trol Key Server (GCKS) to a dedicated subset of mobile backbone nodes in MANET. Unlike distributed GCKS nodes in stationary infrastructure networks, our ...
Distributed Multicast Group Security Architecture for Mobile Ad Hoc Networks1 Jiejun Kong, Yeng-zhong Lee, Mario Gerla Department of Computer Science University of California Los Angeles, CA 90095 {jkong,yenglee, gerla}@cs.ucla.edu ABSTRACT Multicast communication is an efficient means to support key network applications such as real-time teleconferencing and data dissemination. In this paper we devise a security architecture for multicast communications in mobile ad hoc networks (MANETs). Our design is both suitable in MANET environment and compliant to the IETF standard Multicast Group Security Architecture (MGSA) [1]. Because centralized servers are vulnerable to network dynamics and security attacks in a distributed MANET, we distribute the function of MGSA's Group Control Key Server (GCKS) to a dedicated subset of mobile backbone nodes in MANET. Unlike distributed GCKS nodes in stationary infrastructure networks, our GCKS backbone nodes are mobile, fully distributed and adaptive to network dynamics, in particular the constant and instant changes in network topology, node density and node mobility. We study the characteristics of our GCKS backbone design and its impacts on ad-hoc multicast security research. Our simulation study and Linux implementation confirm the effectiveness of the new MANET MGSA design.
I. INTRODUCTION Multicast communication is an efficient means to support key applications of mobile ad hoc networks (MANET) such as teleconferencing and data dissemination. These applications require both high secure protections and efficiency guarantees even in the presence of mobility, random link error, and frequent outages. Characteristics of MANET, for example limited resources, dynamic topology, vulnerability to network congestion, challenge a secure multicast protocol that is suitable in MANET environment. Many Multicast Group Security Architecture (MGSA) for the management of group control key for multicast communications in distributed networks have been proposed recently, such as in [1][4]. In these proposals, a group control key server (GCKS) node manages cryptographic keys for multicast groups in the network. For an arbitrary multicast group, a group member node must authenticate itself to the GCKS node and establish a pairwise secure channel protected by the Key Encryption Key (KEK). Then the GCKS node is able to distribute the group key (aka. Net-Key) to the group member node via the pairwise secure channel. However, all of these schemes are proposed for a 1
“flat” physical network topology, and result in significant performance degradation or even failure in a scalable MANET. Especially in the mobile military networks, there are more and more analytic results and empirical experiments illustrating that a “flat” ad hoc network topology encounters scalability problems due to their intrinsic drawbacks. Recent studies [9][10] present the throughput bounds of homogeneous ad-hoc wireless networks. Under uniform traffic patterns, the available bandwidth to each networking node approaches zero as the network size increases. As pointed out in [10], one fundamental reason is that communication is not localized, thus long-distance packet flows compete the shared wireless channel with all other intersecting flows. An emerging promising solution for achieving a better performance guarantee in a scalable MANET is to build hierarchical network architecture, such as a cluster structure. Using a clustering scheme in a MANET divides nodes into different virtual groups, and those nodes are allocated geographically adjacent into the same cluster according to some rules with different behaviors for nodes included in a cluster from those excluded from the cluster. By reducing inter-cluster traffic (e.g., converting inter-cluster traffic into intra-cluster traffic), wireless communication is effectively localized and incurs less protocol performance degradation. Our contributions are three-fold. First, we design and implement an underlying k-clustering protocol to significantly reduce multicast key management overhead and to accommodate nonuniform node density in the mobile network. Unlike conventional single-hop clustering protocols, our scheme applies to any k value as long as k is smaller than the network diameter. Different clusterheads can use different k values according to their estimation of their own capability. Intuitively, given local node density estimation (which can be acquired from a secure neighborhood detection algorithm [11]), a proper value k is selected based on the density estimation to perform k-clustering in a neighborhood. A GCKS node is elected as the clusterhead in every cluster. Consequently, the choices of different k’s cope with the idiosyncratic network topology at every site in the mobile network, and key management for group members can be performed within the k-cluster with minimized latency. For instance, to establish the needed KEK, a joining new group member should contact the nearest GCKS node which is at most k hops away, rather than to initiate the contact with a remote GCKS node (as the remote contact will consume network re-
Part of this work is funded by ONR MINUTEMAN grant N00014-01-C-0016 and NSF NRT WHYNET grant ANI-0335302.
