分散式感測網路上前置密匙之研究

行政院國家科學委員會專題研究計畫 成果報告

分散式感測網路上前置密匙之研究 研究成果報告(精簡版)

計 畫 類 別 ： 個別型

計 畫 編 號 ： NSC 94-2213-E-011-059-

執 行 期 間 ： 94 年 08 月 01 日至 95 年 10 月 31 日 執 行 單 位 ： 國立臺灣科技大學電子工程系

計 畫 主 持 人 ： 陳郁堂

計畫參與人員： 碩士班研究生-兼任助理：林忠志、周明文、王聖志、劉宜學

報 告 附 件 ： 出席國際會議研究心得報告及發表論文

處 理 方 式 ： 本計畫涉及專利或其他智慧財產權，1 年後可公開查詢

中 華 民 國 95 年 12 月 30 日

行政院國家科學委員會補助專題研究計畫成果報告

※※※※※※※※※※※※※※※※※※※※※※※※※※

※ 分散式感測網路上前置密匙之研究 ※

※ The Study of Key Pre-distribution ※

※ for Wireless Sensor Networks ※

※※※※※※※※※※※※※※※※※※※※※※※※※※

計畫類別：■個別型計畫 □整合型計畫 計畫編號：NSC 94－2213－E011－059

執行期間： 94 年 8 月 1 日至 95 年 10 月 30 日 計畫主持人：陳郁堂

本成果報告包括以下應繳交之附件：

■赴國外出差或研習心得報告一份

□赴大陸地區出差或研習心得報告一份

□出席國際學術會議心得報告及發表之論文各一份

□國際合作研究計畫國外研究報告書一份

執行單位：台灣科技大學電子系

中 華 民 國 95 年 12 月 29 日

1

行政院國家科學委員會專題研究計畫成果報告

分散式感測網路上前置密匙之研究

The Study of Key Pre-distribution for Wireless Sensor Networks

計畫編號：NSC 94－2213－E011－059

執行期限：94 年 8 月 1 日至 95 年 10 月 30 日 主持人：陳郁堂 台灣科技大學電子系

計畫參與人員：林忠志 王聖志 台灣科技大學電子系 周明文 劉宜學 台灣科技大學電子系

一、中文摘要

在 分 散 式 感 測 網 路 (Distributed Sensor Networks) 中，受限於資源限制，金鑰管理(key management) 變成一個重要的新課題。礙於有限電源供應及儲存 裝置，公開金鑰加密或置入所有的密鑰對，並不適 用 於 感 測 網 路 。 最 近 ， 隨 機 式 前 置 金 鑰 分 配 (probabilistic key pre-distribution)被認為是可行的方 式，感測器從一個極大的密鑰池(key pool)內，隨機 選出部份密鑰做為其金鑰環(key ring)，當佈署於環 境的同時，藉由部份的密鑰與鄰近的節點做安全性 溝通。當感測網路遭受攻擊時，不安全的密鑰必須 移除。我們藉由數學分析及實驗分析，發現在 5%

的節點遭受攻擊後，分散式感測網路的安全機置已 經失去效用。然而以往隨機式前置金鑰分配的相關 研究，無法針對此問題提供有效解決方案。本計畫 將 發 展 一 個 蛇 型 前 置 密 鑰 演 算 法 (snake key pre-distribution)，有效的來解決這個問題。感測器 從一個二維的密鑰表(two-dimensional key table)，以 蛇型方式選出部份密鑰，藉由密鑰在二維空間的相 依性，我們能正確且快速的對系統所發出的新密鑰 進行解密。即使密鑰池的數量級達到數萬，我們仍

可控制感測器解密的複雜度在O(1); 我們並利用

感測器散佈的相關資訊，降低儲存裝置需求。為驗 證蛇型前置密鑰演算法的效能，我們藉由數學分析 並利用電腦模擬進行測試

關鍵詞：分散式感測網路

Abstract

Key management is a challenge issue in Distributed Sensor Networks (DSN) due to ad hoc nature and resource limitations. Many existing encryption schemes such as public-key cryptography are not suitable for resource-limited sensor networks.

