future work "...The future applications for wireless mesh networks are limited only by our imaginations. " Dave Roos[L2]The objection to give a classification of the Group Key Agreement Protocols in the term paper isfulfilled. The classification is not designated as completed as at least new protocols shall bedeveloped and other well know shall be considered as security prone or inefficient, concerning thevast technological progress in the Wireless Mesh Networks and the related implementationstandards. Two different classifications of Group Key Management Protocols are also presented andcompared. Both of them consider the GKAPs to belong to the class of Contributory GKMPs. Thisdesignate the Group Key Agreement Protocols as best fit for implementations, concerning dynamicpeer groups and especially Wireless Mesh Networks. The GKAPs can be considered nowadays asonly security protocols presenting adequate security of WMN. Regarding the performance ofGroup Key agreement Protocols three different methods are presented. The focus of the research inthe paper is set on the Noacks method, which is the only one evaluating performance issues ofGKAPs for Wireless Mesh Networks. The methods could be considered as sufficient, still notcompleted set of approaches, concerning the performance analysis of GKAPs. As future workrelated to the Noacks method, should be proposed the following. As the author points out in[AN09b] the method could be completed as a framework, concerning the security routing,authentication and key agreement for Wireless Mesh Networks. Another possible topic for futurework could be the implementation of security frameworks for stabilising the protocol structures, asutilised in the Tsudik et al. method. Furthermore, the approach represented in the ZFL methodcould be applied to extend the evaluation results, by implementing performance analysis not onlyon separated basic operations of the GKAPs, but also on combinations of them. This should not beconsidered as weaknesses in the Noacks method, which is still in development, but representpossible extensions in the features of the Noacks performance analysis approach and perhaps give apositive contribution to it. 39
  34. 34. AppendixAppendixIn this Appendix three protocols shall be added to the probabilistic approach set of evaluatedprotocols:TGDH, STR and DGDH[SH08].As [RB03] TBKA I is represented by the TGDH protocol andTBKA II is represented by STR. This means that TGDH is already given in the [AN09a] as TBKA,which shall not be evaluated further, just represented with the proper index x=4,45.TGDH and STR implement 2 Pair Diffie Hellmann Key Exchange and a ( binary) tree graph logicalstructure. The advantages of STR in the merge/ partition operations shall not be illustrated at thispoint.The QGDH is more specific as it implements an extension of TGDH based on the utilisation of aGroup Controller Server( GCS). The GCS filters inefficient members in the protocol run deployinga Blind Key Queues( BKQ), see [SH08]. The three protocols are utilising the divide and conquermethod.Following, the Graphs of the three protocols shall be illustrated.Figure 17: TGDH binary tree logical structure [SH08] 41
  35. 35. AppendixFigure 18: STR graph logical structure [RB03]Figure 19: Queue-based group Diffie-Hellmann entity model[SH08] 42