1 of 6
source along the long path). The choice of k at each site offers a flexible tradeoff between security performance and network dynamics. The larger the node density is in a neighborhood, the smaller k is used, and each GCKS node’s workload is approaching the average load automatically. Second, upon the efficient k-clustering algorithm, our MGSA architecture provides secure key management service for multicast group members in a MANET. For intra-cluster traffic, each clusterhead performs the function of GCKS node in its k-cluster, so that each group member is served with minimized latency and transmission overhead. For inter-cluster key management, clusterheads periodically synchronize their states by re-using the underlying multicast routing protocol where the clusterheads are treated as group members of a special multicast group including all current clusterheads. This self-similar design simplifies the protocol specification. Third, we use analytic stochastic study and empirical simulation study to illustrate the advantage of k-clustering (k>1) over conventional single-hop clustering (k=1). Our results show that kclustering localizes wireless traffic. In addition, clusters are more stable in mobile ad hoc networks, thus incur less maintenance overhead and ensure better MGSA service availability. The paper is organized as follows. In Section II we compare our design with related work. Section III describes our MGSA architecture and the underlying k-clustering algorithm. We show our implementation and evaluation results in Section IV. And finally Section V concludes this paper.
II. COMPARISON TO RELATED WORK A. Multicast security Like the IETF standards [1][2][3], our design follows the same MGSA design in multicast security service provisioning. This allows our MANET multicast security design and implementation to be seamlessly connect to existing Internet multicast design and implementations. IETF Multicast Security (MSEC) architecture is comprised of four components. (1) The “data transform” component corresponds to the AH/ESP design in unicast IPsec architecture. The protocols in use are TESLA and MESP (the multicast version of IPsec ESP); (2) The “key management” component applies GDOI and GSAKMP to manage multicast group key in a distributed network; (3) The “policy architecture” component addresses how security policy is specified and how to enforce security policy, for example, via Common Open Policy Service (COPS) protocol; (4) The “algorithms” component defines cryptographic algorithms used by the MSEC charter. The current pool includes a set of authentication and key management algorithms like TESLA, LKH (Logical Key Hierarchy), and OFT (One-way Function Tree). In this work, we will focus on realizing an efficient implementation of MGSA-compliant key management component for mobile ad hoc networks. In other words, data transform, security policy, and algorithmic components are not covered in this work. We understand that related research work on TESLA, COPS, LKH, OFT and many other multicast security issues will build security suites to address these complementary components.
B. Flexible clustering Many clustering schemes have been presented recently for different objectives, for example, distributing workload, avoiding/balancing unnecessary energy consumption, and providing a cluster infrastructure for upper layer applications. However, unlike the k-clustering algorithm studied in this paper, these existing clustering (or backbone election) algorithms typically only elect backbone nodes within a single-hop neighborhood. As a result, the number of backbone nodes is N/d where N is the total number of nodes and d is the average node density (defined here as number of neighbors) in the network. This is a constant fraction without considering the different network dynamics (e.g., node density) at different sites of the network. More importantly, due to random node mobility, frequent re-clustering is required to reflect the constant change in network topology. This incurs significant control overhead even in those simplified single-hop clustering algorithms. For example, the least cluster change (LCC) [5] is widely used due to its simplicity and stability. LCC is considered to be a significant enhancement of Lowest ID Clustering (LID) and Highest Degree (HD) algorithms. In LID, initially mobile nodes with the lowest ID in their neighborhoods declare themselves as clusterheads. When a node cannot access any cluster head or two cluster heads move into the reach range of each other, the cluster structure is rebuilt according to LID. In HD, the clustering scheme is performed periodically to check the “local highest node degree” attribute of a cluster head. When a cluster head finds a member node with a higher degree, it is forced to relinquish its cluster head role. This scheme, of course, involves frequent re-clustering. LCC improves cluster stability significantly by relinquishing the requirement that a cluster head should always bear some specific attributes in its local area. III. DISTRIBUTED MULTICAST GROUP
