Access Control in 5G Communication Networks Using Simple PKI Certificates Wided Boubakri, Walid Abdallah, and Noureddine Boudriga
[email protected],
[email protected],
[email protected] Communication Networks and Security research Lab, University of Carthage, Tunisia Abstract—5G mobile communication is being designed as heterogeneous network where different platforms, several technologies, and various cell sizes are deployed to fit specific requirements in terms of data rates and latency. The heterogeneity nature of this network will lead to new security issues and threats, especially when the number of deployed mobile devices become very important. In this paper, we propose a simple PKI certificate based access control scheme that is implemented on a multilayer communication architecture designed for 5G networks. In addition, we establish a scalable authentication and handover schemes that can ensure security within the network. To this purpose, we define various types of certificates with different features and utilization. The authentication scheme is based on zero knowledge proof (ZKP) and is used to achieve secure device registration procedure before generating authorization certificates that will be used to enable secure device-to-device communication. We use simulation work to assess the efficiency of our scheme in terms of total overhead and average latency. Performance evaluation results show that our scheme is more scalable than existing authentication and handover schemes. Index Terms—5G communication security, Simple PKI certificate, device-to-device, authentication, ZKP.
I. I NTRODUCTION The emergence of new multimedia applications and the tremendous growth of the number of mobile users have augmented the requirements for higher data rates, seamless mobility management, and QoS provision. Besides, the existing mobile infrastructure will become unable to support the expected explosion in the amount of mobile traffics. Therefore, the research community has already began activities related to the development of the new standard for mobile communication named as 5G network. An emerging consensus is that the 5G will not encompass a single technology, but rather it will consist of a synergistic collection of inter-working existing and innovative technical solutions that collectively address the challenges due to mobile traffic growth. The envisioned 5G infrastructure promises universal communication environment and aims at providing big data bandwidth, infinite communication capabilities, and extensive signal coverage and networking (including Device-to-Device) in order to support frequent mobility with acceptable delays and provide a rich range of high QoS to end users. One emerging aspect in 5G, is the concept of heterogeneous networks (HetNets) where macro-cells base stations will coexist with low cost, reduced coverage small cells operating on licensed and unlicensed bands to satisfy the increasing demands of higher data rates. This had been conceived on the
978-1-5090-4372-9/17/$31.00 ©2017 IEEE
observation that using higher frequencies to satisfy the data rate requirement will increase the path loss and the shadowing becomes more difficult to overcome. One promising solution is to separate between the indoor and the outdoor connectivity which will need sophisticated backhauling infrastructure to support the important number of smaller cells . Nevertheless, the coordination between these techniques will generate many security issues. Indeed, these networks will connect a huge number of devices with heterogeneous capabilities ranging from wireless sensing nodes to smart devices. Most of these devices will be mobile with intensive dynamic nature and implementing open operating systems. Furthermore, the communication architecture will be IP-based, where different radio access technologies can be employed to enable seamless connectivity to mobile devices. Consequently, the 5G wireless networks will be the target of known and even unknown security attacks. This will require the development of specific security architectures and solutions. Very few research works had been interested in designing specific architectures and security features for 5G networks. In [1], authors proposed a 5G communication architecture by extending the LTE hierarchical architecture provided by the 3GPP to integrate the centralized Software-Defined Networking (SDN) paradigm in order to enable intelligence and programmable networking capabilities. Based on SDN functionalities, an authentication handover module (AHM) was proposed which can monitor mobile user equipment (UE) movement and predict its future location. This will allow the identification of potential target cells and anticipate on this information to initiate handover procedure in order to minimize the induced signaling latency. The authentication is based on the AKA scheme proposed for the LTE networks [2]. The proposed approach reduces the risk of impersonation and man-in-the-middle attacks. However, with the huge number of connected UEs a centralized control may not be efficient and scalable in the 5G context. Hence, a serious limitation of this solution is synchronization of information among the distributed entities. Also, the centralized LTE-AKA authentication protocol induces more latency, bandwidth consumption, and computation overhead between the authentication center and the UEs. This will be more critical with network size growth and traffic volume increase. In [3], authors proposed a mobility authentication protocol called Pair Hand, which uses pairing-based cryptography to secure handover process and reduce communication and
2092