  36. 36. AppendixFigure 20: The Blind Key queues in group controller server [SH08]In the following tables the results of the protocols evaluation by means of the probabilistic modelshall be illustrated and compared, see further.Once again, we allow us to give a short name of: ( #message/timeslot) as MoT.Lets clarify the assumptions concerning the different fields in Table 7. 43
  37. 37. Appendix Direct Distant Total Direct Distant Total Messag Message Message Message eInitialisatio n ((n-1)-1)n (n-1)n Initialisatio n (h1-1)n h1*nn nJoin (n-1)+1 n-3 2n-3 Join n-1 2n-2 3n-3Leave 0 n-3 n-3 Leave n-1 2n-2 3n-3STR - # messages QGDH - # messages Direct Distant Total Direct Distant Total Messag Message Message Message eInitialisatio 1 n-3 n-2 Initialisatio 1 2^h1-2 2^h1-1n nJoin 1 n-3 n-2 Join 2 n-1 n +1Leave 0 n-3 n-3 Leave 1 n-1 nSTR - timeslots QGDH - timeslots Direct Distant Total Direct Distant Total Messag Message Message Message eInitialisatio n (n-2)n/ (n- (n-1)n/ (n- Initialisatio n (h1-1)n/ h1*n/n 3) 2) n (2^h1-2) (2^h1-1)Join n 1 (2n-3)/ (n- Join (n-1)/ 2 2 (3n-3)/ (n+1) 2)Leave 0 1 1 Leave n-1 2 (3n-3)/ (n)STR - MoT QGDH - MoTTable 7: Communication complexity STR and QGDHCutline:h = n-1 , [STR]h1 = ld(n+1) , [QGDH]As explained above the STR and QGDH implement Two Pair Diffie Hellmann Key Exchange and abinary tree graph logical structure. We are allowed to adopt the equations from the Noacksprobabilistic method concerning the TBKA, as TBKA represents a TGDH I. The formulaconcerning the full broadcast case, represented in Table 7 by the Distant Messages is as known: 2 h−2 . As stated in the cutline the height of the tree is n-1, concerning the STR with O( n)modular exponentiation, and ld(n+1), concerning the QGDH with O( ld( n+1))[H08] modularexponentiation. Substituting them in the Distant Messages formula, we gain the results asrepresented in Table 7, see above. We would like to respect the implementation of the QGDH,concerning the iterations in the group controller server and adopt the values for the join and leave 44
  38. 38. Appendixoperations from [H08]. As there is no information regarding the initialisation phase in [H08] weproceed with the standard method represented in the Noacks probabilistic model applied to TBKAand STR.The exact communication complexity results are given in the next Table 8. 5 10 20 50 100 5 10 20 50 100 Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes s sInitialisatio 20 90 420 2450 9900 Initialisatio 15 40 100 300 700n nJoin 7 17 37 97 197 Join 12 27 57 147 297Leave 2 7 17 47 97 Leave 12 27 57 147 297STR - # messages QGDH - # messages 5 10 20 50 100 5 10 20 50 100 Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes s sInitialisatio 3 8 18 48 98 Initialisatio 2 3 4 5 6n nJoin 3 8 18 48 98 Join 6 11 21 51 101Leave 2 7 17 47 97 Leave 5 10 20 50 100STR - timeslots QGDH - timeslots 5 10 20 50 100 5 10 20 50 100 Nodes Nodes Nodes Nodes Nodes Nodes Node Node Nodes Nodes s sInitialisatio 7 12 24 52 102 Initialisatio 8 14 25 60 117n nJoin 3 3 2 2 2 Join 2 3 3 3 3Leave 1 1 1 1 1 Leave 3 3 3 3 3STR - MoT QGDH - MoTTable 8: GKAPs adoption to Mesh NetworksTable 8 represents the implementation of the equations defines in Table 7, concerning the cases: 5nodes, 10 nodes, …, and 100 nodes. A graphical representation of these results is given in Figure21, Figure 22,Figure 23, which illustrate the initialisation, join and leave singular operations,respectively. 45