SECURITY ARCHITECTURE (DMGSA) A. Design space and design assumptions In IETF multicast security design [RFC2093, RFC2094, RFC2627, RFC3547, RFC3740], the Group Controller Key Server (GCKS) node shares a pairwise secret with each group member. The pairwise secret is called Key Encryption Key (KEK), which is used to establish multicast group keys (also called Net-Keys). When the group key for a specific multicast group is created / deleted / updated, group control messages are exchanged between GCKS nodes and group members to reflect the update. The GCKS node encrypts Net-Keys for the multicast group to each group member. There are various tree-based optimization schemes, e.g., Logical Key Hierarchy (LKH) [16] and One-way Function Trees (OFT) [15], proposed recently to build virtual tree structures to reduce Net-Key update overheads when group member joins or leaves. Nevertheless, as depicted in Figure 1, the overall architecture is unchanged by these optimization designs. There are some schemes adapting virtual tree-based multicast key management scheme [17] into MANET. These efforts are orthogonal to our design which implements GCKS backbone
2 of 6
using physical clustering. On the other hand, other MANET multicast security proposals [13] [14] seek to reduce computational overhead by using more efficient key exchange algorithms (e.g., Key Pre-distribution Scheme used in [14] is purely based on symmetric key cryptography). As we stated earlier, the “algorithmic” component is also a complementary issue to our GCKS component design. All these complementary research efforts can be combined with our GCKS component design to facilitate multicast key management in MANETs. In Figure 1, we assume that the security policies are predeployed on all ad hoc nodes prior to their joins of the network. Thus we will not address the “policy architecture” component and policy servers in this paper. In the “key management” component, dedicated GCKS nodes are responsible of maintaining group control over multicast group members, which dynamically join or leave the multicast groups at their own wills. The communication between a GCKS and a specific group member must be authenticated using each other’s credentials (e.g., each node must acquire its certificate from an offline authority) and is protected by KEK. From the group control channel protected by KEK, a group member receives the current group key (i.e., NetKey), then the multicast group communication amongst senders and receivers is protected by this group-wise Net-Key. The Net-Key is updated when there are group members joining or leaving the group.
B. Design details We distribute the “group key management” workload from a centralized GCKS site to a distributed mobile backbone of GCKS nodes. In each k-hop neighborhood, a clusterhead is dynamically elected whenever the locality is changed in topology by network dynamics (e.g., mobility) or adversarial behaviors (e.g., the head is destroyed). There is no single point of failure in the network, as the adversary is unable to shut down the MGSA service globally or in each locality with candidate GCKS nodes. The simple and efficient k-clustering algorithm is used to elect GCKS nodes (clusterheads). It can be divided into two fully distributed design phases: cluster formation phase and cluster maintenance phase. •
Fully distributed cluster formation phase: A Candidate GCKS node that does not belong to any cluster can initiate a cluster formation by broadcasting a clusterhead claim packet up to k hop away to claim itself as a cluster head. The k hop forwarding constraint is enforced with a TTL (Time-to-live) field. A clusterhead claim packet’s TTL field is decreased by one upon each forwarding, until the TTL field becomes 0 and the packet is dropped. The autonomous choice of k is based on the node’s self-estimation of local density (which can be acquired from an existing secure neighborhood detection algorithm [11]). The node ensures the property k*d≈C, so that the elected GCKS node won’t be overwhelmed by the security workload. Afterward, all its k hop neighbor nodes overhearing such a broadcast claim packet become member of the cluster and give up their right to be a cluster head. If there are multiple broadcasts concurrently occur, the node with least k and lower ID wins the chance to be the clusterhead.
•
Fully distributed cluster maintenance phase: every clusterhead periodically (per thead) broadcasts a clusterhead claim packet within its k-hop scope to maintain its cluster so that the clusterhead claim packet is overheard by all its cluster members. The value of thead is determined by one-hop radio radius r and average node motion speed v, e.g. thead=r/v approximates the average link break time in a mobile ad hoc network. If a cluster member node does not hear a clusterhead claim packet from its clusterhead for a timeout ttimeout =3*thead (where the coefficient 3 can be adapted upon measuring local channel error rate traffic and contention ratio), then the node does not belong to its current cluster any more. It joins other cluster if it hears a clusterhead claim packet from other clusterheads or declares itself as a clusterhead to form a new cluster after an autonomous random deferring time.
