Cross Layer Design of Security Scheme for Cooperative MIMO Sensor Networks Wei Chen, McKenzie McNeal, Liang Hong College of Engineering, Technology, and Computer Science Tennessee State University, USA IEEE International Conference on Wireless Information Technology and Systems , 2010 ICWITS 2010 Outline Introduction to Virtual MIMO Technology Cooperative communication schemes Virtual MIMO networks and cooperative relay Research Objectives Cross-Layered Design of Security Scheme Cryptography based security routing protocol at network layer Compromised node detection at physical layer Data recovery and network recovery Preliminary Performance Analysis Summery and Future Work Introduction to Virtual MIMO technology MIMO (Multi-Input Multi-Output) Technology Without using extra energy and channel, a MIMO transceiver can be used to Extend communication range or reducing error rate (diversity gain) Provide higher data rate (multiplexing gain) MIMO transceiver T×1 R×1 T×2 R×2 T×M R×M Wireless MIMO network diversity gain multiplexing gain However, it is unrealistic to equip multiple antennas to small and inexpensive wireless devices (e.g., crossbow sensor nodes). Introduction to Virtual MIMO technology – Cooperative Communication schemes Cooperative transmission and reception Distributed individual single-antenna nodes cooperating on data transmission and reception as a multi-antenna MIMO node Different types of cooperative MIMO links The ith node’antenna acts like the ith antenna MISO Link MIMO Link The jth node’s antenna acts like the jth antenna SIMO Link SISO Link Introduction to Virtual MIMO technology – Virtual MIMO Networks and Cooperative Relay Virtual MIMO nodes & relay backbone Cooperative MIMO links 3×2 MIMO link virtual MIMO node relay backbone Multi-MISO based cooperative data relay three 4×1 MISO links d three 4×1 MISO links B A B C D First hop Other hops Step 1 (Local transmission at A): Each node i (1≤i≤m) in A broadcasts information I i to all the other local nodes using different timeslots. Step 2 (long-haul transmission between A and B): Each node i in A acts as the ith antenna encoding the information sequence I I1, I 2 ,...I m using the MISO code system. All m nodes in A broadcast encoded sequence to the nodes in B at the same time. Each node in B receives m encoded sequences, and then decodes them back to I according to the MISO code system. Research Objectives – Previous Research Works Cryptographic based security schemes Securing communication and routing between healthy nodes, but doing nothing to compromised nodes MIMO technology based data assurance schemes Li et al & Kim et al [5,6]: Exploit signal randomization and channel diversity in physical layer to effectively randomize the eavesdropper’s signals but not the authorized receiver’s signals (Wen et al [7]): Add artificial noise (known by the authorized receiver and generated by the keys in network layer) to transmission process in physical layer. The schemes need extra MIMO antennas to achieve the data assurance, which largely reduces the MIMO advantage. Research Objectives This Research Combining the cryptographic technique in network layer with data assurance analysis at physical layer to provide: 1. Efficient key management system to secure communication and routing in network layer 2. MIMO-aid compromised node detection at physical layer 3. Data recovering and network recovering Security Protocol at Network Layer – Shared key cryptography for cooperative communication/routing A L-key(A,B) C-key(A) B C-key(B) Type of Keys (1) Each cluster: each node has a cluster key C-key(A) for local transmission (2) Each link AB: each node in A and B has a key L-key(A,B) for longhaul transmission between A and B Secured cooperative relay: Step 1 (Local transmission at A): Each node i (1≤i≤m) in A encrypts its information I i with C-key(A), and broadcasts it to other local nodes using different timeslots. Each node uses C-key(A) to decrypt the received m information back to I I1 , I 2 ,...I m . Step 2 (long-hul transmission between A and B): Each node i in A encrypts sequence I with key L-key(A,B), and it acts as ith antenna encoding the encrypted I using the MISO encode system. Then, all m nodes in A broadcast the encrypted and encoded I to the nodes in B at the same time. When a nodes in B receives m copies of the information, it decrypts them with L-key(A,B), and then decode them back to I according to the