Cross Layer Design of Security Scheme for Cooperative MIMO Sensor Networks

Wei Chen, McKenzie McNeal, Liang HongCollege of Engineering, Technology, and Computer Science

Tennessee State University, USA

ICWITS 2010

IEEE International Conference on Wireless Information Technology and Systems , 2010

Outline Introduction to Virtual MIMO Technology

Cooperative communication schemes Virtual MIMO networks and cooperative relay

Research Objectives Cross-Layered Design of Security Scheme

Cryptography based security routing protocol at network layer Compromised node detection at physical layer Data recovery and network recovery

Preliminary Performance Analysis Summery and Future Work

Introduction to Virtual MIMO technology

T×1

T×2

T×M R×M

R×1

R×2

T×1

T×2

T×M R×M

R×1

R×2

Wireless MIMO network

MIMO (Multi-Input Multi-Output) TechnologyMIMO (Multi-Input Multi-Output) TechnologyWithout using extra energy and channel, a MIMO transceiver can be used toWithout using extra energy and channel, a MIMO transceiver can be used to Extend communication range or reducing error rate (diversity gain)Extend communication range or reducing error rate (diversity gain) Provide higher data rate (multiplexing gain)Provide higher data rate (multiplexing gain)

multiplexing gaindiversity gain

MIMO transceiver

However, it is unrealistic to equip multiple antennas to small and inexpensive wireless devices (e.g., crossbow sensor nodes).

Cooperative transmission and receptionCooperative transmission and reception

Distributed individual single-antenna nodes cooperating on Distributed individual single-antenna nodes cooperating on data transmission and reception as a multi-antenna MIMO nodedata transmission and reception as a multi-antenna MIMO node

Introduction to Virtual MIMO technology – Cooperative Communication schemesCooperative Communication schemes

MIMO Link

MISO Link SIMO LinkSISO Link

The ith node’antenna acts like the ith antenna

The jth node’s antenna acts like the jth antenna

Different types of cooperative MIMO links

B C

Other hops

three 4×1 MISO links

three 4×1 MISO links

Introduction to Virtual MIMO technology – Virtual MIMO Networks and Cooperative Virtual MIMO Networks and Cooperative RelayRelay

Virtual MIMO nodes & relay backbone Cooperative MIMO links

Step 1 (Local transmission at A): Each node i (1≤i≤m) in A broadcasts information to all the other local nodes using different timeslots.

First hop

D

A B

d

iI

Step 2 (long-haul transmission between A and B): Each node i in A acts as the ith antenna encoding the information sequence using the MISO code system. All m nodes in A broadcast encoded sequence to the nodes in B at the same time. Each node in B receives m encoded sequences, and then decodes them back to I according to the MISO code system.

mIIII ,..., 21

Multi-MISO based cooperative data relay

3×2 MIMO link

virtual MIMO node

relay backbone

Research Objectives – Previous Research Works

Cryptographic based security schemes Securing communication and routing between healthy nodes, but doing nothing to compromised nodes

MIMO technology based data assurance schemes Li et al & Kim et al [5,6]: Exploit signal randomization and channel

diversity in physical layer to effectively randomize the eavesdropper’s signals but not the authorized receiver’s signals

(Wen et al [7]): Add artificial noise (known by the authorized receiver and generated by the keys in network layer) to transmission process in physical layer.

The schemes need extra MIMO antennas to achieve the data assurance, which largely reduces the MIMO advantage.

This Research

Combining the cryptographic technique in network layer with data assurance analysis at physical layer to provide:

1. Efficient key management system to secure communication and routing in network layer

2. MIMO-aid compromised node detection at physical layer

3. Data recovering and network recovering

Research Objectives

Security Protocol at Network Layer – Shared key cryptography for cooperative communication/routing

C-key(A) C-key(B)

L-key(A,B)A B

Type of Keys(1) Each cluster: each node has a cluster key C-key(A) for local transmission(2) Each link AB: each node in A and B has a key L-key(A,B) for long-haul transmission between A and B

Step 2 (long-hul transmission between A and B): Each node i in A encrypts sequence I with key L-key(A,B), and it acts as ith antenna encoding the encrypted I using the MISO encode system. Then, all m nodes in A broadcast the encrypted and encoded I to the nodes in B at the same time. When a nodes in B receives m copies of the information, it decrypts them with L-key(A,B), and then decode them back to I according to the MISO decode system.

Secured cooperative relay: Step 1 (Local transmission at A): Each node i (1≤i≤m) in A encrypts its information

with C-key(A), and broadcasts it to other local nodes using different timeslots. Each node uses C-key(A) to decrypt the received m information back to .

iI

mIIII ,..., 21

Security Protocol at Network Layer

– Key EstablishmentPre-distributed key: (1) Each node u has a pre-distributed key, pre-key(b,u), shared with base station b. (2) Base station b has all keys, pre-key(b,u), for all nodes u in the network.