Functional Areas Multicast Security Policies Group Key Management Multicast Data Handling
Policy Server Policy
Group Control / Key Server (GCKS) KEK
A sender
KEK(s) Net-Key
Receiver(s)
Figure 1: Key management component in the IETF standard MGSA architecture Currently we assume that candidate GCKS nodes are special nodes with relatively large computational resource and high tamper resistance capability. Amongst all N certified network member nodes, η·N of them are capable of being GCKS nodes. Each GCKS node has enough resource to serve C local nodes. For example, GCKS nodes can be implemented on unmanned aerial vehicles (UAV) and tanks to serve mobile soldiers in their k-hop neighborhoods. Clearly, a centralized GCKS design is vulnerable to security threats even in the wired Internet. For example, the centralized site can be easily disabled by Distributed Denial-of-Service (DDoS) attacks. Research projects like Iolus and IETF informational RFC2627 have shown initial efforts in addressing the security challenge. Unfortunately, the proposed countermeasures are dedicated to fixed networks without considering network characteristics of MANETs.
This simple and efficient k-clustering algorithm is employed to dynamically form and maintain clusters in a mobile ad-hoc network. In the Hierarchical Multicast Group Security Architecture, each clusterhead functions as a group control key server (GCKS) as illustrated in Figure 2. A multicast group member learns its current group key (also called Net-Key) from the nearest GCKS node which is at most k hops away. In order to deliver a multi-
3 of 6
cast group key to each requesting member securely, during the early cluster maintenance period a GCKS node authenticates each member’s credential and establish a pair-wise secret called Key Encryption Key (KEK) with each its member. Via the pairwise secure channels protected by the KEKs, the GCKS node can securely deliver Net-Key to every multicast group member in its cluster. This only requires a GCKS node to keep track of the keys and multicast group IDs for all member nodes only within its own cluster. In mobile networks, a soft state approach is adopted in our design such that the stored GCKS states expire upon a timeout 10*thead, thus no explicit message overhead is required when mobile nodes leave their current clusters. Like batched re-keying [18], once the GCKS node detects that a threshold number of members have left/joined since last NetKey update, the current Net-Key of the corresponding multicast group is regenerated, and will be redistributed to other GCKS nodes.
the probabilistic distribution of how these grids are occupied by each single mobile ad hoc node. Here n, the total number of grids, is very large; and p, the probability that a grid is occupied by the single node, is very small. When n is large and p is small, it is well-known that a bionomial distribution B(n, p) approaches Poisson distribution with parameter λ=n·p. Hence this binomial spatial distribution is translated into a spatial Poisson point process [19] to model the random presence of the network nodes. In other words, suppose that N events occur in area A (here an event is an ad hoc node’s physical presence in the area), And the node density ρN=|N| / A (where | | denotes the cardinality of a set, and ρN=|N|·ρ1 if nodes roam independently and identically distributed) is equivalent to a random sampling of A with rate ρN. Let x denote the random variable of number of network nodes in the area. Then the probability that there are exactly m nodes in a specific area A is (ρ A)m − ρN A (1) Pr[x = m] = N ⋅e m! The choice of ρ1 depends on the underlying mobility model. For a network deployed in a bounded system area, let the random variable Ω = (X,Y) denote the Cartesian location of a mobile node in the network area at an arbitrary time instant t. The spatial distribution of a node is expressed in terms of the probability density function δ ⎤ δ δ ⎡ δ Pr ⎢(x- < X ≤ x + ) ∧ (y- < Y ≤ y + )⎥ 2 ⎦ 2 2 2 ⎣ ρ1 = f XY (x,y) = lim δ →0 δ2 The probability that a given node is located in a subarea A’ of the system area A can be computed by integrating ρ1 over this subarea
Pr[ node in
A' ] = Pr[(X,Y) ∈ A'] = ∫∫ f XY (x,y)dA A'
where fXY(x,y) can be computed given geometric properties of the network.
