Hierarchical agent-based secure and reliable
multicast in wireless mesh networks
Yinan LI, Ing-Ray Chen
Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung
Introduction to Wireless Mesh Networks
● Wireless Mesh Networks (WMN) is a cost
effective “last mile” tech generally
consisting of
o
o
o
wireless mesh routers (MR), these form the
backbone of the network
mesh clients (MC)
gateways for Internet connectivity
Intro (cont)
Group communication in WMNs have a
problem of supporting secure and reliable
mobile multicast
The paper proposes an efficient algorithm
called hierarchical agent-based secure and
reliable multicast (HASRM) in order to mitigate
this
HASRM requirements
● Only authenticated users interface with the
multicast group
● Provide forward and backward secrecy
● Must guarantee delivery of packets
● Must support mobile multicast even when
they move and change locations / different
(MR) areas
Integrated mobility, and multicast service
management
● The system was designed because:
o
o
o
User mobility can have a significant impact on
multicast service management
Performance optimization around egocentric
multicast service management may lead to
excessive overhead when users are mobile.
Minimizing network cost has significant fringe
benefits in regards to the rest of the system
HASRM Organization
● Multicast Agents (MA)
an MA is also mesh routers (MR)
responsible for rekeying and group membership
management
o registers integrated mobility and multicast server
management capabilities across other MAs
o dynamically determines optimal regional service
size in order to reduce over network cost
o
o
SPN modeling
● SPN is used here to analyze performance
Focuses on the key parameters in HASRM
Under optimal settings outperforms traditional
shortest-path multicast algorithms
o Also used to model previous work in order to
compare results
 Including SeGrOM (Secure Group Overlay
Multicast), and the paper which this work is
extended from
o
o
Assumptions and design goals
● A multicast group member may join or
leave a group at arbitrary times.
● Group members join and leave events can
be modeled by a Poisson process with rates
of 𝝀 and 𝞵, respectively.
● There is a p probability of packet loss
o
It assures packet transmission through a NAK-based
retransmission scheme
HASRM structure
●
Two-levels
o Upper level is a backbone multicast tree connecting mesh routers that serve as agents
 Tree is updated whenever there is a leave or join event
 Tree maintains a list of all routers serving as agents
 An agent services a particular multicast group
o The lower level / local multicast group and its associated MA
 A single MA may contain several MRs
 The regional service size is a key parameter with a tradeoff of packet delivery cost
and managerial cost
 The optimal regional service can be modeled with the optimal threshold of the
number of hops a member can be away from its MA
● Referenced Hoptimal
● Non-optimal threshold is referenced by H
Secure Key Management
● Members and MAs share a secret key Ku
o
o
Established through Diffie-Hellman
Changed when transitioning to a new MA
MA Join
● Steps when a MA joins the backbone
Old group key, Kg is discard
New key, K’g is generated by hashing the original
key. (i.e.) K’g = h(Kg)
o Source sends K’g to the newly joined using public
key encryption
o
o
MA Leave
● Steps when an MA leaves the backbone
o
o
Kg needs to be updated by using the key tree
approach
Distributes key through PKI to all MAs excluding the
one leaving via rekey messages
Reliable multicast data delivery
● Straight Forward Procedure
source encrypts the packet using Kg
disseminates the encrypted packet to the
subgroups MA through the tree
o Each MA decrypts the packet using KG
o MA re-encrypts packet with Ku, sends to each group
member
o Member decrypts using Ku
o
o
Packet Loss
●
●
When loss is detected from a member
o negative acknowledgement (NAK)
is sent to MA
o MA sends the missing packet to
member
o After a period of time MA discards
packets
When loss is detected from backbone
(via seq num) two options are available
o Source multicasts the packet to all
MAs
o Source sends packet to all MAs who
exhibit the loss
Packet Loss (cont)
● Local (Lower) layer uses unicast because
o
o
o
Using multicast in a wireless environment can be
very costly in a multicast scenario