Recently, the probabilistic key pre-distribution scheme provides an option to address this issue. However, key recovery has not been supported. Based on our observation, probabilistic key pre-distribution scheme cannot operate normally even when 5% of sensors are compromised. In this project, we propose a novel snake key pre-distribution scheme with key recovery capability. First, we spread a huge key pool on a two-dimensional key table. Each key in the key table

preserves relative information for key encrypting keys (KEKs). When a key is compromised, we can use a suitable KEK in the key table to encrypt a new-generated key message. Furthermore, we take advantage of deployment locality in key pre-distribution to further increase local connectivity ratio. Sensors located in the close region select keys from a subset of the key table. To evaluate the performance of the proposed snake key pre-distribution scheme, we conduct intensive computer simulations, and the results of simulation are presented.

Key Words—key management, encryption, sensor networks

二、緣由與目的

Recent advances in wireless communications and electronics have enabled the development of low-cost, low-power, multifunctional sensor nodes that are small in size and communicate un-tethered in short distances. These tiny sensor nodes, which consist of sensing, data processing, and communicating components, leverage the idea of sensor networks. In typical application scenarios, sensor nodes are spread randomly over the deployment region. Each of these sensor nodes has the capabilities to collect data and route data back to the base station, which is connected to an outer network.

Security is an important issue for wireless sensor networks, especially for deployment in hostile environments. Encryption is an important approach to provide secure communication in wireless sensor networks. However, the characteristics of wireless sensor networks are quite different from those of traditional Internet.

For example, Smart Dust sensors are 8 bit microprocessors with only 8KB instruction flash and lack support for many arithmetic instructions such as multiplication or rotate / shift instruction.

After loading TinyOS, only 4500 bytes memory are available for security [1]. Therefore, asymmetric cryptographic mechanisms such as

2 RSA have high computation, communication overhead and storage requirements, which make their usage on sensor networks impractical. On the other hand, symmetric encryption seems suitable for wireless sensor networks due to their low overhead. Consequently, limited-resource constraints make key management on wireless sensor networks a challenge issue.

Key concerns in key management for sensor networks are energy-efficient, small storage requirements and low computational complexity.

There are three general key management schemes: rusted-server scheme, key agreement scheme, and key pre-distribution scheme.

However, only key pre-distribution, where key information have to be installed in sensor nodes prior to deployment, may fit operational requirements of wireless sensor networks.

Unknown network topology prior to deployment and limited communication range in wireless sensor networks make trusted-server scheme impractical. On the other hand, most key agreement schemes rely on asymmetric/ public key certificate, which is unsuitable to resource–limited sensor nodes.

A naive key pre-distribution is to install a master secret key in all nodes. Any pair of nodes can use this global master secret key to achieve key agreement and obtain a new pair-wise key.

However, if any node is compromised, the entire DSN will be compromised. Another key pre-distribution scheme is to install N1_secret keys in each sensor, whereNis the number of sensors. When one sensor is compromised, the other sensors only have to revoke compromised keys from their key ring. However, it seems impractical for sensors to store N-1 keys in the extremely limited memory, since the number of sensors could be large.

Eschenauer and Gligor [2] proposed a probabilistic key pre-distribution scheme to satisfy the operational requirements in distributed sensor networks. Key distribution consists of three phases: key pre-distribution, shared-key discovery and path-key establishment.

In key pre-distribution, each sensor node randomly selects subset of keys from a large key pool to install in its memory. After the nodes are deployed, share-key discovery is performed.

Each node attempts to find a common key with their neighboring nodes. If such key exists, the key can be used to secure the communication

link between these two nodes. Then, sensor nodes establish path keys with nodes that do not share keys within their neighborhood.

Motivation

Sensor networks are prone to different types of malicious attacks if sensors are deployed in a hostile environment. Whenever sensor nodes are compromised, the compromised keys must be revoked. Because part of shared-key links break, the local connectivity ratio between adjacent nodes decreases. Based on results of our analysis on random key management [2] (in Figure 1), the probability of local connectivity between adjacent sensors degrades dramatically even five percentage of sensors are compromised.

Consequently, DSN may not operate normally, even though we can rebuild the sensor network through shared key discovery and path key establishment.

To solve this problem, the base station can encrypt new secret keys and send back sensor networks to replace those compromised ones.

However, in Eschenauer-Gligor probabilistic key pre-distribution scheme [7], it is impossible to choose the proper keys (known as key encrypting keys) to encrypt those new key messages such that sensors can decrypt the message correctly and efficiently. Hence, we will investigate a new key pre-distribution scheme, which can support key recovery when sensor nodes are compromised.