MISO decode system. Security Protocol at Network Layer – Key Establishment Pre-distributed key: (1) Each node u has a pre-distributed key, pre-key(b,u), shared with base station b. (2) Base station b has all keys, pre-key(b,u), for all nodes u in the network. Base station b Key Establishment Algorithm: Step 1. each head node u of cluster A sends a key request to base station b: {(u.id, b.id), encrypted (u.id, b.id, u.member-list , u.neighbor-list)} using pre-key(u,b). Step 2. b decrypts the key request using pre-key(u,b) from all head nodes u. Step 3. b generates a cluster key C-key(A) for each cluster A and a link key L-key(A,B) for each link AB of the relay backbone and disseminates the keys as follows: • for each cluster A, b sends each node p of A a cluster key response: {(b.id, p.id), encrypted (b.id, p.id, C-key(A))} using pre-key(p,b). • for each link AB in the relay backbone, b sends each node p in A a link key response: {(b.id, p.id), encrypted (b.id, p.id, Lkey(A,B))} using pre-key(p,b); and each node q in B a link key response {(b.id, q.id), encrypted (b.id, q.id, L-key(A,B))} using pre-key(q,b). Step 4. Each node p decrypts the received message and get the C-key and L-keys pre-key(u,b) for all nodes u Key request from u: (u.id, b.id) with Key response to each node p: (p.id, b.id) encrypted (u.id, b.id, u.member-list , with encrypted (p.id, b.id, C-key(A), u.neighbor-list) using pre-key(u,b) L-key(A,B),L-key(A,C),L-Key(A,D)) using pre-key(p,b) B A: head: u Pre-key(u,b) Member-list: p,q,r,s Neighbor-list: B,C,D C D Compromised Node Detection at Transmission/Physical Layer A s s1s2 ,...,smr s s1s2 ,...,smr B y1 h y2 s s1s2 ,...,smr y3 Detection Algorithm at head node h Step 1: Each node of B sends the received signal stream to h. In other words, h receives streams y ( y1 , y2 ,..., ymr ) . Step 2: H estimates the transmitted signal stream by using Inverse Channel Detector: sˆ H -1 y s H 1, whereH is thechannelmatrixand is thewhiteGaussian noise Step 3: If the ith element in vector sˆ is different from others, then the ith node x in A is the compromised node. Network Recovering Network Recovering Algorithm Step1. Recovering the data in B (1) h broadcasts a data discard request: (h.id) with encrypted (h.id, x.id) using C-key(A) (2) Each node in cluster B set zero to the column in channel matrix H to eliminate the use of the data from x Step 2: h sends a detection report to b: (h.id,b.id) with encrypted (h.id, b.id, x.id) using pre-key(h,b) Step 3: b sends new C-key(A) to each node p in A except x: (p.id,b.id) with encrypted (p.id, b.id, C-key(A)) with pre-key(p,b) Step 4: b send new L-key(A,B) to each node p in A and B except x (p.id,b.id) with encrypted (p.id, b.id, L-key(A,B)) with pre-key(p,b) Base station b Detection report new L-Key(A,B) to each nodefrom p inh: A and B other than x: (h.id, b.id)towith (p.id, b.id) with new C-Key(A) each node p in A other than x: encrypted (h.id, b.id, x.id) using pre-key(h,b) encrypted (p.id, b.id, L-key(A,B)) using pre-key(p,b) (p.id, b.id) with encrypted (p.id, b.id, C-key(A)) using pre-key(p,b) C B Compromised A h detector x D Preliminary Performance Analysis – Node Detection and Data Recovery Simulation 4 cooperative transmission nodes and 4 cooperative reception nodes Channel: block Rayleigh fading channel Modulation: binary phase shift keying (BPSK) Transmission data: 100 symbols Scenarios: (1) no compromised node (2) one compromised • with no detection • knowing it without detection • with detection Preliminary Performance Analysis – Key Management Scale of the key management system Types of C-keys number of the clusters Types of L-keys size of backbone tree Number of keys at each node 1 pre-key, 1 C-key, r L-key where r is the number of neighboring clusters in the backbone Number of keys at base station n pre-key, where n is the number of nodes Summery and Future work Summery A cross-layer security scheme is designed for virtual MIMO networks. It contains: • cryptography based secured communication and routing protocol at network layer. • compromised node detection at physical layer • data and network recovery Future Work Generalize the detection approach to deal with the following cases: Channel matrix H is not square, i.e., the number of cooperative nodes at transmission side is different from that at the reception sides More than one compromised node Comprehensive performance evaluation combining the network layer