computation overheads. However, as the authentication server is often located remotely, the delay due to frequent inquiries between small cell APs and the authentication server may be up to hundreds of milliseconds, which is unacceptable for 5G specifications. Authors in [4], [5] proposed simplified handover authentication schemes involving direct authentication between UE and AP based on public key cryptography. These schemes perform mutual authentication and key agreements through a three-way handshake without contacting any third party such as an authentication authorization and accounting (AAA) server. Although the handover authentication procedure is simplified, computation cost and delay become higher because it needs to exchange more cryptographic messages through the wireless interface. In this paper, we investigate the design of an access control and authentication scheme for 5G communication network. In this context, Software-Defined Networking (SDN), open flow, and Network Function Virtualization (NFV) are envisioned to implement virtualization architecture and enhance the efficiency of the network management and control functions. Our proposed security scheme is based on the use of simple public key infrastructure (SPKI) to enable distributed access control to communication resources. To this end, new types of certificates with innovative structures and semantics are defined to achieve efficient and scalable secure D-to-D communication and seamless handover. One major issue in using SPKI certificates, is device registration. For this purpose, we propose an authentication and registration scheme that employs Elliptic Curve Zero Knowledge Proof (ECZKP) to validate the authenticity and verify the relation between the private key and the public key of the device. To the best of our knowledge this work is the first that investigates the use of SPKI and authorization certificates to enable security mechanisms in 5G networks. Therefore, the main contributions in this paper are as follows: •
•
•
•
The establishment of hierarchical architecture for the 5G communication networks where the Software Defining Network (SDN) and Network Function Virtualization (NFV) paradigms are investigated to orchestrate the network management functions and implement virtualization concept in the different layers. The development of a simple PKI architecture that can enable authentication and access control in 5G networks and resolve heterogeneity and scalability issues. The proposal of an authentication and registration mechanism using ZKP to achieve secure certificate generation and enable device-to-device communication. The design of an SPKI certificate based handover scheme that ensures seamless and secure mobility management of devices moving between small cells and satisfies the latency requirement of the 5G standard.
The remaining parts of the paper are structured as follows: SectionII describes the communication architecture designed for the 5G networks; Section III details the PKI architecture, the different certificate types, and registration, authentication,
and handover procedures; Section IV is devoted for studying the performance of the proposed SPKI certificate based access control and handover scheme; Section V concludes the paper. II. C OMMUNICATION ARCHITECTURE FOR 5G NETWORKS This section is devoted to describe the 5G communication network architecture and the related security issues. A. Distributed SDN-based 5G architecture The HetNets architecture have recently emerged as a viable solution to cope with the unprecedented mobile traffic growth. Indeed, the deployment of a large number of small cells (SCs) overlaying macro cells is expected to significantly increase the network capacity and expand its coverage while reducing the overall cost. In this work we propose an hierarchical HetNet architecture that may consist of the above network elements: • Terminal devices: they are the lowest element of the hierarchy and consist of different kinds of wireless devices ( PDA, sensor, etc) that are clustered into a number of small cells. Each small cell is managed by a Virtual Access node (VAN). These terminals could be either subscriber devices belonging to the public network or accessing to the mobile service via a private network. Each device can be attached to only one VAN at any time. • Virtual Access Node (VAN): It is either a physical access node or a subscriber device that is equipped with additional capabilities in terms of traffic aggregation and service provision and acts as a set of virtual agents to provide connectivity to terminal devices. Each VAN will be assigned set of IPv6 addresses. At least one of those addresses is dedicated for coordination tasks inside the same small cell and with distant access networks. We refer to it as a coordination agent. The other addresses enable communication between devices and are named communication agents. In addition to its intrinsic role as a base station, the VAN can achieve further functionalities including the monitoring and the integration of different traffics, the implementation of QoS schemes, the management of terminal devices mobility, the provision of security services, and the enforcement of access control for terminal devices before accessing the network. • Access Node (AN): Each AN manages a set of heterogeneous small cells deploying different technologies and forming a macro cell. Therefore, the AN must seamlessly orchestrate the management of traffics and their aggregation. To meet this aim, we assume installed a distributed SDN in the AN that contributes in the 5G network automation and enables policy-based decisions. Indeed, the SDN is an approach that allows network administrators to manage network services through abstraction of higher-level functionality. This is done by decoupling the system that makes decision about where traffic will be sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane). Moreover, the added flexibility provided by the SDN design enhances the forwarding performances,
2093
•