Objective

The primary objective of this research is to develop a key management that can efficiently Figure 1: local connectivity degradation in random

key management

Connectivity Degree

Random: key pool=10000 key ring=65 sensors=2000

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 6.5 7

Percentage of Sensors lost(%)

Connectivity(%)

Random Key Management

3 support key recovery within limited resource sensor networks. The research has three underlying objectives:

 Develop a novel key pre-distribution scheme, which can support key recovery mechanism when sensors are compromised.

 Use the deployment information to raise local connectivity between neighboring nodes, and reduce key storage requirements for each sensor.

 Propose a function to estimate coverage area when sensors are randomly deploy into environment under specific sensor’s amount, key ring, and key pool to fit the secure DSN.

三、 研究方法及成果

In this section, we expand on Eschenauer-Gligor’s probabilistic key pre-distribution scheme [2] and consider the problem of key recovery after compromised keys have been revoked. In the proposed key management scheme, key distribution consists of three phases: snake key pre-distribution, shared-key discovery, and path-key establishment. In key pre-distribution, each sensor chooses subset of keys from a large key pool to install into its memory. The last two phases are similar to random key management scheme in [2].

I. SNAKE KEY PRE-DISTRIBUTION Efficient construction of key encrypting keys is an important issue to support key recovery capability in key pre-distribution. In snake key pre-distribution, we use the relative location in a two-dimensional key space to construct key encrypting keys. First, we spread all keys on a two-dimensional key table. Then, each sensor selects a subset of keys from the key table, similar to snakes crawling on a board. Therefore, adjacent keys in the key table can be served as the key encrypting keys. The details of the snake key pre-distribution scheme can be divided into the following three steps:

1) Two-dimensional Key Table Construction:

We spread a huge key pool on the two-dimensional key table. First, keys are sequentially put on the table from left to right and from top to bottom. Then, for each key on the table, we randomly pick another key on the table and swap their positions with each other.

After all keys have been swapped, keys are randomly distributed over the two-dimensional key table.

2) Key Table Partition Based on Deployment Information: In sensor deployment, all sensors are pre-arranged into a sequence of smaller groups and dropped out sequentially. Sensors that are dropped next to each other have a better chance to be close to each other in the m deployment environment. This spatial relation between sensors derived prior to deployment is called”deployment information” [6]. We use deployment information in the snake key pre-distribution to increase local connectivity and reduce storage requirements. Hence, the two-dimensional table is further divided into several overlapping sub-tables and each sub-table corresponds to a deployment group.

Without loss generality, deployment environment is divided into four areas.

Simultaneously, sensors are divided into four groups:”up-left”, “up-right”,”down-left”, and

“down-right”.Each group ofsensorscorresponds to a key sub-table. For example, sensors in up-right group correspond to the sub-table with row index from 0 to S 1and column index from ^1^{S to S1, where}is the subset factor of key pool sizeSand 0<α< 1.Thevalue ofα hastheeffectson thesecurity level,local connectivity ratio and storage requirements.

Smallerα provideshigherlocalconnectivity and smaller storage requirements, but lower security level. Table 2 lists range of each sub-table.

Table 2 Range of Key Sub-table Sensors’

Group

Row-Range Column-Rang e

Up-Left ^0,S1 ^0,S1

Up-Right ^0,S1  ^{1 S, S1}

Down-Left  ^{1 S, S1} ^0,S1

Down-Rig ht

 ^{1 S, S1} ^{ 1 S, S1}

3) Snake Key Selection: For each sensor, selection subset of keys from the two-dimensional key tables is similar to multiple snakes crawling on the two-dimensional key sub-table. Four adjacent keys in the two-dimensional key table are used to construct key-encrypting keys. Whenever any key is compromised, we can generate a new key and send the new key message in the encrypted form by using one of the corresponding key encrypting keys.

The major concerns in designing key selection are to increase local connectivity ratio and key recovery ratio. In order to raise the local

4 connectivity ratio, we separate the key ring into several segments, which are disjointed with each other. In each segment, we randomly select a starting point, then following a specific crawling style to select keys from the key sub-table. If both primary key and the corresponding key encrypting keys are compromised, the compromised key cannot recovery anymore.

Hence, to increase the recovery percentage, we design four key selection styles (as shown in Table 3) according to the next two heuristics

 Avoid keys crowded in a smaller area of the key sub-table.

 Avoid keys forming a cycle.

