Lecture 5-2

advertisement
Cross Layer Design of Security Scheme
for Cooperative MIMO Sensor Networks
Wei Chen, McKenzie McNeal, Liang Hong
College of Engineering, Technology, and Computer Science
Tennessee State University, USA
IEEE International Conference on Wireless Information Technology and Systems , 2010
ICWITS 2010
Outline





Introduction to Virtual MIMO Technology
 Cooperative communication schemes
 Virtual MIMO networks and cooperative relay
Research Objectives
Cross-Layered Design of Security Scheme
 Cryptography based security routing protocol at network layer
 Compromised node detection at physical layer
 Data recovery and network recovery
Preliminary Performance Analysis
Summery and Future Work
Introduction to Virtual MIMO technology
MIMO (Multi-Input Multi-Output) Technology
Without using extra energy and channel, a MIMO transceiver can be used to
 Extend communication range or reducing error rate (diversity gain)
 Provide higher data rate (multiplexing gain)
MIMO transceiver
T×1
R×1
T×2
R×2
T×M
R×M
Wireless MIMO network
diversity gain
multiplexing gain
However, it is unrealistic to equip multiple antennas to small and
inexpensive wireless devices (e.g., crossbow sensor nodes).
Introduction to Virtual MIMO technology
– Cooperative Communication schemes
Cooperative transmission and reception
Distributed individual single-antenna nodes cooperating on
data transmission and reception as a multi-antenna MIMO node
Different types of cooperative MIMO links
The ith node’antenna
acts like the ith antenna
MISO Link
MIMO Link
The jth node’s antenna acts
like the jth antenna
SIMO Link
SISO Link
Introduction to Virtual MIMO technology
– Virtual MIMO Networks and Cooperative Relay
Virtual MIMO nodes & relay backbone
Cooperative MIMO links
3×2 MIMO link
virtual
MIMO node
relay
backbone
Multi-MISO based cooperative data relay
three 4×1 MISO links
d
three 4×1 MISO links
B
A
B
C
D
First hop
Other hops
Step 1 (Local transmission at A): Each node i (1≤i≤m) in A broadcasts information I i to all
the other local nodes using different timeslots.
Step 2 (long-haul transmission between A and B): Each node i in A acts as the ith antenna
encoding the information sequence I  I1, I 2 ,...I m using the MISO code system. All m nodes in A
broadcast encoded sequence to the nodes in B at the same time. Each node in B receives m
encoded sequences, and then decodes them back to I according to the MISO code system.
Research Objectives
– Previous Research Works
Cryptographic based security schemes
Securing communication and routing between healthy nodes,
but doing nothing to compromised nodes
MIMO technology based data assurance schemes