improves resource utilization, optimizes routing, and reduces costs[6]. In our work, the SDN can be considered as a hub for cross-technologies and services for enabling communication between heterogeneous small cells. The AN enabled SDN will contributes in the IP addresses management by assigning a variable number of addresses to each VAN according to the amount of its aggregated traffic. Besides, the VAN can be programmed through an SDN controller using an industry standard control protocol such as the OpenFlow tool to enable an intelligent and fast routing in the access networks. In this case, the programmed VANs are considered as an OpenFlow switches that create routing tables and update them according to the mobility of the terminal devices. This will enable fast rerouting, and real-time resources management. In another hand, the AN is responsible of maintaining the connectivity between the access networks and the core network and should perform intelligent adaptation of RF traffics (access network) to be forwarded by the backbone optical network (broker and data centers). To this end, the Network Function Virtualization (NFV) can be considered to enable a seamless integration between the RF and the optical domains, reduce the deployment delay of new services, and adapt to various requirements of end users. The data center and the brokers: In our architecture we propose a cloud of brokers under another cloud of operator data centers to support a large number of different applications demanding higher data rates with real-time constraints. In our work, we propose to implement the NFV mechanism between the cloud of brokers and the cloud of operator data centers. The motivation of using the NFV in this context is mainly to reduce the investment requirements of brokers and to speed of the deployment of new services. Indeed, thanks to virtualization, the set of operators could be instantiated into a single operator and hence the broker can sell resources without worrying about where it is physically located and data could be saved in any available data center repository.
B. Security Analysis and requirements The proposed 5G communication architecture is a collection of access technologies that must cooperate to ensure a full connectivity and which could implement different authentication procedures with different security levels. This heterogeneity could lead to incompatibility problems especially when dealing with handover procedure and could even be the source of some security threats. Indeed, given the reduced size of the deployed cells the handover will occur more frequently which can contribute in increasing the risk of security attacks. Consequently, the deployment of security schemes that can fit the heterogeneity and ensure safe operation of 5G networks is one of the major concerns. In particular these schemes must prevent against the following attacks: • Man-in-the-middle attack: in this type of attack, an attacker is involved in the communication between the two
parties while they still believe that they communicate directly to each other. Once it is successful, the attacker can eavesdrop, alter or delete the transmitted messages. • Sybil attack: for this attack the adversary creates many aliases of itself with different identities and it tries to impersonate the credentials of a legally deployed device. • Black and gray hole attacks : in these attacks, a malicious party places itself between two communicating devices by advertising a false optimum route to ambush the packets in the communication stream. It is worthy to note, that employing the SDN and NFV paradigms in our 5G network architecture will introduce further vulnerabilities related to these technologies. For this, an adversary could exploit some potential vulnerabilities of the SDN and the OpenFlow to launch several attacks such as Host Location Hijacking, Web Clients Harvesting, etc. These attacks had been well defined and studied in [7] where authors proposed some countermeasures to mitigate their damages. As it can be noticed from the previous description, most of the presented security attacks exploit the weaknesses of the authentication procedure that must validate the authenticity of the encryption keys before establishing secure links between mobile devices. In order to mitigate these attacks, an efficient authentication and key exchange mechanism must be implemented to ensure devices and traffic transmission security. In this work, we investigate Simple Public Key Infrastructure (SPKI) as a promising solution to enhance the security level of 5G networks and cope with their identification, scalability, and heterogeneity issues. III. PKI ARCHITECTURE FOR 5G NETWORKS This section is dedicated to describe the implementation of the PKI based certification system that is tailored to security requirements of the considered 5G network where we introduce the certificates typology and we describe their content and utilization. A. Hierarchical PKI architecture The 5G network is a large scale network where each operator is a service provider which could implement N heterogeneous networks (LTE, WiMax, UMTS, etc) each one of them is controlled by a serving AN that connects M access networks. Each access network is managed by a VAN and it may consist of a set of D terminal devices that are connected to the network to access to specific services. All networks would cooperate together to ensure full connectivity and security by implementing many authentication schemes. The heterogeneity is due to the implementation of different protocols and schemes that could not scale with the increasing number of connected devices in the 5G network. Consequently, to deal with the scalability and the heterogeneity issues of 5G networks, digital certificates are considered as a viable solution to implement trusted and standard access control scheme for all types of network elements and terminal devices. In this work, we consider each operator as root certification authority (CA) that uses its private key to issue and sign certificates
2094
to all ANs that are under its control. The AN will also be an intermediate CA that is responsible of authenticating deployed devices in its range. Furthermore, the AN could be authorized to deliver certificates to the VANs which is considered also as a CA that signs and issue certificate to the terminal device. Hence, an hierarchical certification model was defined which starts at the root CA, goes through intermediates CA, and ends at the terminal device. As depicted by Figure 1, different kinds of authorization certificates will be defined in our hierarchical PKI.