If keys are crowded in a small area or formed a cycle, it increases the probability that both primary key and the corresponding key-encrypting keys are compromised

Table 3 Snake Key Selection Styles Crawling

Style

Moving Directions Type A UP or RIGHT Type B RIGHT or

DOWN

Type C DOWN or

LEFT Type D LEFT or UP The selection of key ring can proceed as follows:

(1) Separates key ring into ' k

k segments, where Key ring size=k, Segment size=k',k'k , and k'is the factor ofk.

(2) For each segment, randomly pick a position^x,yfrom sensor’s sub-table as the starting point of crawling.

(3) Then, randomly chooses a crawling style from Table 3. Each crawling style allows two possible moving directions.

(4) Store the starting point as the first key of the segment. Then, randomly select a moving direction from the selected crawling style, move one grid on sub-table randomly, and store the new key. This operation is repeated until all k’keys in the segment have been stored. The key sub-table has circular-shift property in all directions, i.e. if reach the left boundary of the key-sub-table, next move to the right boundary of the key sub-table.

(5) Repeat step2 to step4 until ' k

k segments have been stored.

B. Shared-Key Discovery

In shared-key discovery, each node needs to discover whether it shares any keys with its neighbors after deployment. First, each node broadcasts a message containing the indices of its own keys. Each neighboring node can use these broadcast messages to find out if there exists a common key to share with the source. If such a key exists, the neighboring node uses this key to secure its communication channel with the source. If we are concerned about disclosing indices of keys each node carries, we can use encryption technique to avoid sending indices, namely for every key Kion a key ring, each node could broadcast a list of , E Ki(γ), i=1,…,k,whereis key list. The decryption of E Ki(γ)with proper key by a recipient would reveal the key listγand establish a shared key with the source. Then, the entire sensor network forms a Key-Sharing Graph G , which is defined as follows:

Definition: Key-Sharing Graph G (V, E), V represents all the nodes in the sensor network.

For any two nodes iand jin V, there exists an edge between them if and only if

(1) Nodes iand jhave at least one common key, and

(2) Nodes iand jcan reach each other within the wireless transmission range, i.e., in a single hop.

C. Path-Key Establishment

In path-key establishment, sensor nodes attempt to establish path key with neighboring nodes, which cannot find any common keys between them. Hence, we need to find a secure way to agree upon a common key. We use secure channels that have already been established in the key-sharing graph G: as long as the graph is connected, two neighboring nodes iand j can always find a path inGfromito j. Assume the path from i to j is i, v1, v2, vt, j. To find a common secret key between i and j, i first generate a random key K. Thenisends the key to v1; v1 forwards the key to v2using the secure link between v1and v2, and so until j receives the key from vt. Consequently, nodes i and j use this secret key K as their pair-wise key. Because the key is always forwarded over a secure link, no nodes beyond this path can find out the key. To find such a secure path for nodesiand j, the obvious way is to use flooding, which is a common technique used in multi-hop wireless networks.

5 II. KEY RECOVERY

The major issue in key recovery is to choose the proper key-encrypting keys such that sensor nodes can decrypt the encrypted key message correctly and efficiently. In snake key pre-distribution, we take advantage of the relative information in the two-dimensional key table to construct key encrypting keys (KEKs).

Hence, key recovery procedure can operate efficiently, even when a huge key pool is used.

Once sensor nodes are compromised, the base station can revokes those unsafe keys from each sensor’skey ring.When numberofcompromised sensors reaches the threshold, the base station activates the key recovery procedure, which regenerates new secret keys to replace the compromised ones in the encrypted form by proper key-encrypting keys.

A. Revocation

Whenever sensor nodes are compromised, the base station first broadcast a revocation message with a list of revoked key identifiers. After receiving the revoked key identifiers, each sensor node verifies and removes the revoked keys from its key ring.

B Recovery

1) Generate New Secret Keys: The base station regenerates new secret keys for those compromised ones.

2) Encrypt New Key Message: it is a challenge issue to choose proper key to encrypt new key message, especially when the key table is huge.

Let two sensors have common keys to build a secure communication link. Once a sensor is captured, the other sensor can revoke the compromised key(s), which intersects with a key segment of the compromised sensors on the two-dimensional key table. Hence, the base station can use those key-encrypting keys of the intersections to encrypt new secret keys.