Figure 2: Cluster structure illustration where K = 2 In inter-cluster GCKS synchronization, the underlying multicast routing protocol is reused to disseminate a GCKS node’s newly re-generated states to other GCKS nodes. This self-similar design simplifies protocol specification. Clearly, if the network topology is stable in a k-hop neighborhood, then the corresponding GCKS node will not initiate inter-cluster routing packets to incur extra communication overhead. IV. EVALUATION A. MANET stochastic modeling Here we use analytic modeling to illustrate the effectiveness of k-clustering over conventional single-hop clustering. We divide the bounded network area into a large amount of small (virtual) grids, so that the grid size is even smaller than the physical size of the smallest network member. This way, each grid is either empty, or is occupied by a single node. Also because the network area is much larger than the sum of all mobile nodes’ physical size, the probability that a grid is occupied by a mobile node is very small. Now a bionomial distribution B(n, p) defines
Some stochastic mobility models which directly choose a destination direction rather than a destination point and allow a bound back or wrap-around behavior at the border of the system area are able to achieve a uniform spatial distribution [20]. However, the others are not. Let’s use random way point (RWP) model, the most popular one currently used in simulation studies, as the underlying mobility model. The probability of mobile node’s spatial distribution in RWP model has been extensively analyzed in various literatures [21][22][23]. As suggested in [22], we can use the analytical expression 36 ⎛ a 2 ⎞⎛ a2 ⎞ ρ1 = f XY ( x, y ) ≈ 6 ⎜⎜ x − ⎟⎟⎜⎜ y − ⎟⎟ 4 ⎠⎝ 4⎠ a ⎝ for a square network area of size a×a defined by (-a/2≤x≤a/2) and (-a/2≤y≤a/2). Therefore, the node density ρN is typically a location dependent variable. In particular for the random waypoint model, ρN is higher at the central area and lower at the boundary area [21][22]. In general, for any location dependent distribution, the probability of (1) that there are exactly m nodes in a sub-area A’ of the system area A (with respect to a tiny unit area) is changed to
4 of 6
model. Our clustering scheme is adopted to elect GCKS nodes among all nodes. Each mobile node has an IEEE 802.11 wireless radio with transmission range 200m.
⎛ N ⋅ ρ1m − N ⋅ ρ1 ⎞ ⎟dA ⋅e Pr[x = m] = ∫∫ ⎜⎜ ⎟ m! A' ⎝ ⎠ where ρN is the node’s spatial distribution function with respect to the underlying mobility model. B. Analytic study An important metric is how to localize wireless communications in MGSA service provisioning. We use a probabilistic approach to model the GCKS candidate nodes. Amongst all N certified network member nodes, η·N of them are capable of being GCKS nodes. Because GCKS nodes manage cryptographic key materials for multicast groups, they must be properly protected in the network.
In Figure 3, we show the stability of clusters vs. varying speed. When k = 1, k-clustering is used to form only single-hop clusters, and when k = 2, the k-clustering is used to form clusters within a 2-hop scope. From Figure 3, we can see that using the k-clustering algorithm the average membership time that a member remains in a cluster is nearly 40 seconds (k = 1) and 60 seconds (k = 2) in low speed (4m/s). Even in high speed the ratio stays as about 1.7. Clearly, as k increases, the cluster becomes significantly more stable. This justifies the need of k-clustering over existing single-hop clustering schemes. 60
PlocalGCKS = Pr[x > 0] = 1 −
∫∫ e
−η⋅ N ⋅ ρ1
Average Membership Time (second)
For any regular node α who needs MGSA service, it should rely on intra-cluster traffic in order to avoid remote communication which features unpredictable service guarantees. Given the value k in k-clustering, the probability that the node α can find a local GCKS node within k hops is
dA
k ⋅πR 2
Clearly, the difference between PlocalGCKS and 1 decreases exponentially as the network scale N increases linearly. In particular, in the (quasi-)uniform distribution cases, the value k is raised to the exponent ( PlocalGCKS = 1 − e − kπR ⋅ηNρ ) and thus compensates the 2
2
1
Another important metric is the stability of cluster members because this directly determines communication overhead caused by the distributed MGSA design. We define a metric average cluster membership lasting time to measure the stability of clusters. The analytic study of cluster stability can be modeled as computing the expected time for a random node staying in a bounded area (e.g., a circular area with radius R). Like what we did before, the area is divided into large amount of points, then all the points are theoretically connected into a fully-connected complete graph. The node goes from one point to another point in random motion. Clearly, if the radius R increases linearly, the number of the inside points increases quadratically. If the motion pattern uniformly distributed over all the points, then the expected staying time also increases quadratically. Nevertheless, as the previous analysis showed, the motion pattern is location dependent and non-uniform in typical mobility models. We use the following simulation study to illustrate the impact of k on cluster stability in random waypoint model.