Li et al & Kim et al [5,6]: Exploit signal randomization and channel
diversity in physical layer to effectively randomize the eavesdropper’s
signals but not the authorized receiver’s signals
(Wen et al [7]): Add artificial noise (known by the authorized receiver
and generated by the keys in network layer) to transmission process in
physical layer.
The schemes need extra MIMO antennas to achieve the data
assurance, which largely reduces the MIMO advantage.
Research Objectives
This Research
Combining the cryptographic technique in network layer with
data assurance analysis at physical layer to provide:
1. Efficient key management system to secure communication
and routing in network layer
2. MIMO-aid compromised node detection at physical layer
3. Data recovering and network recovering
Security Protocol at Network Layer
– Shared key cryptography for cooperative communication/routing
A
L-key(A,B)
C-key(A)
B
C-key(B)
Type of Keys
(1) Each cluster: each node has a
cluster key C-key(A) for local
transmission
(2) Each link AB: each node in A
and B has a key L-key(A,B) for longhaul transmission between A and B
Secured cooperative relay:
Step 1 (Local transmission at A): Each node i (1≤i≤m) in A encrypts its information I i
with C-key(A), and broadcasts it to other local nodes using different timeslots. Each
node uses C-key(A) to decrypt the received m information back to I  I1 , I 2 ,...I m .
Step 2 (long-hul transmission between A and B): Each node i in A encrypts sequence I
with key L-key(A,B), and it acts as ith antenna encoding the encrypted I using the
MISO encode system. Then, all m nodes in A broadcast the encrypted and encoded I to
the nodes in B at the same time. When a nodes in B receives m copies of the
information, it decrypts them with L-key(A,B), and then decode them back to I
according to the MISO decode system.
Security Protocol at Network Layer
– Key Establishment
Pre-distributed key:
(1) Each node u has a pre-distributed key, pre-key(b,u), shared with base station b.
(2) Base station b has all keys, pre-key(b,u), for all nodes u in the network.
Base station b
Key Establishment Algorithm:
Step 1. each head node u of cluster A sends a key request to base
station b: {(u.id, b.id), encrypted (u.id, b.id, u.member-list ,
u.neighbor-list)} using pre-key(u,b).
Step 2. b decrypts the key request using pre-key(u,b) from all head
nodes u.
Step 3. b generates a cluster key C-key(A) for each cluster A and a
link key L-key(A,B) for each link AB of the relay backbone and
disseminates the keys as follows:
•
for each cluster A, b sends each node p of A a cluster key
response: {(b.id, p.id), encrypted (b.id, p.id, C-key(A))} using
pre-key(p,b).
•
for each link AB in the relay backbone, b sends each node p in
A a link key response: {(b.id, p.id), encrypted (b.id, p.id, Lkey(A,B))} using pre-key(p,b); and each node q in B a link key
response {(b.id, q.id), encrypted (b.id, q.id, L-key(A,B))} using
pre-key(q,b).
Step 4. Each node p decrypts the received message and get the C-key
and L-keys
pre-key(u,b) for all nodes u
Key request from u: (u.id, b.id) with
Key response to each node p: (p.id, b.id)
encrypted (u.id, b.id, u.member-list ,
with encrypted (p.id, b.id, C-key(A),
u.neighbor-list) using pre-key(u,b)
L-key(A,B),L-key(A,C),L-Key(A,D))
using pre-key(p,b)
B
A:
head: u
Pre-key(u,b)
Member-list: p,q,r,s
Neighbor-list: B,C,D
C
D
Compromised Node Detection
at Transmission/Physical Layer
A
s  s1s2 ,...,smr
s  s1s2 ,...,smr
B
y1
h
y2
s  s1s2 ,...,smr
y3
Detection Algorithm at head node h
Step 1: Each node of B sends the received signal stream to h. In other words, h
receives streams y  ( y1 , y2 ,..., ymr ) .
Step 2: H estimates the transmitted signal stream by using Inverse Channel Detector:
sˆ  H -1 y  s  H 1, whereH is thechannelmatrixand is thewhiteGaussian noise
Step 3: If the ith element in vector sˆ is different from others, then the ith node x
in A is the compromised node.
Network Recovering
Network Recovering Algorithm
Step1. Recovering the data in B
(1) h broadcasts a data discard request:
(h.id) with
encrypted (h.id, x.id) using C-key(A)
(2) Each node in cluster B set zero to the column in
channel matrix H to eliminate the use of the data
from x
Step 2: h sends a detection report to b:
(h.id,b.id) with
encrypted (h.id, b.id, x.id) using pre-key(h,b)
Step 3: b sends new C-key(A) to each node p in A
except x:
(p.id,b.id) with
encrypted (p.id, b.id, C-key(A)) with pre-key(p,b)
Step 4: b send new L-key(A,B) to each node p in A
and B except x
(p.id,b.id) with
encrypted (p.id, b.id, L-key(A,B)) with pre-key(p,b)
Base station b
Detection
report
new L-Key(A,B)
to each
nodefrom
p inh:
A and B other than x:
(h.id, b.id)towith
(p.id, b.id)
with
new C-Key(A)
each node p in A other than x:
encrypted
(h.id,
b.id, x.id)
using
pre-key(h,b)
encrypted
(p.id,
b.id,
L-key(A,B))
using
pre-key(p,b)
(p.id, b.id) with
encrypted (p.id, b.id, C-key(A)) using pre-key(p,b)
C
B
Compromised
A
h
detector
x
D
Preliminary Performance Analysis
– Node Detection and Data Recovery
Simulation
 4 cooperative transmission
nodes and 4 cooperative reception
nodes
 Channel: block Rayleigh fading
channel
 Modulation: binary phase shift
keying (BPSK)
Transmission data: 100 symbols
 Scenarios:
(1) no compromised node
(2) one compromised
• with no detection
• knowing it without
detection
• with detection
Preliminary Performance Analysis
– Key Management
Scale of the key management system
Types of C-keys
number of the clusters
 Types of L-keys
size of backbone tree
 Number of keys at each node
1 pre-key, 1 C-key, r L-key
where r is the number of neighboring clusters in the backbone
 Number of keys at base station
n pre-key, where n is the number of nodes
Summery and Future work
Summery
A cross-layer security scheme is designed for virtual MIMO networks.
It contains:
• cryptography based secured communication and routing protocol at
network layer.
• compromised node detection at physical layer
• data and network recovery
Future Work
 Generalize the detection approach to deal with the following cases:
 Channel matrix H is not square, i.e., the number of cooperative nodes
at transmission side is different from that at the reception sides
 More than one compromised node
 Comprehensive performance evaluation combining the network layer
Download