In the snake key pre-distribution scheme, each key has four adjacent keys, called key encrypting keys on the two-dimensional key table. If two of them have been revoked, the rest of two are possibly in othersensors’key ringsifthey crawl cross the intersections. Hence, regular sensors can decrypt correctly and efficiently using those key-encrypting keys. If the compromised key locates on the head or the tail of key segment or on the boundary of the sub-table, we have three adjacent keys to encrypt the new key message.

The format of the new key message can be represented as follows:

Message= (Keyid, Eadj(New_Key))

, where Keyid is the compromised key identifier, adj is the adjacent key of the compromised, and New_Key is regenerated key.

3) Decrypt with Proper Keys: After receiving the message, the sensor first verifies Keyid with its recently revoked keys. If they are matched, try to decrypt it with adjacent keys on the key ring and stores it. Without disclosing the encrypted Keyid

Eadj(), it takes O(S) to decrypt a message.

“Snake Algorithm” degrades the complexity from O(S) to O(1) (at most two times). For attackers, even they can eavesdrop the messages, it still takes too much time to decrypt one new key message.

4) Rebuild Shared Keys and Path Keys: After decrypting those new key messages, the sensors now have recovered those compromised keys.

Allthey haveto do isfollow the “Shared-Key Discovery” and “Path-Key Establishment” phases again. For any pair of sensors, if they can build direct link before, they will have opportunities to rebuild link again. DSN will be still workable than before. When sensors are compromised, it is unnecessary for DSN start up recovery mechanism frequently. If compromised sensors are exceeding a threshold value, DSN can then start to recover those compromised keys.

Even we try to recover those compromised keys, there are still part of keys cannot be recovered. If adjacent of compromised keys are still compromised on key table, those keys will be lost and failed. Moreover, the payment of recovery mechanism depends on new key messages amount.

III SIMULATION RESULTS

In this section, we evaluate the performance of the proposed snake key pre-distribution by simulation and compare it with the random key management [2]. The performance metrics for the snake key pre-distribution are the resilience against node capture, communication overhead, local connectivity probability, storage requirements and number of hops in path-key establishment. Since pages are limited, only parts of simulation results are presented in this project.

A. Resilience against Node Capture,

Figure 2 depicts the percentage of compromised sensors vs. local connectivity.

As compromised sensors increase, the local connectivity for key pre-distribution schemes decreases. However, the snake key

6

pre-distribution shows remarkable resilience.

As 5% of sensors are compromised, the local connectivity of random key management scheme decreases from 35% to 20%, while the snake key pre-distribution only degrades from 34% to 30 %. Based on the random graph theory, we can calculate the global connectivity of wireless sensor networks.

Connectivity Random vs. Snake Random: S=10000 k=65 N=2000 Snake: S=10000 subset(α)=7/10 k=60 section(k')=10 N=2000

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 6.5 7

Percentage of sensors lost(%)

LocalConnectivity(%)

Random Connectivity Snake Connectivity

Figure 2: Effect when some sensors compromised

Figure 3 shows the percentage of compromised sensors vs. global connectivity under different system configurations. As compromised sensors increase, the global connectivity of the random key management suffers a dramatic drop and the whole network cannot operate normally, while the global connectivity of the snake key pre-distribution remains constant. As 5% of sensors are compromised, the global connectivity of random key management scheme decreases from 99% to 14%, which indicates that sensor nodes cannot connect with each other.

Random Graph Theory Random vs. Snake Random: S=10000 k=65 N=2000 Snake: S=10000 subset(α)=7/10 k=60 section(k')=10 N=2000

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 6.5 7

Percentage of sensors lost(%)

Connecteddegree

Random-Random Graph Theory

Snake-Random Graph Theory

Figure 3: Random Graph Theory B. Average Key Recovery Percentage

Recovery Percentage

S= 1 0 0 0 0 s u b s e t ( α ) = 7 / 1 0 k = 6 0 s e c t i o n ( k ' ) = 1 0 N = 2 0 0 0

0 10 20 30 40 50 60 70 80 90 100

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 6.5 7

P e r c e n t a g e o f s e n s o r s l o s t ( %)

RecoveryPercentage(%)

Recovery Percentage

Figure 4: Average key recovery percentage Figure 4 depicts the average percentage of key recovery vs. the percentage of compromised sensors. For snake key pre-distribution scheme, more than 70 % of compromised keys can be recovered even though 5% of sensors have been compromised. A small percentage of compromised keys cannot be recovered since their key encrypting keys e.g. adjacent keys in two-dimensional key table, also have been compromised. Hence, we suggest that the base station can trigger the recovery mechanism earlier, for example, when 3% of sensors in wireless sensor network have been compromised.