  39. 39. Appendix 600 500 400 BD I BD II 300 TBKA I[TGDH] 200 TBKA II[STR] QGDH 100 0 5 Nodes 10 nodes 20 Nodes 50 Nodes 100 NodesFigure 21: Initialisation Performance - timeslots + x* MoT, x = 4,45 140 120 100 BD I 80 BD II 60 TBKA I[TGDH] TBKA II[STR] 40 QGDH 20 0 5 Nodes 10 Nodes 20 Nodes 50 Nodes 100 NodesFigure 22: Join Performance - timeslots + x* MoT, x = 4,45 160 140 120 100 BD I BD II 80 TBKA I[TGDH] 60 TBKA II[STR] 40 QGDH 20 0 5 Nodes 10 Nodes 20 Nodes 50 Nodes 100 NodesFigure 23: Leave Performance - timeslots + x* MoT, x = 4,45 46
  40. 40. BibliographyBibliographyList of Links L1 CERIAS Security Seminar Video - Provable security in mobile ad hoc networks Mike Burmester, 2006 http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details.php? uid=49608-y3xDO24uE3W4-7698-bq0h6IRT79tE7qcj L2 How Wireless Mesh Networks Work Dave Roos, http://communication.howstuffworks.com/how-wireless-mesh-networks- work.htm/printable L3 Wireless Mesh Networks under FreeBSD Rui Paulo, AsiaBSDCon 2010 http://www.youtube.com/watch?v=ZL30z1uI-JI L4 MeshDynamics Mobile Mesh Networking (P3M) Animation http://www.youtube.com/watch?v=l1prct6Xxzw L5 How WiMAX Works Marshall Brain, Ed Grabianowski http://www.howstuffworks.com/wimax.htm/printableTable 9: List of linksReference listMO05: Motorola, Comparison of Motorola Mesh , 2005 http://www.motorola.com/governmentandenterprise/contentdir/he_IL/Files /SolutionInformation/ComparisonMeshNetworksEnabledArchitecture_WP.pdfBOT06: Bob Briscoe, Andrew Odlyzko, Benjamin Tilly, Metcalfes Law is Wrong , 2006 http://spectrum.ieee.org/computing/networks/metcalfes-law-is-wrongMOST97: Raul Monroy and Graham Steel, Faulty Group Protocols , 1997 http://homepages.inf.ed.ac.uk/gsteel/group-protocol-corpus/survey.pdfAN09a: Andreas Noack, Group Key Agreement for Wireless Mesh Networks , 2009 http://www.nds.ruhr-uni-bochum.de/chair/people/noack/RLKY04: Kui Ren, Hyunrok Lee, Kwangjo Kim, Taewhan Yoo, Efficient Authenticated KeyAgreement Protocol for Dynamic Groups , 2004 http://dasan.sejong.ac.kr/~wisa04/ppt/4A1.pptAB07: Sanjeev Arora, Boaz Barak, Computational Complexity: A Modern Approach,Chapter 12: Communication Compexity , 2007 http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.103.4782&rep=rep1&type=pdf 47
  41. 41. BibliographySRSP10: Mrs. Sugandha Singh, Dr. Navin Rajpal, Dr. Ashok Kale Sharma and Mrs. Ritu Pahwa, Policy based Decentralized Group key Security for Mobile Ad-hoc Networks , 2010 www.ijcsi.org/papers/7-3-10-44-49.pdfCS05: Yacine Challal , Hamida Seba , Group Key Management Protocols: A NovelTaxonomy , 2005 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.1953ZFL05: Shanyu Zheng and Jim Alves-Foss, Stephen S. Lee, Performance of group keyagreement protocols over multiple operations , 2005 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.9641AKNRT04: Yair Amir, Yongdae Kim, Cristina Nita-Rotaru, Gene Tsudik, On theperformance of group key agreement protocols , 2004 www.cnds.jhu.edu/pub/papers/perf.pdfH08: Sunghyuck Hong, Queue-based Group Key Agreement Protocol , 2008 ijns.femto.com.tw/contents/ijns-v9-n2/ijns-2009-v9-n2-p135-142.pdfAN09b: Andreas Noack, Jörg Schwenk, Group Key Agreement Performance in Wireless MeshNetworks , 2009 http://www.nds.ruhr-uni-bochum.de/chair/people/noack/Q10: Alexander Queisser, Group Key Agreement in Wireless Mesh Networks, Practicalimplementation of Burmester Desmedt II , 2010 http://www.nds.ruhr-uni-bochum.de/chair/people/noack/SH08: Sunghyuck Hong, Queue-based Group Key Agreement Protocol , 2008 http://ijns.femto.com.tw/contents/ijns-v9-n2/ijns-2009-v9-n2-p135-142.pdfRB03: Raghav Bhaskar, Group Key Agreement in Ad hoc Networks , 2003 http://hal.inria.fr/docs/00/07/17/54/PDF/RR-4832.pdf 48

×