K=2
40
30
20
10
0 4
6
8
10
12
14
16
18
20
Mobility speed (m/sec)
1
percentage η. This verifies the conclusion that a few GCKS nodes can be deployed on some highly expensive tamper-proof nodes (e.g., unmanned aerial vehicles--UAV), and k-clustering effectively restores the MGSA service availability to a normal level comparable to a much denser-and-vulnerable solution, for example, the case where every node can be GCKS node ( PlocalGCKS = 1 − e −πR ⋅ Nρ ).
K= 1 50
Figure 3: Average cluster membership lasting time D. Testbed experiments Moreover, the MGSA design has been implemented in Linux testbeds under the support of NSF WHYNET project. Our implementation of Hierarchical Multicast Group Security Architecture is realized as a daemon in user space to minimize changes to the kernel. Our test-bed consists of 14 Dell Pentium IV, 3.0GHz D600 laptops equipped with Orinoco 802.11b PCMCIA card with channel rate as 2Mbps. The laptops run Red-Hat Linux distribution 9 with kernel version 2.4.20. Linux PCMCIA package version 3.2.0 and Orinoco wavelan2-cs driver are used for 802.11b devices and the devices are set to ad-hoc mode. There is one multicast source and three designed receivers among these nodes in our experiments. Using the current test-bed capabilities, we have been able to conduct real network experiments and to test the accuracy and performance of the Hierarchical MGSA against simulated results. In particular, we have been able to validate the stability of our k-clustering algorithm by showing that, the Hierarchical MGSA testbed exhibits about the same average cluster membership lasting time predicated in the simulation study. The lessons learned from the joint testbed and simulation experiments have greatly improved our understanding of the architecture and will undoubtedly contribute to more efficient designs in the future.
C. Simulation study
V. SUMMARY
In this section, we use Qualnet, a scalable simulation library to evaluate our MGSA design. 1000 mobile nodes are deployed in a 3200m×3200m network field following random waypoint
In this paper we have devised a distributed security architecture for multicast communications in mobile ad hoc networks. We distribute the function of MGSA's Group Control Key Server
5 of 6
(GCKS) to a dedicated subset of mobile backbone nodes in MANET. We use simple and efficient k-clustering scheme to dynamically elect GCKS backbone nodes at real time. The GCKS backbone nodes are mobile and adaptive to network dynamics, in particular the constant and instant changes in network topology, node density and node mobility. Our MANET modeling and analytic study proves that our design localizes MGSA security traffic, thus is suitable in MANET with wireless capacity constraints. In addition, we also illustrate the advantage of a flexible k-clustering scheme over conventional single-hop clustering schemes: (1) We show that single-hop clustering requires large amount of GCKS nodes, which are vulnerable to intrusion and could cause MGSA service compromise. But k-clustering scheme helps to minimize the number of GCKS nodes. (2) Moreover, we also show that the average cluster membership lasting time is longer as k increases. This helps to reduce cluster maintenance overhead. Our simulation study and Linux testbed confirm the effectiveness of the new MANET MGSA design.