C. Communication Overhead

Communication Overhead Compromised Keys vs. New Key Messgaes S=10000 key subset(α )=7/10 key ring=60 section(k')=10 N=1000

0 3 0 0 6 0 0 9 0 0 1 2 0 0 1 5 0 0 1 8 0 0 2 1 0 0 2 4 0 0 2 7 0 0 3 0 0 0 3 3 0 0

0 2 0 0 4 0 0 6 0 0 8 0 0 1 0 0 0 1 2 0 0 1 4 0 0 1 6 0 0 1 8 0 0

Co m p r o m i s e d K e y s

NewKeyMessgaes

Messag e am o u n t

Figure 5: Message amounts for new key The snake key pre-distribution scheme generates new secret keys and encrypts them with adjacent keys on key table to recover compromised ones.

Figure 5 shows new key message size vs. the number of compromised keys. When average of adjacent key for each compromised one is 2, the ratio between new key messages and compromised one is approximate 1.70.

7 D. Local Connectivity and Storage Comparison

After deploying sensors, we compute their local connectivity, the ration of building shared key links with its neighbors. We deploy them into an area of approximate 40 neighbors. Figure 6 gives an example of key pool S= 10000 (subset factor

10 8 ,

10

7 , 1, and 1 without dividing key ring), sensorsN1000,r40m and different size of key ring. We can see that if subset factor=

10

7 , the snake key pre-distribution can save almost 12.5% of storage than random key management [2]. Snake key pre-distribution without key table partition, with subset factor1, has lower connectivity probability.

Also, snake key pre-distribution without dividing key ring into segments has lower connectivity probability.

Local Connectivity Random vs. Snake

S=10000 key ring=k section(k')=10 N=1000

0 5 10 15 20 25 30 35 40 45 50 55 60

0 10 20 30 40 50 60 70 80 90

Key-Ring size(k)

LocalConnectivity(%)

Random Snake α= 8/10 Snake α= 7/10 Snake α= 1

Snake α= 1, without dividing key ring

Figure 6: Local connectivity IV Conclusions

In this project, we presented a novel snake key pre-distribution scheme with key recovery mechanism when compromising. Using deployment information to raise sensor’s local connectivity in neighborhood and reduces storage requirements. Moreover, Our approach is also scalable and flexible: trade-offs can be made between sensor-memory and key pool. Sensors not only deploy into square environment, circle, rectangle or other shape is still workable. When sensors were compromised, the results indicate that our scheme makes DSN still workable than previous approach. More than 90% of sensors are connected and have secure channels with their neighbors.

REFERENCES

[1] D.W Carman, P. S. Kruus and B. J. Matt,

“Constraints and Approaches for Distributed Sensor Security”, NAI Labs Technical Report

#00-010, September, 2000

[2] L.Eschenauer and V. D. Gligor, “A Key-Management Scheme for Distributed Sensor Networks,”in Proceeding of ACM CCS, pp.41-47, 2002

[3] A. Perrig, R. Szewczyk, V. Wen, D. Cullar, and J. D. Tygar, “Spins: Security Protocols for Sensor Networks,”in Proceeding of MOBICOM, pp.189-199, 2001

[4] Wenliang Du, Jing Deng, Yunghsiang S.

Han, Shigang Chen, and Pramod K. Varshney,

“A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge”, in Proceeding of INFOCOM, Mar 2004.

[5] H. Chan, A. Perrig, and D. Song. “Random Key Pre-distribution Schemes for Sensor Networks”, in Proceeding of IEEE

Symposium of Privacy and Security , 2003 [6]Donggang Liu, and Peng Ning “Establishing

Pairwise Keys in Distributed Sensor Networks”in Proceeding of ACM CCS, pp.52-61, 2003

出席國際學術會議心得報告

計畫編號 NSC-94-2213-E011-059

計畫名稱 分散式感測網路上前置密匙之研究

出國人員姓名

服務機關及職稱 陳郁堂台灣科技大學電子系副教授

會議時間地點 2006 年 8 月 14 日至 16 日假美國夏威夷州的壇香山市

會議名稱 IASTED IMA 2006 國際網際網路與多媒體系統與應用會議(2006 IASTED International conference on Internet and Multimedia and Applications)