•
Figure 1. Multilevel Hierarchy for digital Certificate
B. Certificate typologies and features A PKI certificate has a set of basic fields that contain data, such as subject (the entity to which the certificate is issued), validity dates (when the certificate is valid), issuer (the entity that issued the certificate) and optional fields that consist of extensions which are a set of attributes used to satisfy particular needs of the certificate usage. The digital certificate is a robust mechanism to cope with the heterogeneity and the scalability issues by enhancing identification and authentication and ensuring an access control in the heterogeneous 5G network. To this end, the certificate structure must reflect the technological characteristics of the different intended networks and their requirements. According to the defined network hierarchy, we can distinguish the following kinds of certificates: • Network certificate: This certificate is signed and issued by the root CA to each AN. The root CA may use multiple signing keys, then it must identify the public key corresponding to the private key that is used to sign this certificate. This is done using the “Authority Key Identif ier” extension that must be included in all certificates to facilitate certification path construction. On the other hand, the AN needs to have details about how to access certain information related to the root CA. The extension “Authority Inf o Access” is used in the network certificate to provide information concerning the CA, such as CA policy, and CRL location
2095
•
URL. The network certificate enables the AN to perform specific tasks that must be restricted in order to control the usage of the certificate outside its intended purpose by using the “Key usage” extension. In addition, the network certificate may be issued according to different practices and procedures and may be suitable for different applications and/or purposes depending to the relevant network. Then the root CA must define the certificate policies (CPs). For the network certificate, the root CA will exploit the “Certif icate P olicies” extension to list the provided services and applications in this relevant network and the security level of each one of them. Furthermore, since the AN is an intermediate CA, it must be authorized to issue certificates to the set of VANs under its control. To explicit this delegation the root CA may use the “Basic Constraints” extension by setting the CA attribute to true. Access certificate: This is an authorization certificate generated and delivered to the different entities in the same access network, including the VAN and the terminal devices. The main structure of this certificate is characterized by 5 basic fields : < Issuer, Subject, Delegation, Authorization, V alidity > where the “Issuer” is the public key of the serving AN that delivers this certificate, the”subject” is the public key of the entity that obtained the certificate (VAN or terminal device). The “Delegation” is a Boolean field indicating if that the subject could issue certificates, the “Authorization” is a structured field expressing the services that this certificate grants to the Subject, and the“V alidity”, indicates the period of validity of the certificate. The access certificate binds the entity public key to some authorizations and it falls into two categories. The first one is delivered to the VANs and it is called a VAN access certificate whilst the second category is issued to the subscriber devices that have a SIM/USIM card and it is called end-user access certificate. The difference is in the delegation field. The VAN access certificate allows issuing certificates to enable D-to-D communication by setting the delegation field to 1. D-to-D certificate: When a non-subscriber device wants to join a network, it can simply obtain an access authorization from the VAN that is in its line of sight (LOS). To ensure the security of the D-to-D communication the VAN may authenticate the device and deliver authorization certificate encompassing a temporary identity allowing it to benefit from some services in this access network. The SPKI certificate is called in this context a D-to-D certificate that binds the public key of the device to some authorization. This grant is expressed in the “Authorization” field of the certificate that lists the set of allowed services and even their corresponding cost. Besides, the “V alidity” is used to indicate the validity period for the certificate. D-to-D certificates are in general temporal certificates which are valid only in
and m = c.xN + r (mod p). Finally, it sends a message to the VAN containing its public key YN , K, and m. 4) The VAN computes and verifies that m.G (mod p) = K + c.YN (mod p), indeed, m.G = (c.xN + r).G = c.xN .G + r.G = c.YN + K 5) The VAN signs the authorization certificate and sends it to the device.