Key request from u: (u.id, b.id) withencrypted (u.id, b.id, u.member-list , u.neighbor-list) using pre-key(u,b)

A:head: u Pre-key(u,b)Member-list: p,q,r,sNeighbor-list: B,C,D

Base station bpre-key(u,b) for all nodes u

B

C D

Key response to each node p: (p.id, b.id) with encrypted (p.id, b.id, C-key(A), L-key(A,B),L-key(A,C),L-Key(A,D))using pre-key(p,b)

Step 3. b generates a cluster key C-key(A) for each cluster A and a link key L-key(A,B) for each link AB of the relay backbone and disseminates the keys as follows:

• for each cluster A, b sends each node p of A a cluster key response: {(b.id, p.id), encrypted (b.id, p.id, C-key(A))} using pre-key(p,b).

• for each link AB in the relay backbone, b sends each node p in A a link key response: {(b.id, p.id), encrypted (b.id, p.id, L-key(A,B))} using pre-key(p,b); and each node q in B a link key response {(b.id, q.id), encrypted (b.id, q.id, L-key(A,B))} using pre-key(q,b).

Step 4. Each node p decrypts the received message and get the C-key and L-keys

Step 1. each head node u of cluster A sends a key request to base station b: {(u.id, b.id), encrypted (u.id, b.id, u.member-list , u.neighbor-list)} using pre-key(u,b). Step 2. b decrypts the key request using pre-key(u,b) from all head nodes u.

Key Establishment Algorithm:

Compromised Node Detection at Transmission/Physical Layer

mr21 ,..., ssss

1y

mr21 ,..., ssss

mr21 ,..., ssss

AB

h

2y

3y

Detection Algorithm at head node h

Step 1: Each node of B sends the received signal stream to h. In other words, h receives streams .),...,,( mr21 yyyy Step 2: H estimates the transmitted signal stream by using Inverse Channel Detector:

noiseGaussian white theis andmatrix channel theis where,ˆ 11 HHsyHs -

sStep 3: If the ith element in vector is different from others, then the ith node x in A is the compromised node.

Network Recovering

Detection report from h: (h.id, b.id) withencrypted (h.id, b.id, x.id) using pre-key(h,b)

new C-Key(A) to each node p in A other than x: (p.id, b.id) with encrypted (p.id, b.id, C-key(A)) using pre-key(p,b)

new L-Key(A,B) to each node p in A and B other than x: (p.id, b.id) with encrypted (p.id, b.id, L-key(A,B)) using pre-key(p,b)

Network Recovering AlgorithmStep1. Recovering the data in B(1) h broadcasts a data discard request: (h.id) withencrypted (h.id, x.id) using C-key(A) (2) Each node in cluster B set zero to the column in channel matrix H to eliminate the use of the data from x

Step 2: h sends a detection report to b: (h.id,b.id) withencrypted (h.id, b.id, x.id) using pre-key(h,b)

Step 3: b sends new C-key(A) to each node p in A except x: (p.id,b.id) withencrypted (p.id, b.id, C-key(A)) with pre-key(p,b)

Step 4: b send new L-key(A,B) to each node p in A and B except x(p.id,b.id) withencrypted (p.id, b.id, L-key(A,B)) with pre-key(p,b)

A

x

h

Base station b

B

C

D

Compromised

detector

Preliminary Performance Analysis – Node Detection and Data Recovery Simulation 4 cooperative transmission nodes and 4 cooperative reception nodes Channel: block Rayleigh fading channel Modulation: binary phase shift keying (BPSK)Transmission data: 100 symbols Scenarios: (1) no compromised node (2) one compromised

• with no detection• knowing it without detection • with detection

Preliminary Performance Analysis – Key Management

Scale of the key management systemTypes of C-keys number of the clusters Types of L-keys size of backbone tree Number of keys at each node 1 pre-key, 1 C-key, r L-key where r is the number of neighboring clusters in the backbone Number of keys at base station n pre-key, where n is the number of nodes

Summery and Future workSummeryA cross-layer security scheme is designed for virtual MIMO networks. It contains: • cryptography based secured communication and routing protocol at network layer. • compromised node detection at physical layer • data and network recovery

Future WorkGeneralize the detection approach to deal with the following cases:

Channel matrix H is not square, i.e., the number of cooperative nodes at transmission side is different from that at the reception sides

More than one compromised nodeComprehensive performance evaluation combining the network layer