發表論文題目 Performance Enhancement and Service Differentiation for Live Video and Audio over IEEE 802.11e Networks

出席國際會議報告

陳郁堂 台灣科技大學電子系

IMA 2006 國際網際網路多媒體系統 與應用會議

1.參與會議經過

IASTED IMA 2006 國際網際網路與多媒體 系 統 與 應 用 會 議 (2006 IASTED International conference on Internet and Multimedia and Applications)於 2006 年 8 月 14 日至 16 日假美國夏威夷州的壇香 山市舉行，同地點另有 IASTED International conference on Signal and Image Processing 2006, IASTED International conference on Intelligent System and Control 2006, IASTED International conference on Robotics and Control 2006,一起舉行共吸 引來自全球與美國研究人員與產業界與 會，此次會議包含下列議題;多媒體系統、

網際網路、共同合作系統、遠距教學 視訊 影像、 型態辨識 。本次會議 14 日上午 Keynote Speech ， 由 Microsoft China Research 副 總 裁 IEEE Fellow Ya-Qin Zhang 博 士 ， 以 ”Ubiquitous Mobile Computing in Digital Life” 為題發表 演講 Ya-Qin Zhang 博士勾勒出未來行動

計算的遠景， 當無線網路技術演進，由 2G/2.5G 到 3G 與 All IP network ，行動計 算產業正處於轉型階段。人類首次能在微 小嵌入式系統中，同時具有行動計算、多 媒體功能、人工智慧高效能 CPU 與高速網 路的功能，將造就出許多新型態的服務，

也對人類未來的數位生活，產生革命性的 影響。嵌入式系統、多媒體、 行動計算技 術的結合，確實成為產業重要趨勢。15 日 上午由來 UCLA 電腦系 Sahai 教授,以 (Cryptographic Techniques for Security and Privacy) 給 Tutorial，內 容 檢 視 cutting-edge cryptographic techniques, 包 含 Zero-Knowledge Proofs, Identity-based Encryption, 到 Secure Private Computation Sahai 教授 非常年輕，2000 年從 MIT 畢業，但反應非 常 靈 活 。 15 日 下 午 由 來 UCSD 電 腦 系 Dubnow 教授,以 (Computer Audition) 給 Tutorial，主要介紹 computer Audiiton 2 的研究議題，特別在 Semantic Gap between human and machine level。內容包含 (1)

music representation: parameter and non-parameter representation, filter banks, ARMA models, SDFF-sound description language (2) combine symbolic and signaling processing such as problem of score alignment using dynamic programming, acoustic likelihood

2.與會心得

15 日 下 午 筆 者 所 發 表 論 文 主 題 為

“Performance Enhancement and Service Differentiation for Live Video and Audio over IEEE 802.11e Networks”

最近幾年，高速無線區域網路開始被廣泛 架設及應用在機場，車站，飯店和街角。

未來在無線區域網路所支援之多媒體的應 用漸漸變為可行。提供差異性服務及提升 輸出量在多媒體無線網路的領域是為重要 的研究議題。本論文延伸 IEEE 802.11e 原 有 的 分 散 式 存 取 控 制 模 式 (Distribution Coordination Function, DCF)，針對多媒體視訊及語音服務，在有 干擾及錯誤發生(error-prone)的無線環 境下提供差異性服務及輸出量之提升。我 們提出 two-stage backoff counter 來減 少 backoff counter 被凍結(freeze)的負 荷(overhead)。此外，我們提出封包傳送 前的丟棄策略(drop policy)以減少視訊 及語音服務在無線環境不良時做不必要的 重傳封包之動作。我們利用二維馬可夫鍊

(two-dimensional markov chain)來分析 two-stage backoff 演算法之效能。除此 之外，我們透過 ns-2 電腦模擬來評估我們 所提出的演算法之網路效能。相較於原來 的 802.11e，我們所提出的方法在多媒體 的輸出量、延遲時間及差異性服務上可以 達到更好的效能。

本次與會有不少日本學者與公司，在 本研討會，以應用型研究居多，展示不少 prototype，令人印象深刻。

3 建議與結論

這次 IASTED IMA 2006 國際網際網路多媒 體系統與應用會議中，可感受到嵌入式系 統、多媒體、 行動計算技術的結合，確實 成為產業重要趨勢。其次，大陸學者在電 腦學術領域影響力與日俱增，許多大陸學 者獲得博士學位後，進入美國企業與頂尖 學府， Microsoft China Research 副總 裁 IEEE Fellow Ya-Qin Zhang 就是個例 子，也有不少從大陸與會清華交大學者，