the relevant access network where devices are locally authenticated and registered. Therefore, they are valid only for very short period of time that corresponds to temporal access of a device to the 5G network. Finally, the D-to-D certificate must prohibit the delegation by setting the ”delegation” field to false. C. ZKP-based D-to-D authentication and registration One particularity of the 5G communication infrastructure is the possibility to implement D-to-D communication. However, this kind of communication may be vulnerable to many attacks such as the Sybil and the man-in-the-middle attacks. Hence, D-to-D communication must be secured by implementing mutual authentication between devices before the establishment of the transmission session. In our architecture this is performed using D-to-D SPKI certificate. However, one major issue in this technique is how the VAN can authenticate the devices during registration and before certificate generation. To this end, we propose a registration protocol based on the Zero Knowledge Proof implementing Elliptic Curve system (ECZKP). This protocol allows authentication using a preshared access network secret key and verification of the correspondence between the device private and public keys before certificate generation and delivery without revealing any secret information. The ZKP involves two entities, the non subscriber device (prover) and the serving VAN (verifier). It allows the device to demonstrate knowledge of its private key xN while revealing its public key YN = xN · G where G is an elliptic curve generator. Our approach is based on using the test equality ZKP scheme[8]. This method requires smaller computational power, less bandwidth and reduced memory compared to classical public key protocols. The ECZKP registration protocol is summarized in Figure 2.
D. SPKI-based Handover management The handover process occurs when a device moves between networks under the same operator. The visited VAN must verify the certificate signature and the certificate chain to authenticate the mobile device. For the subscriber device, since it is globally authenticated, it can use its certificate if it is valid and has not been revoked for any reason. However, devices without USIM identity have to be re-authenticated each time they move to another VAN. The deployment of reduced cells size will result in a frequent handover which induces excessive authentication process and more latency. This latency is due to the signaling overhead for authentication and association between a device and the new VAN. In this work, we propose to anticipate the handover by predicting the next visited VANs and prepare it to host the device. Indeed, we suppose that each VAN is able to monitor devices under its control, this can be ensured by the SDN functions. In particular, the monitor program allows the tracking of all devices under the control of the same VAN and collects information including movement speed and directions. Based on the collected information and status of the monitored device, the program could predict the sequential order of the next cells in the moving direction. Furthermore, the serving VAN sends to all potential visited VANs a ”handover− request” that contains its access certificate and the D-to-D certificate of the device in movement. The targeted VANs must verify the signature of the D-to-D certificate and the certificate chain to find a common issuer. When a given device selects the target VAN to which it will be attached, it sends a request signed by its private key to be authenticated by the VAN. After verifying the signature of the device, the visited VAN will request from the previous VAN the device credentials in order to issue a new temporary certificate containing the same public key. IV. P ERFORMANCE E VALUATION
Figure 2. D-to-D registration and authentication protocol
1) The subbscriber device sends a D-to-D communication request to the serving VAN 2) The VAN sends a message containing an integer number p and the generator G that will be used to generate the private and the public keys in the Galois Field Fp 3) The device generates its private key xN , the corresponding public key YN = xN G, selects a random value r, generates a value c from a pre-shared access network key, and calculates K and m such as K = r.G (mod p)
In this section, we quantify the efficiency and the scalability of our proposed authentication scheme by assessing its performance in terms of the average latency and the global overhead during both the registration and the handover process. We compare our scheme to the LTE authentication and handover procedure developed by the 3GPP and adopted in [2].We developed a simulation model using Matlab where the certificate size, the public and private keys length and the symmetric key length are respectively 200 bytes, 160 bits and 128 bits. The mobile network is composed of two small cells under the same operator, each one is extended on a coverage radius of 100 m and is composed of 10−150 terminal
2096
devices. These devices are randomly deployed to five femtocells composing the small cell and where each one of them is managed by one VAN. In addition, we adopted the random mobility model where each device is assigned an initial random 2D-coordinates and a random moving probability. We suppose that all devices in the network have the same moving speed. Each simulation was executed during 3600 time slots where 5 topologies were generated and the communication overhead and the latency are evaluated. The final result is the average on all values computed for all generated topologies. The first set of simulations is devoted to evaluate the efficiency of the proposed SPKI-based registration and authentication in terms of global overhead and the average latency. Figures 3 (a) and (b) compare the total registration and authentication overhead and the latency of the proposed scheme to those of the AKA authentication scheme that is deployed in the LTE. We can notice that our scheme has significantly reduced the global registration and authentication overhead. In fact, in the proposed scheme each device initiates the key establishment and the registration procedure locally with the serving VAN using the ZKP protocol. The proposed protocol requires a limited number of exchanged packets and an acknowledgment. Once the identification and the registration are successfully performed the VAN signs and issues the SPKI certificate to the device. However, in the AKA authentication scheme before establishing any key, the device must exchange many packets and acknowledgment with the Home Subscriber Server (HSS) including the authentication vector, the RES and the XRES. Once the device is registered, the authentication vector will be transferred to the serving eNB to be used in the authentication process. We can observe also, in Figure 3, that our scheme is more scalable, since the number of exchanged packets increases exponentially with the number of deployed devices in the AKA scheme in contrast to the SPKI scheme where the overhead and the latency remain almost constant when increasing the number of devices.