Eliminates the need for multicast tree maintenance
at lower levels
In contrast to using multicast, error correction
requires significantly less overhead when dealing
with many members
Dynamic group membership management(1/5)
Member join
*MC selects a serving MR
*MC -MR communication:
Dynamic group membership management(2/5)
Member join:
MC executes
DH protocol &
generates
a new Ku
Dynamic group membership management(3/5)
Member Leave
Leave Request
Leave
Acknowledgement
MA:
● forwards the leave to the source
● removes itself from the backbone if no other client is serviced
The source:
● updates the backbone multicast tree
● sends MA the acknowledgement
Dynamic group membership management(4/5)
Dynamic group membership management(5/5)
Mobility Management
NEW MR not MA,
● but member of the OLD MA region
=>member reports a location update
● not member of the OLD MA serving region=> NEW MR sends join request
to backbone multicast tree => become an MA
IF NEW MR is MA =>member switches & starts receiving multicast packages
● MC executes DH protocol and generates a new Ku
Performance Model(1/3)
Mobility Rate (σ)
2dim n x n wireless mesh w/wrap around
The average unicast path length
Markov Chain Model M/M/∞/M
(1)
P - probability of not
0
servicing any member
P1- probability that MR services one member
Performance Model (2/3)
H is the distance threshold
avg #MRs covered = 2H2 -2H+1
2: For any MR and MA
3: 0
Probability MA services exactly one member
4: K multicast scaling factor
5: Leaves on the multicast tree (MAs)
Performance Model (3/3)
6: #MRs on the tree
7: Probability that a multicast data packet is delivered
to a member H hops away
8: Expected number of retransmissions to a member H
hops away
9: Expected hop distance (average length of paths from
south to MA)
10: Probability that a multicast packet is successfully
transmitted from source to an MA L hops away
11: Expected number of retransmissions to disseminate
a packet to an MA
Markov Chain
SPN Model for HASRM
● SPN for describing a single group member
o Token = a location change
o Move = the event of member movement
o if NEW MR is:
MA => transition probability P1 =1-PMA
just
MR => 1.transition probability P = P
2
MA
2.the member reports its new location to its
MA(trans. MC2MA)
3. MR becomes MA => Reset
o After each MC2MA, a token is placed into Hops
o When mark(Hops)=H => transition Join is fried. Firing “Join”
resets hops from MA to zero
SPN Model
*mark(P) : number of tokens in place P
Costs
Cost := total #hops
C s = CS 1 + CS 2
CS1 : initial multicast and retransmissions to all
MAs
CS2 : Weighted cost for retransmissions from MA
to a group member
Cm : Cost of mobility management
(15) Cost for security management when leaving
or joining a tree
(16) Cost for a member to create a new key
(17): Cost per leave event
(18): Total cost of all operations
●
●
Performance Evaluation
Service to Mobility Ratio
● SMR = λp / σ
● The average number of the multicast data
packets transmitted from the source to a
group member during the interval between
two serving MR changes of the group
number.
● It captures the service and mobility
characteristics of group members.
Multicast group size and network size
γ = M / n2
γ: Member Population Density
HASRM Can Adapt to Changes in γ
p, the Loss Probability of Wireless Link
HASRM vs. HASRM-S (S: Static)
*Let H = 4 for HASRM-S
HASRM vs. HASRM-S (cont.)
Comparison: HARSM vs. SPT
● Comparison of HASRM and traditional
multicast algorithms based on
shortest-path tree (SPT)
● the moderate γ
● The total communication
cost is per member per time
unit metric
HARSM vs. SPT (cont.)
● When p is high,
SPT performs poorly.
Comparison: HASRM vs. SeGrOM
● Secure Group Overlay Multicast
● hierarchical decentralized multicast Algorithm
● SeGrOM Selects a coordinator for each
subgroup of group members connected to the
same MR.
● Coordinators are similar to MAs.
● The service area of a coordinator is exactly
the coverage area of an MR.
HASRM vs. SeGrOM (cont.)
● The total communication
cost is per member per time
unit metric
HASRM vs. SeGrOM (cont.)
● When SMR is small
(i.e., the mobility rate is high),
the figure shows that
HASRM copes well with
high group member
mobility.
Conclusion
● HASRM minimizes the overall
communication cost.
● Dynamically maintains MAs.
● Dynamically determines optimal regional
service size HOptimal.