這也顯示大陸的高等教育不斷進步。反觀 台灣學子，留美寥寥可數，在國內全職博 士生人數不足，成為台灣學術邁向國際的 隱憂。

PERFORMANCE ENHANCEMENT AND SERVICE DIFFERENTIATION FOR LIVE VIDEO AND AUDIO OVER IEEE 802.11e NETWORK

Yie-Tarng Chen Lu-Bing Hsu Department of Electronic Engineering

National Taiwan University of Science and Technology Taipei, Taiwan

[email protected] ABSTRACT

In recent years, high-speed wirelesses LANs are widely deployed in airports, stations, hotels and street corners.

Transmitting video and audio over wireless LANs becomes an important trend. Hence, service differentiation and throughput enhancement become important issues in multimedia wireless LANs. In this paper, we extend Distributed Coordinated Function (DCF) in IEEE 802.11e to provide alternatives for service differentiation, and improve throughput for live video and audio over error-prone wireless LAN. Backoff procedure becomes a performance bottleneck for Media Access Control (MAC) protocol in IEEE 802.11. Hence, we propose an adaptive two-stage backoff counter to reduce the overheads in blocking backoff counter. Furthermore, we explore the proactive frame drop policy to eliminate unnecessary retransmissions of video and audio frames under poor channel conditions. To investigate the performance of the proposed schemes, we run intensive computer simulation using ns-2, and compare performance with EDCF in IEEE 802.11e in terms of throughput and delay.

.

KEY WORDS

Wireless LAN, medium access control, and multimedia

1. Introduction

In recent years, high-speed wirelesses LANs, such as IEEE 802.11a and IEEE 802.11g, have been widely deployed in airports, stations, hotels and street corners.

The data rate of high-speed wireless LANs can reach up to 54 Mbps, which enable to support bandwidth requirements for transmitting streaming video, and streaming audio over wireless LANs. Hence, transmitting streaming video, and streaming audio over Wireless LANs will become an important trend in the future.

Quality of Service (QoS) is important for transmitting streaming video, and streaming audio over Wireless LANs. Throughput, end-to-end delay, delay jitter, and loss rate should satisfy the requirements of streaming video and streaming audio. However, Distributed Coordination Function (DCF), a major media access control (MAC) protocol in IEEE 802.11, does not support quality of service. Recently, IEEE 802.11e draft is released to provide service differentiation over Wireless

LANs, However, tuning parameters for IEEEE 802.11e is still an open issue. Handling dynamic network conditions is not considered in IEEE 802.11e draft. Also, throughput in EDCF, a contention-based MAC in 802.11e, degrades significantly under heavy network loads. Hence, developing a new media access control protocol to enhance IEEE 802.11e is an important issue.

To design an efficient medium access control protocol, we must reduce overheads in DCF, which include (1) collision and retransmission, and (2) waiting time.

Waiting time contains DCF inter-frame spacing (DIFS), backoff interval, and deferring access of backoff timer.

Previous researches applied adaptive contention window scheme to reduce overheads in the backoff interval.

However, the problem of deferring access of backoff timer has not been addressed. In this paper, we extend existing IEEE 802.11e media access control to enhance performance for live video and audio.

We propose an adaptive two-stage backoff scheme to reduce the overhead in deferring backoff timer. We divide the backoff interval into non-blocking stage and blocking stage. The ratio of the blocking stage in two- stage backoff timer is dynamically adjusted based on network loads.

We propose a cross-layer transmission control to handle dynamic network conditions. When the network under bad network condition or heavy network loads, the proactive packet drop policy eliminates unnecessary video and audio frame retransmissions.

We devise new service differentiation mechanism for 802.11e networks. New service differentiation parameters, blocking ratio in two-stage backoff counter, and drop thresholds in transmission control can be assigned to different traffic class.

The rest of this paper is organized as follows. Section 2 introduces media access control in IEEE 802.11 and related work. Section 3 presents the adaptive two-stage backoff scheme and transmission control scheme. Section 4 shows simulation results. We conclude in Section 5.

2. IEEE 802.11 Media Access Control (MAC) and Related Work

Distributed Coordination Function (DCF), a mandatory contention-based Media Access Control (MAC) protocol