Figure 3. Registration overhead and latency vs devices number/small cell
Figures 4 (a) and 4 (b) depict the variation of the average latency and the total overhead in the case of device handover between small cells executed using the SPKI-based scheme and the LTE handover. We can see that the use of the SPKI certificates for authentication can extensively enhance the performances of the handover process. This is due to the distributed model used in the proposed handover scheme that contributes in reducing the needed number of exchanged messages and limiting delay to initiate the attachment procedure.
Figure 4. Handover overhead and latency vs devices number/small cell
V. C ONCLUSION In this paper, we addressed the security and the scalability issues in 5G networks by establishing an authentication and access control scheme using SPKI certificates that are hierarchically implemented in a multi-layers 5G network architecture. The proposed 5G architecture is a collection of heterogeneous networks and it integrates many virtualization paradigms such as the SDN and the NFV to orchestrate the network management. In addition, the established SPKIbased authentication and access control scheme ensures a scalable authentication and a seamless handover by providing various types of certificates with different features and usage. The authentication procedure is based on the ZKP protocol that is used for devices registration before granting them authorization certificates that are employed to secure D-toD communication. Performance evaluation using simulation works demonstrates that our scheme ensures an enhanced security level while reducing the communication overhead and the average latency. R EFERENCES [1] X. Duan and X. Wang, “Authentication handover and privacy protection in 5g hetnets using software-defined networking,” IEEE Communications Magazine, vol. 53, no. 4, pp. 28 – 35, April 2015. [2] X. T. Yu Zheng, Dake He and H. Wang, “Aka and authorization scheme for 4g mobile networks based on trusted mobile platform,” in Proceedings of the Fifth International Conference on Information, Communications and Signal Processing, 2005, pp. 976 – 980. [3] D. He, C. Chen, and S. Chan, “Secure and efficient handover authentication based on bilinear pairing functions,” IEEE Transactions on Wireless Communications, vol. 1, pp. 48–53, 2012. [4] J. Caoa, H. Lia, M. Mab, Y. Zhanga, and C. Laia, “A simple and robust handover authentication between HeNB and eNB in LTE networks,” Computer Networks, vol. 56, no. 8, pp. 2119–2131, 2012. [5] J. Choi and S. Jung, “A handover authentication using credentials based on chameleon hashing,” IEEE Communications Letters, vol. 14, no. 1, pp. 54–56, 2010. [6] G. Mantas, N. Komninos, J. Rodriguez, E. Logota, and H. Marques, Fundamentals of 5G Mobile Networks. John Wiley & Sons, Ltd, Chichester, 2015, ch. Security for 5G Communications, pp. 208–220. [7] S. Hong, L. Xu, H. Wang, and G. Gu, “Poisoning network visibility in software-defined networks: New attacks and countermeasures,” in Proceedings of 22nd Annual Network & Distributed System Security Symposium (NDSS’15), 2015, pp. 1–15. [8] I. Chatzigiannakis, A. Pyrgelis, P. G. Spirakis, and Y. C. Stamatiou, “Elliptic curve based zero knowledge proofs and their applicability on resource constrained devices,” in Proceedings of the IEEE 8th International Conference on Mobile Adhoc and Sensor Systems (MASS), 2011, pp. 715 – 720.
2097