REFERENCES
cols,” In Proc. of ACM WiSe in conjunction with MOBICOM, pp. 30--40, 2003. [12] S.Basagni, I.Chlamtac, V.R.Syrotiuk, and B.A.Woodward. “A Distance Routing Effect Algorithm for Mobility (DREAM)},” In Proc. of ACM MOBICOM, pp. 76--84, 1998. [13] T. Kaya, G. Lin, G. Noubir, A. Yilmaz, “Secure multicast groups on ad hoc networks,” In Proc. of the 1st ACM workshop on Security of ad hoc and sensor, pp. 94 – 102, 2003. [14] Sencun Zhu, Sanjeev Setia, Shouhuai Xu, Sushil Jajodia, “GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks,” In Proc. of 1st International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous 2004), pages 42-51, 2004. [15] D. Balenson, D. McGrew, and A. Sherman. “Key Management for Large Dynamic Groups: One-way Function Trees and Amortized Initialization, ” IETF Internet draft (work in progress), August 2000. [16] C. Wong, M. Gouda, S. Lam. “Secure Group Communication Using Key Graphs,”, In Proc. of SIGCOMM, 1998.
[1] RFC 3740 http://www.faqs.org/rfcs/rfc3740.html [2] RFC 2094 http://www.faqs.org/rfcs/rfc2094.html [3] RFC 4046 http://www.faqs.org/rfcs/rfc4046.html [4] Thomas Hardjono, “Group Security Associations for IP Multicast Security” in Proceedings of the Internet Security Conference (TIAC) 2001. [5] C.-C. Chiang et al., "Routing in Clustered Multihop, Mobile Wireless Networks with Fading Channel," in Proc. IEEE SICON'97, 1997. [6] C.R Lin, and M. Gerla, “Adaptive Clustering for Mobile Netowrks,” IEEE Journal on Selected Areas in Communications, Vol. 15, No. 7, pp. 1265-1275, Sep 1997. [7] A. Ephremides, J. E. Wieselthier, and D. J. Baker, "A Design Concept for Reliable Mobile Radio Networks with Frequency Hopping Signaling," in Proc. IEEE, vol. 75, 1987, pp. 56–73. [8] Kaixin Xu, Mario Gerla, “A Heterogeneous Routing Protocol Based on A New Stable Clustering Scheme” Milcom 2003. [9] P. Gupta, P.R.Kumar, “The Capacity of Wireless Networks,”, IEEE Transactions on Information Theory IT, Vol.46, No.2, pp. 388—404, 2002. [10] J. Li, C. Blake, D.D. Couto, H.I.Lee, R. Morris, “Capacity of Ad Hoc Wireless Networks,” in Proc. of ACM MOBICOM, pp. 61—69, 2001. [11] Y.-C. Hu, A. Perrig, and D. B. Johnson. “Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Proto-
[17] Loukas Lazos, and Radha Poovendran. “Energy-Aware Secure Multicast Communication in Ad hoc Networks using Geographic Location Information,” In Proc. of IEEE ICASSP, 2003. [18] Xiaozhou Steve Li, Yang Richard Yang, Mohamed G. Gouda, and Simon S. Lam, “Batch rekeying for secure group communications,” In Proc. of the tenth international World Wide Web conference on World Wide Web", pp. 525—534 , 2001. [19] N. Cressie. Statistics for Spatial Data. John Wiley and Sons, 1993. [20] C. Bettstetter. Mobility Modeling in Wireless Networks: Categorization, Smooth Movement, and Border Effects. ACM Mobile Computing and Communication Review, 5(3):55–67, 2001. [21] C. Bettstetter, H. Hartenstein, and X. Perez-Costa. Stochastic Properties of the Random Waypoint Mobility Model. ACM/Kluwer Wireless Networks, Special Issue on Modeling and Analysis of Mobile Networks, 10(5):555–567, 2004. [22] C. Bettstetter and C. Wagner. The Spatial Node Distribution of the Random Waypoint Mobility Model. In German Workshop on Mobile Ad Hoc Networks (WMAN), pages 41– 58, 2002. [23] G. Resta and P. Santi. An Analysis of the Node Spatial Distribution of the Random Waypoint Model for Ad Hoc Networks. In ACM Workshop on Principles of Mobile Computing (POMC), pages 44–50, 2002.
6 of 6
